Package com.sun.identity.entitlement

Class Evaluator

java.lang.Object

com.sun.identity.entitlement.Evaluator

@Supported
public class Evaluator
extends Object

The class evaluates entitlement request and provides decisions. The evaluation of a policy depends on the following contextual information:

• realm: The realm the policy needs to be evaluated in.
• subject: The subject that attempts to access a particular resource.
• resourceNames: The resources the subject attempts to access.
• environment: Additional information about the environment within which the policy should be evaluated. Note that certain environment/subject conditions may depend on certain fields to be present in this map. One such example would be the LDAP Filter Condition having access to the PolicyEvaluator.REALM_DN field containing the realm's DN representation.

Additionally, the evaluation will also take into account the name of the policy set (a.k.a. application) used when creating the Evaluator instance.

Method Summary

Modifier and Type	Method	Description
List<com.sun.identity.entitlement.Entitlement>	evaluate(String realm, Subject subject, String resourceName, Map<String,Set<String>> environment, boolean recursive)	Returns a list of entitlements for a given subject, resource name and environment.
List<com.sun.identity.entitlement.Entitlement>	evaluate(String realm, Subject subject, Set<String> resourceNames, Map<String,Set<String>> environment)	Returns a list of entitlements for a given subject, resource names and environment.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

evaluate

@Supported
public List<com.sun.identity.entitlement.Entitlement> evaluate(String realm,
                                                               Subject subject,
                                                               Set<String> resourceNames,
                                                               Map<String,Set<String>> environment)
                                                        throws EntitlementException

Returns a list of entitlements for a given subject, resource names and environment.

Parameters:

realm - Realm Name.

subject - Subject who is under evaluation.

resourceNames - Resource names.

environment - Environment parameters.

Returns:

a list of entitlements for a given subject, resource name and environment.

Throws:

EntitlementException - if the result cannot be determined.

evaluate

@Supported
public List<com.sun.identity.entitlement.Entitlement> evaluate(String realm,
                                                               Subject subject,
                                                               String resourceName,
                                                               Map<String,Set<String>> environment,
                                                               boolean recursive)
                                                        throws EntitlementException

Returns a list of entitlements for a given subject, resource name and environment.

Parameters:

realm - Realm Name.

subject - Subject who is under evaluation.

resourceName - Resource name.

environment - Environment parameters.

recursive - true to perform evaluation on sub resources from the given resource name.

Returns:

a list of entitlements for a given subject, resource name and environment.

Throws:

EntitlementException - if the result cannot be determined.