org.forgerock.openam.entitlement.conditions.environment

Class IPv4Condition

java.lang.Object

com.sun.identity.entitlement.EntitlementConditionAdaptor

org.forgerock.openam.entitlement.conditions.environment.IPv4Condition

All Implemented Interfaces:

EntitlementCondition

public class IPv4Condition
extends EntitlementConditionAdaptor

An EntitlementCondition that can be used to enable/disable an authorization policy based on the IP address and DNS name of the originating client requesting access to a resource.

Field Summary

Fields

Modifier and Type	Field and Description
protected Debug	debug

Constructor Summary

Constructors

Constructor and Description
IPv4Condition() Constructs a new IPv4Condition instance.
IPv4Condition(String startIp, String endIp, List<String> ipRange, List<String> dnsName) JSON deserialization constructor used to ensure fields are set in an order that allows inter-field validation to pass.

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj) Returns true if the passed in object is equal to this object
ConditionDecision	evaluate(String realm, Subject subject, String resourceName, Map<String,Set<String>> env) Returns condition decision.
List<String>	getDnsName()
String	getEndIp()
List<String>	getIpRange() Deprecated.
String	getRequestIp(Map env) Helper method to extract REQUEST_IP.
String	getSessionIp(Subject subject) Helper method to retrieve IP from subject's SSOToken.
String	getStartIp()
String	getState() Returns state of the object encoded as a JSON string.
int	hashCode() Returns hash code of the object.
void	setDnsName(List<String> dnsName)
void	setIpRange(List<String> ipRanges) Deprecated.
void	setStartIpAndEndIp(String startIp, String endIp)
void	setState(String state) Sets state of this object from a JSON string.
protected Long	stringToIp(String ip) Factory method for constructing an IP value from its String representation.
String	toString()
void	validate() Checks that this condition is configured correctly.

Methods inherited from class com.sun.identity.entitlement.EntitlementConditionAdaptor

getDisplayType, init, setDisplayType, setState, toJSONObject

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

debug

protected final Debug debug

Constructor Detail

IPv4Condition

public IPv4Condition()

Constructs a new IPv4Condition instance.

IPv4Condition

public IPv4Condition(String startIp,
                     String endIp,
                     List<String> ipRange,
                     List<String> dnsName)
              throws EntitlementException

JSON deserialization constructor used to ensure fields are set in an order that allows inter-field validation to pass.

Throws:

EntitlementException - If any of the provided properties fail validation

Method Detail

stringToIp

protected Long stringToIp(String ip)
                   throws EntitlementException

Factory method for constructing an IP value from its String representation.

Parameters:

ip - A String representation of an IP value.

Returns:

An IP value.

Throws:

EntitlementException - If argument is not a string representing an IP value understood by this object.

setState

public void setState(String state)

Sets state of this object from a JSON string.

Parameters:

state - State of the object encoded as a JSON string

getStartIp

public String getStartIp()

getEndIp

public String getEndIp()

setStartIpAndEndIp

public void setStartIpAndEndIp(String startIp,
                               String endIp)
                        throws EntitlementException

Throws:

EntitlementException

getDnsName

public List<String> getDnsName()

setDnsName

public void setDnsName(List<String> dnsName)
                throws EntitlementException

Throws:

EntitlementException

getIpRange

@Deprecated
public List<String> getIpRange()

Deprecated.

setIpRange

@Deprecated
public void setIpRange(List<String> ipRanges)
                            throws EntitlementException

Deprecated.

Throws:

EntitlementException

getState

public String getState()

Returns state of the object encoded as a JSON string.

Returns:

state of the object encoded as a JSON string.

validate

public void validate()
              throws EntitlementException

Description copied from interface: EntitlementCondition

Checks that this condition is configured correctly. Throws EntitlementException if not with an informative message to display to the user creating/updating the policy.

Throws:

EntitlementException - if the configuration state is not valid.

evaluate

public ConditionDecision evaluate(String realm,
                                  Subject subject,
                                  String resourceName,
                                  Map<String,Set<String>> env)
                           throws EntitlementException

Returns condition decision.

Parameters:

realm - Realm Name.

subject - Subject who is under evaluation.

resourceName - Resource name.

env - Environment parameters.

Returns:

resulting condition decision.

Throws:

EntitlementException - if cannot get condition decision.

getRequestIp

public String getRequestIp(Map env)

Helper method to extract REQUEST_IP.

Parameters:

env - The map containing environment description. Note that the type of the value corresponding to REQUEST_IP parameter differs depending upon invocation path. It will be a String when invoked by the agents, but it will be a Set<String> when invoked via the DecisionResource (GET ws/1/entitlement/entitlements).

Returns:

The IP that was used, can return null if no IP found.

getSessionIp

public String getSessionIp(Subject subject)
                    throws EntitlementException

Helper method to retrieve IP from subject's SSOToken.

Parameters:

subject - Subject who is under evaluation.

Returns:

IP address from subject's SSOToken or null if no SSOToken is found.

Throws:

EntitlementException - If any exception occurs when accessing the subject's SSOToken.

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object obj)

Description copied from class: EntitlementConditionAdaptor

Returns true if the passed in object is equal to this object

Overrides:

equals in class EntitlementConditionAdaptor

Parameters:

obj - object to check for equality

Returns:

true if the passed in object is equal to this object

hashCode

public int hashCode()

Description copied from class: EntitlementConditionAdaptor

Returns hash code of the object.

Overrides:

hashCode in class EntitlementConditionAdaptor

Returns:

hash code of the object.