Package com.sun.identity.policy.plugins
Class AuthLevelCondition
- java.lang.Object
-
- com.sun.identity.policy.plugins.AuthLevelCondition
-
@Deprecated public class AuthLevelCondition extends Object implements Condition
Deprecated.UseAuthLevelCondition
instead.This classAuthLevelCondition
is a plugin implementation ofCondition
interface. This condition would imply policy applies if therequestAuthLevel
is greater than or equal to theAuthLevel
set in the Condition.requestAuthLevel
is looked up fromenv
map passed in thegetConditionDecision()
call. If it is not found in theenv
map,AuthLevel
is looked up from single sign on token.
-
-
Field Summary
-
Fields inherited from interface com.sun.identity.policy.interfaces.Condition
AM_IDENTITY_NAME, APPLICATION_IDLE_TIMEOUT, APPLICATION_NAME, AUTH_LEVEL, AUTH_LEVEL_CONDITION_ADVICE, AUTH_SCHEME, AUTH_SCHEME_CONDITION_ADVICE, AUTHENTICATE_TO_REALM, AUTHENTICATE_TO_REALM_CONDITION_ADVICE, AUTHENTICATE_TO_SERVICE, AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE, DNS_NAME, END_DATE, END_DAY, END_IP, END_TIME, ENFORCEMENT_TIME_ZONE, INVOCATOR_PRINCIPAL_UUID, LDAP_FILTER, MAX_SESSION_TIME, REQUEST_AUTH_LEVEL, REQUEST_AUTH_SCHEMES, REQUEST_AUTHENTICATED_TO_REALMS, REQUEST_AUTHENTICATED_TO_SERVICES, REQUEST_DNS_NAME, REQUEST_IP, REQUEST_TIME_ZONE, START_DATE, START_DAY, START_IP, START_TIME, TERMINATE_SESSION, VALUE_CASE_INSENSITIVE
-
-
Constructor Summary
Constructors Constructor Description AuthLevelCondition()
Deprecated.No argument constructor
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description Object
clone()
Deprecated.Returns a copy of this object.ConditionDecision
getConditionDecision(SSOToken token, Map env)
Deprecated.Gets the decision computed by this condition object, based on the map of environment parametersString
getDisplayName(String property, Locale locale)
Deprecated.Gets the display name for the property name.Map
getProperties()
Deprecated.Gets the properties of the condition.List
getPropertyNames()
Deprecated.Returns a list of property names for the condition.Syntax
getPropertySyntax(String property)
Deprecated.Returns the syntax for a property nameSet
getValidValues(String property)
Deprecated.Returns a set of valid values given the property name.void
setProperties(Map properties)
Deprecated.Sets the properties of the condition.
-
-
-
Method Detail
-
getPropertyNames
public List getPropertyNames()
Deprecated.Returns a list of property names for the condition.- Specified by:
getPropertyNames
in interfaceCondition
- Returns:
- list of property names
-
getPropertySyntax
public Syntax getPropertySyntax(String property)
Deprecated.Returns the syntax for a property name- Specified by:
getPropertySyntax
in interfaceCondition
- Parameters:
property
- property name- Returns:
Syntax
for the property name
- See Also:
Syntax
-
getDisplayName
public String getDisplayName(String property, Locale locale) throws PolicyException
Deprecated.Gets the display name for the property name. Thelocale
variable could be used by the plugin to customize the display name for the given locale. Thelocale
variable could benull
, in which case the plugin must use the default locale.- Specified by:
getDisplayName
in interfaceCondition
- Parameters:
property
- property name.locale
- locale for which the property name must be customized.- Returns:
- display name for the property name.
- Throws:
PolicyException
- if unable to get display name
-
getValidValues
public Set getValidValues(String property) throws PolicyException
Deprecated.Returns a set of valid values given the property name. This method is called if the property Syntax is either the SINGLE_CHOICE or MULTIPLE_CHOICE.- Specified by:
getValidValues
in interfaceCondition
- Parameters:
property
- property name- Returns:
Set
of valid values for the property.- Throws:
PolicyException
- if unable to get the Syntax.
-
setProperties
public void setProperties(Map properties) throws PolicyException
Deprecated.Sets the properties of the condition. Evaluation ofConditionDecision
is influenced by these properties.- Specified by:
setProperties
in interfaceCondition
- Parameters:
properties
- the properties of the condition that governs whether a policy applies. The properties should define value for the keyAUTH_LEVEL
. The value should be a Set with only one element. The element should be a String, parseable as an integer or an integer qaulified with realm name. Please note that properties is not cloned by the method.- Throws:
PolicyException
- if properties is null or does not contain value for the keyAUTH_LEVEL
or the value of the key is not a Set with one String element that is parse-able as an integer- See Also:
Condition.REQUEST_AUTH_LEVEL
,getConditionDecision(SSOToken, Map)
-
getProperties
public Map getProperties()
Deprecated.Gets the properties of the condition.- Specified by:
getProperties
in interfaceCondition
- Returns:
- unmodifiable map view of properties that govern the evaluation of the condition decision
- See Also:
setProperties(Map)
-
getConditionDecision
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException
Deprecated.Gets the decision computed by this condition object, based on the map of environment parameters- Specified by:
getConditionDecision
in interfaceCondition
- Parameters:
token
- single-sign-on token of the userenv
- request specific environment map of key/value pairsAuthLevelCondition
looks for value of keyREQUEST_AUTH_LEVEL
in the map. The value should be an Integer or a set ofString
s. If it is aSet
ofString
s, each element of the set has to be parseable as integer or should be a realm qualified integer. If theenv
parameter is null or does not define value forREQUEST_AUTH_LEVEL
, the value forREQUEST_AUTH_LEVEL
is obtained from the single sign on token of the user.- Returns:
- the condition decision. The condition decision encapsulates
whether a policy applies for the request and advice messages
generated by the condition.
The decision would imply policy is
applicable if
AUTH_LEVEL
is greater than or equal toREQUES_AUTH_LEVEL
. IfAUTH_LEVEL
is qualified with a realm name,REQUEST_AUTH_LEVEL
values only with the matching realm name are compared. If the policy is not applicable as determined by theCondition
, anAdvice
would be included in theConditionDecision
with keyAUTH_LEVEL_ADVICE
and value corresponding toAUTH_LEVEL
Policy framework continues evaluating a policy only if it applies to the request as indicated by theConditionDecision
. Otherwise, further evaluation of the policy is skipped. However, theAdvice
s encapsulated in theConditionDecision
are aggregated and passed up, encapsulated in thePolicyDecision
. - Throws:
PolicyException
- if the condition has not been initialized with a successful call tosetProperties(Map)
and/or the value ofREQUEST_AUTH_LEVEL
could not be determined.SSOException
- if the token is invalid- See Also:
setProperties(Map)
,Condition.AUTH_LEVEL
,Condition.REQUEST_AUTH_LEVEL
,ConditionDecision
,#getAuthenticatedLevels(SSOToken)
,#getRealmQualifiedAuthenticatedLevels(SSOToken)
-
-