Package com.sun.identity.policy

Class PolicyEvaluator

  • @Supported
@Deprecated
public class PolicyEvaluator
extends Object
    Deprecated.
    As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
    The class PolicyEvaluator evaluates policies and provides policy decisions.

    • Field Detail

      • ALL_RESOURCES

        @Supported
public static final String ALL_RESOURCES
        Deprecated.
        Constant used to identity all the resources of a service type. The resources include the sub resources of all resource prefixes of resource type
        See Also:
        Constant Field Values

    • Method Detail

      • isAllowed

        @Supported
public boolean isAllowed​(SSOToken token,
                         String resourceName,
                         String actionName,
                         Map envParameters)
                  throws SSOException,
                         PolicyException
        Deprecated.
        Evaluates simple privileges of boolean type. The privilege indicate if the user can perform specified action on the specified resource. The evaluation depends on user's application environment parameters. Invoking this method would result in PolicyException, if the syntax for the actionName is not declared to be boolean, in the service schema.
        Parameters:
        token - single sign on token of the user evaluating policies
        resourceName - name of the resource the user is trying to access
        actionName - name of the action the user is trying to perform on the resource
        envParameters - run-time environment parameters
        Returns:
        the result of the evaluation as a boolean value
        Throws:
        SSOException - single-sign-on token invalid or expired
        PolicyException - for any other abnormal condition

      • getPolicyDecision

        @Supported
public PolicyDecision getPolicyDecision​(SSOToken token,
                                        String resourceName,
                                        Set actionNames,
                                        Map envParameters)
                                 throws SSOException,
                                        PolicyException
        Deprecated.
        Evaluates privileges of the user to perform the specified actions on the specified resource. The evaluation depends on user's application environment parameters.
        Parameters:
        token - single sign on token of the user evaluating policies
        resourceName - name of the resource the user is trying to access
        actionNames - Set of names(String) of the action the user is trying to perform on the resource
        envParameters - Map of run-time environment parameters
        Returns:
        policy decision
        Throws:
        SSOException - single-sign-on token invalid or expired
        PolicyException - for any other abnormal condition

      • getResourceResults

        @Supported
public Set getResourceResults​(SSOToken userToken,
                              String resourceName,
                              String scope,
                              Map envParameters)
                       throws SSOException,
                              PolicyException
        Deprecated.
        Gets resource result objects given a resource name. The set contains ResourceResult objects for all resources that would affect policy decisions for any resource associated with the argument resource name. To determine whether to include the ResourceResult of a resource, we compare argument resource name and policy resource name, treating wild characters in the policy resource name as wild. If the comparison resulted in EXACT_MATCH, WILD_CARD_MACTH or SUB_RESOURCE_MACTH, the resource result would be included.
        Parameters:
        userToken - single sign on token of the user evaluating policies
        resourceName - name of the resource
        scope - indicates whether to compute the resource result based on the policy decision for only the resourceName or all the resources associated with the resource name. The valid scope values are:
        • ResourceResult.SUBTREE_SCOPE
        • ResourceResult.STRICT_SUBTREE_SCOPE
        • ResourceResult.SELF_SCOPE
        If the scope is ResourceResult.SUBTREE_SCOPE, the method will return a set of ResourceResult objects, one of them for the resourceName and its sub resources; the others are for resources that match the resourceName by wildcard. If the scope is ResourceResult.STRICT_SUBTREE_SCOPE, the method will return a set object that contains one ResourceResult object. The ResourceResult contains the policy decisions regarding the resourceName and its sub resources. If the scope is ResourceResult.SELF_SCOPE, the method will return a set object that contains one ResourceResult object. The ResourceResult contains the policy decision regarding the resourceName only.
        envParameters - run-time environment parameters
        Returns:
        set of ResourceResult objects
        Throws:
        SSOException - if token is invalid
        PolicyException - for any other abnormal condition
        See Also:
        ResourceMatch.EXACT_MATCH, ResourceMatch.SUB_RESOURCE_MATCH, ResourceMatch.WILDCARD_MATCH, ResourceResult.SUBTREE_SCOPE, ResourceResult.STRICT_SUBTREE_SCOPE, ResourceResult.SELF_SCOPE

      • addPolicyListener

        @Supported
public void addPolicyListener​(PolicyListener policyListener)
        Deprecated.
        Adds a policy listener that would be notified whenever a policy is added, removed or changed
        Parameters:
        policyListener - the listener to be added

      • removePolicyListener

        @Supported
public void removePolicyListener​(PolicyListener policyListener)
        Deprecated.
        Removes a policy listener that was previously registered to receive notifications whenever a policy is added, removed or changed. It is not an error to attempt to remove a listener that was not registered. It would return silently.
        Parameters:
        policyListener - the listener to be removed