EntitlementCondition@Deprecated public interface Condition extends Cloneable
Condition defines an interface
to allow pluggable condition. These are used to control
policy decisions based on parameters such as time,
authentication level of the user session and IP address from which
the user is making the request.
A condition computes a ConditionDecision based on the state
of condition object as set by setProperties
method call and the environment passed in a map of key/value pairs.
ConditionDecision encapsulates whether a Policy
applies for the request and Advice messages generated by
the condition.
The following Condition implementation are provided with the
Policy framework:
ConditionDecision| Modifier and Type | Field and Description |
|---|---|
static String |
AM_IDENTITY_NAME
Deprecated.
Key that is used in a
AMIdentityMembershipCondition to
specify the uuid(s) of AMIdentiy objects to which the
policy would apply. |
static String |
APPLICATION_IDLE_TIMEOUT
Deprecated.
Key that is used to specify the application
idle time out
|
static String |
APPLICATION_NAME
Deprecated.
Key that is used to specify application name
for the resources protected by the policy
|
static String |
AUTH_LEVEL
Deprecated.
Key that is used to define the minimum authentication level
in an
AuthLevelCondition or the maximum authentication
level in a LEAuthLevelCondition of a policy being
evaluated. |
static String |
AUTH_LEVEL_CONDITION_ADVICE
Deprecated.
Key that is used identify the advice messages from
AuthLevelCondition. |
static String |
AUTH_SCHEME
Deprecated.
Key that is used to define the authentication scheme
in an
AuthSchemeCondition of a policy. |
static String |
AUTH_SCHEME_CONDITION_ADVICE
Deprecated.
Key that is used identify the advice messages from
AuthSchemeCondition |
static String |
AUTHENTICATE_TO_REALM
Deprecated.
Key used in
AuthenticateToRealmCondition to specify the
realm for which the user should authenticate for the policy to apply. |
static String |
AUTHENTICATE_TO_REALM_CONDITION_ADVICE
Deprecated.
Key that is used identify the advice messages from
AuthenticateToRealmCondition |
static String |
AUTHENTICATE_TO_SERVICE
Deprecated.
Key that is used in
AuthenticateToServiceCondition to
specify the authentication chain for which the user should authenticate
for the policy to apply. |
static String |
AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE
Deprecated.
Key that is used identify the advice messages from
AuthenticateToServiceCondition |
static String |
DNS_NAME
Deprecated.
Key that is used in an
IPCondition to define the DNS
name values for which a policy applies. |
static String |
END_DATE
Deprecated.
Key that is used in a
SimpleTimeCondition to define the
end of date range for which a policy applies.The value corresponding to
the key has to be a Set that has just one element which is
a String that corresponds to the pattern described below. |
static String |
END_DAY
Deprecated.
Key that is used in a
SimpleTimeCondition to define the
end of day of week range for which a policy applies. |
static String |
END_IP
Deprecated.
Key that is used in
IPCondition to define the end of
IP address range for which a policy applies. |
static String |
END_TIME
Deprecated.
Key that is used in a
SimpleTimeCondition to define the
end of time range during which a policy applies.The value corresponding
to the key has to be a Set that has just one element which
is a String that conforms to the pattern described here. |
static String |
ENFORCEMENT_TIME_ZONE
Deprecated.
Key that is used in a
SimpleTimeCondition to define the
time zone basis to evaluate the policy. |
static String |
INVOCATOR_PRINCIPAL_UUID
Deprecated.
Key that is passed in the
env parameter while invoking
getConditionDecision method of an
AMIdentityMembershipCondition. |
static String |
LDAP_FILTER
Deprecated.
Key that is used in a
LDAPFilterCondition to define the
ldap filter that should be satisfied by the ldap entry of the user
for the condition to be satisifed
The value should be a Set with only one element. |
static String |
MAX_SESSION_TIME
Deprecated.
Key that is used in
SessionCondition to define the maximum
session time in minutes for which a policy applies. |
static String |
REQUEST_AUTH_LEVEL
Deprecated.
Key that is used to define the authentication level of the request.
|
static String |
REQUEST_AUTH_SCHEMES
Deprecated.
Key that is used to define the name of authentication scheme of the
request.
|
static String |
REQUEST_AUTHENTICATED_TO_REALMS
Deprecated.
Key that is used to identify the names of authenticated realms
in the request.
|
static String |
REQUEST_AUTHENTICATED_TO_SERVICES
Deprecated.
Key that is used to identify the names of authentication chains
in the request.
|
static String |
REQUEST_DNS_NAME
Deprecated.
Key that is used to define request DNS name that is passed in
the
env parameter while invoking
getConditionDecision method of an IPCondition. |
static String |
REQUEST_IP
Deprecated.
Key that is used to define request IP address that is passed in
the
env parameter while invoking
getConditionDecision method of an IPCondition. |
static String |
REQUEST_TIME_ZONE
Deprecated.
Key that is used to define the time zone that is passed in
the
env parameter while invoking
getConditionDecision method of a
SimpleTimeCondition
Value for the key should be a TimeZone object. |
static String |
START_DATE
Deprecated.
Key that is used in a
SimpleTimeCondition to define the
start of date range for which a policy applies. |
static String |
START_DAY
Deprecated.
Key that is used in a
SimpleTimeCondition to define the
start of day of week range for which a policy applies. |
static String |
START_IP
Deprecated.
Key used in
IPCondition to define the start of IP
address range for which a policy applies. |
static String |
START_TIME
Deprecated.
Key that is used in
SimpleTimeCondition to define the
beginning of time range during which a policy applies. |
static String |
TERMINATE_SESSION
Deprecated.
Key in
SessionCondition that is used to define the option
to terminate the session if the session exceeds the maximum session
time. |
static String |
VALUE_CASE_INSENSITIVE
Deprecated.
Key that is passed in the
env parameter while invoking
getConditionDecision method of a
SessionPropertyCondition to indicate if a case insensitive
match needs to done of the property value against same name property in
the user's single sign on token. |
| Modifier and Type | Method and Description |
|---|---|
Object |
clone()
Deprecated.
Returns a copy of this object.
|
ConditionDecision |
getConditionDecision(SSOToken token,
Map<String,Set<String>> env)
Deprecated.
Gets the decision computed by this condition object, based on the
Map of environment parameters |
String |
getDisplayName(String property,
Locale locale)
Deprecated.
Gets the display name for the property name.
|
Map<String,Set<String>> |
getProperties()
Deprecated.
Gets the properties of the condition
|
List<String> |
getPropertyNames()
Deprecated.
Returns a list of property names for the condition.
|
Syntax |
getPropertySyntax(String property)
Deprecated.
Returns the syntax for a property name
|
Set<String> |
getValidValues(String property)
Deprecated.
Returns a set of valid values given the property name.
|
void |
setProperties(Map<String,Set<String>> properties)
Deprecated.
Sets the properties of the condition.
|
static final String AUTH_LEVEL
AuthLevelCondition or the maximum authentication
level in a LEAuthLevelCondition of a policy being
evaluated. In case of AuthLevelCondition policy would
apply if the request authentication level is at least the level
defined in condition while in case of LEAuthLevelCondition
policy would apply if the request authentication level is less than
or equal to the level defined in the condition.
The value should be a Set with only one
element. The element should be a String, parse-able as
an integer or a realm qualified integer like "sun:1" where "sun" is a
realm name.":" needs to used a delimiter between realm name and the
level.setProperties(Map),
Constant Field Valuesstatic final String REQUEST_AUTH_LEVEL
env Map to the
getConditionDecision call of an AuthLevelCondition
or LEAuthLevelCondition for condition evaluation.
The value should be an Integer or a Set of
Strings. If it is a Set of
Strings, each element of the set has to be parseable as
integer or should be a realm qualified integer like "sun:1". If the
env parameter is null or does not
define value for REQUEST_AUTH_LEVEL, the value for
REQUEST_AUTH_LEVEL is obtained from the single sign
on token of the user
static final String AUTH_SCHEME
AuthSchemeCondition of a policy.
Policy would apply if the authentication scheme of the request is same
as defined in the condition. The value should be
a Set with only one element. The element should be a
String, the authentication scheme name.setProperties(Map),
Constant Field Valuesstatic final String APPLICATION_NAME
static final String APPLICATION_IDLE_TIMEOUT
static final String REQUEST_AUTH_SCHEMES
env Map to
getConditionDecision of an AuthSchemeCondition
for condition evaluation.
Value for the key should be a Set with each element being
a String.
If the env parameter is null or does not
define value for REQUEST_AUTH_SCHEMES, the value for
REQUEST_AUTH_SCHEMES is obtained from the single sign
on token of the userstatic final String AUTHENTICATE_TO_REALM
AuthenticateToRealmCondition to specify the
realm for which the user should authenticate for the policy to apply.
The value should be a Set with only one element.
The should be a String, the realm name.setProperties(Map),
Constant Field Valuesstatic final String REQUEST_AUTHENTICATED_TO_REALMS
env Map to
getConditionDecision of an
AuthenticateToRealmCondition for condition evaluation.
Value for the key should be a Set with each element being
a String
If the env parameter is null or does not
define value for REQUEST_AUTHENTICATED_TO_REALMS, the
value for REQUEST_AUTHENTICATED_TO_REALMS is obtained
from the single sign on token of the userstatic final String AUTHENTICATE_TO_SERVICE
AuthenticateToServiceCondition to
specify the authentication chain for which the user should authenticate
for the policy to apply.
The value should be a Set with only one element.
The should be a String, the realm name.setProperties(Map),
Constant Field Valuesstatic final String REQUEST_AUTHENTICATED_TO_SERVICES
env Map to
getConditionDecision of an
AuthenticateToServiceCondition for condition evaluation.
Value for the key should be a Set with each element being
a String.
If the env parameter is null or does not
define value for REQUEST_AUTHENTICATED_TO_SERVICES, the
value for REQUEST_AUTHENTICATED_TO_SERVICES is obtained
from the single sign on token of the userstatic final String AUTH_SCHEME_CONDITION_ADVICE
AuthSchemeConditionstatic final String AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE
AuthenticateToServiceConditionstatic final String AUTH_LEVEL_CONDITION_ADVICE
AuthLevelCondition.static final String AUTHENTICATE_TO_REALM_CONDITION_ADVICE
AuthenticateToRealmConditionstatic final String START_IP
IPCondition to define the start of IP
address range for which a policy applies.
The value corresponding to the key has to be a Set that
has just one element which is a String
that conforms to the pattern described here. If a value is
defined for START_IP, a value should also be defined for END_IP.
The patterns for IP Version 4 is :
n.n.n.n
where n would take any integer value between 0 and 255 inclusive.
Some sample values are:
122.100.85.45
145.64.55.35
15.64.55.35
The patterns for IP Version 6 is:
x:x:x:x:x:x:x:x
where x are the hexadecimal values of the eight 16-bit pieces of the address
Some sample values are:
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
1080:0:0:0:8:800:200C:417Astatic final String END_IP
IPCondition to define the end of
IP address range for which a policy applies.
The value corresponding to the key has to be a Set that
has just one element which is a String
that conforms to the pattern described here. If a value is
defined for END_IP, a value should also be defined for START_IP.
The patterns is :
n.n.n.n
where n would take any integer value between 0 and 255 inclusive.
Some sample values are
122.100.85.45
145.64.55.35
15.64.55.35
The patterns for IP Version 6 is:
x:x:x:x:x:x:x:x
where x are the hexadecimal values of the eight 16-bit pieces of the address
Some sample values are:
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
1080:0:0:0:8:800:200C:417Astatic final String DNS_NAME
IPCondition to define the DNS
name values for which a policy applies. The value corresponding to the
key has to be a Set where each element is a String
that conforms to the patterns described here.
The patterns is :
ccc.ccc.ccc.ccc *.ccc.ccc.cccwhere c is any valid character for DNS domain/host name. There could be any number of
.ccc components.
Some sample values are:
www.sun.com finace.yahoo.com *.yahoo.com
setProperties(Map),
Constant Field Valuesstatic final String REQUEST_IP
env parameter while invoking
getConditionDecision method of an IPCondition.
Value for the key should be a String that is a string
representation of IP of the client,
For IP version 4:
The form is n.n.n.n where n is a
value between 0 and 255 inclusive.
For IP version 6:
The form is x:x:x:x:x:x:x:x where x is
the hexadecimal values of the eight 16-bit pieces of the addressstatic final String REQUEST_DNS_NAME
env parameter while invoking
getConditionDecision method of an IPCondition.
Value for the key should be a set of strings representing the
DNS names of the client, in the form ccc.ccc.ccc for IP version 4.
For IP version 6, the form would be x:x:x:x:x:x:x:x
If the env parameter is null or does not
define value for REQUEST_DNS_NAME, the
value for REQUEST_DNS_NAME is obtained
from the single sign on token of the userstatic final String LDAP_FILTER
LDAPFilterCondition to define the
ldap filter that should be satisfied by the ldap entry of the user
for the condition to be satisifed
The value should be a Set with only one element.
The element should be a String.setProperties(Map),
Constant Field Valuesstatic final String MAX_SESSION_TIME
SessionCondition to define the maximum
session time in minutes for which a policy applies.
The value corresponding to the key has to be a Set that
has just one element which is a string and parse-able as an
Integer.static final String TERMINATE_SESSION
SessionCondition that is used to define the option
to terminate the session if the session exceeds the maximum session
time. The value corresponding to the key has to be a Set
that has just one element which is a string. The option is on if
the string value is equal to true.static final String START_TIME
SimpleTimeCondition to define the
beginning of time range during which a policy applies.
The value corresponding to the key has to be a Set that
has just one element which is a String that conforms to
the pattern described here. If a value is defined for
START_TIME,
a value should also be defined for END_TIME.
The patterns is:
HH:mm
Some sample values are
08:25
18:45
setProperties(Map),
END_TIME,
Constant Field Valuesstatic final String END_TIME
SimpleTimeCondition to define the
end of time range during which a policy applies.The value corresponding
to the key has to be a Set that has just one element which
is a String that conforms to the pattern described here.
If a value is defined for END_TIME, a value should also
be defined for START_TIME.
The patterns is:
HH:mm
Some sample values are
08:25
18:45
setProperties(Map),
START_TIME,
Constant Field Valuesstatic final String START_DAY
SimpleTimeCondition to define the
start of day of week range for which a policy applies. The value
corresponding to the key has to be a Set that has just one
element which is a String that is one of the values
Sun, Mon, Tue, Wed, Thu, Fri, Sat.
If a value is defined for START_DAY, a value should also be
defined for END_DAY.
Some sample values are
Sun
Mon
setProperties(Map),
END_DAY,
Constant Field Valuesstatic final String END_DAY
SimpleTimeCondition to define the
end of day of week range for which a policy applies. Its defined in a
SimpleTimeCondition associated with the policy. The value
corresponding to the key has to be a Set that has just one
element which is a String that is one of the values
Sun, Mon, Tue, Wed, Thu, Fri, Sat.
If a value is defined for END_DAY, a value should also be
defined for START_DAY.
Some sample values are
Sun
Mon
setProperties(Map),
START_DAY,
Constant Field Valuesstatic final String START_DATE
SimpleTimeCondition to define the
start of date range for which a policy applies.
The value corresponding to the key has to be a Set that has
just one element which is a String that corresponds to the
pattern described below. If a value is defined for
START_DATE, a value should also be defined for
END_DATE.
The pattern is
yyyy:MM:dd
Some sample values are
2001:02:26
2002:12:31
setProperties(Map),
END_DATE,
Constant Field Valuesstatic final String END_DATE
SimpleTimeCondition to define the
end of date range for which a policy applies.The value corresponding to
the key has to be a Set that has just one element which is
a String that corresponds to the pattern described below.
If a value is defined for END_DATE, a value should
also be defined for START_DATE.
The pattern is
yyyy:MM:dd
Some sample values are
2001:02:26
2002:12:31
setProperties(Map),
START_DATE,
Constant Field Valuesstatic final String ENFORCEMENT_TIME_ZONE
SimpleTimeCondition to define the
time zone basis to evaluate the policy.
The value corresponding to the key
has to be a one element Set where the element is a
String that is one of the standard timezone IDs supported
by java or a String of the pattern
GMT[+|-]hh[[:]mm]
here. If the value is not a valid time zone id and does
not match the pattern GMT[+|-]hh[[:]mm], it would default
to GMTTimeZone,
Constant Field Valuesstatic final String REQUEST_TIME_ZONE
env parameter while invoking
getConditionDecision method of a
SimpleTimeCondition
Value for the key should be a TimeZone object. This
would be used only if the ENFORCEMENT_TIME_ZONE is not
defined for the SimpleTimeConditionstatic final String VALUE_CASE_INSENSITIVE
env parameter while invoking
getConditionDecision method of a
SessionPropertyCondition to indicate if a case insensitive
match needs to done of the property value against same name property in
the user's single sign on token.static final String INVOCATOR_PRINCIPAL_UUID
env parameter while invoking
getConditionDecision method of an
AMIdentityMembershipCondition. The value specifies the
uuid(s) for which the policy would apply. The value should be
a Set. Each element of the Set should be a
String, the uuid of the AMIdentity objet.static final String AM_IDENTITY_NAME
AMIdentityMembershipCondition to
specify the uuid(s) of AMIdentiy objects to which the
policy would apply. These uuid(s) are specified in the condition
at policy definition time.
The value should be a Set
Each element of the Set should be a String,
the uuid of the invocator.List<String> getPropertyNames()
Syntax getPropertySyntax(String property)
property - property nameSyntax for the property nameSyntaxString getDisplayName(String property, Locale locale) throws PolicyException
locale variable could be used by the plugin to
customize the display name for the given locale.
The locale variable could be null, in which
case the plugin must use the default locale.property - property namelocale - locale for which the property name must be customizedPolicyExceptionSet<String> getValidValues(String property) throws PolicyException
property - property namePolicyException - if unable to get the Syntax.void setProperties(Map<String,Set<String>> properties) throws PolicyException
ConditionDecision that would be
computed by a call to method getConditionDecision(Map) and
the Advice messages generated included in the
ConditionDecision.
ConditionDecision encapsulates whether a policy applies for
the request and advice messages generated by the condition.
For example, for a SimpleTimeCondition, the properties
would define StartTime and EndTime, to define
the time range during which the policy appliesproperties - the properties of the condition
that would influence the ConditionDecision returned
by a call to method getConditionDecision(Map).
Keys of the properties have to be String.
Value corresponding to each key have to be a Set of
String elements. Each implementation of Condition
could add further restrictions on the keys and values of this
Map.PolicyException - for any abnormal conditionConditionDecisionMap<String,Set<String>> getProperties()
setProperties(java.util.Map<java.lang.String, java.util.Set<java.lang.String>>)ConditionDecision getConditionDecision(SSOToken token, Map<String,Set<String>> env) throws PolicyException, SSOException
Map of environment parameterstoken - single-sign-on SSOToken of the userenv - request specific environment Map,/code> of key/value
pairs For example this would contain IP address of remote
client for an IPCondition.Policy
applies for the request and advice messages
generated by the condition.
Policy framework continues evaluating a Policy only if it
applies to the request as indicated by the
ConditionDecision.
Otherwise, further evaluation of the Policy is skipped.
However, the Advice messages encapsulated in the
ConditionDecision are aggregated and passed up,
encapsulated in the PolicyDecision.PolicyException - if the decision could not be computedSSOException - if SSO token is not validConditionDecisionObject clone()
Copyright © 2010–2025 Open Identity Platform Community. All rights reserved.