ProxyPolicyEvaluator.java revision bee2440354b4bc8796e1de0b6cbd60e1f68deba0
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: ProxyPolicyEvaluator.java,v 1.4 2009/01/28 05:35:01 ww203982 Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
*/
/**
* Class that lets a priviliged user to compute policy results for
* another user.
* Only privileged users can get <code>ProxyPolicyEvaluator</code>
* - only top level administrator, realm level policy administrator,
* realm administrator or realm policy administrator can get
* <code>ProxyPolicyEvaluator</code>. Top level administrator can compute policy
* results for any user. Realm administrator or policy administrator can
* compute policy results only for users who are members of the realm
* (including sub realm) that they manage. If they try to compute policys
* result for any other user, they would get a <code>PolicyException</code>.
* This class can be used only within the web container running policy server.
*
* @supported.all.api
* @deprecated since 12.0.0
*/
public class ProxyPolicyEvaluator {
private SSOToken adminToken;
private String serviceType;
private PolicyEvaluator policyEvaluator;
private static String baseDNString;
static {
}
/**
* Constructs a <code>ProxyPolicyEvaluator</code> instance.
* Only privileged users can create <code>ProxyPolicyEvaluator</code>.
*
* @param token single sign on token used to construct the proxy policy
* evaluator.
* @param serviceType service type for which construct the proxy policy
* evaluator
* @throws NoPermissionException if the token does not have privileges
* to create proxy policy evaluator
* @throws NameNotFoundException if the serviceType is not found in
* registered service types
* @throws PolicyException any policy exception coming from policy
* framework
* @throws SSOException if the token is invalid
*/
{
this.adminToken = token;
this.serviceType = serviceType;
this.policyEvaluator
}
/**
* Gets policy decision for a resource, skipping subject evaluation.
* Conditions would be evaluated and would include applicable advices
* in policy decisions. Hence, you could get details such as
* <code>AuthLevel</code>, <code>AuthScheme</code> that would be required to
* access the resource.
*
* @param resourceName name of the resource for which to compute policy
* decision
* @param actionNames names of the actions the user is trying to perform on
* the resource
*
* @param env run time environment parameters
*
* @return the policy decision for the principal for the given resource
*
* @throws PolicyException exception form policy framework
* @throws SSOException if single sign on token is invalid
*
*/
{
// Let us log all policy evaluation results
if (PolicyUtils.logStatus) {
decision};
"PROXIED_POLICY_EVALUATION_IGNORING_SUBJECTS",
objs, adminToken);
}
}
+ " got policy decision "
+ " ignoring subjects "
+ " for resourceName:" + resourceName
+ " for serviceType :" + serviceType
+ " is " + pd);
}
return pd;
}
}