001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: Condition.java,v 1.7 2009/06/19 22:54:46 mrudul_uchil Exp $ 026 * 027 */ 028 029package com.sun.identity.policy.interfaces; 030 031import com.sun.identity.policy.ConditionDecision; 032import com.sun.identity.policy.PolicyException; 033import com.sun.identity.policy.Syntax; 034import com.iplanet.sso.SSOToken; 035import com.iplanet.sso.SSOException; 036 037import java.util.List; 038import java.util.Locale; 039import java.util.Map; 040import java.util.Set; 041 042/** 043 * The class <code>Condition</code> defines an interface 044 * to allow pluggable condition. These are used to control 045 * policy decisions based on parameters such as time, 046 * authentication level of the user session and IP address from which 047 * the user is making the request. 048 * 049 * A condition computes a <code>ConditionDecision</code> based on the state 050 * of condition object as set by <code>setProperties</code> 051 * method call and the environment passed in a map of key/value pairs. 052 * 053 * <code>ConditionDecision</code> encapsulates whether a <code>Policy</code> 054 * applies for the request and <code>Advice</code> messages generated by 055 * the condition. 056 * 057 * The following Condition implementation are provided with the 058 * Policy framework: 059 * <ul> 060 * <li>AuthLevelCondition</li> 061 * <li>LEAuthLevelCondition</li> 062 * <li>AuthSchemeCondition</li> 063 * <li>IPCondition</li> 064 * <li>SimpleTimeCondition</li> 065 * <li>SessionCondition</li> 066 * <li>SessionPropertyCondition</li> 067 * <li>AuthenticateToRealmCondition</li> 068 * <li>AuthenticateToServiceCondition</li> 069 * <li>LDAPFilterCondition</li> 070 * </ul> 071 * 072 * All condition implementations should have a public no argument 073 * constructor. 074 * 075 * @see com.sun.identity.policy.ConditionDecision 076 * @supported.all.api 077 */ 078public interface Condition extends Cloneable { 079 080 /** 081 * Following keys are used to define relevant key names for processing 082 * the environment Map of an AuthLevelCondition or LEAuthLevelCondition. 083 */ 084 085 /** Key that is used to define the minimum authentication level 086 * in an <code>AuthLevelCondition</code> or the maximum authentication 087 * level in a <code>LEAuthLevelCondition</code> of a policy being 088 * evaluated. In case of <code>AuthLevelCondition</code> policy would 089 * apply if the request authentication level is at least the level 090 * defined in condition while in case of <code>LEAuthLevelCondition</code> 091 * policy would apply if the request authentication level is less than 092 * or equal to the level defined in the condition. 093 * The value should be a <code>Set</code> with only one 094 * element. The element should be a <code>String</code>, parse-able as 095 * an integer or a realm qualified integer like "sun:1" where "sun" is a 096 * realm name.":" needs to used a delimiter between realm name and the 097 * level. 098 * 099 * @see #setProperties(Map) 100 */ 101 public static final String AUTH_LEVEL = "AuthLevel"; 102 103 /** Key that is used to define the authentication level of the request. 104 * Its passed down in the <code>env</code> Map to the 105 * <code>getConditionDecision</code> call of an <code>AuthLevelCondition 106 * </code> or <code>LEAuthLevelCondition</code> for condition evaluation. 107 * <p> 108 * The value should be an Integer or a <code>Set</code> of 109 * <code>String</code>s. If it is a <code>Set</code> of 110 * <code>String</code>s, each element of the set has to be parseable as 111 * integer or should be a realm qualified integer like "sun:1". If the 112 * <code>env</code> parameter is null or does not 113 * define value for <code>REQUEST_AUTH_LEVEL</code>, the value for 114 * <code>REQUEST_AUTH_LEVEL</code> is obtained from the single sign 115 * on token of the user 116 * 117 * @see #getConditionDecision(SSOToken, Map) 118 * @see #AUTH_LEVEL 119 */ 120 public static final String REQUEST_AUTH_LEVEL = "requestAuthLevel"; 121 122 /** 123 * Following keys are used to define relevant key names for processing 124 * the environment Map of an AuthSchemeConditon. 125 */ 126 127 /** Key that is used to define the authentication scheme 128 * in an <code>AuthSchemeCondition</code> of a policy. 129 * Policy would apply if the authentication scheme of the request is same 130 * as defined in the condition. The value should be 131 * a <code>Set</code> with only one element. The element should be a 132 * <code>String</code>, the authentication scheme name. 133 * 134 * @see #setProperties(Map) 135 */ 136 public static final String AUTH_SCHEME = "AuthScheme"; 137 138 /** 139 * Key that is used to specify application name 140 * for the resources protected by the policy 141 */ 142 public static final String APPLICATION_NAME = "ApplicationName"; 143 144 /** 145 * Key that is used to specify the application 146 * idle time out 147 */ 148 public static final String APPLICATION_IDLE_TIMEOUT 149 = "ApplicationIdleTimeout"; 150 151 /** Key that is used to define the name of authentication scheme of the 152 * request. Its passed down as part of the <code>env</code> Map to 153 * <code>getConditionDecision</code> of an <code>AuthSchemeCondition</code> 154 * for condition evaluation. 155 * Value for the key should be a <code>Set</code> with each element being 156 * a <code>String</code>. 157 * If the <code>env</code> parameter is null or does not 158 * define value for <code>REQUEST_AUTH_SCHEMES</code>, the value for 159 * <code>REQUEST_AUTH_SCHEMES</code> is obtained from the single sign 160 * on token of the user 161 * 162 * @see #getConditionDecision(SSOToken, Map) 163 * @see #AUTH_SCHEME 164 */ 165 public static final String REQUEST_AUTH_SCHEMES = "requestAuthSchemes"; 166 167 /** 168 * Following keys are used to define relevant key names for processing 169 * the environment Map of an AuthenticateToRealmCondition. 170 */ 171 172 /** Key used in <code>AuthenticateToRealmCondition</code> to specify the 173 * realm for which the user should authenticate for the policy to apply. 174 * The value should be a <code>Set</code> with only one element. 175 * The should be a <code>String</code>, the realm name. 176 * 177 * @see #setProperties(Map) 178 */ 179 public static final String AUTHENTICATE_TO_REALM = "AuthenticateToRealm"; 180 181 182 /** Key that is used to identify the names of authenticated realms 183 * in the request. Its passed down as part of the <code>env</code> Map to 184 * <code>getConditionDecision</code> of an <code> 185 * AuthenticateToRealmCondition</code> for condition evaluation. 186 * Value for the key should be a <code>Set</code> with each element being 187 * a <code>String</code> 188 * If the <code>env</code> parameter is null or does not 189 * define value for <code>REQUEST_AUTHENTICATED_TO_REALMS</code>, the 190 * value for <code>REQUEST_AUTHENTICATED_TO_REALMS</code> is obtained 191 * from the single sign on token of the user 192 * 193 * @see #getConditionDecision(SSOToken, Map) 194 * @see #AUTHENTICATE_TO_REALM 195 */ 196 public static final String REQUEST_AUTHENTICATED_TO_REALMS 197 = "requestAuthenticatedToRealms"; 198 199 /** 200 * Following keys are used to define relevant key names for processing 201 * the environment Map of an AuthenticateToServiceCondition. 202 */ 203 204 /** Key that is used in <code>AuthenticateToServiceCondition</code> to 205 * specify the authentication chain for which the user should authenticate 206 * for the policy to apply. 207 * The value should be a <code>Set</code> with only one element. 208 * The should be a <code>String</code>, the realm name. 209 * 210 * @see #setProperties(Map) 211 */ 212 public static final String AUTHENTICATE_TO_SERVICE 213 = "AuthenticateToService"; 214 215 /** Key that is used to identify the names of authentication chains 216 * in the request. Its passed down as part of the <code>env</code> Map to 217 * <code>getConditionDecision</code> of an <code> 218 * AuthenticateToServiceCondition</code> for condition evaluation. 219 * Value for the key should be a <code>Set</code> with each element being 220 * a <code>String</code>. 221 * If the <code>env</code> parameter is null or does not 222 * define value for <code>REQUEST_AUTHENTICATED_TO_SERVICES</code>, the 223 * value for <code>REQUEST_AUTHENTICATED_TO_SERVICES</code> is obtained 224 * from the single sign on token of the user 225 * 226 * @see #getConditionDecision(SSOToken, Map) 227 * @see #AUTHENTICATE_TO_SERVICE 228 */ 229 public static final String REQUEST_AUTHENTICATED_TO_SERVICES 230 = "requestAuthenticatedToServices"; 231 232 /** Key that is used identify the advice messages from 233 * <code>AuthSchemeCondition</code> 234 */ 235 public static final String AUTH_SCHEME_CONDITION_ADVICE = 236 "AuthSchemeConditionAdvice"; 237 238 /** Key that is used identify the advice messages from 239 * <code>AuthenticateToServiceCondition</code> 240 */ 241 public static final String AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE 242 = "AuthenticateToServiceConditionAdvice"; 243 244 /** Key that is used identify the advice messages from 245 * <code>AuthLevelCondition</code>. 246 */ 247 public static final String AUTH_LEVEL_CONDITION_ADVICE = 248 "AuthLevelConditionAdvice"; 249 250 /** Key that is used identify the advice messages from 251 * <code>AuthenticateToRealmCondition</code> 252 */ 253 public static final String AUTHENTICATE_TO_REALM_CONDITION_ADVICE = 254 "AuthenticateToRealmConditionAdvice"; 255 256 /** 257 * Following keys are used to define relevant key names for processing 258 * the environment Map of an IPCondition. 259 */ 260 261 /** Key used in <code>IPCondition</code> to define the start of IP 262 * address range for which a policy applies. 263 * The value corresponding to the key has to be a <code>Set</code> that 264 * has just one element which is a <code>String</code> 265 * that conforms to the pattern described here. If a value is 266 * defined for START_IP, a value should also be defined for END_IP. 267 * 268 * The patterns for IP Version 4 is : 269 * n.n.n.n 270 * where n would take any integer value between 0 and 255 inclusive. 271 * 272 * Some sample values are: 273 * 122.100.85.45 274 * 145.64.55.35 275 * 15.64.55.35 276 * 277 * The patterns for IP Version 6 is: 278 * x:x:x:x:x:x:x:x 279 * where x are the hexadecimal values of the eight 16-bit pieces of the address 280 * 281 * Some sample values are: 282 * FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 283 * 1080:0:0:0:8:800:200C:417A 284 * 285 * @see <a href="http://tools.ietf.org/html/rfc3513#section-2.2">RFC 3513 - Section 2.2</a> 286 * @see #setProperties(Map) 287 */ 288 public static final String START_IP = "StartIp"; 289 290 /** Key that is used in <code>IPCondition</code> to define the end of 291 * IP address range for which a policy applies. 292 * The value corresponding to the key has to be a <code>Set</code> that 293 * has just one element which is a <code>String</code> 294 * that conforms to the pattern described here. If a value is 295 * defined for END_IP, a value should also be defined for START_IP. 296 * 297 * The patterns is : 298 * n.n.n.n 299 * where n would take any integer value between 0 and 255 inclusive. 300 * 301 * Some sample values are 302 * 122.100.85.45 303 * 145.64.55.35 304 * 15.64.55.35 305 * 306 * The patterns for IP Version 6 is: 307 * x:x:x:x:x:x:x:x 308 * where x are the hexadecimal values of the eight 16-bit pieces of the address 309 * 310 * Some sample values are: 311 * FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 312 * 1080:0:0:0:8:800:200C:417A 313 * 314 * @see <a href="http://tools.ietf.org/html/rfc3513#section-2.2">RFC 3513 - Section 2.2</a> 315 * @see #setProperties(Map) 316 */ 317 public static final String END_IP = "EndIp"; 318 319 /** Key that is used in an <code>IPCondition</code> to define the DNS 320 * name values for which a policy applies. The value corresponding to the 321 * key has to be a <code>Set</code> where each element is a <code>String 322 * </code> that conforms to the patterns described here. 323 * 324 * The patterns is : 325 * <pre> 326 * ccc.ccc.ccc.ccc 327 * *.ccc.ccc.ccc</pre> 328 * where c is any valid character for DNS domain/host name. 329 * There could be any number of <code>.ccc</code> components. 330 * Some sample values are: 331 * <pre> 332 * www.sun.com 333 * finace.yahoo.com 334 * *.yahoo.com 335 * </pre> 336 * 337 * @see #setProperties(Map) 338 */ 339 public static final String DNS_NAME = "DnsName"; 340 341 342 /** Key that is used to define request IP address that is passed in 343 * the <code>env</code> parameter while invoking 344 * <code>getConditionDecision</code> method of an <code>IPCondition</code>. 345 * Value for the key should be a <code>String</code> that is a string 346 * representation of IP of the client, 347 * 348 * For IP version 4: 349 * The form is n.n.n.n where n is a 350 * value between 0 and 255 inclusive. 351 * 352 * For IP version 6: 353 * The form is x:x:x:x:x:x:x:x where x is 354 * the hexadecimal values of the eight 16-bit pieces of the address 355 * 356 * @see #getConditionDecision(SSOToken, Map) 357 * @see #REQUEST_DNS_NAME 358 */ 359 public static final String REQUEST_IP = "requestIp"; 360 361 /** Key that is used to define request DNS name that is passed in 362 * the <code>env</code> parameter while invoking 363 * <code>getConditionDecision</code> method of an <code>IPCondition</code>. 364 * Value for the key should be a set of strings representing the 365 * DNS names of the client, in the form <code>ccc.ccc.ccc</code> for IP version 4. 366 * For IP version 6, the form would be <code>x:x:x:x:x:x:x:x</code> 367 * If the <code>env</code> parameter is null or does not 368 * define value for <code>REQUEST_DNS_NAME</code>, the 369 * value for <code>REQUEST_DNS_NAME</code> is obtained 370 * from the single sign on token of the user 371 * 372 * @see #getConditionDecision(SSOToken, Map) 373 */ 374 public static final String REQUEST_DNS_NAME = "requestDnsName"; 375 376 /** 377 * Following keys are used to define relevant key names for processing 378 * the environment Map of a LDAPFilterCondition. 379 */ 380 /** 381 * Key that is used in a <code>LDAPFilterCondition</code> to define the 382 * ldap filter that should be satisfied by the ldap entry of the user 383 * for the condition to be satisifed 384 * The value should be a <code>Set</code> with only one element. 385 * The element should be a <code>String</code>. 386 * 387 * @see #setProperties(Map) 388 */ 389 public static final String LDAP_FILTER = "ldapFilter"; 390 391 /** 392 * Following keys are used to define relevant key names for processing 393 * the environment Map of a SessionCondition. 394 */ 395 396 /** 397 * Key that is used in <code>SessionCondition</code> to define the maximum 398 * session time in minutes for which a policy applies. 399 * The value corresponding to the key has to be a <code>Set</code> that 400 * has just one element which is a string and parse-able as an 401 * <code>Integer</code>. 402 */ 403 public static final String MAX_SESSION_TIME = "MaxSessionTime"; 404 405 /** 406 * Key in <code>SessionCondition</code> that is used to define the option 407 * to terminate the session if the session exceeds the maximum session 408 * time. The value corresponding to the key has to be a <code>Set</code> 409 * that has just one element which is a string. The option is on if 410 * the string value is equal to <code>true</code>. 411 */ 412 public static final String TERMINATE_SESSION = "TerminateSession"; 413 414 /** 415 * Following keys are used to define relevant key names for processing 416 * the environment Map of an SimpleTimeCondition. 417 */ 418 419 /** Key that is used in <code>SimpleTimeCondition</code> to define the 420 * beginning of time range during which a policy applies. 421 * The value corresponding to the key has to be a <code>Set</code> that 422 * has just one element which is a <code>String</code> that conforms to 423 * the pattern described here. If a value is defined for 424 * <code>START_TIME</code>, 425 * a value should also be defined for <code>END_TIME</code>. 426 * 427 * The patterns is: 428 * <pre> 429 * HH:mm 430 * </pre> 431 * 432 * Some sample values are 433 * <pre> 434 * 08:25 435 * 18:45 436 * </pre> 437 * 438 * @see #setProperties(Map) 439 * @see #END_TIME 440 */ 441 public static final String START_TIME = "StartTime"; 442 443 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 444 * end of time range during which a policy applies.The value corresponding 445 * to the key has to be a <code>Set</code> that has just one element which 446 * is a <code>String</code> that conforms to the pattern described here. 447 * If a value is defined for <code>END_TIME</code>, a value should also 448 * be defined for <code>START_TIME</code>. 449 * 450 * The patterns is: 451 * <pre> 452 * HH:mm 453 * </pre> 454 * 455 * Some sample values are 456 * <pre> 457 * 08:25 458 * 18:45 459 * </pre> 460 * 461 * @see #setProperties(Map) 462 * @see #START_TIME 463 */ 464 public static final String END_TIME = "EndTime"; 465 466 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 467 * start of day of week range for which a policy applies. The value 468 * corresponding to the key has to be a <code>Set</code> that has just one 469 * element which is a <code>String</code> that is one of the values 470 * <code>Sun, Mon, Tue, Wed, Thu, Fri, Sat.</code> 471 * If a value is defined for <code>START_DAY</code>, a value should also be 472 * defined for <code>END_DAY</code>. 473 * 474 * Some sample values are 475 * <pre> 476 * Sun 477 * Mon 478 * </pre> 479 * @see #setProperties(Map) 480 * @see #END_DAY 481 */ 482 public static final String START_DAY = "StartDay"; 483 484 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 485 * end of day of week range for which a policy applies. Its defined in a 486 * <code>SimpleTimeCondition </code> associated with the policy. The value 487 * corresponding to the key has to be a <code>Set</code> that has just one 488 * element which is a <code>String</code> that is one of the values 489 * <code>Sun, Mon, Tue, Wed, Thu, Fri, Sat.</code> 490 * If a value is defined for <code>END_DAY</code>, a value should also be 491 * defined for <code>START_DAY</code>. 492 * 493 * Some sample values are 494 * <pre> 495 * Sun 496 * Mon 497 * </pre> 498 * @see #setProperties(Map) 499 * @see #START_DAY 500 */ 501 public static final String END_DAY = "EndDay"; 502 503 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 504 * start of date range for which a policy applies. 505 * The value corresponding to the key has to be a <code>Set</code> that has 506 * just one element which is a <code>String</code> that corresponds to the 507 * pattern described below. If a value is defined for 508 * <code>START_DATE</code>, a value should also be defined for 509 * <code>END_DATE</code>. 510 * 511 * The pattern is 512 * <pre> 513 * yyyy:MM:dd 514 * Some sample values are 515 * 2001:02:26 516 * 2002:12:31 517 * </pre> 518 * 519 * @see #setProperties(Map) 520 * @see #END_DATE 521 */ 522 public static final String START_DATE = "StartDate"; 523 524 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 525 * end of date range for which a policy applies.The value corresponding to 526 * the key has to be a <code>Set</code> that has just one element which is 527 * a <code>String</code> that corresponds to the pattern described below. 528 * If a value is defined for <code>END_DATE</code>, a value should 529 * also be defined for <code>START_DATE</code>. 530 * 531 * The pattern is 532 * <pre> 533 * yyyy:MM:dd 534 * Some sample values are 535 * 2001:02:26 536 * 2002:12:31 537 * </pre> 538 * 539 * @see #setProperties(Map) 540 * @see #START_DATE 541 */ 542 public static final String END_DATE = "EndDate"; 543 544 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 545 * time zone basis to evaluate the policy. 546 * The value corresponding to the key 547 * has to be a one element <code>Set</code> where the element is a 548 * <code>String</code> that is one of the standard timezone IDs supported 549 * by java or a <code>String</code> of the pattern 550 * <code>GMT[+|-]hh[[:]mm]</code> 551 * here. If the value is not a valid time zone id and does 552 * not match the pattern <code>GMT[+|-]hh[[:]mm]</code>, it would default 553 * to GMT 554 * 555 * @see java.util.TimeZone 556 */ 557 public static final String ENFORCEMENT_TIME_ZONE 558 = "EnforcementTimeZone"; 559 560 /** Key that is used to define the time zone that is passed in 561 * the <code>env</code> parameter while invoking 562 * <code>getConditionDecision</code> method of a 563 * <code>SimpleTimeCondition</code> 564 * Value for the key should be a <code>TimeZone</code> object. This 565 * would be used only if the <code>ENFORCEMENT_TIME_ZONE</code> is not 566 * defined for the <code>SimpleTimeCondition</code> 567 * 568 * @see #getConditionDecision(SSOToken, Map) 569 * @see #ENFORCEMENT_TIME_ZONE 570 * @see java.util.TimeZone 571 */ 572 public static final String REQUEST_TIME_ZONE = "requestTimeZone"; 573 574 /** Key that is passed in the <code>env</code> parameter while invoking 575 * <code>getConditionDecision</code> method of a <code> 576 * SessionPropertyCondition</code> to indicate if a case insensitive 577 * match needs to done of the property value against same name property in 578 * the user's single sign on token. 579 */ 580 public static final String VALUE_CASE_INSENSITIVE = "valueCaseInsensitive"; 581 582 /** Key that is passed in the <code>env</code> parameter while invoking 583 * <code>getConditionDecision</code> method of an 584 * <code>AMIdentityMembershipCondition</code>. The value specifies the 585 * uuid(s) for which the policy would apply. The value should be 586 * a <code>Set</code>. Each element of the <code>Set</code> should be a 587 * String, the uuid of the <code>AMIdentity</code> objet. 588 */ 589 public static final String INVOCATOR_PRINCIPAL_UUID 590 = "invocatorPrincipalUuid"; 591 592 /** Key that is used in a <code>AMIdentityMembershipCondition</code> to 593 * specify the uuid(s) of <code>AMIdentiy</code> objects to which the 594 * policy would apply. These uuid(s) are specified in the condition 595 * at policy definition time. 596 * 597 * The value should be a <code>Set</code> 598 * Each element of the <code>Set</code> should be a String, 599 * the uuid of the invocator. 600 */ 601 public static final String AM_IDENTITY_NAME = "amIdentityName"; 602 603 /** 604 * Returns a list of property names for the condition. 605 * 606 * @return list of property names 607 */ 608 public List getPropertyNames(); 609 610 /** 611 * Returns the syntax for a property name 612 * @see com.sun.identity.policy.Syntax 613 * 614 * @param property property name 615 * 616 * @return <code>Syntax<code> for the property name 617 */ 618 public Syntax getPropertySyntax(String property); 619 620 621 /** 622 * Gets the display name for the property name. 623 * The <code>locale</code> variable could be used by the plugin to 624 * customize the display name for the given locale. 625 * The <code>locale</code> variable could be <code>null</code>, in which 626 * case the plugin must use the default locale. 627 * 628 * @param property property name 629 * @param locale locale for which the property name must be customized 630 * @return display name for the property name. 631 * @throws PolicyException 632 */ 633 public String getDisplayName(String property, Locale locale) 634 throws PolicyException; 635 636 /** 637 * Returns a set of valid values given the property name. This method 638 * is called if the property Syntax is either the SINGLE_CHOICE or 639 * MULTIPLE_CHOICE. 640 * 641 * @param property property name 642 * @return Set of valid values for the property. 643 * @exception PolicyException if unable to get the Syntax. 644 */ 645 public Set getValidValues(String property) throws PolicyException; 646 647 /** Sets the properties of the condition. 648 * This influences the <code>ConditionDecision</code> that would be 649 * computed by a call to method <code>getConditionDecision(Map)</code> and 650 * the <code>Advice</code> messages generated included in the 651 * <code>ConditionDecision</code>. 652 * 653 * <code>ConditionDecision</code> encapsulates whether a policy applies for 654 * the request and advice messages generated by the condition. 655 * 656 * For example, for a <code>SimpleTimeCondition</code>, the properties 657 * would define <code>StartTime</code> and <code>EndTime</code>, to define 658 * the time range during which the policy applies 659 * 660 * @param properties the properties of the condition 661 * that would influence the <code>ConditionDecision</code> returned 662 * by a call to method <code>getConditionDecision(Map)</code>. 663 * Keys of the properties have to be String. 664 * Value corresponding to each key have to be a <code>Set</code> of 665 * <code>String</code> elements. Each implementation of Condition 666 * could add further restrictions on the keys and values of this 667 * <code>Map</code>. 668 * @throws PolicyException for any abnormal condition 669 * @see com.sun.identity.policy.ConditionDecision 670 */ 671 public void setProperties(Map properties) throws PolicyException; 672 673 /** Gets the properties of the condition 674 * @return properties of the condition 675 * @see #setProperties 676 */ 677 public Map getProperties(); 678 679 /** 680 * Gets the decision computed by this condition object, based on the 681 * <code>Map</code> of environment parameters 682 * 683 * @param token single-sign-on <code>SSOToken</code> of the user 684 * 685 * @param env request specific environment <code>Map,/code> of key/value 686 * pairs For example this would contain IP address of remote 687 * client for an <code>IPCondition</code>. 688 * 689 * @return the condition decision. 690 * The condition decision encapsulates whether a <code>Policy</code> 691 * applies for the request and <code>advice</code> messages 692 * generated by the condition. 693 * 694 * Policy framework continues evaluating a <code>Policy</code> only if it 695 * applies to the request as indicated by the 696 * <code>ConditionDecision</code>. 697 * Otherwise, further evaluation of the <code>Policy</code> is skipped. 698 * However, the <code>Advice</code> messages encapsulated in the 699 * <code>ConditionDecision</code> are aggregated and passed up, 700 * encapsulated in the <code>PolicyDecision</code>. 701 * 702 * 703 * @throws PolicyException if the decision could not be computed 704 * @throws SSOException if SSO token is not valid 705 * 706 * @see com.sun.identity.policy.ConditionDecision 707 */ 708 public ConditionDecision getConditionDecision(SSOToken token, Map env) 709 throws PolicyException, SSOException; 710 711 /** 712 * Returns a copy of this object. 713 * 714 * @return a copy of this object 715 */ 716 public Object clone(); 717 718}