Package com.sun.identity.policy.client

Class PolicyEvaluator

  • public class PolicyEvaluator
extends Object
    This class provides methods to get policy decisions for clients of policy service. This class uses XML/HTTP protocol to communicate with the Policy Service. Policy client API implementation caches policy decision locally. The cache is updated through policy change notifications and/or polling.

    • Method Detail

      • isAllowed

        public boolean isAllowed​(SSOToken token,
                         String resourceName,
                         String actionName)
                  throws PolicyException,
                         SSOException
        Evaluates a simple privilege of boolean type. The privilege indicates if the user can perform specified action on the specified resource.
        Parameters:
        token - single sign on token of the user evaluating policies
        resourceName - name of the resource the user is trying to access
        actionName - name of the action the user is trying to perform on the resource
        Returns:
        the result of the evaluation as a boolean value
        Throws:
        PolicyException - if result could not be computed for any reason other than single sign on token problem.
        SSOException - if single sign on token is not valid

      • isAllowed

        public boolean isAllowed​(SSOToken token,
                         String resourceName,
                         String actionName,
                         Map envParameters)
                  throws PolicyException,
                         SSOException
        Evaluates simple privileges of boolean type. The privilege indicates if the user can perform specified action on the specified resource. The evaluation also depends on user's application environment parameters.
        Parameters:
        token - single sign on token of the user evaluating policies.
        resourceName - name of the resource the user is trying to access
        actionName - name of the action the user is trying to perform on the resource
        envParameters - run time environment parameters
        Returns:
        the result of the evaluation as a boolean value
        Throws:
        PolicyException - if result could not be computed for reason other than single sign on token problem.
        SSOException - if single sign on token is not valid

      • getPolicyDecision

        public PolicyDecision getPolicyDecision​(SSOToken token,
                                        String resourceName,
                                        Set actionNames)
                                 throws PolicyException,
                                        SSOException
        Evaluates privileges of the user to perform the specified actions on the specified resource.
        Parameters:
        token - single sign on token of the user evaluating policies.
        resourceName - name of the resource the user is trying to access.
        actionNames - Set of action names the user is trying to perform on the resource.
        Returns:
        policy decision
        Throws:
        PolicyException - if result could not be computed for any reason other than single sign on token problem.
        SSOException - if single sign on token is not valid

      • getPolicyDecision

        public PolicyDecision getPolicyDecision​(SSOToken token,
                                        String resourceName,
                                        Set actionNames,
                                        Map envParameters)
                                 throws PolicyException,
                                        SSOException
        Evaluates privileges of the user to perform the specified actions on the specified resource. The evaluation also depends on user's run time environment parameters.
        Parameters:
        token - single sign on token of the user evaluating policies.
        resourceName - name of the resource the user is trying to access
        actionNames - Set of action names the user is trying to perform on the resource.
        envParameters - run-time environment parameters
        Returns:
        policy decision
        Throws:
        PolicyException - if result could not be computed for any reason other than single sign on token problem.
        SSOException - if single sign on token is invalid or expired.

      • getAdvicesHandleableByAM

        public Set getAdvicesHandleableByAM​(boolean refetchFromServer)
                             throws InvalidAppSSOTokenException,
                                    PolicyEvaluationException,
                                    PolicyException,
                                    SSOException
        Gets names of policy advices that could be handled by OpenAM if PEP redirects user agent to OpenAM. If the server reports an error indicating the app sso token provided was invalid, new app sso token is obtained from app sso token provider and another attempt is made to get policy advices
        Parameters:
        refetchFromServer - indicates whether to get the values fresh from OpenAM or return the values from local cache
        Returns:
        names of policy advices that could be handled by OpenAM Enterprise if PEP redirects user agent to OpenAM.
        Throws:
        InvalidAppSSOTokenException - if the server reported that the app sso token provided was invalid
        PolicyEvaluationException - if the server reported any other error
        PolicyException - if there are problems in policy module while getting the result
        SSOException - if there are problems with sso token while getting the result

      • getCompositeAdvice

        public String getCompositeAdvice​(ActionDecision actionDecision)
                          throws PolicyException,
                                 SSOException
        Returns XML string representation of advice map contained in the actionDecision. This is a convenience method for use by PEP.
        Parameters:
        actionDecision - actionDecision that contains the advices
        Returns:
        XML string representation of advice map contained in the actionDecision subject to the following rule. If the actionDecision is null, the return value would be null. Otherwise, if the actionDecision does not contain any advice, the return value would be null. Otherwise, actionDecision contains advices. In this case, if the advices contains at least one advice name that could be handled by AM, the complete advices element is serialized to XML and the XML string is returned. Otherwise, null is returned.
        Throws:
        PolicyException - for any abnormal condition encountered in policy module
        SSOException - for any abnormal condition encountered in session module