com.sun.identity.policy.plugins

Class AuthLevelCondition

java.lang.Object

com.sun.identity.policy.plugins.AuthLevelCondition

All Implemented Interfaces:

Condition, Cloneable

Deprecated.

Use AuthLevelCondition instead.

@Deprecated
public class AuthLevelCondition
extends Object
implements Condition

This class AuthLevelCondition is a plugin implementation of Condition interface. This condition would imply policy applies if the requestAuthLevel is greater than or equal to the AuthLevel set in the Condition. requestAuthLevel is looked up from env map passed in the getConditionDecision() call. If it is not found in the env map, AuthLevel is looked up from single sign on token.

Field Summary

Fields inherited from interface com.sun.identity.policy.interfaces.Condition

AM_IDENTITY_NAME, APPLICATION_IDLE_TIMEOUT, APPLICATION_NAME, AUTH_LEVEL, AUTH_LEVEL_CONDITION_ADVICE, AUTH_SCHEME, AUTH_SCHEME_CONDITION_ADVICE, AUTHENTICATE_TO_REALM, AUTHENTICATE_TO_REALM_CONDITION_ADVICE, AUTHENTICATE_TO_SERVICE, AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE, DNS_NAME, END_DATE, END_DAY, END_IP, END_TIME, ENFORCEMENT_TIME_ZONE, INVOCATOR_PRINCIPAL_UUID, LDAP_FILTER, MAX_SESSION_TIME, REQUEST_AUTH_LEVEL, REQUEST_AUTH_SCHEMES, REQUEST_AUTHENTICATED_TO_REALMS, REQUEST_AUTHENTICATED_TO_SERVICES, REQUEST_DNS_NAME, REQUEST_IP, REQUEST_TIME_ZONE, START_DATE, START_DAY, START_IP, START_TIME, TERMINATE_SESSION, VALUE_CASE_INSENSITIVE

Constructor Summary

Constructors

Constructor and Description
AuthLevelCondition() Deprecated. No argument constructor

Method Summary

Modifier and Type	Method and Description
Object	clone() Deprecated. Returns a copy of this object.
ConditionDecision	getConditionDecision(SSOToken token, Map env) Deprecated. Gets the decision computed by this condition object, based on the map of environment parameters
String	getDisplayName(String property, Locale locale) Deprecated. Gets the display name for the property name.
Map	getProperties() Deprecated. Gets the properties of the condition.
List	getPropertyNames() Deprecated. Returns a list of property names for the condition.
Syntax	getPropertySyntax(String property) Deprecated. Returns the syntax for a property name
Set	getValidValues(String property) Deprecated. Returns a set of valid values given the property name.
void	setProperties(Map properties) Deprecated. Sets the properties of the condition.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthLevelCondition

public AuthLevelCondition()

Deprecated.

No argument constructor

Method Detail

getPropertyNames

public List getPropertyNames()

Deprecated.

Returns a list of property names for the condition.

Specified by:

getPropertyNames in interface Condition

Returns:

list of property names

getPropertySyntax

public Syntax getPropertySyntax(String property)

Deprecated.

Returns the syntax for a property name

Specified by:

getPropertySyntax in interface Condition

Parameters:

property - property name

Returns:

Syntax for the property name

See Also:

Syntax

getDisplayName

public String getDisplayName(String property,
                             Locale locale)
                      throws PolicyException

Deprecated.

Gets the display name for the property name. The locale variable could be used by the plugin to customize the display name for the given locale. The locale variable could be null, in which case the plugin must use the default locale.

Specified by:

getDisplayName in interface Condition

Parameters:

property - property name.

locale - locale for which the property name must be customized.

Returns:

display name for the property name.

Throws:

PolicyException - if unable to get display name

getValidValues

public Set getValidValues(String property)
                   throws PolicyException

Deprecated.

Returns a set of valid values given the property name. This method is called if the property Syntax is either the SINGLE_CHOICE or MULTIPLE_CHOICE.

Specified by:

getValidValues in interface Condition

Parameters:

property - property name

Returns:

Set of valid values for the property.

Throws:

PolicyException - if unable to get the Syntax.

setProperties

public void setProperties(Map properties)
                   throws PolicyException

Deprecated.

Sets the properties of the condition. Evaluation of ConditionDecision is influenced by these properties.

Specified by:

setProperties in interface Condition

Parameters:

properties - the properties of the condition that governs whether a policy applies. The properties should define value for the key AUTH_LEVEL. The value should be a Set with only one element. The element should be a String, parseable as an integer or an integer qaulified with realm name. Please note that properties is not cloned by the method.

Throws:

PolicyException - if properties is null or does not contain value for the key AUTH_LEVEL or the value of the key is not a Set with one String element that is parse-able as an integer

See Also:

Condition.REQUEST_AUTH_LEVEL, getConditionDecision(SSOToken, Map)

getProperties

public Map getProperties()

Deprecated.

Gets the properties of the condition.

Specified by:

getProperties in interface Condition

Returns:

unmodifiable map view of properties that govern the evaluation of the condition decision

See Also:

setProperties(Map)

getConditionDecision

public ConditionDecision getConditionDecision(SSOToken token,
                                              Map env)
                                       throws PolicyException,
                                              SSOException

Deprecated.

Gets the decision computed by this condition object, based on the map of environment parameters

Specified by:

getConditionDecision in interface Condition

Parameters:

token - single-sign-on token of the user

env - request specific environment map of key/value pairs AuthLevelCondition looks for value of key REQUEST_AUTH_LEVEL in the map. The value should be an Integer or a set of Strings. If it is a Set of Strings, each element of the set has to be parseable as integer or should be a realm qualified integer. If the env parameter is null or does not define value for REQUEST_AUTH_LEVEL, the value for REQUEST_AUTH_LEVEL is obtained from the single sign on token of the user.

Returns:

the condition decision. The condition decision encapsulates whether a policy applies for the request and advice messages generated by the condition. The decision would imply policy is applicable if AUTH_LEVEL is greater than or equal to REQUES_AUTH_LEVEL. If AUTH_LEVEL is qualified with a realm name, REQUEST_AUTH_LEVEL values only with the matching realm name are compared. If the policy is not applicable as determined by the Condition, an Advice would be included in the ConditionDecision with key AUTH_LEVEL_ADVICE and value corresponding to AUTH_LEVEL Policy framework continues evaluating a policy only if it applies to the request as indicated by the ConditionDecision. Otherwise, further evaluation of the policy is skipped. However, the Advices encapsulated in the ConditionDecision are aggregated and passed up, encapsulated in the PolicyDecision.

Throws:

PolicyException - if the condition has not been initialized with a successful call to setProperties(Map) and/or the value of REQUEST_AUTH_LEVEL could not be determined.

SSOException - if the token is invalid

See Also:

setProperties(Map), Condition.AUTH_LEVEL, Condition.REQUEST_AUTH_LEVEL, ConditionDecision, #getAuthenticatedLevels(SSOToken), #getRealmQualifiedAuthenticatedLevels(SSOToken)

clone

public Object clone()

Deprecated.

Returns a copy of this object.

Specified by:

clone in interface Condition

Overrides:

clone in class Object

Returns:

a copy of this object