001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: EntitlementSubject.java,v 1.1 2009/08/19 05:40:32 veiming Exp $ 026 */ 027 028/* 029 * Portions copyright 2010-2014 ForgeRock AS. 030 */ 031 032package com.sun.identity.entitlement; 033 034import java.util.Map; 035import java.util.Set; 036import javax.security.auth.Subject; 037 038/** 039 * Encapsulates a Strategy to decide if a {@link com.sun.identity.entitlement.Privilege} applies to a given 040 * {@link Subject}. 041 * 042 * @supported.all.api 043 */ 044public interface EntitlementSubject { 045 046 /** 047 * Sets state of this object from a JSON string. 048 * 049 * @param state State of the object encoded as a JSON string 050 */ 051 void setState(String state); 052 053 /** 054 * Returns state of the object encoded as a JSON string. 055 * 056 * @return state of the object encoded as a JSON string. 057 */ 058 String getState(); 059 060 /** 061 * Returns attribute names and values that could be used for indexing. 062 * These values will be used by the authorization engine to obtain the 063 * applicable policies for a given <class>Subject</class>. 064 * 065 * @return a map of key-value pairs that will be used for indexing the 066 * entitlements that contain this <class>EntitlementSubject</class>. 067 */ 068 Map<String, Set<String>> getSearchIndexAttributes(); 069 070 /** 071 * Returns a set of attribute names that are used for evaluation. 072 * During evaluation, the <class>Evaluator</class> would try to populate 073 * these attributes in the <class>Subject</class> for the <class> 074 * EntitlementSubject</class>'s consumption. 075 * 076 * @return a set of attributes that would be required by the <class>EntitlementSubject</class>'s implementation. 077 */ 078 Set<String> getRequiredAttributeNames(); 079 080 /** 081 * Returns <code>SubjectDecision</code> of <code>EntitlementSubject</code> evaluation. 082 * 083 * @param realm Realm name. 084 * @param subject Subject who is under evaluation. 085 * @param resourceName Resource name. 086 * @param environment Environment parameters. 087 * @return <code>SubjectDecision</code> of <code>Subject</code> evaluation. 088 * @throws EntitlementException if any errors occur. 089 */ 090 SubjectDecision evaluate( 091 String realm, 092 SubjectAttributesManager mgr, 093 Subject subject, 094 String resourceName, 095 Map<String, Set<String>> environment) 096 throws EntitlementException; 097 098 /** 099 * Returns <code>true</code> is this subject is an identity object. 100 * 101 * @return <code>true</code> is this subject is an identity object. 102 */ 103 boolean isIdentity(); 104}
Copyright © 2010-2017, ForgeRock All Rights Reserved.