/** * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * https://opensso.dev.java.net/public/CDDLv1.0.html or * opensso/legal/CDDLv1.0.txt * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at opensso/legal/CDDLv1.0.txt. * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: XACMLAuthzDecisionQuery.java,v 1.3 2008/06/25 05:48:14 qcheng Exp $ * */ package com.sun.identity.xacml.saml2; import com.sun.identity.saml2.protocol.RequestAbstract; import com.sun.identity.xacml.common.XACMLException; import com.sun.identity.xacml.context.Request; /** * The XACMLAuthzDecisionQuery element is a SAML Query that * extends SAML Protocol schema type RequestAbstractType. * It allows an XACML PEP to submit an XACML Request Context in a SAML * Query along with other information. This element is an alternative to * SAML defined that allows an * XACML PEP to communicate with an XACML PDP using SAML2 protocol. *

* Schema: * 

 *<xs:element name="XACMLAuthzDecisionQuery"
 *         type="XACMLAuthzDecisionQueryType"/>
 *<xs:complexType name="XACMLAuthzDecisionQueryType">
 *  <xs:complexContent>
 *    <xs:extension base="samlp:RequestAbstractType">
 *      <xs:sequence>
 *        <xs:element ref="xacml-context:Request"/>
 *      <xs:sequence>
 *      <xs:attribute name="InputContextOnly"
 *                    type="boolean"
 *                    use="optional"
 *                    default="false"/>
 *      <xs:attribute name="ReturnContext"
 *                    type="boolean"
 *                    use="optional"
 *                    default="false"/>
 *    <xs:extension>
 *  <xs:complexContent>
 *<xs:complexType>
 *
* * Schema for base: * 
 *  <complexType name="RequestAbstractType" abstract="true">
 *      <sequence>
 *          <element ref="saml:Issuer" minOccurs="0"/>
 *          <element ref="ds:Signature" minOccurs="0"/>
 *          <element ref="samlp:Extensions" minOccurs="0"/>
 *      <sequence>
 *      <attribute name="ID" type="ID" use="required"/>
 *      <attribute name="Version" type="string" use="required"/>
 *      <attribute name="IssueInstant" type="dateTime" use="required"/>
 *      <attribute name="Destination" type="anyURI" use="optional"/>
 *  	<attribute name="Consent" type="anyURI" use="optional"/>
 *  <complexType>
 *
* *@supported.all.api */ public interface XACMLAuthzDecisionQuery extends RequestAbstract { /** * Returns the XML attribute boolean value which governs the * source of information that the PDP is allowed to use in * making an authorization decision. If this attribute is "true" * then it indiactes that the authorization decision has been made * solely on the basis of information contained in the * XACMLAuthzDecisionQuery; no external attributes have been * used. If this value is "false" then the decision may have been made * on the basis of external attributes not conatined in the * XACMLAuthzDecisionQuery. * @return boolean indicating the value * of this attribute. */ public boolean getInputContextOnly(); /** * Sets the XML attribute boolean value which governs the * source of information that the PDP is allowed to use in * making an authorization decision. If this attribute is "true" * then it indicates to the PDP that the authorization decision has to be * made solely on the basis of information contained in the * XACMLAuthzDecisionQuery; no external attributes may be * used. If this value is "false" then the decision can be made * on the basis of external attributes not conatined in the * XACMlAuthzDecisionQuery. * @param inputContextOnly boolean indicating the value * of this attribute. * * @exception XACMLException if the object is immutable * An object is considered immutable if * makeImmutable() has been invoked on it. It can * be determined by calling isMutable on the object. */ public void setInputContextOnly(boolean inputContextOnly) throws XACMLException; /** * Returns the XML attribute boolean value which provides means * to PEP to request that an xacml-context>Request * element be included in the XACMlAuthzdecisionStatement * resulting from the request. It also governs the contents of that * element. If this attribite is "true" then the * PDP SHALL include the xacml-context:Request element in the * XACMLAuthzDecisionStatement element in the * XACMLResponse. The xacml-context:Request SHALL * include all the attributes supplied by the PEP in the * AuthzDecisionQuery which were used in making * the authz decision. Other addtional attributes which may have been used * by the PDP may be included. * If this attribute is "false" then the PDP SHALL NOT include the * xacml-context:Request element in the * XACMLAuthzDecisionStatement. * * @return boolean indicating the value * of this attribute. */ public boolean getReturnContext(); /** * Sets the boolean value for this XML attribute * @see #getReturnContext() * * @param returnContext boolean indicating the value * of this attribute. * * @exception XACMLExceptioXACMLException if the object is immutable * An object is considered immutable if * makeImmutable() has been invoked on it. It can * be determined by calling isMutable on the object. */ public void setReturnContext(boolean returnContext) throws XACMLException; /** * Returns the xacml-context:Request element of this object * * @return the xacml-context:Request elements of this object */ public Request getRequest(); /** * Sets the xacml-context:Request element of this object * * @param request the xacml-context:Request element of this * object. * * @exception XACMLException if the object is immutable * An object is considered immutable if * makeImmutable() has been invoked on it. It can * be determined by calling isMutable on the object. */ public void setRequest(Request request) throws XACMLException; /** * Returns a String representation of this object * @param includeNSPrefix Determines whether or not the namespace qualifier * is prepended to the Element when converted * @param declareNS Determines whether or not the namespace is declared * within the Element. * @return a string representation of this object * @exception XACMLException if conversion fails for any reason */ public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws XACMLException; /** * Returns a string representation of this object * * @return a string representation of this object * @exception XACMLException if conversion fails for any reason */ public String toXMLString() throws XACMLException; /** * Makes the object immutable */ public void makeImmutable(); /** * Checks if the object is mutable * * @return true if the object is mutable, * false otherwise */ public boolean isMutable(); }