a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: XACMLAuthzDecisionQuery.java,v 1.3 2008/06/25 05:48:14 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.xacml.saml2;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.RequestAbstract;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.common.XACMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.context.Request;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>XACMLAuthzDecisionQuery</code> element is a SAML Query that
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * extends SAML Protocol schema type <code>RequestAbstractType</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * It allows an XACML PEP to submit an XACML Request Context in a SAML
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Query along with other information. This element is an alternative to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAML defined <code><samlp:AuthzDecisionQuery></code> that allows an
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * XACML PEP to communicate with an XACML PDP using SAML2 protocol.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <p>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Schema:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <pre>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *&lt;xs:element name="XACMLAuthzDecisionQuery"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * type="XACMLAuthzDecisionQueryType"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *&lt;xs:complexType name="XACMLAuthzDecisionQueryType">
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;xs:complexContent>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;xs:extension base="samlp:RequestAbstractType">
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;xs:sequence>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;xs:element ref="xacml-context:Request"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;xs:sequence>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;xs:attribute name="InputContextOnly"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * type="boolean"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * use="optional"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * default="false"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;xs:attribute name="ReturnContext"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * type="boolean"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * use="optional"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * default="false"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;xs:extension>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;xs:complexContent>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *&lt;xs:complexType>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * </pre>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Schema for base:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <pre>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;complexType name="RequestAbstractType" abstract="true">
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;sequence>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;element ref="saml:Issuer" minOccurs="0"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;element ref="ds:Signature" minOccurs="0"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;element ref="samlp:Extensions" minOccurs="0"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;sequence>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;attribute name="ID" type="ID" use="required"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;attribute name="Version" type="string" use="required"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;attribute name="IssueInstant" type="dateTime" use="required"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;attribute name="Destination" type="anyURI" use="optional"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;attribute name="Consent" type="anyURI" use="optional"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * &lt;complexType>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * </pre>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *@supported.all.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic interface XACMLAuthzDecisionQuery extends RequestAbstract {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the XML attribute boolean value which governs the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * source of information that the PDP is allowed to use in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * making an authorization decision. If this attribute is "true"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * then it indiactes that the authorization decision has been made
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * solely on the basis of information contained in the <code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * XACMLAuthzDecisionQuery</code>; no external attributes have been
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * used. If this value is "false" then the decision may have been made
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * on the basis of external attributes not conatined in the <code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * XACMLAuthzDecisionQuery</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>boolean</code> indicating the value
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of this attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean getInputContextOnly();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the XML attribute boolean value which governs the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * source of information that the PDP is allowed to use in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * making an authorization decision. If this attribute is "true"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * then it indicates to the PDP that the authorization decision has to be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * made solely on the basis of information contained in the <code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * XACMLAuthzDecisionQuery</code>; no external attributes may be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * used. If this value is "false" then the decision can be made
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * on the basis of external attributes not conatined in the <code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * XACMlAuthzDecisionQuery</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param inputContextOnly <code>boolean</code> indicating the value
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of this attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception XACMLException if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * An object is considered <code>immutable</code> if <code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * makeImmutable()</code> has been invoked on it. It can
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * be determined by calling <code>isMutable</code> on the object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setInputContextOnly(boolean inputContextOnly) throws
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the XML attribute boolean value which provides means
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to PEP to request that an <code>xacml-context>Request</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * element be included in the <code>XACMlAuthzdecisionStatement</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * resulting from the request. It also governs the contents of that
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code.Request</code> element. If this attribite is "true" then the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * PDP SHALL include the <code>xacml-context:Request</code> element in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>XACMLAuthzDecisionStatement</code> element in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>XACMLResponse</code>. The <code>xacml-context:Request</code> SHALL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * include all the attributes supplied by the PEP in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthzDecisionQuery</code> which were used in making
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the authz decision. Other addtional attributes which may have been used
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * by the PDP may be included.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If this attribute is "false" then the PDP SHALL NOT include the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>xacml-context:Request</code> element in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>XACMLAuthzDecisionStatement<code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>boolean</code> indicating the value
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of this attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean getReturnContext();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the boolean value for this XML attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getReturnContext()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param returnContext <code>boolean</code> indicating the value
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of this attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception XACMLExceptioXACMLException if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * An object is considered <code>immutable</code> if <code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * makeImmutable()</code> has been invoked on it. It can
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * be determined by calling <code>isMutable</code> on the object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setReturnContext(boolean returnContext) throws XACMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>xacml-context:Request</code> element of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>xacml-context:Request</code> elements of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Request getRequest();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>xacml-context:Request</code> element of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>xacml-context:Request</code> element of this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception XACMLException if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * An object is considered <code>immutable</code> if <code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * makeImmutable()</code> has been invoked on it. It can
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * be determined by calling <code>isMutable</code> on the object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setRequest(Request request) throws XACMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a <code>String</code> representation of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeNSPrefix Determines whether or not the namespace qualifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is prepended to the Element when converted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param declareNS Determines whether or not the namespace is declared
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * within the Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a string representation of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception XACMLException if conversion fails for any reason
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toXMLString(boolean includeNSPrefix, boolean declareNS)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws XACMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a string representation of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a string representation of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception XACMLException if conversion fails for any reason
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toXMLString() throws XACMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Makes the object immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void makeImmutable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the object is mutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if the object is mutable,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>false</code> otherwise
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean isMutable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}