Package com.sun.identity.policy

Class Policy

  • All Implemented Interfaces:
    Cloneable
    @Deprecated
public class Policy
extends Object
implements Cloneable
    Deprecated.
    since 12.0.0
    The class Policy represents a policy definition. A policy contains a set of rules associated with a collection of users and conditions. The policy object is saved in the data store only when the store method of the Policy is called, or if the methods addPolicy or replacePolicy of PolicyManager instance is invoked with this policy. The Policy object is accessible to policy evaluation and enforcement points only after it is saved in data store.

    • Constructor Detail

      • Policy

        public Policy​(String policyName)
       throws InvalidNameException
        Deprecated.
        Constructs a policy given the policy name.
        Parameters:
        policyName - name of the policy
        Throws:
        InvalidNameException - if policy name is not valid

      • Policy

        public Policy​(String policyName,
              String description)
       throws InvalidNameException
        Deprecated.
        Constructs a policy given the policy name and description.
        Parameters:
        policyName - name of the policy
        description - description for the policy
        Throws:
        InvalidNameException - if policy name is not valid

      • Policy

        public Policy​(String policyName,
              String description,
              boolean referralPolicy)
       throws InvalidNameException
        Deprecated.
        Constructs a policy given the policy name,description and a referralPolicy flag.
        Parameters:
        policyName - name of the policy
        description - description for the policy
        referralPolicy - indicates whether the policy is a referral policy or a standard policy. A referral policy is used only to delegate policy definitions to sub/peer organizations. A referral policy does not make use of any action values
        Throws:
        InvalidNameException - if policy name is not valid

      • Policy

        public Policy​(String policyName,
              String description,
              boolean referralPolicy,
              boolean active)
       throws InvalidNameException
        Deprecated.
        Constructs a policy given the policy name , description, referralPolicy flag, and active flag
        Parameters:
        policyName - name of the policy
        description - description for the policy
        referralPolicy - indicates whether the policy is a referral policy or a standard policy.
        active - indicates if the policy is active or not. A referral policy is used only to delegate policy definitions to sub/peer organizations. A referral policy does not make use of any action values
        Throws:
        InvalidNameException - if policy name is not valid

    • Method Detail

      • getName

        public String getName()
        Deprecated.
        Gets the name of the policy.
        Returns:
        name of the policy

      • setName

        public void setName​(String policyName)
             throws InvalidNameException
        Deprecated.
        Sets the name of the policy.
        Parameters:
        policyName - name of the policy.
        Throws:
        InvalidNameException - if policyName is an invalid name.

      • getOriginalName

        protected String getOriginalName()
        Deprecated.
        Gets the original policy name. This is used to track policies called via PolicyManager::replacePolicy() with the changed policy name.
        Returns:
        the policy name that was present when the object was instantiated

      • getOrganizationName

        public String getOrganizationName()
        Deprecated.
        Gets the organization name under which the policy is created This would be set only for policies that have been read from data store. Otherwise this would be null
        Returns:
        the organization name under which the policy is created

      • resetOriginalName

        protected void resetOriginalName()
        Deprecated.
        Resets the original policy name

      • getDescription

        public String getDescription()
        Deprecated.
        Gets the description for the policy. If the description for the policy has not been set the method will return an empty string; not null.
        Returns:
        description of the policy

      • setDescription

        public void setDescription​(String description)
                    throws InvalidNameException
        Deprecated.
        Sets the description for the policy.
        Parameters:
        description - description for the policy
        Throws:
        InvalidNameException - if the description is invalid

      • isReferralPolicy

        public boolean isReferralPolicy()
        Deprecated.
        Checks whether the policy is a referral policy. A referral policy is used only to delegate policy definitions to sub/peer organizations. A referral policy does not make use of any action values
        Returns:
        true if this is a referral policy. Otherwise returns false

      • isActive

        public boolean isActive()
        Deprecated.
        Checks whether the policy is active or inactive An inactive policy is not used to make policy evaluations.
        Returns:
        true if this is an active policy. Otherwise returns false

      • setActive

        public void setActive​(boolean active)
        Deprecated.
        Set the active flag for policy. An inactive policy is not used to make policy evaluations.
        Parameters:
        active - boolean representing active or inactive.

      • getPriority

        public int getPriority()
        Deprecated.
        Gets the priority of the policy.
        Returns:
        priority of the policy

      • setPriority

        public void setPriority​(int priority)
        Deprecated.
        Sets a priority of the policy.
        Parameters:
        priority - priority of the policy

      • getRuleNames

        public Set getRuleNames()
        Deprecated.
        Gets the set of rule names associated with the policy.
        Returns:
        Set of rule names

      • getRule

        public Rule getRule​(String ruleName)
             throws NameNotFoundException
        Deprecated.
        Gets the rule object identified by name.
        Parameters:
        ruleName - name of rule.
        Returns:
        Rule object.
        Throws:
        NameNotFoundException - if a Rule with the given name does not exist

      • replaceRule

        public void replaceRule​(Rule rule)
                 throws InvalidNameException
        Deprecated.
        Replaces an existing rule with the same name by the current one. If a Rule with the same name does not exist, it will be added.
        Parameters:
        rule - Rule that will replace an existing rule with the same name
        Throws:
        InvalidNameException - if Rule name is invalid

      • removeRule

        public Rule removeRule​(String ruleName)
        Deprecated.
        Removes the Rule with the given name.
        Parameters:
        ruleName - name of the rule
        Returns:
        returns the Rule object being removed; if not present returns null

      • getSubjectNames

        public Set getSubjectNames()
        Deprecated.
        Get the Set of subject names associated with the policy.
        Returns:
        Set of String objects representing subject names

      • getSubject

        public Subject getSubject​(String subjectName)
                   throws NameNotFoundException
        Deprecated.
        Gets the Subject object identified by name.
        Parameters:
        subjectName - name of subject.
        Returns:
        Subject object
        Throws:
        NameNotFoundException - if a Subject with the given name does not exist

      • addSubject

        public void addSubject​(String name,
                       Subject subject)
                throws NameAlreadyExistsException,
                       InvalidNameException
        Deprecated.
        Adds a new policy subject. The subject is added as a normal (non exclusive) subject. So, policy will apply to members of the subject. The policy will apply to a user if he is a member of any normal (non exclusive) subject in the policy or not a member of any exclusive subject in the policy.
        Parameters:
        name - name of the Subject instance
        subject - Subject object to be added to the policy
        Throws:
        NameAlreadyExistsException - if a Subject with the given name already exists
        InvalidNameException - if the subject name is invalid

      • addRealmSubject

        public void addRealmSubject​(String subjectName,
                            SubjectTypeManager stm,
                            boolean exclusive)
                     throws NameAlreadyExistsException,
                            InvalidNameException,
                            PolicyException,
                            SSOException
        Deprecated.
        Adds a reference in the policy to a Subject defined at the realm.
        Parameters:
        subjectName - name of the Subject as defined at the realm
        stm - SubjectTypeManager of the realm. You have to pass the SubjectTypeManager of realm in which you would save the policy. Trying to save the policy at a different realm would throw PolicyException.
        Throws:
        NameAlreadyExistsException - if a Subject with the given name already exists in the policy
        InvalidNameException - if the subject name is invalid or the subject is not found at the realm
        SSOException - if the SSO token is invalid
        PolicyException - if the subject could not be added for any other reason

      • addSubject

        public void addSubject​(String name,
                       Subject subject,
                       boolean exclusive)
                throws NameAlreadyExistsException,
                       InvalidNameException
        Deprecated.
        Adds a new policy subject. The policy will apply to a user if he is a member of any normal (non exclusive) subject in the policy or not a member of any exclusive subject in the policy.
        Parameters:
        name - name of the Subject instance
        subject - Subject object to be added to the policy
        exclusive - boolean flag indicating whether the subject is to be exclusive subject. If subject is exclusive, policy applies to users who are not members of the subject. Otherwise, policy applies to members of the subject.
        Throws:
        NameAlreadyExistsException - if a Subject with the given name already exists
        InvalidNameException - if the subject name is invalid

      • replaceSubject

        public void replaceSubject​(String name,
                           Subject subject)
                    throws NameNotFoundException
        Deprecated.
        Replaces an existing subject with the same name by the current one. If a subject with the same name does not exist, it will be added. The subject is replaced as a normal (non exclusive) subject. So, policy will apply to members of the subject. The policy will apply to a user if he is a member of any normal (non exclusive) subject subject in the policy or not a member of any exclusive subject subject in the policy.
        Parameters:
        name - name of the Subject instance
        subject - Subject that will replace an existing Subject with the same name
        Throws:
        NameNotFoundException - if a Subject instance with the given name is not present

      • replaceSubject

        public void replaceSubject​(String name,
                           Subject subject,
                           boolean exclusive)
                    throws NameNotFoundException
        Deprecated.
        Replaces an existing subject with the same name by the current one. If a subject with the same name does not exist, it will be added. The policy will apply to a user if he is a member of any normal (non exclusive) subject in the policy or not a member of any exclusive subject in the policy.
        Parameters:
        name - name of the Subject instance
        subject - Subject that will replace an existing Subject with the same name
        exclusive - boolean flag indicating whether the subject is to be exclusive subject. If subject is exclusive, policy applies to users who are not members of the subject. Otherwise, policy applies to members of the subject.
        Throws:
        NameNotFoundException - if a Subject instance with the given name is not present

      • removeSubject

        public Subject removeSubject​(String subjectName)
        Deprecated.
        Removes the subject with the given name.
        Parameters:
        subjectName - name of the Subject
        Returns:
        returns the Subject object being removed. if not present returns null

      • removeSubject

        public void removeSubject​(Subject subject)
        Deprecated.
        Removes the Subject object identified by object's equals method. If a Subject instance does not exist, the method will return silently.
        Parameters:
        subject - Subject object that will be removed from the user collection

      • isSubjectExclusive

        public boolean isSubjectExclusive​(String subjectName)
                           throws NameNotFoundException
        Deprecated.
        Checks if the subject is exclusive. If subject is exclusive, policy applies to users who are not members of the subject. Otherwise, policy applies to members of the subject. The policy will apply to a user if he is a member of any normal (non exclusive) subject in the policy or not a member of any exclusive subject in the policy.
        Parameters:
        subjectName - name of the subject
        Returns:
        true if the subject is exclusive, false otherwise.
        Throws:
        NameNotFoundException - if the subject with the given subjectName does not exist in the policy.

      • isRealmSubject

        public boolean isRealmSubject​(String subjectName)
                       throws NameNotFoundException
        Deprecated.
        Checks if the subjectName is a reference to a Subject defined at the realm
        Parameters:
        subjectName - name of the subject
        Returns:
        true if the subject is a reference to a Subject defined at the realm, false otherwise.
        Throws:
        NameNotFoundException - if the subject with the given subjectName does not exist in the policy.

      • getReferralNames

        public Set getReferralNames()
        Deprecated.
        Get the Set of referral names associated with the policy.
        Returns:
        Set of referral names

      • getReferral

        public Referral getReferral​(String referralName)
                     throws NameNotFoundException
        Deprecated.
        Gets the Referral object identified by name.
        Parameters:
        referralName - name of referral.
        Returns:
        Referral object
        Throws:
        NameNotFoundException - if a Referral with the given name does not exist

      • replaceReferral

        public void replaceReferral​(String name,
                            Referral referral)
                     throws NameNotFoundException
        Deprecated.
        Replaces an existing referral with the same name by the current one. If a referral with the same name does not exist, it will be added.
        Parameters:
        name - name of the Referral instance
        referral - Referral that will replace an existing Referral with the same name
        Throws:
        NameNotFoundException - if a Referral instance with the given name is not present

      • removeReferral

        public Referral removeReferral​(String referralName)
        Deprecated.
        Removes the referral with the given name.
        Parameters:
        referralName - name of the Referral
        Returns:
        returns the Referral object being removed; if not present returns null

      • removeReferral

        public void removeReferral​(Referral referral)
        Deprecated.
        Removes the Referral object identified by object's equals method. If a Referral instance does not exist, the method will return silently.
        Parameters:
        referral - Referral object that will be removed

      • getConditionNames

        public Set getConditionNames()
        Deprecated.
        Get the set of condition names associated with the policy.
        Returns:
        Set of condition names

      • getCondition

        public Condition getCondition​(String condition)
                       throws NameNotFoundException
        Deprecated.
        Gets the condition object identified by name.
        Parameters:
        condition - name of condition.
        Returns:
        Condition object.
        Throws:
        NameNotFoundException - if a Condition with the given name does not exist.

      • replaceCondition

        public void replaceCondition​(String name,
                             Condition condition)
                      throws NameNotFoundException
        Deprecated.
        Replaces an existing condition with the same name by the current one. If a condition with the same name does not exist, it will be added.
        Parameters:
        name - name of the Condition instance
        condition - Condition that will replace an existing Condition with the same name
        Throws:
        NameNotFoundException - if a Condition instance with the given name is not present

      • removeCondition

        public Condition removeCondition​(String condition)
        Deprecated.
        Removes the condition with the given name.
        Parameters:
        condition - name of the Condition
        Returns:
        returns the Condition object being removed; if not present returns null

      • removeCondition

        public void removeCondition​(Condition condition)
        Deprecated.
        Removes the Condition object identified by object's equals method. If a condition instance does not exist, the method will return silently.
        Parameters:
        condition - Condition object that will be removed

      • getResponseProviderNames

        public Set getResponseProviderNames()
        Deprecated.
        Get a Set of String objects representing the responseProvider names associated with the policy.
        Returns:
        Set of responseProvider names

      • getResponseProvider

        public ResponseProvider getResponseProvider​(String respProvider)
                                     throws NameNotFoundException
        Deprecated.
        Gets the ResponseProvider object identified by name.
        Parameters:
        respProvider - name of ResponseProvider.
        Returns:
        ResponseProvider object.
        Throws:
        NameNotFoundException - if a ResponseProvider with the given name does not exist.

      • replaceResponseProvider

        public void replaceResponseProvider​(String name,
                                    ResponseProvider respProvider)
                             throws NameNotFoundException
        Deprecated.
        Replaces an existing ResponseProvider with the same name by the current one. If a respProvider with the same name does not exist, it will be added.
        Parameters:
        name - name of the ResponseProvider instance
        respProvider - ResponseProvider that will replace an existing ResponseProvider with the same name
        Throws:
        NameNotFoundException - if a ResponseProvider instance with the given name is not present.

      • removeResponseProvider

        public ResponseProvider removeResponseProvider​(String respProvider)
        Deprecated.
        Removes the ResponseProvider with the given name.
        Parameters:
        respProvider - name of the ResponseProvider
        Returns:
        returns the ResponseProvider object being removed; if not present returns null.

      • removeResponseProvider

        public void removeResponseProvider​(ResponseProvider respProvider)
        Deprecated.
        Removes the ResponseProvider object. If a respProvider instance does not exist, the method will return silently.
        Parameters:
        respProvider - ResponseProvider object that will be removed

      • store

        public void store​(SSOToken token,
                  String name)
           throws SSOException,
                  NoPermissionException,
                  NameAlreadyExistsException,
                  NameNotFoundException,
                  PolicyException
        Deprecated.
        Stores the policy object in a persistent data store under the organization, sub-organization or a container object, specified as a parameter. The organization, sub-organization, or the container can be either a LDAP distinguished name (dn) or slash "/" separated as per SMS. This method uses the SSOToken provided to perform the store operation, and hence if the single sign token has expired SSOException will be thrown, and if the user does not have the required privileges NoPermissionException exception will be thrown.

        If a policy with the same name exists for the organization the method will throw NameAlreadyExistsException. And if the organization name does not exist, the method will throw NameNotFoundException.

        Parameters:
        token - SSO token of the user managing policy
        name - name of the organization, sub-organization or a container in which the policy will be stored.
        Throws:
        SSOException - invalid or expired single-sign-on token
        NoPermissionException - user does not have sufficient privileges to add policy
        NameAlreadyExistsException - a policy with the same name already exists
        NameNotFoundException - the given organization name does not exist
        PolicyException - for any other abnormal condition

      • equals

        public boolean equals​(Object obj)
        Deprecated.
        Checks if two policy objects are equal. This method does not check the policy name and description for equality.
        Overrides:
        equals in class Object
        Parameters:
        obj - object againt which the policy object will be checked for equality
        Returns:
        true if policies are equal, false otherwise.

      • clone

        public Object clone()
        Deprecated.
        Creates and returns a copy of this object. The returned Policy object will have the same policy name, rules, subjects, referrals and conditions such that x.clone().equals(x) will be true. However x.clone() will not be the same as x, i.e., x.clone() != x.
        Overrides:
        clone in class Object
        Returns:
        a copy of this object

      • toXML

        public String toXML()
        Deprecated.
        Returns the serialized policy in XML
        Returns:
        serialized policy in XML

      • toXML

        public String toXML​(boolean withHeader)
        Deprecated.

      • toString

        public String toString()
        Deprecated.
        Gets string representation of the policy object.
        Overrides:
        toString in class Object
        Returns:
        XML string representation of the policy object

      • getPolicyDecision

        public PolicyDecision getPolicyDecision​(SSOToken token,
                                        String resourceTypeName,
                                        String resourceName,
                                        Set actionNames,
                                        Map envParameters)
                                 throws SSOException,
                                        NameNotFoundException,
                                        PolicyException
        Deprecated.
        Gets policy decision
        Parameters:
        token - sso token identifying the user for who the policy has to be evaluated.
        resourceTypeName - resourceType name
        resourceName - resourceName
        actionNames - a set of action names for which policy results are to be evaluated. Each element of the set should be a String
        envParameters - a Map of environment parameters Each key of the Map is a String valued parameter name Each value of the map is a Set of String values
        Returns:
        a PolicyDecision
        Throws:
        NameNotFoundException - if the action name or resource name is not found
        SSOException - if token is invalid
        PolicyException - for any other exception condition

      • getCreationDate

        public long getCreationDate()
        Deprecated.
        Returns creation date.
        Returns:
        creation date.

      • setCreationDate

        public void setCreationDate​(long creationDate)
        Deprecated.
        Sets the creation date.
        Parameters:
        creationDate - creation date.

      • getLastModifiedDate

        public long getLastModifiedDate()
        Deprecated.
        Returns last modified date.
        Returns:
        last modified date.

      • setLastModifiedDate

        public void setLastModifiedDate​(long lastModifiedDate)
        Deprecated.
        Sets the last modified date.
        Parameters:
        lastModifiedDate - last modified date.

      • getLastModifiedBy

        public String getLastModifiedBy()
        Deprecated.
        Returns the user ID who last modified the policy.
        Returns:
        user ID who last modified the policy.

      • setLastModifiedBy

        public void setLastModifiedBy​(String lastModifiedBy)
        Deprecated.
        Sets the user ID who last modified the policy.
        Parameters:
        lastModifiedBy - user ID who last modified the policy.

      • getCreatedBy

        public String getCreatedBy()
        Deprecated.
        Returns the user ID who created the policy.
        Returns:
        user ID who created the policy.

      • setCreatedBy

        public void setCreatedBy​(String createdBy)
        Deprecated.
        Sets the user ID who created the policy.
        Parameters:
        createdBy - user ID who created the policy.