Package com.sun.identity.policy.interfaces

Interface Condition

  • All Superinterfaces:
    Cloneable
    @SupportedAll
@Deprecated
public interface Condition
extends Cloneable
    Deprecated.
    The class Condition defines an interface to allow pluggable condition. These are used to control policy decisions based on parameters such as time, authentication level of the user session and IP address from which the user is making the request. A condition computes a ConditionDecision based on the state of condition object as set by setProperties method call and the environment passed in a map of key/value pairs. ConditionDecision encapsulates whether a Policy applies for the request and Advice messages generated by the condition. The following Condition implementation are provided with the Policy framework:
    • AuthLevelCondition
    • LEAuthLevelCondition
    • AuthSchemeCondition
    • IPCondition
    • SimpleTimeCondition
    • SessionCondition
    • SessionPropertyCondition
    • AuthenticateToRealmCondition
    • AuthenticateToServiceCondition
    • LDAPFilterCondition
    All condition implementations should have a public no argument constructor.
    See Also:
    ConditionDecision

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String AM_IDENTITY_NAME
      Deprecated.
      Key that is used in a AMIdentityMembershipCondition to specify the uuid(s) of AMIdentiy objects to which the policy would apply.
      static String APPLICATION_IDLE_TIMEOUT
      Deprecated.
      Key that is used to specify the application idle time out
      static String APPLICATION_NAME
      Deprecated.
      Key that is used to specify application name for the resources protected by the policy
      static String AUTH_LEVEL
      Deprecated.
      Key that is used to define the minimum authentication level in an AuthLevelCondition or the maximum authentication level in a LEAuthLevelCondition of a policy being evaluated.
      static String AUTH_LEVEL_CONDITION_ADVICE
      Deprecated.
      Key that is used identify the advice messages from AuthLevelCondition.
      static String AUTH_SCHEME
      Deprecated.
      Key that is used to define the authentication scheme in an AuthSchemeCondition of a policy.
      static String AUTH_SCHEME_CONDITION_ADVICE
      Deprecated.
      Key that is used identify the advice messages from AuthSchemeCondition
      static String AUTH_TREE_CONDITION_ADVICE
      Deprecated.
       
      static String AUTHENTICATE_TO_REALM
      Deprecated.
      Key used in AuthenticateToRealmCondition to specify the realm for which the user should authenticate for the policy to apply.
      static String AUTHENTICATE_TO_REALM_CONDITION_ADVICE
      Deprecated.
      Key that is used identify the advice messages from AuthenticateToRealmCondition
      static String AUTHENTICATE_TO_SERVICE
      Deprecated.
      Key that is used in AuthenticateToServiceCondition to specify the authentication chain for which the user should authenticate for the policy to apply.
      static String AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE
      Deprecated.
      Key that is used identify the advice messages from AuthenticateToServiceCondition
      static String DNS_NAME
      Deprecated.
      Key that is used in an IPCondition to define the DNS name values for which a policy applies.
      static String END_DATE
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the end of date range for which a policy applies.The value corresponding to the key has to be a Set that has just one element which is a String that corresponds to the pattern described below.
      static String END_DAY
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the end of day of week range for which a policy applies.
      static String END_IP
      Deprecated.
      Key that is used in IPCondition to define the end of IP address range for which a policy applies.
      static String END_TIME
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the end of time range during which a policy applies.The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here.
      static String ENFORCEMENT_TIME_ZONE
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the time zone basis to evaluate the policy.
      static String INVOCATOR_PRINCIPAL_UUID
      Deprecated.
      Key that is passed in the env parameter while invoking getConditionDecision method of an AMIdentityMembershipCondition.
      static String LDAP_FILTER
      Deprecated.
      Key that is used in a LDAPFilterCondition to define the ldap filter that should be satisfied by the ldap entry of the user for the condition to be satisifed The value should be a Set with only one element.
      static String MAX_SESSION_TIME
      Deprecated.
      Key that is used in SessionCondition to define the maximum session time in minutes for which a policy applies.
      static String REQUEST_AUTH_LEVEL
      Deprecated.
      Key that is used to define the authentication level of the request.
      static String REQUEST_AUTH_SCHEMES
      Deprecated.
      Key that is used to define the name of authentication scheme of the request.
      static String REQUEST_AUTHENTICATED_TO_REALMS
      Deprecated.
      Key that is used to identify the names of authenticated realms in the request.
      static String REQUEST_AUTHENTICATED_TO_SERVICES
      Deprecated.
      Key that is used to identify the names of authentication chains in the request.
      static String REQUEST_DNS_NAME
      Deprecated.
      Key that is used to define request DNS name that is passed in the env parameter while invoking getConditionDecision method of an IPCondition.
      static String REQUEST_IP
      Deprecated.
      Key that is used to define request IP address that is passed in the env parameter while invoking getConditionDecision method of an IPCondition.
      static String REQUEST_TIME_ZONE
      Deprecated.
      Key that is used to define the time zone that is passed in the env parameter while invoking getConditionDecision method of a SimpleTimeCondition Value for the key should be a TimeZone object.
      static String START_DATE
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the start of date range for which a policy applies.
      static String START_DAY
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the start of day of week range for which a policy applies.
      static String START_IP
      Deprecated.
      Key used in IPCondition to define the start of IP address range for which a policy applies.
      static String START_TIME
      Deprecated.
      Key that is used in SimpleTimeCondition to define the beginning of time range during which a policy applies.
      static String TERMINATE_SESSION
      Deprecated.
      Key in SessionCondition that is used to define the option to terminate the session if the session exceeds the maximum session time.
      static String TRANSACTION_CONDITION_ADVICE
      Deprecated.
      Key that is used to identify the advice messages from TransactionCondition
      static String VALUE_CASE_INSENSITIVE
      Deprecated.
      Key that is passed in the env parameter while invoking getConditionDecision method of a SessionPropertyCondition to indicate if a case insensitive match needs to done of the property value against same name property in the user's single sign on token.

    • Field Detail

      • AUTH_LEVEL

        static final String AUTH_LEVEL
        Deprecated.
        Key that is used to define the minimum authentication level in an AuthLevelCondition or the maximum authentication level in a LEAuthLevelCondition of a policy being evaluated. In case of AuthLevelCondition policy would apply if the request authentication level is at least the level defined in condition while in case of LEAuthLevelCondition policy would apply if the request authentication level is less than or equal to the level defined in the condition. The value should be a Set with only one element. The element should be a String, parse-able as an integer or a realm qualified integer like "sun:1" where "sun" is a realm name.":" needs to used a delimiter between realm name and the level.
        See Also:
        setProperties(Map), Constant Field Values

      • REQUEST_AUTH_LEVEL

        static final String REQUEST_AUTH_LEVEL
        Deprecated.
        Key that is used to define the authentication level of the request. Its passed down in the env Map to the getConditionDecision call of an AuthLevelCondition or LEAuthLevelCondition for condition evaluation.

        The value should be an Integer or a Set of Strings. If it is a Set of Strings, each element of the set has to be parseable as integer or should be a realm qualified integer like "sun:1". If the env parameter is null or does not define value for REQUEST_AUTH_LEVEL, the value for REQUEST_AUTH_LEVEL is obtained from the single sign on token of the user

        See Also:
        getConditionDecision(SSOToken, Map), AUTH_LEVEL, Constant Field Values

      • AUTH_SCHEME

        static final String AUTH_SCHEME
        Deprecated.
        Key that is used to define the authentication scheme in an AuthSchemeCondition of a policy. Policy would apply if the authentication scheme of the request is same as defined in the condition. The value should be a Set with only one element. The element should be a String, the authentication scheme name.
        See Also:
        setProperties(Map), Constant Field Values

      • APPLICATION_NAME

        static final String APPLICATION_NAME
        Deprecated.
        Key that is used to specify application name for the resources protected by the policy
        See Also:
        Constant Field Values

      • APPLICATION_IDLE_TIMEOUT

        static final String APPLICATION_IDLE_TIMEOUT
        Deprecated.
        Key that is used to specify the application idle time out
        See Also:
        Constant Field Values

      • REQUEST_AUTH_SCHEMES

        static final String REQUEST_AUTH_SCHEMES
        Deprecated.
        Key that is used to define the name of authentication scheme of the request. Its passed down as part of the env Map to getConditionDecision of an AuthSchemeCondition for condition evaluation. Value for the key should be a Set with each element being a String. If the env parameter is null or does not define value for REQUEST_AUTH_SCHEMES, the value for REQUEST_AUTH_SCHEMES is obtained from the single sign on token of the user
        See Also:
        getConditionDecision(SSOToken, Map), AUTH_SCHEME, Constant Field Values

      • AUTHENTICATE_TO_REALM

        static final String AUTHENTICATE_TO_REALM
        Deprecated.
        Key used in AuthenticateToRealmCondition to specify the realm for which the user should authenticate for the policy to apply. The value should be a Set with only one element. The should be a String, the realm name.
        See Also:
        setProperties(Map), Constant Field Values

      • REQUEST_AUTHENTICATED_TO_REALMS

        static final String REQUEST_AUTHENTICATED_TO_REALMS
        Deprecated.
        Key that is used to identify the names of authenticated realms in the request. Its passed down as part of the env Map to getConditionDecision of an AuthenticateToRealmCondition for condition evaluation. Value for the key should be a Set with each element being a String If the env parameter is null or does not define value for REQUEST_AUTHENTICATED_TO_REALMS, the value for REQUEST_AUTHENTICATED_TO_REALMS is obtained from the single sign on token of the user
        See Also:
        getConditionDecision(SSOToken, Map), AUTHENTICATE_TO_REALM, Constant Field Values

      • AUTHENTICATE_TO_SERVICE

        static final String AUTHENTICATE_TO_SERVICE
        Deprecated.
        Key that is used in AuthenticateToServiceCondition to specify the authentication chain for which the user should authenticate for the policy to apply. The value should be a Set with only one element. The should be a String, the realm name.
        See Also:
        setProperties(Map), Constant Field Values

      • REQUEST_AUTHENTICATED_TO_SERVICES

        static final String REQUEST_AUTHENTICATED_TO_SERVICES
        Deprecated.
        Key that is used to identify the names of authentication chains in the request. Its passed down as part of the env Map to getConditionDecision of an AuthenticateToServiceCondition for condition evaluation. Value for the key should be a Set with each element being a String. If the env parameter is null or does not define value for REQUEST_AUTHENTICATED_TO_SERVICES, the value for REQUEST_AUTHENTICATED_TO_SERVICES is obtained from the single sign on token of the user
        See Also:
        getConditionDecision(SSOToken, Map), AUTHENTICATE_TO_SERVICE, Constant Field Values

      • AUTH_SCHEME_CONDITION_ADVICE

        static final String AUTH_SCHEME_CONDITION_ADVICE
        Deprecated.
        Key that is used identify the advice messages from AuthSchemeCondition
        See Also:
        Constant Field Values

      • AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE

        static final String AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE
        Deprecated.
        Key that is used identify the advice messages from AuthenticateToServiceCondition
        See Also:
        Constant Field Values

      • AUTH_LEVEL_CONDITION_ADVICE

        static final String AUTH_LEVEL_CONDITION_ADVICE
        Deprecated.
        Key that is used identify the advice messages from AuthLevelCondition.
        See Also:
        Constant Field Values

      • AUTHENTICATE_TO_REALM_CONDITION_ADVICE

        static final String AUTHENTICATE_TO_REALM_CONDITION_ADVICE
        Deprecated.
        Key that is used identify the advice messages from AuthenticateToRealmCondition
        See Also:
        Constant Field Values

      • TRANSACTION_CONDITION_ADVICE

        static final String TRANSACTION_CONDITION_ADVICE
        Deprecated.
        Key that is used to identify the advice messages from TransactionCondition
        See Also:
        Constant Field Values

      • START_IP

        static final String START_IP
        Deprecated.
        Key used in IPCondition to define the start of IP address range for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here. If a value is defined for START_IP, a value should also be defined for END_IP. The patterns for IP Version 4 is : n.n.n.n where n would take any integer value between 0 and 255 inclusive. Some sample values are: 122.100.85.45 145.64.55.35 15.64.55.35 The patterns for IP Version 6 is: x:x:x:x:x:x:x:x where x are the hexadecimal values of the eight 16-bit pieces of the address Some sample values are: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 1080:0:0:0:8:800:200C:417A
        See Also:
        RFC 3513 - Section 2.2, setProperties(Map), Constant Field Values

      • END_IP

        static final String END_IP
        Deprecated.
        Key that is used in IPCondition to define the end of IP address range for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here. If a value is defined for END_IP, a value should also be defined for START_IP. The patterns is : n.n.n.n where n would take any integer value between 0 and 255 inclusive. Some sample values are 122.100.85.45 145.64.55.35 15.64.55.35 The patterns for IP Version 6 is: x:x:x:x:x:x:x:x where x are the hexadecimal values of the eight 16-bit pieces of the address Some sample values are: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 1080:0:0:0:8:800:200C:417A
        See Also:
        RFC 3513 - Section 2.2, setProperties(Map), Constant Field Values

      • DNS_NAME

        static final String DNS_NAME
        Deprecated.
        Key that is used in an IPCondition to define the DNS name values for which a policy applies. The value corresponding to the key has to be a Set where each element is a String that conforms to the patterns described here. The patterns is : 
         ccc.ccc.ccc.ccc
 *.ccc.ccc.ccc
        where c is any valid character for DNS domain/host name. There could be any number of .ccc components. Some sample values are: 
         www.sun.com
 finace.yahoo.com
 *.yahoo.com
        See Also:
        setProperties(Map), Constant Field Values

      • REQUEST_IP

        static final String REQUEST_IP
        Deprecated.
        Key that is used to define request IP address that is passed in the env parameter while invoking getConditionDecision method of an IPCondition. Value for the key should be a String that is a string representation of IP of the client, For IP version 4: The form is n.n.n.n where n is a value between 0 and 255 inclusive. For IP version 6: The form is x:x:x:x:x:x:x:x where x is the hexadecimal values of the eight 16-bit pieces of the address
        See Also:
        getConditionDecision(SSOToken, Map), REQUEST_DNS_NAME, Constant Field Values

      • REQUEST_DNS_NAME

        static final String REQUEST_DNS_NAME
        Deprecated.
        Key that is used to define request DNS name that is passed in the env parameter while invoking getConditionDecision method of an IPCondition. Value for the key should be a set of strings representing the DNS names of the client, in the form ccc.ccc.ccc for IP version 4. For IP version 6, the form would be x:x:x:x:x:x:x:x If the env parameter is null or does not define value for REQUEST_DNS_NAME, the value for REQUEST_DNS_NAME is obtained from the single sign on token of the user
        See Also:
        getConditionDecision(SSOToken, Map), Constant Field Values

      • LDAP_FILTER

        static final String LDAP_FILTER
        Deprecated.
        Key that is used in a LDAPFilterCondition to define the ldap filter that should be satisfied by the ldap entry of the user for the condition to be satisifed The value should be a Set with only one element. The element should be a String.
        See Also:
        setProperties(Map), Constant Field Values

      • MAX_SESSION_TIME

        static final String MAX_SESSION_TIME
        Deprecated.
        Key that is used in SessionCondition to define the maximum session time in minutes for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a string and parse-able as an Integer.
        See Also:
        Constant Field Values

      • TERMINATE_SESSION

        static final String TERMINATE_SESSION
        Deprecated.
        Key in SessionCondition that is used to define the option to terminate the session if the session exceeds the maximum session time. The value corresponding to the key has to be a Set that has just one element which is a string. The option is on if the string value is equal to true.
        See Also:
        Constant Field Values

      • START_TIME

        static final String START_TIME
        Deprecated.
        Key that is used in SimpleTimeCondition to define the beginning of time range during which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here. If a value is defined for START_TIME, a value should also be defined for END_TIME. The patterns is: 
            HH:mm
        Some sample values are 
             08:25
     18:45
        See Also:
        setProperties(Map), END_TIME, Constant Field Values

      • END_TIME

        static final String END_TIME
        Deprecated.
        Key that is used in a SimpleTimeCondition to define the end of time range during which a policy applies.The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here. If a value is defined for END_TIME, a value should also be defined for START_TIME. The patterns is: 
            HH:mm
        Some sample values are 
             08:25
     18:45
        See Also:
        setProperties(Map), START_TIME, Constant Field Values

      • START_DAY

        static final String START_DAY
        Deprecated.
        Key that is used in a SimpleTimeCondition to define the start of day of week range for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that is one of the values Sun, Mon, Tue, Wed, Thu, Fri, Sat. If a value is defined for START_DAY, a value should also be defined for END_DAY. Some sample values are 
             Sun
     Mon
        See Also:
        setProperties(Map), END_DAY, Constant Field Values

      • END_DAY

        static final String END_DAY
        Deprecated.
        Key that is used in a SimpleTimeCondition to define the end of day of week range for which a policy applies. Its defined in a SimpleTimeCondition associated with the policy. The value corresponding to the key has to be a Set that has just one element which is a String that is one of the values Sun, Mon, Tue, Wed, Thu, Fri, Sat. If a value is defined for END_DAY, a value should also be defined for START_DAY. Some sample values are 
             Sun
     Mon
        See Also:
        setProperties(Map), START_DAY, Constant Field Values

      • START_DATE

        static final String START_DATE
        Deprecated.
        Key that is used in a SimpleTimeCondition to define the start of date range for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that corresponds to the pattern described below. If a value is defined for START_DATE, a value should also be defined for END_DATE. The pattern is 
             yyyy:MM:dd
 Some sample values are
     2001:02:26
     2002:12:31
        See Also:
        setProperties(Map), END_DATE, Constant Field Values

      • END_DATE

        static final String END_DATE
        Deprecated.
        Key that is used in a SimpleTimeCondition to define the end of date range for which a policy applies.The value corresponding to the key has to be a Set that has just one element which is a String that corresponds to the pattern described below. If a value is defined for END_DATE, a value should also be defined for START_DATE. The pattern is 
             yyyy:MM:dd
 Some sample values are
     2001:02:26
     2002:12:31
        See Also:
        setProperties(Map), START_DATE, Constant Field Values

      • ENFORCEMENT_TIME_ZONE

        static final String ENFORCEMENT_TIME_ZONE
        Deprecated.
        Key that is used in a SimpleTimeCondition to define the time zone basis to evaluate the policy. The value corresponding to the key has to be a one element Set where the element is a String that is one of the standard timezone IDs supported by java or a String of the pattern GMT[+|-]hh[[:]mm] here. If the value is not a valid time zone id and does not match the pattern GMT[+|-]hh[[:]mm], it would default to GMT
        See Also:
        TimeZone, Constant Field Values

      • REQUEST_TIME_ZONE

        static final String REQUEST_TIME_ZONE
        Deprecated.
        Key that is used to define the time zone that is passed in the env parameter while invoking getConditionDecision method of a SimpleTimeCondition Value for the key should be a TimeZone object. This would be used only if the ENFORCEMENT_TIME_ZONE is not defined for the SimpleTimeCondition
        See Also:
        getConditionDecision(SSOToken, Map), ENFORCEMENT_TIME_ZONE, TimeZone, Constant Field Values

      • VALUE_CASE_INSENSITIVE

        static final String VALUE_CASE_INSENSITIVE
        Deprecated.
        Key that is passed in the env parameter while invoking getConditionDecision method of a SessionPropertyCondition to indicate if a case insensitive match needs to done of the property value against same name property in the user's single sign on token.
        See Also:
        Constant Field Values

      • INVOCATOR_PRINCIPAL_UUID

        static final String INVOCATOR_PRINCIPAL_UUID
        Deprecated.
        Key that is passed in the env parameter while invoking getConditionDecision method of an AMIdentityMembershipCondition. The value specifies the uuid(s) for which the policy would apply. The value should be a Set. Each element of the Set should be a String, the uuid of the AMIdentity objet.
        See Also:
        Constant Field Values

      • AM_IDENTITY_NAME

        static final String AM_IDENTITY_NAME
        Deprecated.
        Key that is used in a AMIdentityMembershipCondition to specify the uuid(s) of AMIdentiy objects to which the policy would apply. These uuid(s) are specified in the condition at policy definition time. The value should be a Set Each element of the Set should be a String, the uuid of the invocator.
        See Also:
        Constant Field Values

    • Method Detail

      • getPropertyNames

        List<String> getPropertyNames()
        Deprecated.
        Returns a list of property names for the condition.
        Returns:
        list of property names

      • getPropertySyntax

        Syntax getPropertySyntax​(String property)
        Deprecated.
        Returns the syntax for a property name
        Parameters:
        property - property name
        Returns:
        Syntax for the property name
        See Also:
        Syntax

      • getDisplayName

        String getDisplayName​(String property,
                      Locale locale)
               throws PolicyException
        Deprecated.
        Gets the display name for the property name. The locale variable could be used by the plugin to customize the display name for the given locale. The locale variable could be null, in which case the plugin must use the default locale.
        Parameters:
        property - property name
        locale - locale for which the property name must be customized
        Returns:
        display name for the property name.
        Throws:
        PolicyException - If the display name could not be retrieved.

      • getValidValues

        Set<String> getValidValues​(String property)
                    throws PolicyException
        Deprecated.
        Returns a set of valid values given the property name. This method is called if the property Syntax is either the SINGLE_CHOICE or MULTIPLE_CHOICE.
        Parameters:
        property - property name
        Returns:
        Set of valid values for the property.
        Throws:
        PolicyException - if unable to get the Syntax.

      • setProperties

        void setProperties​(Map<String,​Set<String>> properties)
            throws PolicyException
        Deprecated.
        Sets the properties of the condition. This influences the ConditionDecision that would be computed by a call to method getConditionDecision(Map) and the Advice messages generated included in the ConditionDecision. ConditionDecision encapsulates whether a policy applies for the request and advice messages generated by the condition. For example, for a SimpleTimeCondition, the properties would define StartTime and EndTime, to define the time range during which the policy applies
        Parameters:
        properties - the properties of the condition that would influence the ConditionDecision returned by a call to method getConditionDecision(Map). Keys of the properties have to be String. Value corresponding to each key have to be a Set of String elements. Each implementation of Condition could add further restrictions on the keys and values of this Map.
        Throws:
        PolicyException - for any abnormal condition
        See Also:
        ConditionDecision

      • getConditionDecision

        ConditionDecision getConditionDecision​(SSOToken token,
                                       Map<String,​Set<String>> env)
                                throws PolicyException,
                                       SSOException
        Deprecated.
        Gets the decision computed by this condition object, based on the Map of environment parameters
        Parameters:
        token - single-sign-on SSOToken of the user
        env - request specific environment Map of key/value pairs For example this would contain IP address of remote client for an IPCondition.
        Returns:
        the condition decision. The condition decision encapsulates whether a Policy applies for the request and advice messages generated by the condition. Policy framework continues evaluating a Policy only if it applies to the request as indicated by the ConditionDecision. Otherwise, further evaluation of the Policy is skipped. However, the Advice messages encapsulated in the ConditionDecision are aggregated and passed up, encapsulated in the PolicyDecision.
        Throws:
        PolicyException - if the decision could not be computed
        SSOException - if SSO token is not valid
        See Also:
        ConditionDecision

      • clone

        Object clone()
        Deprecated.
        Returns a copy of this object.
        Returns:
        a copy of this object