com.sun.identity.saml.plugins

Class DefaultActionMapper

java.lang.Object

com.sun.identity.saml.plugins.DefaultActionMapper

All Implemented Interfaces:

ActionMapper

public class DefaultActionMapper
extends Object
implements ActionMapper

The class DefaultActionMapper provide a default implementation of the ActionMapper interface.

Field Summary

Fields inherited from interface com.sun.identity.saml.plugins.ActionMapper

DENY, INDETERMINATE, PERMIT

Constructor Summary

Constructors

Constructor and Description
DefaultActionMapper() Default Constructor

Method Summary

Modifier and Type	Method and Description
Map	getAuthorizationDecisions(AuthorizationDecisionQuery query, Object token, String sourceID) This method first converts the AttributeStatements in Evidence to OpenAM Policy API environment variables.
Assertion	getSSOAssertion(AuthorizationDecisionQuery query, String sourceID) This method exams the Evidence in the AuthorizationDecisionQuery.
String	getSSOTokenID(AuthorizationDecisionQuery query) This method exams the SubjectConfirmation of the Subject in the AuthorizationDecisionQuery.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultActionMapper

public DefaultActionMapper()

Default Constructor

Method Detail

getSSOTokenID

public String getSSOTokenID(AuthorizationDecisionQuery query)

This method exams the SubjectConfirmation of the Subject in the AuthorizationDecisionQuery. If the SubjectConfirmation has only one ConfirmationMethod; and this ConfirmationMethod is equals to "urn:com:sun:identity"; and its SubjectConfirmationData contains TEXT node only, then the method returns the concatenated string of all the TEXT nodes. Otherwise, it returns null.

Specified by:

getSSOTokenID in interface ActionMapper

Parameters:

query - The received AuthorizationDecisionQuery.

Returns:

String which is the single sign on token ID. Return null if the OpenAM single sign on token id could not be obtained from the query.

See Also:

ActionMapper.getSSOTokenID(com.sun.identity.saml.protocol.AuthorizationDecisionQuery)

getSSOAssertion

public Assertion getSSOAssertion(AuthorizationDecisionQuery query,
                                 String sourceID)

This method exams the Evidence in the AuthorizationDecisionQuery. It returns the first valid Assertion that contains at least one AuthenticationStatement.

Specified by:

getSSOAssertion in interface ActionMapper

Parameters:

query - The received AuthorizationDecisionQuery.

sourceID - The SourceID from which this query is coming from.

Returns:

Assertion The assertion contained inside the query.

See Also:

ActionMapper.getSSOAssertion(com.sun.identity.saml.protocol.AuthorizationDecisionQuery, java.lang.String)

getAuthorizationDecisions

public Map getAuthorizationDecisions(AuthorizationDecisionQuery query,
                                     Object token,
                                     String sourceID)
                              throws SAMLException

This method first converts the AttributeStatements in Evidence to OpenAM Policy API environment variables. The Attributes in the AttributeStatement(s) are expected to be OpenAM attributes. It then query the Policy decision one action at a time. Currently, it handles actions defined in urn:oasis:names:tc:SAML:1.0:ghpp only. This action Namespace is mapped to OpenAM iPlanetAMWebAgentService.

Specified by:

getAuthorizationDecisions in interface ActionMapper

Parameters:

query - The received AuthorizationDecisionQuery.

token - User sessioin to retrieve the decisions.

sourceID - The sourceID from which the query is coming from.

Returns:

Map which contains the following possible key value pairs:

• PERMIT List of permitted actions, or
• DENY List of denied actions, or
• INDETERMINATE List of indeterminate actions

Throws:

SAMLException - if an error occurs