/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: IDPPAuthorizer.java,v 1.6 2008/08/19 19:12:22 veiming Exp $
*
* Portions Copyrighted 2015 ForgeRock AS.
*/
/**
* The class <code>IDPPAuthorizer</code> is the default implementation of
* IDPP Authorization and implements <code>Authorizer</code>. It
* provides an allow ,deny, interact for consent, interact for value action
* based on the resource that a WSC is requesting for.
* This makes use of the existing OpenAM policy framework by defining
* policy as action values in the personal profile service.
*/
static {
try {
}
}
/**
*Default constructor
*/
public IDPPAuthorizer() {}
/**
* Checks whether this is authorized
* IDPPAuthorizer implements this class.
* @param credential credential
* @param action action
* @param data object
* @param env env map
* @return true if authorized, otherwise false.
*/
return false;
}
/**
* Returns authorization decision to query or modify the select data
* @param credential SSOToken of a WSC.
* @param action request action.
* @param data Object who is being accessed.
* @param env A Map contains information useful for policy evaluation.
* The following key is defined and its value should be passed in:
* Key: <code>USER_ID</code>
* Value: id of the user whose resource is being accessed.
* Key: <code>AUTH_TYPE</code>
* Value: The authentication mechanism WSC used.
* Key: <code>MESSAGE</code>
* Value:
* <code>com.sun.identity.liberty.ws.soapbinding.Message</code>.
* @return Object AuthorizationDecision object contains authorization
* decision information for the given data.
* For Personal Profile service, this object would be the
* String authZ decision value.
* @exception Exception
*/
throws Exception {
throw new Exception(
}
try {
if (debug.messageEnabled()) {
+ userid);
}
}
if(policyDecision == null) {
if(debug.messageEnabled()) {
"Decision:PolicyDecision is null");
}
return IDPPConstants.AUTHZ_DENY;
}
if(actionDecision == null) {
if(debug.messageEnabled()) {
"Decision:ActionDecision is null");
}
return IDPPConstants.AUTHZ_DENY;
}
if(debug.messageEnabled()) {
"Decision:values are null");
}
return IDPPConstants.AUTHZ_DENY;
}
if(debug.messageEnabled()) {
"Decision: action values:" + values);
}
return IDPPConstants.AUTHZ_DENY;
}
return IDPPConstants.INTERACT_FOR_VALUE;
}
return IDPPConstants.INTERACT_FOR_CONSENT;
}
"Exception during authorization.", ex);
throw ex;
}
}
}