public class PolicyConfig extends Object implements ServiceListener
PolicyConfig class manages policy configuration for
an organization and resource comparator configuration for a
serviceType.
The policy organization configuration is defined in amPolicyConfiguration
service. The policy configuration values need to be set for each
organization. The Subject implementations get these
configuration values as a Map. The keys to the map are defined
as constants in this class. Different Subject implementations need different
key values. For example, LDAP Group subject needs
LDAP_GROUP_SEARCH_FILTER, LDAP_GROUP_SEARCH_SCOPE. All subject
plugins that do not use Identity repository API, will require
LDAP_SERVER, LDAP_BASE_DN, LDAP_BIND_DN, LDAP_BIND_PASSWORD.
The resource comparator configuration is a Map. The keys
to this map are serviceType names. For example, "iplanetAMWebAgentService".
The value for these keys is also a Map. The value map contains
following keys. This map is passed to the ResourceComparator class while
instantiating a ResourceComparator class.
The map contains the following keys:
RESOURCE_COMPARATOR_CLASSRESOURCE_COMPARATOR_WILDCARDRESOURCE_COMPARATOR_ONE_LEVEL_WILDCARDRESOURCE_COMPARATOR_DELIMITER RESOURCE_COMPARATOR_CASE_SENSITIVEADDED, MODIFIED, REMOVED| Modifier and Type | Method and Description |
|---|---|
static Set |
getAdvicesHandleableByAM()
Returns names of policy advices that could be handled by OpenSSO
Enterprise if PEP redirects the user agent to OpenSSO.
|
static Map |
getPolicyConfig(String org)
this method returns the policy configuration for the given organization.
|
static Map |
getResourceCompareConfig(String service)
Returns the resource comparator configuration for the given
service type
|
static long |
getSubjectsResultTtl(Map policyConfig)
Gets subjectsResultTtl - time in milliseconds for which result of
subjects evaluation would be cached based, on the policyConfig map
passed.
|
void |
globalConfigChanged(String serviceName,
String version,
String groupName,
String serviceComponent,
int changeType)
This method will be invoked when a service's global configuation
data has been changed.
|
void |
organizationConfigChanged(String serviceName,
String version,
String orgName,
String groupName,
String serviceComponent,
int changeType)
This method will be invoked when a service's organization
configuation data has been changed.
|
void |
schemaChanged(String serviceName,
String version)
This method will be invoked when a service's schema has been changed.
|
public static final String LDAP_SERVER
public static final String LDAP_BASE_DN
public static final String LDAP_USERS_BASE_DN
public static final String LDAP_BIND_DN
public static final String LDAP_BIND_PASSWORD
public static final String LDAP_ORG_SEARCH_FILTER
public static final String LDAP_ORG_SEARCH_SCOPE
public static final String LDAP_GROUP_SEARCH_FILTER
public static final String LDAP_GROUP_SEARCH_SCOPE
public static final String LDAP_USERS_SEARCH_FILTER
public static final String LDAP_USERS_SEARCH_SCOPE
public static final String LDAP_ROLES_SEARCH_FILTER
public static final String LDAP_ROLES_SEARCH_SCOPE
public static final String LDAP_ORG_SEARCH_ATTRIBUTE
public static final String LDAP_GROUP_SEARCH_ATTRIBUTE
public static final String LDAP_USER_SEARCH_ATTRIBUTE
public static final String LDAP_ROLES_SEARCH_ATTRIBUTE
public static final String LDAP_SEARCH_TIME_OUT
public static final String LDAP_SEARCH_LIMIT
public static final String LDAP_CONNECTION_POOL_MIN_SIZE
public static final String LDAP_CONNECTION_POOL_MAX_SIZE
public static final String LDAP_SSL_ENABLED
public static final String IS_ROLES_BASE_DN
public static final String IS_ROLES_SEARCH_SCOPE
public static final String SELECTED_SUBJECTS
public static final String SELECTED_REFERRALS
public static final String SELECTED_CONDITIONS
public static final String SELECTED_RESPONSE_PROVIDERS
public static final String SELECTED_DYNAMIC_ATTRIBUTES
public static final String USER_ALIAS_ENABLED
public static final String RESOURCE_COMPARATOR
public static final String RESOURCE_COMPARATOR_TYPE
public static final String RESOURCE_COMPARATOR_CLASS
public static final String RESOURCE_COMPARATOR_DELIMITER
public static final String RESOURCE_COMPARATOR_WILDCARD
public static final String RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD
public static final String RESOURCE_COMPARATOR_CASE_SENSITIVE
public static final String CONTINUE_EVALUATION_ON_DENY_DECISION
public static final String ORG_ALIAS_MAPPED_RESOURCES_ENABLED
public static final String ADVICES_HANDLEABLE_BY_AM
public static final String ORG_DN
public static final String SUBJECTS_RESULT_TTL
public static final String POLICY_CONFIG_SERVICE
public static final String ISDS_HOST
public static Map getResourceCompareConfig(String service) throws PolicyException
service - ServiceType nameRESOURCE_COMPARATOR_CLASS,
RESOURCE_COMPARATOR_DELIMITER,
RESOURCE_COMPARATOR_WILDCARD,
RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD,
RESOURCE_COMPARATOR_CASE_SENSITIVE keys.
Note that return value would be null if service name passed in is null
or if there is no configuration available for servicePolicyExceptionpublic static Map getPolicyConfig(String org) throws PolicyException
org - Organization namePolicyConfigPolicyException - if it is not able to get the policy
configuration for the given organization.public void schemaChanged(String serviceName, String version)
schemaChanged in interface ServiceListenerserviceName - name of the serviceversion - version of the servicepublic void globalConfigChanged(String serviceName, String version, String groupName, String serviceComponent, int changeType)
globalConfigChanged in interface ServiceListenerserviceName - name of the serviceversion - version of the serviceserviceComponent - name of the service components that
changedgroupName - name of the configuration grouping.changeType - change type, i.e., ADDED, REMOVED or MODIFIED.public void organizationConfigChanged(String serviceName, String version, String orgName, String groupName, String serviceComponent, int changeType)
organizationConfigChanged in interface ServiceListenerserviceName - name of the serviceversion - version of the servicegroupName - orgName - organization name as DNserviceComponent - the name of the service components that
changedchangeType - change type, i.e., ADDED, REMOVED or MODIFIEDpublic static long getSubjectsResultTtl(Map policyConfig)
policyConfig - policy config map that is used to compute
subjectsResultTtl. Value of key
PolicyConfig.SUBJECTS_RESULT_TTL in the map is assumed to be
value of subjectsResultTtl in minutes. If the value is not
defined in the map or it can not be parsed as int, the value
would default to 0public static Set getAdvicesHandleableByAM() throws PolicyException
Set representing names of policy advices
OpenSSO could handle.PolicyExceptionCopyright © 2010–2025 Open Identity Platform Community. All rights reserved.