Package com.sun.identity.policy.interfaces

Interface Condition

All Superinterfaces:
Cloneable
@SupportedAll @Deprecated public interface Condition extends Cloneable
Deprecated.
The class Condition defines an interface to allow pluggable condition. These are used to control policy decisions based on parameters such as time, authentication level of the user session and IP address from which the user is making the request. A condition computes a ConditionDecision based on the state of condition object as set by setProperties method call and the environment passed in a map of key/value pairs. ConditionDecision encapsulates whether a Policy applies for the request and Advice messages generated by the condition. The following Condition implementation are provided with the Policy framework:
  • AuthLevelCondition
  • LEAuthLevelCondition
  • AuthSchemeCondition
  • IPCondition
  • SimpleTimeCondition
  • SessionCondition
  • SessionPropertyCondition
  • AuthenticateToRealmCondition
  • AuthenticateToServiceCondition
  • LDAPFilterCondition
All condition implementations should have a public no argument constructor.
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    AM_IDENTITY_NAME
    Deprecated.
    Key that is used in a AMIdentityMembershipCondition to specify the uuid(s) of AMIdentiy objects to which the policy would apply.
    static final String
    APPLICATION_IDLE_TIMEOUT
    Deprecated.
    Key that is used to specify the application idle time out
    static final String
    APPLICATION_NAME
    Deprecated.
    Key that is used to specify application name for the resources protected by the policy
    static final String
    AUTH_LEVEL
    Deprecated.
    Key that is used to define the minimum authentication level in an AuthLevelCondition or the maximum authentication level in a LEAuthLevelCondition of a policy being evaluated.
    static final String
    AUTH_LEVEL_CONDITION_ADVICE
    Deprecated.
    Key that is used identify the advice messages from AuthLevelCondition.
    static final String
    AUTH_SCHEME
    Deprecated.
    Key that is used to define the authentication scheme in an AuthSchemeCondition of a policy.
    static final String
    AUTH_SCHEME_CONDITION_ADVICE
    Deprecated.
    Key that is used identify the advice messages from AuthSchemeCondition
    static final String
    AUTH_TREE_CONDITION_ADVICE
    Deprecated.
     
    static final String
    AUTHENTICATE_TO_REALM
    Deprecated.
    Key used in AuthenticateToRealmCondition to specify the realm for which the user should authenticate for the policy to apply.
    static final String
    AUTHENTICATE_TO_REALM_CONDITION_ADVICE
    Deprecated.
    Key that is used identify the advice messages from AuthenticateToRealmCondition
    static final String
    AUTHENTICATE_TO_SERVICE
    Deprecated.
    Key that is used in AuthenticateToServiceCondition to specify the authentication chain for which the user should authenticate for the policy to apply.
    static final String
    AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE
    Deprecated.
    Key that is used identify the advice messages from AuthenticateToServiceCondition
    static final String
    DNS_NAME
    Deprecated.
    Key that is used in an IPCondition to define the DNS name values for which a policy applies.
    static final String
    END_DATE
    Deprecated.
    Key that is used in a SimpleTimeCondition to define the end of date range for which a policy applies.The value corresponding to the key has to be a Set that has just one element which is a String that corresponds to the pattern described below.
    static final String
    END_DAY
    Deprecated.
    Key that is used in a SimpleTimeCondition to define the end of day of week range for which a policy applies.
    static final String
    END_IP
    Deprecated.
    Key that is used in IPCondition to define the end of IP address range for which a policy applies.
    static final String
    END_TIME
    Deprecated.
    Key that is used in a SimpleTimeCondition to define the end of time range during which a policy applies.The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here.
    static final String
    ENFORCEMENT_TIME_ZONE
    Deprecated.
    Key that is used in a SimpleTimeCondition to define the time zone basis to evaluate the policy.
    static final String
    INVOCATOR_PRINCIPAL_UUID
    Deprecated.
    Key that is passed in the env parameter while invoking getConditionDecision method of an AMIdentityMembershipCondition.
    static final String
    LDAP_FILTER
    Deprecated.
    Key that is used in a LDAPFilterCondition to define the ldap filter that should be satisfied by the ldap entry of the user for the condition to be satisifed The value should be a Set with only one element.
    static final String
    MAX_SESSION_TIME
    Deprecated.
    Key that is used in SessionCondition to define the maximum session time in minutes for which a policy applies.
    static final String
    REQUEST_AUTH_LEVEL
    Deprecated.
    Key that is used to define the authentication level of the request.
    static final String
    REQUEST_AUTH_SCHEMES
    Deprecated.
    Key that is used to define the name of authentication scheme of the request.
    static final String
    REQUEST_AUTHENTICATED_TO_REALMS
    Deprecated.
    Key that is used to identify the names of authenticated realms in the request.
    static final String
    REQUEST_AUTHENTICATED_TO_SERVICES
    Deprecated.
    Key that is used to identify the names of authentication chains in the request.
    static final String
    REQUEST_DNS_NAME
    Deprecated.
    Key that is used to define request DNS name that is passed in the env parameter while invoking getConditionDecision method of an IPCondition.
    static final String
    REQUEST_IP
    Deprecated.
    Key that is used to define request IP address that is passed in the env parameter while invoking getConditionDecision method of an IPCondition.
    static final String
    REQUEST_TIME_ZONE
    Deprecated.
    Key that is used to define the time zone that is passed in the env parameter while invoking getConditionDecision method of a SimpleTimeCondition Value for the key should be a TimeZone object.
    static final String
    START_DATE
    Deprecated.
    Key that is used in a SimpleTimeCondition to define the start of date range for which a policy applies.
    static final String
    START_DAY
    Deprecated.
    Key that is used in a SimpleTimeCondition to define the start of day of week range for which a policy applies.
    static final String
    START_IP
    Deprecated.
    Key used in IPCondition to define the start of IP address range for which a policy applies.
    static final String
    START_TIME
    Deprecated.
    Key that is used in SimpleTimeCondition to define the beginning of time range during which a policy applies.
    static final String
    TERMINATE_SESSION
    Deprecated.
    Key in SessionCondition that is used to define the option to terminate the session if the session exceeds the maximum session time.
    static final String
    TRANSACTION_CONDITION_ADVICE
    Deprecated.
    Key that is used to identify the advice messages from TransactionCondition
    static final String
    VALUE_CASE_INSENSITIVE
    Deprecated.
    Key that is passed in the env parameter while invoking getConditionDecision method of a SessionPropertyCondition to indicate if a case insensitive match needs to done of the property value against same name property in the user's single sign on token.

  • Method Summary

    Modifier and Type
    Method
    Description
    Object
    clone()
    Deprecated.
    Returns a copy of this object.
    ConditionDecision
    getConditionDecision(SSOToken token, Map<String,Set<String>> env)
    Deprecated.
    Gets the decision computed by this condition object, based on the Map of environment parameters
    String
    getDisplayName(String property, Locale locale)
    Deprecated.
    Gets the display name for the property name.
    Map<String,Set<String>>
    getProperties()
    Deprecated.
    Gets the properties of the condition
    List<String>
    getPropertyNames()
    Deprecated.
    Returns a list of property names for the condition.
    Syntax
    getPropertySyntax(String property)
    Deprecated.
    Returns the syntax for a property name
    Set<String>
    getValidValues(String property)
    Deprecated.
    Returns a set of valid values given the property name.
    void
    setProperties(Map<String,Set<String>> properties)
    Deprecated.
    Sets the properties of the condition.

  • Field Details

    • AUTH_LEVEL

      static final String AUTH_LEVEL
      Deprecated.
      Key that is used to define the minimum authentication level in an AuthLevelCondition or the maximum authentication level in a LEAuthLevelCondition of a policy being evaluated. In case of AuthLevelCondition policy would apply if the request authentication level is at least the level defined in condition while in case of LEAuthLevelCondition policy would apply if the request authentication level is less than or equal to the level defined in the condition. The value should be a Set with only one element. The element should be a String, parse-able as an integer or a realm qualified integer like "sun:1" where "sun" is a realm name.":" needs to used a delimiter between realm name and the level.
      See Also:

    • REQUEST_AUTH_LEVEL

      static final String REQUEST_AUTH_LEVEL
      Deprecated.
      Key that is used to define the authentication level of the request. Its passed down in the env Map to the getConditionDecision call of an AuthLevelCondition or LEAuthLevelCondition for condition evaluation.

      The value should be an Integer or a Set of Strings. If it is a Set of Strings, each element of the set has to be parseable as integer or should be a realm qualified integer like "sun:1". If the env parameter is null or does not define value for REQUEST_AUTH_LEVEL, the value for REQUEST_AUTH_LEVEL is obtained from the single sign on token of the user

      See Also:

    • AUTH_SCHEME

      static final String AUTH_SCHEME
      Deprecated.
      Key that is used to define the authentication scheme in an AuthSchemeCondition of a policy. Policy would apply if the authentication scheme of the request is same as defined in the condition. The value should be a Set with only one element. The element should be a String, the authentication scheme name.
      See Also:

    • APPLICATION_NAME

      static final String APPLICATION_NAME
      Deprecated.
      Key that is used to specify application name for the resources protected by the policy
      See Also:

    • APPLICATION_IDLE_TIMEOUT

      static final String APPLICATION_IDLE_TIMEOUT
      Deprecated.
      Key that is used to specify the application idle time out
      See Also:

    • REQUEST_AUTH_SCHEMES

      static final String REQUEST_AUTH_SCHEMES
      Deprecated.
      Key that is used to define the name of authentication scheme of the request. Its passed down as part of the env Map to getConditionDecision of an AuthSchemeCondition for condition evaluation. Value for the key should be a Set with each element being a String. If the env parameter is null or does not define value for REQUEST_AUTH_SCHEMES, the value for REQUEST_AUTH_SCHEMES is obtained from the single sign on token of the user
      See Also:

    • AUTHENTICATE_TO_REALM

      static final String AUTHENTICATE_TO_REALM
      Deprecated.
      Key used in AuthenticateToRealmCondition to specify the realm for which the user should authenticate for the policy to apply. The value should be a Set with only one element. The should be a String, the realm name.
      See Also:

    • REQUEST_AUTHENTICATED_TO_REALMS

      static final String REQUEST_AUTHENTICATED_TO_REALMS
      Deprecated.
      Key that is used to identify the names of authenticated realms in the request. Its passed down as part of the env Map to getConditionDecision of an AuthenticateToRealmCondition for condition evaluation. Value for the key should be a Set with each element being a String If the env parameter is null or does not define value for REQUEST_AUTHENTICATED_TO_REALMS, the value for REQUEST_AUTHENTICATED_TO_REALMS is obtained from the single sign on token of the user
      See Also:

    • AUTHENTICATE_TO_SERVICE

      static final String AUTHENTICATE_TO_SERVICE
      Deprecated.
      Key that is used in AuthenticateToServiceCondition to specify the authentication chain for which the user should authenticate for the policy to apply. The value should be a Set with only one element. The should be a String, the realm name.
      See Also:

    • REQUEST_AUTHENTICATED_TO_SERVICES

      static final String REQUEST_AUTHENTICATED_TO_SERVICES
      Deprecated.
      Key that is used to identify the names of authentication chains in the request. Its passed down as part of the env Map to getConditionDecision of an AuthenticateToServiceCondition for condition evaluation. Value for the key should be a Set with each element being a String. If the env parameter is null or does not define value for REQUEST_AUTHENTICATED_TO_SERVICES, the value for REQUEST_AUTHENTICATED_TO_SERVICES is obtained from the single sign on token of the user
      See Also:

    • AUTH_SCHEME_CONDITION_ADVICE

      static final String AUTH_SCHEME_CONDITION_ADVICE
      Deprecated.
      Key that is used identify the advice messages from AuthSchemeCondition
      See Also:

    • AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE

      static final String AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE
      Deprecated.
      Key that is used identify the advice messages from AuthenticateToServiceCondition
      See Also:

    • AUTH_LEVEL_CONDITION_ADVICE

      static final String AUTH_LEVEL_CONDITION_ADVICE
      Deprecated.
      Key that is used identify the advice messages from AuthLevelCondition.
      See Also:

    • AUTH_TREE_CONDITION_ADVICE

      static final String AUTH_TREE_CONDITION_ADVICE
      Deprecated.
      See Also:

    • AUTHENTICATE_TO_REALM_CONDITION_ADVICE

      static final String AUTHENTICATE_TO_REALM_CONDITION_ADVICE
      Deprecated.
      Key that is used identify the advice messages from AuthenticateToRealmCondition
      See Also:

    • TRANSACTION_CONDITION_ADVICE

      static final String TRANSACTION_CONDITION_ADVICE
      Deprecated.
      Key that is used to identify the advice messages from TransactionCondition
      See Also:

    • START_IP

      static final String START_IP
      Deprecated.
      Key used in IPCondition to define the start of IP address range for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here. If a value is defined for START_IP, a value should also be defined for END_IP. The patterns for IP Version 4 is : n.n.n.n where n would take any integer value between 0 and 255 inclusive. Some sample values are: 122.100.85.45 145.64.55.35 15.64.55.35 The patterns for IP Version 6 is: x:x:x:x:x:x:x:x where x are the hexadecimal values of the eight 16-bit pieces of the address Some sample values are: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 1080:0:0:0:8:800:200C:417A
      See Also:

    • END_IP

      static final String END_IP
      Deprecated.
      Key that is used in IPCondition to define the end of IP address range for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here. If a value is defined for END_IP, a value should also be defined for START_IP. The patterns is : n.n.n.n where n would take any integer value between 0 and 255 inclusive. Some sample values are 122.100.85.45 145.64.55.35 15.64.55.35 The patterns for IP Version 6 is: x:x:x:x:x:x:x:x where x are the hexadecimal values of the eight 16-bit pieces of the address Some sample values are: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 1080:0:0:0:8:800:200C:417A
      See Also:

    • DNS_NAME

      static final String DNS_NAME
      Deprecated.
      Key that is used in an IPCondition to define the DNS name values for which a policy applies. The value corresponding to the key has to be a Set where each element is a String that conforms to the patterns described here. The patterns is : 
       ccc.ccc.ccc.ccc
 *.ccc.ccc.ccc
      where c is any valid character for DNS domain/host name. There could be any number of .ccc components. Some sample values are: 
       www.sun.com
 finace.yahoo.com
 *.yahoo.com
      See Also:

    • REQUEST_IP

      static final String REQUEST_IP
      Deprecated.
      Key that is used to define request IP address that is passed in the env parameter while invoking getConditionDecision method of an IPCondition. Value for the key should be a String that is a string representation of IP of the client, For IP version 4: The form is n.n.n.n where n is a value between 0 and 255 inclusive. For IP version 6: The form is x:x:x:x:x:x:x:x where x is the hexadecimal values of the eight 16-bit pieces of the address
      See Also:

    • REQUEST_DNS_NAME

      static final String REQUEST_DNS_NAME
      Deprecated.
      Key that is used to define request DNS name that is passed in the env parameter while invoking getConditionDecision method of an IPCondition. Value for the key should be a set of strings representing the DNS names of the client, in the form ccc.ccc.ccc for IP version 4. For IP version 6, the form would be x:x:x:x:x:x:x:x If the env parameter is null or does not define value for REQUEST_DNS_NAME, the value for REQUEST_DNS_NAME is obtained from the single sign on token of the user
      See Also:

    • LDAP_FILTER

      static final String LDAP_FILTER
      Deprecated.
      Key that is used in a LDAPFilterCondition to define the ldap filter that should be satisfied by the ldap entry of the user for the condition to be satisifed The value should be a Set with only one element. The element should be a String.
      See Also:

    • MAX_SESSION_TIME

      static final String MAX_SESSION_TIME
      Deprecated.
      Key that is used in SessionCondition to define the maximum session time in minutes for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a string and parse-able as an Integer.
      See Also:

    • TERMINATE_SESSION

      static final String TERMINATE_SESSION
      Deprecated.
      Key in SessionCondition that is used to define the option to terminate the session if the session exceeds the maximum session time. The value corresponding to the key has to be a Set that has just one element which is a string. The option is on if the string value is equal to true.
      See Also:

    • START_TIME

      static final String START_TIME
      Deprecated.
      Key that is used in SimpleTimeCondition to define the beginning of time range during which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here. If a value is defined for START_TIME, a value should also be defined for END_TIME. The patterns is: 
          HH:mm
      Some sample values are 
           08:25
     18:45
      See Also:

    • END_TIME

      static final String END_TIME
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the end of time range during which a policy applies.The value corresponding to the key has to be a Set that has just one element which is a String that conforms to the pattern described here. If a value is defined for END_TIME, a value should also be defined for START_TIME. The patterns is: 
          HH:mm
      Some sample values are 
           08:25
     18:45
      See Also:

    • START_DAY

      static final String START_DAY
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the start of day of week range for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that is one of the values Sun, Mon, Tue, Wed, Thu, Fri, Sat. If a value is defined for START_DAY, a value should also be defined for END_DAY. Some sample values are 
           Sun
     Mon
      See Also:

    • END_DAY

      static final String END_DAY
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the end of day of week range for which a policy applies. Its defined in a SimpleTimeCondition associated with the policy. The value corresponding to the key has to be a Set that has just one element which is a String that is one of the values Sun, Mon, Tue, Wed, Thu, Fri, Sat. If a value is defined for END_DAY, a value should also be defined for START_DAY. Some sample values are 
           Sun
     Mon
      See Also:

    • START_DATE

      static final String START_DATE
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the start of date range for which a policy applies. The value corresponding to the key has to be a Set that has just one element which is a String that corresponds to the pattern described below. If a value is defined for START_DATE, a value should also be defined for END_DATE. The pattern is 
           yyyy:MM:dd
 Some sample values are
     2001:02:26
     2002:12:31
      See Also:

    • END_DATE

      static final String END_DATE
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the end of date range for which a policy applies.The value corresponding to the key has to be a Set that has just one element which is a String that corresponds to the pattern described below. If a value is defined for END_DATE, a value should also be defined for START_DATE. The pattern is 
           yyyy:MM:dd
 Some sample values are
     2001:02:26
     2002:12:31
      See Also:

    • ENFORCEMENT_TIME_ZONE

      static final String ENFORCEMENT_TIME_ZONE
      Deprecated.
      Key that is used in a SimpleTimeCondition to define the time zone basis to evaluate the policy. The value corresponding to the key has to be a one element Set where the element is a String that is one of the standard timezone IDs supported by java or a String of the pattern GMT[+|-]hh[[:]mm] here. If the value is not a valid time zone id and does not match the pattern GMT[+|-]hh[[:]mm], it would default to GMT
      See Also:

    • REQUEST_TIME_ZONE

      static final String REQUEST_TIME_ZONE
      Deprecated.
      Key that is used to define the time zone that is passed in the env parameter while invoking getConditionDecision method of a SimpleTimeCondition Value for the key should be a TimeZone object. This would be used only if the ENFORCEMENT_TIME_ZONE is not defined for the SimpleTimeCondition
      See Also:

    • VALUE_CASE_INSENSITIVE

      static final String VALUE_CASE_INSENSITIVE
      Deprecated.
      Key that is passed in the env parameter while invoking getConditionDecision method of a SessionPropertyCondition to indicate if a case insensitive match needs to done of the property value against same name property in the user's single sign on token.
      See Also:

    • INVOCATOR_PRINCIPAL_UUID

      static final String INVOCATOR_PRINCIPAL_UUID
      Deprecated.
      Key that is passed in the env parameter while invoking getConditionDecision method of an AMIdentityMembershipCondition. The value specifies the uuid(s) for which the policy would apply. The value should be a Set. Each element of the Set should be a String, the uuid of the AMIdentity objet.
      See Also:

    • AM_IDENTITY_NAME

      static final String AM_IDENTITY_NAME
      Deprecated.
      Key that is used in a AMIdentityMembershipCondition to specify the uuid(s) of AMIdentiy objects to which the policy would apply. These uuid(s) are specified in the condition at policy definition time. The value should be a Set Each element of the Set should be a String, the uuid of the invocator.
      See Also:

  • Method Details

    • getPropertyNames

      List<String> getPropertyNames()
      Deprecated.
      Returns a list of property names for the condition.
      Returns:
      list of property names

    • getPropertySyntax

      Syntax getPropertySyntax(String property)
      Deprecated.
      Returns the syntax for a property name
      Parameters:
      property - property name
      Returns:
      Syntax for the property name
      See Also:

    • getDisplayName

      String getDisplayName(String property, Locale locale) throws PolicyException
      Deprecated.
      Gets the display name for the property name. The locale variable could be used by the plugin to customize the display name for the given locale. The locale variable could be null, in which case the plugin must use the default locale.
      Parameters:
      property - property name
      locale - locale for which the property name must be customized
      Returns:
      display name for the property name.
      Throws:
      PolicyException - If the display name could not be retrieved.

    • getValidValues

      Set<String> getValidValues(String property) throws PolicyException
      Deprecated.
      Returns a set of valid values given the property name. This method is called if the property Syntax is either the SINGLE_CHOICE or MULTIPLE_CHOICE.
      Parameters:
      property - property name
      Returns:
      Set of valid values for the property.
      Throws:
      PolicyException - if unable to get the Syntax.

    • setProperties

      void setProperties(Map<String,Set<String>> properties) throws PolicyException
      Deprecated.
      Sets the properties of the condition. This influences the ConditionDecision that would be computed by a call to method getConditionDecision(Map) and the Advice messages generated included in the ConditionDecision. ConditionDecision encapsulates whether a policy applies for the request and advice messages generated by the condition. For example, for a SimpleTimeCondition, the properties would define StartTime and EndTime, to define the time range during which the policy applies
      Parameters:
      properties - the properties of the condition that would influence the ConditionDecision returned by a call to method getConditionDecision(Map). Keys of the properties have to be String. Value corresponding to each key have to be a Set of String elements. Each implementation of Condition could add further restrictions on the keys and values of this Map.
      Throws:
      PolicyException - for any abnormal condition
      See Also:

    • getProperties

      Map<String,Set<String>> getProperties()
      Deprecated.
      Gets the properties of the condition
      Returns:
      properties of the condition
      See Also:

    • getConditionDecision

      ConditionDecision getConditionDecision(SSOToken token, Map<String,Set<String>> env) throws PolicyException, SSOException
      Deprecated.
      Gets the decision computed by this condition object, based on the Map of environment parameters
      Parameters:
      token - single-sign-on SSOToken of the user
      env - request specific environment Map of key/value pairs For example this would contain IP address of remote client for an IPCondition.
      Returns:
      the condition decision. The condition decision encapsulates whether a Policy applies for the request and advice messages generated by the condition. Policy framework continues evaluating a Policy only if it applies to the request as indicated by the ConditionDecision. Otherwise, further evaluation of the Policy is skipped. However, the Advice messages encapsulated in the ConditionDecision are aggregated and passed up, encapsulated in the PolicyDecision.
      Throws:
      PolicyException - if the decision could not be computed
      SSOException - if SSO token is not valid
      See Also:

    • clone

      Object clone()
      Deprecated.
      Returns a copy of this object.
      Returns:
      a copy of this object