001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: Condition.java,v 1.7 2009/06/19 22:54:46 mrudul_uchil Exp $ 026 * 027 * Portions Copyrighted 2014 ForgeRock AS. 028 */ 029 030package com.sun.identity.policy.interfaces; 031 032import com.sun.identity.policy.ConditionDecision; 033import com.sun.identity.policy.PolicyException; 034import com.sun.identity.policy.Syntax; 035import com.iplanet.sso.SSOToken; 036import com.iplanet.sso.SSOException; 037 038import java.util.List; 039import java.util.Locale; 040import java.util.Map; 041import java.util.Set; 042 043/** 044 * The class <code>Condition</code> defines an interface 045 * to allow pluggable condition. These are used to control 046 * policy decisions based on parameters such as time, 047 * authentication level of the user session and IP address from which 048 * the user is making the request. 049 * 050 * A condition computes a <code>ConditionDecision</code> based on the state 051 * of condition object as set by <code>setProperties</code> 052 * method call and the environment passed in a map of key/value pairs. 053 * 054 * <code>ConditionDecision</code> encapsulates whether a <code>Policy</code> 055 * applies for the request and <code>Advice</code> messages generated by 056 * the condition. 057 * 058 * The following Condition implementation are provided with the 059 * Policy framework: 060 * <ul> 061 * <li>AuthLevelCondition</li> 062 * <li>LEAuthLevelCondition</li> 063 * <li>AuthSchemeCondition</li> 064 * <li>IPCondition</li> 065 * <li>SimpleTimeCondition</li> 066 * <li>SessionCondition</li> 067 * <li>SessionPropertyCondition</li> 068 * <li>AuthenticateToRealmCondition</li> 069 * <li>AuthenticateToServiceCondition</li> 070 * <li>LDAPFilterCondition</li> 071 * </ul> 072 * 073 * All condition implementations should have a public no argument 074 * constructor. 075 * 076 * @see com.sun.identity.policy.ConditionDecision 077 * @supported.all.api 078 * @deprecated since 12.0.0, use {@link com.sun.identity.entitlement.EntitlementCondition} 079 */ 080@Deprecated 081public interface Condition extends Cloneable { 082 083 /** 084 * Following keys are used to define relevant key names for processing 085 * the environment Map of an AuthLevelCondition or LEAuthLevelCondition. 086 */ 087 088 /** Key that is used to define the minimum authentication level 089 * in an <code>AuthLevelCondition</code> or the maximum authentication 090 * level in a <code>LEAuthLevelCondition</code> of a policy being 091 * evaluated. In case of <code>AuthLevelCondition</code> policy would 092 * apply if the request authentication level is at least the level 093 * defined in condition while in case of <code>LEAuthLevelCondition</code> 094 * policy would apply if the request authentication level is less than 095 * or equal to the level defined in the condition. 096 * The value should be a <code>Set</code> with only one 097 * element. The element should be a <code>String</code>, parse-able as 098 * an integer or a realm qualified integer like "sun:1" where "sun" is a 099 * realm name.":" needs to used a delimiter between realm name and the 100 * level. 101 * 102 * @see #setProperties(Map) 103 */ 104 public static final String AUTH_LEVEL = "AuthLevel"; 105 106 /** Key that is used to define the authentication level of the request. 107 * Its passed down in the <code>env</code> Map to the 108 * <code>getConditionDecision</code> call of an <code>AuthLevelCondition 109 * </code> or <code>LEAuthLevelCondition</code> for condition evaluation. 110 * <p> 111 * The value should be an Integer or a <code>Set</code> of 112 * <code>String</code>s. If it is a <code>Set</code> of 113 * <code>String</code>s, each element of the set has to be parseable as 114 * integer or should be a realm qualified integer like "sun:1". If the 115 * <code>env</code> parameter is null or does not 116 * define value for <code>REQUEST_AUTH_LEVEL</code>, the value for 117 * <code>REQUEST_AUTH_LEVEL</code> is obtained from the single sign 118 * on token of the user 119 * 120 * @see #getConditionDecision(SSOToken, Map) 121 * @see #AUTH_LEVEL 122 */ 123 public static final String REQUEST_AUTH_LEVEL = "requestAuthLevel"; 124 125 /** 126 * Following keys are used to define relevant key names for processing 127 * the environment Map of an AuthSchemeConditon. 128 */ 129 130 /** Key that is used to define the authentication scheme 131 * in an <code>AuthSchemeCondition</code> of a policy. 132 * Policy would apply if the authentication scheme of the request is same 133 * as defined in the condition. The value should be 134 * a <code>Set</code> with only one element. The element should be a 135 * <code>String</code>, the authentication scheme name. 136 * 137 * @see #setProperties(Map) 138 */ 139 public static final String AUTH_SCHEME = "AuthScheme"; 140 141 /** 142 * Key that is used to specify application name 143 * for the resources protected by the policy 144 */ 145 public static final String APPLICATION_NAME = "ApplicationName"; 146 147 /** 148 * Key that is used to specify the application 149 * idle time out 150 */ 151 public static final String APPLICATION_IDLE_TIMEOUT 152 = "ApplicationIdleTimeout"; 153 154 /** Key that is used to define the name of authentication scheme of the 155 * request. Its passed down as part of the <code>env</code> Map to 156 * <code>getConditionDecision</code> of an <code>AuthSchemeCondition</code> 157 * for condition evaluation. 158 * Value for the key should be a <code>Set</code> with each element being 159 * a <code>String</code>. 160 * If the <code>env</code> parameter is null or does not 161 * define value for <code>REQUEST_AUTH_SCHEMES</code>, the value for 162 * <code>REQUEST_AUTH_SCHEMES</code> is obtained from the single sign 163 * on token of the user 164 * 165 * @see #getConditionDecision(SSOToken, Map) 166 * @see #AUTH_SCHEME 167 */ 168 public static final String REQUEST_AUTH_SCHEMES = "requestAuthSchemes"; 169 170 /** 171 * Following keys are used to define relevant key names for processing 172 * the environment Map of an AuthenticateToRealmCondition. 173 */ 174 175 /** Key used in <code>AuthenticateToRealmCondition</code> to specify the 176 * realm for which the user should authenticate for the policy to apply. 177 * The value should be a <code>Set</code> with only one element. 178 * The should be a <code>String</code>, the realm name. 179 * 180 * @see #setProperties(Map) 181 */ 182 public static final String AUTHENTICATE_TO_REALM = "AuthenticateToRealm"; 183 184 185 /** Key that is used to identify the names of authenticated realms 186 * in the request. Its passed down as part of the <code>env</code> Map to 187 * <code>getConditionDecision</code> of an <code> 188 * AuthenticateToRealmCondition</code> for condition evaluation. 189 * Value for the key should be a <code>Set</code> with each element being 190 * a <code>String</code> 191 * If the <code>env</code> parameter is null or does not 192 * define value for <code>REQUEST_AUTHENTICATED_TO_REALMS</code>, the 193 * value for <code>REQUEST_AUTHENTICATED_TO_REALMS</code> is obtained 194 * from the single sign on token of the user 195 * 196 * @see #getConditionDecision(SSOToken, Map) 197 * @see #AUTHENTICATE_TO_REALM 198 */ 199 public static final String REQUEST_AUTHENTICATED_TO_REALMS 200 = "requestAuthenticatedToRealms"; 201 202 /** 203 * Following keys are used to define relevant key names for processing 204 * the environment Map of an AuthenticateToServiceCondition. 205 */ 206 207 /** Key that is used in <code>AuthenticateToServiceCondition</code> to 208 * specify the authentication chain for which the user should authenticate 209 * for the policy to apply. 210 * The value should be a <code>Set</code> with only one element. 211 * The should be a <code>String</code>, the realm name. 212 * 213 * @see #setProperties(Map) 214 */ 215 public static final String AUTHENTICATE_TO_SERVICE 216 = "AuthenticateToService"; 217 218 /** Key that is used to identify the names of authentication chains 219 * in the request. Its passed down as part of the <code>env</code> Map to 220 * <code>getConditionDecision</code> of an <code> 221 * AuthenticateToServiceCondition</code> for condition evaluation. 222 * Value for the key should be a <code>Set</code> with each element being 223 * a <code>String</code>. 224 * If the <code>env</code> parameter is null or does not 225 * define value for <code>REQUEST_AUTHENTICATED_TO_SERVICES</code>, the 226 * value for <code>REQUEST_AUTHENTICATED_TO_SERVICES</code> is obtained 227 * from the single sign on token of the user 228 * 229 * @see #getConditionDecision(SSOToken, Map) 230 * @see #AUTHENTICATE_TO_SERVICE 231 */ 232 public static final String REQUEST_AUTHENTICATED_TO_SERVICES 233 = "requestAuthenticatedToServices"; 234 235 /** Key that is used identify the advice messages from 236 * <code>AuthSchemeCondition</code> 237 */ 238 public static final String AUTH_SCHEME_CONDITION_ADVICE = 239 "AuthSchemeConditionAdvice"; 240 241 /** Key that is used identify the advice messages from 242 * <code>AuthenticateToServiceCondition</code> 243 */ 244 public static final String AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE 245 = "AuthenticateToServiceConditionAdvice"; 246 247 /** Key that is used identify the advice messages from 248 * <code>AuthLevelCondition</code>. 249 */ 250 public static final String AUTH_LEVEL_CONDITION_ADVICE = 251 "AuthLevelConditionAdvice"; 252 253 /** Key that is used identify the advice messages from 254 * <code>AuthenticateToRealmCondition</code> 255 */ 256 public static final String AUTHENTICATE_TO_REALM_CONDITION_ADVICE = 257 "AuthenticateToRealmConditionAdvice"; 258 259 /** 260 * Following keys are used to define relevant key names for processing 261 * the environment Map of an IPCondition. 262 */ 263 264 /** Key used in <code>IPCondition</code> to define the start of IP 265 * address range for which a policy applies. 266 * The value corresponding to the key has to be a <code>Set</code> that 267 * has just one element which is a <code>String</code> 268 * that conforms to the pattern described here. If a value is 269 * defined for START_IP, a value should also be defined for END_IP. 270 * 271 * The patterns for IP Version 4 is : 272 * n.n.n.n 273 * where n would take any integer value between 0 and 255 inclusive. 274 * 275 * Some sample values are: 276 * 122.100.85.45 277 * 145.64.55.35 278 * 15.64.55.35 279 * 280 * The patterns for IP Version 6 is: 281 * x:x:x:x:x:x:x:x 282 * where x are the hexadecimal values of the eight 16-bit pieces of the address 283 * 284 * Some sample values are: 285 * FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 286 * 1080:0:0:0:8:800:200C:417A 287 * 288 * @see <a href="http://tools.ietf.org/html/rfc3513#section-2.2">RFC 3513 - Section 2.2</a> 289 * @see #setProperties(Map) 290 */ 291 public static final String START_IP = "StartIp"; 292 293 /** Key that is used in <code>IPCondition</code> to define the end of 294 * IP address range for which a policy applies. 295 * The value corresponding to the key has to be a <code>Set</code> that 296 * has just one element which is a <code>String</code> 297 * that conforms to the pattern described here. If a value is 298 * defined for END_IP, a value should also be defined for START_IP. 299 * 300 * The patterns is : 301 * n.n.n.n 302 * where n would take any integer value between 0 and 255 inclusive. 303 * 304 * Some sample values are 305 * 122.100.85.45 306 * 145.64.55.35 307 * 15.64.55.35 308 * 309 * The patterns for IP Version 6 is: 310 * x:x:x:x:x:x:x:x 311 * where x are the hexadecimal values of the eight 16-bit pieces of the address 312 * 313 * Some sample values are: 314 * FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 315 * 1080:0:0:0:8:800:200C:417A 316 * 317 * @see <a href="http://tools.ietf.org/html/rfc3513#section-2.2">RFC 3513 - Section 2.2</a> 318 * @see #setProperties(Map) 319 */ 320 public static final String END_IP = "EndIp"; 321 322 /** Key that is used in an <code>IPCondition</code> to define the DNS 323 * name values for which a policy applies. The value corresponding to the 324 * key has to be a <code>Set</code> where each element is a <code>String 325 * </code> that conforms to the patterns described here. 326 * 327 * The patterns is : 328 * <pre> 329 * ccc.ccc.ccc.ccc 330 * *.ccc.ccc.ccc</pre> 331 * where c is any valid character for DNS domain/host name. 332 * There could be any number of <code>.ccc</code> components. 333 * Some sample values are: 334 * <pre> 335 * www.sun.com 336 * finace.yahoo.com 337 * *.yahoo.com 338 * </pre> 339 * 340 * @see #setProperties(Map) 341 */ 342 public static final String DNS_NAME = "DnsName"; 343 344 345 /** Key that is used to define request IP address that is passed in 346 * the <code>env</code> parameter while invoking 347 * <code>getConditionDecision</code> method of an <code>IPCondition</code>. 348 * Value for the key should be a <code>String</code> that is a string 349 * representation of IP of the client, 350 * 351 * For IP version 4: 352 * The form is n.n.n.n where n is a 353 * value between 0 and 255 inclusive. 354 * 355 * For IP version 6: 356 * The form is x:x:x:x:x:x:x:x where x is 357 * the hexadecimal values of the eight 16-bit pieces of the address 358 * 359 * @see #getConditionDecision(SSOToken, Map) 360 * @see #REQUEST_DNS_NAME 361 */ 362 public static final String REQUEST_IP = "requestIp"; 363 364 /** Key that is used to define request DNS name that is passed in 365 * the <code>env</code> parameter while invoking 366 * <code>getConditionDecision</code> method of an <code>IPCondition</code>. 367 * Value for the key should be a set of strings representing the 368 * DNS names of the client, in the form <code>ccc.ccc.ccc</code> for IP version 4. 369 * For IP version 6, the form would be <code>x:x:x:x:x:x:x:x</code> 370 * If the <code>env</code> parameter is null or does not 371 * define value for <code>REQUEST_DNS_NAME</code>, the 372 * value for <code>REQUEST_DNS_NAME</code> is obtained 373 * from the single sign on token of the user 374 * 375 * @see #getConditionDecision(SSOToken, Map) 376 */ 377 public static final String REQUEST_DNS_NAME = "requestDnsName"; 378 379 /** 380 * Following keys are used to define relevant key names for processing 381 * the environment Map of a LDAPFilterCondition. 382 */ 383 /** 384 * Key that is used in a <code>LDAPFilterCondition</code> to define the 385 * ldap filter that should be satisfied by the ldap entry of the user 386 * for the condition to be satisifed 387 * The value should be a <code>Set</code> with only one element. 388 * The element should be a <code>String</code>. 389 * 390 * @see #setProperties(Map) 391 */ 392 public static final String LDAP_FILTER = "ldapFilter"; 393 394 /** 395 * Following keys are used to define relevant key names for processing 396 * the environment Map of a SessionCondition. 397 */ 398 399 /** 400 * Key that is used in <code>SessionCondition</code> to define the maximum 401 * session time in minutes for which a policy applies. 402 * The value corresponding to the key has to be a <code>Set</code> that 403 * has just one element which is a string and parse-able as an 404 * <code>Integer</code>. 405 */ 406 public static final String MAX_SESSION_TIME = "MaxSessionTime"; 407 408 /** 409 * Key in <code>SessionCondition</code> that is used to define the option 410 * to terminate the session if the session exceeds the maximum session 411 * time. The value corresponding to the key has to be a <code>Set</code> 412 * that has just one element which is a string. The option is on if 413 * the string value is equal to <code>true</code>. 414 */ 415 public static final String TERMINATE_SESSION = "TerminateSession"; 416 417 /** 418 * Following keys are used to define relevant key names for processing 419 * the environment Map of an SimpleTimeCondition. 420 */ 421 422 /** Key that is used in <code>SimpleTimeCondition</code> to define the 423 * beginning of time range during which a policy applies. 424 * The value corresponding to the key has to be a <code>Set</code> that 425 * has just one element which is a <code>String</code> that conforms to 426 * the pattern described here. If a value is defined for 427 * <code>START_TIME</code>, 428 * a value should also be defined for <code>END_TIME</code>. 429 * 430 * The patterns is: 431 * <pre> 432 * HH:mm 433 * </pre> 434 * 435 * Some sample values are 436 * <pre> 437 * 08:25 438 * 18:45 439 * </pre> 440 * 441 * @see #setProperties(Map) 442 * @see #END_TIME 443 */ 444 public static final String START_TIME = "StartTime"; 445 446 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 447 * end of time range during which a policy applies.The value corresponding 448 * to the key has to be a <code>Set</code> that has just one element which 449 * is a <code>String</code> that conforms to the pattern described here. 450 * If a value is defined for <code>END_TIME</code>, a value should also 451 * be defined for <code>START_TIME</code>. 452 * 453 * The patterns is: 454 * <pre> 455 * HH:mm 456 * </pre> 457 * 458 * Some sample values are 459 * <pre> 460 * 08:25 461 * 18:45 462 * </pre> 463 * 464 * @see #setProperties(Map) 465 * @see #START_TIME 466 */ 467 public static final String END_TIME = "EndTime"; 468 469 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 470 * start of day of week range for which a policy applies. The value 471 * corresponding to the key has to be a <code>Set</code> that has just one 472 * element which is a <code>String</code> that is one of the values 473 * <code>Sun, Mon, Tue, Wed, Thu, Fri, Sat.</code> 474 * If a value is defined for <code>START_DAY</code>, a value should also be 475 * defined for <code>END_DAY</code>. 476 * 477 * Some sample values are 478 * <pre> 479 * Sun 480 * Mon 481 * </pre> 482 * @see #setProperties(Map) 483 * @see #END_DAY 484 */ 485 public static final String START_DAY = "StartDay"; 486 487 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 488 * end of day of week range for which a policy applies. Its defined in a 489 * <code>SimpleTimeCondition </code> associated with the policy. The value 490 * corresponding to the key has to be a <code>Set</code> that has just one 491 * element which is a <code>String</code> that is one of the values 492 * <code>Sun, Mon, Tue, Wed, Thu, Fri, Sat.</code> 493 * If a value is defined for <code>END_DAY</code>, a value should also be 494 * defined for <code>START_DAY</code>. 495 * 496 * Some sample values are 497 * <pre> 498 * Sun 499 * Mon 500 * </pre> 501 * @see #setProperties(Map) 502 * @see #START_DAY 503 */ 504 public static final String END_DAY = "EndDay"; 505 506 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 507 * start of date range for which a policy applies. 508 * The value corresponding to the key has to be a <code>Set</code> that has 509 * just one element which is a <code>String</code> that corresponds to the 510 * pattern described below. If a value is defined for 511 * <code>START_DATE</code>, a value should also be defined for 512 * <code>END_DATE</code>. 513 * 514 * The pattern is 515 * <pre> 516 * yyyy:MM:dd 517 * Some sample values are 518 * 2001:02:26 519 * 2002:12:31 520 * </pre> 521 * 522 * @see #setProperties(Map) 523 * @see #END_DATE 524 */ 525 public static final String START_DATE = "StartDate"; 526 527 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 528 * end of date range for which a policy applies.The value corresponding to 529 * the key has to be a <code>Set</code> that has just one element which is 530 * a <code>String</code> that corresponds to the pattern described below. 531 * If a value is defined for <code>END_DATE</code>, a value should 532 * also be defined for <code>START_DATE</code>. 533 * 534 * The pattern is 535 * <pre> 536 * yyyy:MM:dd 537 * Some sample values are 538 * 2001:02:26 539 * 2002:12:31 540 * </pre> 541 * 542 * @see #setProperties(Map) 543 * @see #START_DATE 544 */ 545 public static final String END_DATE = "EndDate"; 546 547 /** Key that is used in a <code>SimpleTimeCondition</code> to define the 548 * time zone basis to evaluate the policy. 549 * The value corresponding to the key 550 * has to be a one element <code>Set</code> where the element is a 551 * <code>String</code> that is one of the standard timezone IDs supported 552 * by java or a <code>String</code> of the pattern 553 * <code>GMT[+|-]hh[[:]mm]</code> 554 * here. If the value is not a valid time zone id and does 555 * not match the pattern <code>GMT[+|-]hh[[:]mm]</code>, it would default 556 * to GMT 557 * 558 * @see java.util.TimeZone 559 */ 560 public static final String ENFORCEMENT_TIME_ZONE 561 = "EnforcementTimeZone"; 562 563 /** Key that is used to define the time zone that is passed in 564 * the <code>env</code> parameter while invoking 565 * <code>getConditionDecision</code> method of a 566 * <code>SimpleTimeCondition</code> 567 * Value for the key should be a <code>TimeZone</code> object. This 568 * would be used only if the <code>ENFORCEMENT_TIME_ZONE</code> is not 569 * defined for the <code>SimpleTimeCondition</code> 570 * 571 * @see #getConditionDecision(SSOToken, Map) 572 * @see #ENFORCEMENT_TIME_ZONE 573 * @see java.util.TimeZone 574 */ 575 public static final String REQUEST_TIME_ZONE = "requestTimeZone"; 576 577 /** Key that is passed in the <code>env</code> parameter while invoking 578 * <code>getConditionDecision</code> method of a <code> 579 * SessionPropertyCondition</code> to indicate if a case insensitive 580 * match needs to done of the property value against same name property in 581 * the user's single sign on token. 582 */ 583 public static final String VALUE_CASE_INSENSITIVE = "valueCaseInsensitive"; 584 585 /** Key that is passed in the <code>env</code> parameter while invoking 586 * <code>getConditionDecision</code> method of an 587 * <code>AMIdentityMembershipCondition</code>. The value specifies the 588 * uuid(s) for which the policy would apply. The value should be 589 * a <code>Set</code>. Each element of the <code>Set</code> should be a 590 * String, the uuid of the <code>AMIdentity</code> objet. 591 */ 592 public static final String INVOCATOR_PRINCIPAL_UUID 593 = "invocatorPrincipalUuid"; 594 595 /** Key that is used in a <code>AMIdentityMembershipCondition</code> to 596 * specify the uuid(s) of <code>AMIdentiy</code> objects to which the 597 * policy would apply. These uuid(s) are specified in the condition 598 * at policy definition time. 599 * 600 * The value should be a <code>Set</code> 601 * Each element of the <code>Set</code> should be a String, 602 * the uuid of the invocator. 603 */ 604 public static final String AM_IDENTITY_NAME = "amIdentityName"; 605 606 /** 607 * Returns a list of property names for the condition. 608 * 609 * @return list of property names 610 */ 611 public List<String> getPropertyNames(); 612 613 /** 614 * Returns the syntax for a property name 615 * @see com.sun.identity.policy.Syntax 616 * 617 * @param property property name 618 * 619 * @return <code>Syntax<code> for the property name 620 */ 621 public Syntax getPropertySyntax(String property); 622 623 624 /** 625 * Gets the display name for the property name. 626 * The <code>locale</code> variable could be used by the plugin to 627 * customize the display name for the given locale. 628 * The <code>locale</code> variable could be <code>null</code>, in which 629 * case the plugin must use the default locale. 630 * 631 * @param property property name 632 * @param locale locale for which the property name must be customized 633 * @return display name for the property name. 634 * @throws PolicyException 635 */ 636 public String getDisplayName(String property, Locale locale) 637 throws PolicyException; 638 639 /** 640 * Returns a set of valid values given the property name. This method 641 * is called if the property Syntax is either the SINGLE_CHOICE or 642 * MULTIPLE_CHOICE. 643 * 644 * @param property property name 645 * @return Set of valid values for the property. 646 * @exception PolicyException if unable to get the Syntax. 647 */ 648 public Set<String> getValidValues(String property) throws PolicyException; 649 650 /** Sets the properties of the condition. 651 * This influences the <code>ConditionDecision</code> that would be 652 * computed by a call to method <code>getConditionDecision(Map)</code> and 653 * the <code>Advice</code> messages generated included in the 654 * <code>ConditionDecision</code>. 655 * 656 * <code>ConditionDecision</code> encapsulates whether a policy applies for 657 * the request and advice messages generated by the condition. 658 * 659 * For example, for a <code>SimpleTimeCondition</code>, the properties 660 * would define <code>StartTime</code> and <code>EndTime</code>, to define 661 * the time range during which the policy applies 662 * 663 * @param properties the properties of the condition 664 * that would influence the <code>ConditionDecision</code> returned 665 * by a call to method <code>getConditionDecision(Map)</code>. 666 * Keys of the properties have to be String. 667 * Value corresponding to each key have to be a <code>Set</code> of 668 * <code>String</code> elements. Each implementation of Condition 669 * could add further restrictions on the keys and values of this 670 * <code>Map</code>. 671 * @throws PolicyException for any abnormal condition 672 * @see com.sun.identity.policy.ConditionDecision 673 */ 674 public void setProperties(Map<String, Set<String>> properties) throws PolicyException; 675 676 /** Gets the properties of the condition 677 * @return properties of the condition 678 * @see #setProperties 679 */ 680 public Map<String, Set<String>> getProperties(); 681 682 /** 683 * Gets the decision computed by this condition object, based on the 684 * <code>Map</code> of environment parameters 685 * 686 * @param token single-sign-on <code>SSOToken</code> of the user 687 * 688 * @param env request specific environment <code>Map,/code> of key/value 689 * pairs For example this would contain IP address of remote 690 * client for an <code>IPCondition</code>. 691 * 692 * @return the condition decision. 693 * The condition decision encapsulates whether a <code>Policy</code> 694 * applies for the request and <code>advice</code> messages 695 * generated by the condition. 696 * 697 * Policy framework continues evaluating a <code>Policy</code> only if it 698 * applies to the request as indicated by the 699 * <code>ConditionDecision</code>. 700 * Otherwise, further evaluation of the <code>Policy</code> is skipped. 701 * However, the <code>Advice</code> messages encapsulated in the 702 * <code>ConditionDecision</code> are aggregated and passed up, 703 * encapsulated in the <code>PolicyDecision</code>. 704 * 705 * 706 * @throws PolicyException if the decision could not be computed 707 * @throws SSOException if SSO token is not valid 708 * 709 * @see com.sun.identity.policy.ConditionDecision 710 */ 711 public ConditionDecision getConditionDecision(SSOToken token, Map<String, Set<String>> env) 712 throws PolicyException, SSOException; 713 714 /** 715 * Returns a copy of this object. 716 * 717 * @return a copy of this object 718 */ 719 public Object clone(); 720 721}
Copyright © 2010-2017, ForgeRock All Rights Reserved.