com.sun.identity.policy
Class ProxyPolicyEvaluator

java.lang.Object
  |
  +--com.sun.identity.policy.ProxyPolicyEvaluator

public class ProxyPolicyEvaluator
extends java.lang.Object

Class that lets a priviliged user to compute policy results for another user. Only privilged users can get ProxyPolicyEvaluator - only top level admin, top level policy admin, org admin or org policy admin can get ProxyPolicyEvaluator. Top level admin can compute policy results for any user. Org admin or policy admin can compute policy results only for users who are members of the org (including suborgs) that they manage. If they try to compute policy result for any other user, they would get a PolicyException.


Method Summary
 PolicyDecision getPolicyDecision(java.lang.String principalName, java.lang.String resourceName, java.util.Map env)
          Gets policy decision for the user identified by the principalName for the given resource
 java.util.Set getProtectedResourcesIgnoreConditions(java.lang.String principalName, java.lang.String rootResource)
          Gets protected resources for a user identified by the principalName.
 boolean isAllowed(java.lang.String principalName, java.lang.String resourceName, java.lang.String actionName, java.util.Map env)
          Evaluates a simple privilege of boolean type.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

isAllowed

public boolean isAllowed(java.lang.String principalName,
                         java.lang.String resourceName,
                         java.lang.String actionName,
                         java.util.Map env)
                  throws PolicyException,
                         SSOException
Evaluates a simple privilege of boolean type. The privilege indicates if the user identified by the principalName can perform specified action on the specified resource.
Parameters:
principalName - principal name for whom to compute the privilege.
resourceName - name of the resource for which to compute policy result.
actionName - name of the action the user is trying to perform on the resource
env - run time environment parameters
Returns:
the result of the evaluation as a boolean value
Throws:
PolicyException - exception form policy framework
SSOException - if sso token is invalid

getPolicyDecision

public PolicyDecision getPolicyDecision(java.lang.String principalName,
                                        java.lang.String resourceName,
                                        java.util.Map env)
                                 throws PolicyException,
                                        SSOException
Gets policy decision for the user identified by the principalName for the given resource
Parameters:
principalName - principal name for whom to compute the policy decision
resourceName - name of the resource for which to compute policy decision
env - run time environment parameters
Returns:
the policy decision for the principal for the given resource
Throws:
PolicyException - exception form policy framework
SSOException - if sso token is invalid

getProtectedResourcesIgnoreConditions

public java.util.Set getProtectedResourcesIgnoreConditions(java.lang.String principalName,
                                                           java.lang.String rootResource)
                                                    throws PolicyException,
                                                           SSOException
Gets protected resources for a user identified by the principalName. Conditions defined in the policies are ignored while computing protected resources. Only resources that are subresources of the given rootResource or equal to the given rootResource would be returned. If all policies applicable to a resource are only referral policies, no ProtectedResource would be returned for such a resource.
Parameters:
principalName - principal name for whom to compute the privilege.
rootResource - only resources that are subresources of the given rootResource or equal to the given rootResource would be returned. If PolicyEvaluator.ALL_RESOURCES is passed as rootResource, resources under all root resources of the service type are considered while computing protected resources.
Returns:
set of protected resources. The set contains ProtectedResource objects.
Throws:
PolicyException - exception form policy framework
SSOException - if sso token is invalid
See Also:
ProtectedResource