Package com.sun.identity.policy
Class PolicyConfig
- java.lang.Object
-
- com.sun.identity.policy.PolicyConfig
-
- All Implemented Interfaces:
ServiceListener
public class PolicyConfig extends Object implements ServiceListener
ThePolicyConfigclass manages policy configuration for an organization and resource comparator configuration for aserviceType. The policy organization configuration is defined in amPolicyConfiguration service. The policy configuration values need to be set for each organization. TheSubjectimplementations get these configuration values as aMap. The keys to the map are defined as constants in this class. Different Subject implementations need different key values. For example, LDAP Group subject needsLDAP_GROUP_SEARCH_FILTER, LDAP_GROUP_SEARCH_SCOPE. All subject plugins that do not use Identity repository API, will requireLDAP_SERVER, LDAP_BASE_DN, LDAP_BIND_DN, LDAP_BIND_PASSWORD.The resource comparator configuration is a
Map. The keys to this map are serviceType names. For example, "iplanetAMWebAgentService". The value for these keys is also aMap. The value map contains following keys. This map is passed to the ResourceComparator class while instantiating a ResourceComparator class. The map contains the following keys:RESOURCE_COMPARATOR_CLASSRESOURCE_COMPARATOR_WILDCARDRESOURCE_COMPARATOR_ONE_LEVEL_WILDCARDRESOURCE_COMPARATOR_DELIMITERRESOURCE_COMPARATOR_CASE_SENSITIVE
-
-
Field Summary
-
Fields inherited from interface com.sun.identity.sm.ServiceListener
ADDED, MODIFIED, REMOVED
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static SetgetAdvicesHandleableByAM()Returns names of policy advices that could be handled by OpenSSO Enterprise if PEP redirects the user agent to OpenSSO.static MapgetPolicyConfig(String org)this method returns the policy configuration for the given organization.static MapgetResourceCompareConfig(String service)Returns the resource comparator configuration for the given service typestatic longgetSubjectsResultTtl(Map policyConfig)Gets subjectsResultTtl - time in milliseconds for which result of subjects evaluation would be cached based, on the policyConfig map passed.voidglobalConfigChanged(String serviceName, String version, String groupName, String serviceComponent, int changeType)This method will be invoked when a service's global configuation data has been changed.voidorganizationConfigChanged(String serviceName, String version, String orgName, String groupName, String serviceComponent, int changeType)This method will be invoked when a service's organization configuation data has been changed.voidschemaChanged(String serviceName, String version)This method will be invoked when a service's schema has been changed.
-
-
-
Field Detail
-
LDAP_SERVER
public static final String LDAP_SERVER
- See Also:
- Constant Field Values
-
LDAP_BASE_DN
public static final String LDAP_BASE_DN
- See Also:
- Constant Field Values
-
LDAP_USERS_BASE_DN
public static final String LDAP_USERS_BASE_DN
- See Also:
- Constant Field Values
-
LDAP_BIND_DN
public static final String LDAP_BIND_DN
- See Also:
- Constant Field Values
-
LDAP_BIND_PASSWORD
public static final String LDAP_BIND_PASSWORD
- See Also:
- Constant Field Values
-
LDAP_ORG_SEARCH_FILTER
public static final String LDAP_ORG_SEARCH_FILTER
- See Also:
- Constant Field Values
-
LDAP_ORG_SEARCH_SCOPE
public static final String LDAP_ORG_SEARCH_SCOPE
- See Also:
- Constant Field Values
-
LDAP_GROUP_SEARCH_FILTER
public static final String LDAP_GROUP_SEARCH_FILTER
- See Also:
- Constant Field Values
-
LDAP_GROUP_SEARCH_SCOPE
public static final String LDAP_GROUP_SEARCH_SCOPE
- See Also:
- Constant Field Values
-
LDAP_USERS_SEARCH_FILTER
public static final String LDAP_USERS_SEARCH_FILTER
- See Also:
- Constant Field Values
-
LDAP_USERS_SEARCH_SCOPE
public static final String LDAP_USERS_SEARCH_SCOPE
- See Also:
- Constant Field Values
-
LDAP_ROLES_SEARCH_FILTER
public static final String LDAP_ROLES_SEARCH_FILTER
- See Also:
- Constant Field Values
-
LDAP_ROLES_SEARCH_SCOPE
public static final String LDAP_ROLES_SEARCH_SCOPE
- See Also:
- Constant Field Values
-
LDAP_ORG_SEARCH_ATTRIBUTE
public static final String LDAP_ORG_SEARCH_ATTRIBUTE
- See Also:
- Constant Field Values
-
LDAP_GROUP_SEARCH_ATTRIBUTE
public static final String LDAP_GROUP_SEARCH_ATTRIBUTE
- See Also:
- Constant Field Values
-
LDAP_USER_SEARCH_ATTRIBUTE
public static final String LDAP_USER_SEARCH_ATTRIBUTE
- See Also:
- Constant Field Values
-
LDAP_ROLES_SEARCH_ATTRIBUTE
public static final String LDAP_ROLES_SEARCH_ATTRIBUTE
- See Also:
- Constant Field Values
-
LDAP_SEARCH_TIME_OUT
public static final String LDAP_SEARCH_TIME_OUT
- See Also:
- Constant Field Values
-
LDAP_SEARCH_LIMIT
public static final String LDAP_SEARCH_LIMIT
- See Also:
- Constant Field Values
-
LDAP_CONNECTION_POOL_MIN_SIZE
public static final String LDAP_CONNECTION_POOL_MIN_SIZE
- See Also:
- Constant Field Values
-
LDAP_CONNECTION_POOL_MAX_SIZE
public static final String LDAP_CONNECTION_POOL_MAX_SIZE
- See Also:
- Constant Field Values
-
LDAP_SSL_ENABLED
public static final String LDAP_SSL_ENABLED
- See Also:
- Constant Field Values
-
IS_ROLES_BASE_DN
public static final String IS_ROLES_BASE_DN
- See Also:
- Constant Field Values
-
IS_ROLES_SEARCH_SCOPE
public static final String IS_ROLES_SEARCH_SCOPE
- See Also:
- Constant Field Values
-
SELECTED_SUBJECTS
public static final String SELECTED_SUBJECTS
- See Also:
- Constant Field Values
-
SELECTED_REFERRALS
public static final String SELECTED_REFERRALS
- See Also:
- Constant Field Values
-
SELECTED_CONDITIONS
public static final String SELECTED_CONDITIONS
- See Also:
- Constant Field Values
-
SELECTED_RESPONSE_PROVIDERS
public static final String SELECTED_RESPONSE_PROVIDERS
- See Also:
- Constant Field Values
-
SELECTED_DYNAMIC_ATTRIBUTES
public static final String SELECTED_DYNAMIC_ATTRIBUTES
- See Also:
- Constant Field Values
-
USER_ALIAS_ENABLED
public static final String USER_ALIAS_ENABLED
- See Also:
- Constant Field Values
-
RESOURCE_COMPARATOR
public static final String RESOURCE_COMPARATOR
- See Also:
- Constant Field Values
-
RESOURCE_COMPARATOR_TYPE
public static final String RESOURCE_COMPARATOR_TYPE
- See Also:
- Constant Field Values
-
RESOURCE_COMPARATOR_CLASS
public static final String RESOURCE_COMPARATOR_CLASS
- See Also:
- Constant Field Values
-
RESOURCE_COMPARATOR_DELIMITER
public static final String RESOURCE_COMPARATOR_DELIMITER
- See Also:
- Constant Field Values
-
RESOURCE_COMPARATOR_WILDCARD
public static final String RESOURCE_COMPARATOR_WILDCARD
- See Also:
- Constant Field Values
-
RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD
public static final String RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD
- See Also:
- Constant Field Values
-
RESOURCE_COMPARATOR_CASE_SENSITIVE
public static final String RESOURCE_COMPARATOR_CASE_SENSITIVE
- See Also:
- Constant Field Values
-
CONTINUE_EVALUATION_ON_DENY_DECISION
public static final String CONTINUE_EVALUATION_ON_DENY_DECISION
- See Also:
- Constant Field Values
-
ORG_ALIAS_MAPPED_RESOURCES_ENABLED
public static final String ORG_ALIAS_MAPPED_RESOURCES_ENABLED
- See Also:
- Constant Field Values
-
ADVICES_HANDLEABLE_BY_AM
public static final String ADVICES_HANDLEABLE_BY_AM
- See Also:
- Constant Field Values
-
ORG_DN
public static final String ORG_DN
- See Also:
- Constant Field Values
-
SUBJECTS_RESULT_TTL
public static final String SUBJECTS_RESULT_TTL
attribute to define value for Subjects result ttl- See Also:
- Constant Field Values
-
POLICY_CONFIG_SERVICE
public static final String POLICY_CONFIG_SERVICE
- See Also:
- Constant Field Values
-
ISDS_HOST
public static final String ISDS_HOST
OpenAM directory host.
-
-
Method Detail
-
getResourceCompareConfig
public static Map getResourceCompareConfig(String service) throws PolicyException
Returns the resource comparator configuration for the given service type- Parameters:
service-ServiceTypename- Returns:
- - Map containing data for
RESOURCE_COMPARATOR_CLASS,RESOURCE_COMPARATOR_DELIMITER,RESOURCE_COMPARATOR_WILDCARD,RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD,RESOURCE_COMPARATOR_CASE_SENSITIVEkeys. Note that return value would be null if service name passed in is null or if there is no configuration available for service - Throws:
PolicyException
-
getPolicyConfig
public static Map getPolicyConfig(String org) throws PolicyException
this method returns the policy configuration for the given organization.- Parameters:
org- Organization name- Returns:
- Map of organization configuration attributes. The possible
keys in the map are defined in
PolicyConfig - Throws:
PolicyException- if it is not able to get the policy configuration for the given organization.
-
schemaChanged
public void schemaChanged(String serviceName, String version)
This method will be invoked when a service's schema has been changed.- Specified by:
schemaChangedin interfaceServiceListener- Parameters:
serviceName- name of the serviceversion- version of the service
-
globalConfigChanged
public void globalConfigChanged(String serviceName, String version, String groupName, String serviceComponent, int changeType)
This method will be invoked when a service's global configuation data has been changed. The parameter groupName denote the name of the configuration grouping (e.g. default) and serviceComponent denotes the service's sub-component that changed- Specified by:
globalConfigChangedin interfaceServiceListener- Parameters:
serviceName- name of the serviceversion- version of the serviceserviceComponent- name of the service components that changedgroupName- name of the configuration grouping.changeType- change type, i.e., ADDED, REMOVED or MODIFIED.
-
organizationConfigChanged
public void organizationConfigChanged(String serviceName, String version, String orgName, String groupName, String serviceComponent, int changeType)
This method will be invoked when a service's organization configuation data has been changed. The parameters orgName, groupName and serviceComponent denotes the organization name, configuration grouping name and service's sub-component that are changed respectively.- Specified by:
organizationConfigChangedin interfaceServiceListener- Parameters:
serviceName- name of the serviceversion- version of the servicegroupName-orgName- organization name as DNserviceComponent- the name of the service components that changedchangeType- change type, i.e., ADDED, REMOVED or MODIFIED
-
getSubjectsResultTtl
public static long getSubjectsResultTtl(Map policyConfig)
Gets subjectsResultTtl - time in milliseconds for which result of subjects evaluation would be cached based, on the policyConfig map passed.- Parameters:
policyConfig- policy config map that is used to compute subjectsResultTtl. Value of key PolicyConfig.SUBJECTS_RESULT_TTL in the map is assumed to be value of subjectsResultTtl in minutes. If the value is not defined in the map or it can not be parsed as int, the value would default to0- Returns:
- subjectsResultTtl
-
getAdvicesHandleableByAM
public static Set getAdvicesHandleableByAM() throws PolicyException
Returns names of policy advices that could be handled by OpenSSO Enterprise if PEP redirects the user agent to OpenSSO.- Returns:
Setrepresenting names of policy advices OpenSSO could handle.- Throws:
PolicyException
-
-