001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: EntitlementSubject.java,v 1.1 2009/08/19 05:40:32 veiming Exp $
026 */
027
028/*
029 * Portions copyright 2010-2014 ForgeRock AS.
030 */
031
032package com.sun.identity.entitlement;
033
034import java.util.Map;
035import java.util.Set;
036import javax.security.auth.Subject;
037
038/**
039 * Encapsulates a Strategy to decide if a {@link com.sun.identity.entitlement.Privilege} applies to a given
040 * {@link Subject}.
041 *
042 * @supported.all.api
043 */
044public interface EntitlementSubject {
045
046    /**
047     * Sets state of this object from a JSON string.
048     *
049     * @param state State of the object encoded as a JSON string
050     */
051    void setState(String state);
052
053    /**
054     * Returns state of the object encoded as a JSON string.
055     *
056     * @return state of the object encoded as a JSON string.
057     */
058    String getState();
059
060    /**
061     * Returns attribute names and values that could be used for indexing.
062     * These values will be used by the authorization engine to obtain the
063     * applicable policies for a given <class>Subject</class>.
064     *
065     * @return a map of key-value pairs that will be used for indexing the
066     * entitlements that contain this <class>EntitlementSubject</class>.
067     */
068    Map<String, Set<String>> getSearchIndexAttributes();
069
070    /**
071     * Returns a set of attribute names that are used for evaluation.
072     * During evaluation, the <class>Evaluator</class> would try to populate
073     * these attributes in the <class>Subject</class> for the <class>
074     * EntitlementSubject</class>'s consumption.
075     *
076     * @return a set of attributes that would be required by the <class>EntitlementSubject</class>'s implementation.
077     */
078    Set<String> getRequiredAttributeNames();
079
080    /**
081     * Returns <code>SubjectDecision</code> of <code>EntitlementSubject</code> evaluation.
082     *
083     * @param realm Realm name.
084     * @param subject Subject who is under evaluation.
085     * @param resourceName Resource name.
086     * @param environment Environment parameters.
087     * @return <code>SubjectDecision</code> of <code>Subject</code> evaluation.
088     * @throws EntitlementException if any errors occur.
089     */
090    SubjectDecision evaluate(
091        String realm,
092        SubjectAttributesManager mgr,
093        Subject subject,
094        String resourceName,
095        Map<String, Set<String>> environment)
096        throws EntitlementException;
097
098    /**
099     * Returns <code>true</code> is this subject is an identity object.
100     *
101     * @return <code>true</code> is this subject is an identity object.
102     */
103    boolean isIdentity();
104}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.