001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: XACMLAuthzDecisionQuery.java,v 1.3 2008/06/25 05:48:14 qcheng Exp $ 026 * 027 */ 028 029package com.sun.identity.xacml.saml2; 030 031import com.sun.identity.saml2.protocol.RequestAbstract; 032import com.sun.identity.xacml.common.XACMLException; 033import com.sun.identity.xacml.context.Request; 034 035 036/** 037 * The <code>XACMLAuthzDecisionQuery</code> element is a SAML Query that 038 * extends SAML Protocol schema type <code>RequestAbstractType</code>. 039 * It allows an XACML PEP to submit an XACML Request Context in a SAML 040 * Query along with other information. This element is an alternative to 041 * SAML defined <code><samlp:AuthzDecisionQuery></code> that allows an 042 * XACML PEP to communicate with an XACML PDP using SAML2 protocol. 043 * <p> 044 * Schema: 045 * <pre> 046 *<xs:element name="XACMLAuthzDecisionQuery" 047 * type="XACMLAuthzDecisionQueryType"/> 048 *<xs:complexType name="XACMLAuthzDecisionQueryType"> 049 * <xs:complexContent> 050 * <xs:extension base="samlp:RequestAbstractType"> 051 * <xs:sequence> 052 * <xs:element ref="xacml-context:Request"/> 053 * <xs:sequence> 054 * <xs:attribute name="InputContextOnly" 055 * type="boolean" 056 * use="optional" 057 * default="false"/> 058 * <xs:attribute name="ReturnContext" 059 * type="boolean" 060 * use="optional" 061 * default="false"/> 062 * <xs:extension> 063 * <xs:complexContent> 064 *<xs:complexType> 065 * </pre> 066 * 067 * Schema for base: 068 * <pre> 069 * <complexType name="RequestAbstractType" abstract="true"> 070 * <sequence> 071 * <element ref="saml:Issuer" minOccurs="0"/> 072 * <element ref="ds:Signature" minOccurs="0"/> 073 * <element ref="samlp:Extensions" minOccurs="0"/> 074 * <sequence> 075 * <attribute name="ID" type="ID" use="required"/> 076 * <attribute name="Version" type="string" use="required"/> 077 * <attribute name="IssueInstant" type="dateTime" use="required"/> 078 * <attribute name="Destination" type="anyURI" use="optional"/> 079 * <attribute name="Consent" type="anyURI" use="optional"/> 080 * <complexType> 081 * </pre> 082 * 083 *@supported.all.api 084 */ 085public interface XACMLAuthzDecisionQuery extends RequestAbstract { 086 087 /** 088 * Returns the XML attribute boolean value which governs the 089 * source of information that the PDP is allowed to use in 090 * making an authorization decision. If this attribute is "true" 091 * then it indiactes that the authorization decision has been made 092 * solely on the basis of information contained in the <code> 093 * XACMLAuthzDecisionQuery</code>; no external attributes have been 094 * used. If this value is "false" then the decision may have been made 095 * on the basis of external attributes not conatined in the <code> 096 * XACMLAuthzDecisionQuery</code>. 097 * @return <code>boolean</code> indicating the value 098 * of this attribute. 099 */ 100 public boolean getInputContextOnly(); 101 102 /** 103 * Sets the XML attribute boolean value which governs the 104 * source of information that the PDP is allowed to use in 105 * making an authorization decision. If this attribute is "true" 106 * then it indicates to the PDP that the authorization decision has to be 107 * made solely on the basis of information contained in the <code> 108 * XACMLAuthzDecisionQuery</code>; no external attributes may be 109 * used. If this value is "false" then the decision can be made 110 * on the basis of external attributes not conatined in the <code> 111 * XACMlAuthzDecisionQuery</code>. 112 * @param inputContextOnly <code>boolean</code> indicating the value 113 * of this attribute. 114 * 115 * @exception XACMLException if the object is immutable 116 * An object is considered <code>immutable</code> if <code> 117 * makeImmutable()</code> has been invoked on it. It can 118 * be determined by calling <code>isMutable</code> on the object. 119 */ 120 public void setInputContextOnly(boolean inputContextOnly) throws 121 XACMLException; 122 123 /** 124 * Returns the XML attribute boolean value which provides means 125 * to PEP to request that an <code>xacml-context>Request</code> 126 * element be included in the <code>XACMlAuthzdecisionStatement</code> 127 * resulting from the request. It also governs the contents of that 128 * <code.Request</code> element. If this attribite is "true" then the 129 * PDP SHALL include the <code>xacml-context:Request</code> element in the 130 * <code>XACMLAuthzDecisionStatement</code> element in the 131 * <code>XACMLResponse</code>. The <code>xacml-context:Request</code> SHALL 132 * include all the attributes supplied by the PEP in the 133 * <code>AuthzDecisionQuery</code> which were used in making 134 * the authz decision. Other addtional attributes which may have been used 135 * by the PDP may be included. 136 * If this attribute is "false" then the PDP SHALL NOT include the 137 * <code>xacml-context:Request</code> element in the 138 * <code>XACMLAuthzDecisionStatement<code>. 139 * 140 * @return <code>boolean</code> indicating the value 141 * of this attribute. 142 */ 143 public boolean getReturnContext(); 144 145 /** 146 * Sets the boolean value for this XML attribute 147 * @see #getReturnContext() 148 * 149 * @param returnContext <code>boolean</code> indicating the value 150 * of this attribute. 151 * 152 * @exception XACMLExceptioXACMLException if the object is immutable 153 * An object is considered <code>immutable</code> if <code> 154 * makeImmutable()</code> has been invoked on it. It can 155 * be determined by calling <code>isMutable</code> on the object. 156 */ 157 public void setReturnContext(boolean returnContext) throws XACMLException; 158 159 /** 160 * Returns the <code>xacml-context:Request</code> element of this object 161 * 162 * @return the <code>xacml-context:Request</code> elements of this object 163 */ 164 public Request getRequest(); 165 166 /** 167 * Sets the <code>xacml-context:Request</code> element of this object 168 * 169 * @param request the <code>xacml-context:Request</code> element of this 170 * object. 171 * 172 * @exception XACMLException if the object is immutable 173 * An object is considered <code>immutable</code> if <code> 174 * makeImmutable()</code> has been invoked on it. It can 175 * be determined by calling <code>isMutable</code> on the object. 176 */ 177 public void setRequest(Request request) throws XACMLException; 178 179 /** 180 * Returns a <code>String</code> representation of this object 181 * @param includeNSPrefix Determines whether or not the namespace qualifier 182 * is prepended to the Element when converted 183 * @param declareNS Determines whether or not the namespace is declared 184 * within the Element. 185 * @return a string representation of this object 186 * @exception XACMLException if conversion fails for any reason 187 */ 188 public String toXMLString(boolean includeNSPrefix, boolean declareNS) 189 throws XACMLException; 190 191 /** 192 * Returns a string representation of this object 193 * 194 * @return a string representation of this object 195 * @exception XACMLException if conversion fails for any reason 196 */ 197 public String toXMLString() throws XACMLException; 198 199 /** 200 * Makes the object immutable 201 */ 202 public void makeImmutable(); 203 204 /** 205 * Checks if the object is mutable 206 * 207 * @return <code>true</code> if the object is mutable, 208 * <code>false</code> otherwise 209 */ 210 public boolean isMutable(); 211 212}