8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: ActionDecision.java,v 1.5 2008/06/25 05:43:43 qcheng Exp $
0c9594d96d580b0cba488fa7d01802fbb49d8a3eCraig McDonnell * Portions Copyrighted 2011-2014 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The <code>ActionDecision</code> class represents the action results of a
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * policy evaluation. It has action values for a given <code>action</code> and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>advice</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
0c9594d96d580b0cba488fa7d01802fbb49d8a3eCraig McDonnell * @deprecated since 12.0.0
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static final String ACTION_DECISION = "ActionDecision";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static final String TIME_TO_LIVE = "timeToLive";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static Debug debug = Debug.getInstance("amPolicy");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Difference of system clock on the client machine compared to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * policy server machine. Valid life of policy decisions are extended
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * by this skew on the client side.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Value for this is set by reading property
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * com.sun.identity.policy.client.clockSkew
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from SystemProperties
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If the value is not defined in AMConfig.properties,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this would default to 0.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * No argument constructor
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @deprecated No replacement API provided.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * There should be no need to invoke this constructor.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param actionName name of the action.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param values a <code>Set></code> of <code>String</code> values for the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public ActionDecision(String actionName, Set values) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param actionName action name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param values a <code>Set</code> of <code>String</code> values for the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param advices <code>advices</code> associated with this action
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * decision. The advice name is the key to the Map. The
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value is a set of advice message Strings corresponding
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to the advice name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param timeToLive the GMT time in milliseconds since epoch
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * when this object is to be treated as expired.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * That is the action values would likely be different
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * after that time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public ActionDecision(String actionName, Set values, Map advices,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets the name of the action
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return name of the action
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the action values for the action.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param values a <code>Set</code> of String values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets the action values for the action.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a <code>Set>/code> of String values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets the GMT time in milliseconds since epoch when this object is to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be treated as expired. That is the action values would likely be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * different after that time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This is computed as a result of <code>SimpleTimeCondition(s)</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specified in the Policy definition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return long represeting the time to live for this object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the GMT time in milliseconds since epoch when this object is to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be treated as expired. That is the action values would likely be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * different after that time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This is computed as a result of <code>SimpleTimeCondition(s)</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * specified in the Policy definition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param timeToLive time to live
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets <code>advices</code> associated with this <code>ActionDecision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The advice name is the key to the <code>Map</code>. The
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value is a <code>Set</code> of advice message Strings corresponding to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the advice name. The two possible advices are authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * level(<code>AuthLevel</code>) and authentication modules
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (<code>AuthSchemes</code>). The advice message Strings for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthLevel</code> are integer valued.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param advices map of advices
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a <code>Map</code> of <code>advices</code> associated with this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The advice name is the key to the <code>Map</code>. The
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value is a <code>Set</code> of advice message Strings corresponding to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the advice name. The two possible advices are authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * level(<code>AuthLevel</code>) and authentication modules
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (<code>AuthSchemes</code>). The advice message Strings for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthLevel</code> are integer valued.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return advices associated with this <code>ActionDecision</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets a String representation of this object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a String representation of this object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets an XML representation of this object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return XML representation of this object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("<").append(ACTION_DECISION).append(" ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(PolicyUtils.attributeValuePairToXMLString(getActionName(),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("<").append(ADVICES).append(">").append(PolicyUtils.CRLF);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(PolicyUtils.mapToXMLString(advices));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("</").append(ADVICES).append(">").append(PolicyUtils.CRLF);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("</").append(ACTION_DECISION).append(">").append(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates an ActionDecisions object given a w3c DOM node
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param actionDecisionNode w3c DOM node for action decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return ActionDecisions object created using the w3c DOM node
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if any error occurs during parsing.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static ActionDecision parseActionDecision(Node actionDecisionNode)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //process action name and values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set nodeSet = XMLUtils.getChildNodes(actionDecisionNode,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ( (nodeSet == null) || (nodeSet.isEmpty()) ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("parseActionDecision: missing element "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String actionName = PolicyUtils.getAttributeName(node);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set actionValues = PolicyUtils.getAttributeValues(node);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster actionDecision = new ActionDecision(actionName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //process timeToLive
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String ttlString = XMLUtils.getNodeAttributeValue(actionDecisionNode,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("Error while parsing timeToLive in "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "invalid_time_to_live",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //process advices
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster nodeSet = XMLUtils.getChildNodes(actionDecisionNode,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String adviceName = PolicyUtils.getAttributeName(node);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates and returns a copy of this object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a copy of this object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator adviceIter = advices.keySet().iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the client clock skew
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param skew the time skew in milliseconds, serverTime - clientTime
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static void setClientClockSkew(long skew) {