com.sun.identity.policy.client

Class PolicyEvaluator

java.lang.Object

com.sun.identity.policy.client.PolicyEvaluator

public class PolicyEvaluator
extends Object

This class provides methods to get policy decisions for clients of policy service. This class uses XML/HTTP protocol to communicate with the Policy Service. Policy client API implementation caches policy decision locally. The cache is updated through policy change notifications and/or polling.

Method Summary

Modifier and Type	Method and Description
Set	getAdvicesHandleableByAM(boolean refetchFromServer) Gets names of policy advices that could be handled by OpenAM if PEP redirects user agent to OpenAM.
String	getCompositeAdvice(ActionDecision actionDecision) Returns XML string representation of advice map contained in the actionDecision.
PolicyDecision	getPolicyDecision(SSOToken token, String resourceName, Set actionNames) Evaluates privileges of the user to perform the specified actions on the specified resource.
PolicyDecision	getPolicyDecision(SSOToken token, String resourceName, Set actionNames, Map envParameters) Evaluates privileges of the user to perform the specified actions on the specified resource.
boolean	isAllowed(SSOToken token, String resourceName, String actionName) Evaluates a simple privilege of boolean type.
boolean	isAllowed(SSOToken token, String resourceName, String actionName, Map envParameters) Evaluates simple privileges of boolean type.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

isAllowed

public boolean isAllowed(SSOToken token,
                         String resourceName,
                         String actionName)
                  throws PolicyException,
                         SSOException

Evaluates a simple privilege of boolean type. The privilege indicates if the user can perform specified action on the specified resource.

Parameters:

token - single sign on token of the user evaluating policies

resourceName - name of the resource the user is trying to access

actionName - name of the action the user is trying to perform on the resource

Returns:

the result of the evaluation as a boolean value

Throws:

PolicyException - if result could not be computed for any reason other than single sign on token problem.

SSOException - if single sign on token is not valid

isAllowed

public boolean isAllowed(SSOToken token,
                         String resourceName,
                         String actionName,
                         Map envParameters)
                  throws PolicyException,
                         SSOException

Evaluates simple privileges of boolean type. The privilege indicates if the user can perform specified action on the specified resource. The evaluation also depends on user's application environment parameters.

Parameters:

token - single sign on token of the user evaluating policies.

resourceName - name of the resource the user is trying to access

actionName - name of the action the user is trying to perform on the resource

envParameters - run time environment parameters

Returns:

the result of the evaluation as a boolean value

Throws:

PolicyException - if result could not be computed for reason other than single sign on token problem.

SSOException - if single sign on token is not valid

getPolicyDecision

public PolicyDecision getPolicyDecision(SSOToken token,
                                        String resourceName,
                                        Set actionNames)
                                 throws PolicyException,
                                        SSOException

Evaluates privileges of the user to perform the specified actions on the specified resource.

Parameters:

token - single sign on token of the user evaluating policies.

resourceName - name of the resource the user is trying to access.

actionNames - Set of action names the user is trying to perform on the resource.

Returns:

policy decision

Throws:

PolicyException - if result could not be computed for any reason other than single sign on token problem.

SSOException - if single sign on token is not valid

getPolicyDecision

public PolicyDecision getPolicyDecision(SSOToken token,
                                        String resourceName,
                                        Set actionNames,
                                        Map envParameters)
                                 throws PolicyException,
                                        SSOException

Evaluates privileges of the user to perform the specified actions on the specified resource. The evaluation also depends on user's run time environment parameters.

Parameters:

token - single sign on token of the user evaluating policies.

resourceName - name of the resource the user is trying to access

actionNames - Set of action names the user is trying to perform on the resource.

envParameters - run-time environment parameters

Returns:

policy decision

Throws:

PolicyException - if result could not be computed for any reason other than single sign on token problem.

SSOException - if single sign on token is invalid or expired.

getAdvicesHandleableByAM

public Set getAdvicesHandleableByAM(boolean refetchFromServer)
                             throws InvalidAppSSOTokenException,
                                    PolicyEvaluationException,
                                    PolicyException,
                                    SSOException

Gets names of policy advices that could be handled by OpenAM if PEP redirects user agent to OpenAM. If the server reports an error indicating the app sso token provided was invalid, new app sso token is obtained from app sso token provider and another attempt is made to get policy advices

Parameters:

refetchFromServer - indicates whether to get the values fresh from OpenAM or return the values from local cache

Returns:

names of policy advices that could be handled by OpenAM Enterprise if PEP redirects user agent to OpenAM.

Throws:

InvalidAppSSOTokenException - if the server reported that the app sso token provided was invalid

PolicyEvaluationException - if the server reported any other error

PolicyException - if there are problems in policy module while getting the result

SSOException - if there are problems with sso token while getting the result

getCompositeAdvice

public String getCompositeAdvice(ActionDecision actionDecision)
                          throws PolicyException,
                                 SSOException

Returns XML string representation of advice map contained in the actionDecision. This is a convenience method for use by PEP.

Parameters:

actionDecision - actionDecision that contains the advices

Returns:

XML string representation of advice map contained in the actionDecision subject to the following rule. If the actionDecision is null, the return value would be null. Otherwise, if the actionDecision does not contain any advice, the return value would be null. Otherwise, actionDecision contains advices. In this case, if the advices contains at least one advice name that could be handled by AM, the complete advices element is serialized to XML and the XML string is returned. Otherwise, null is returned.

Throws:

PolicyException - for any abnormal condition encountered in policy module

SSOException - for any abnormal condition encountered in session module