001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyrighted [year] [name of copyright owner]".
013 *
014 * Copyright 2014-2016 ForgeRock AS. All rights reserved.
015 */
016
017package org.forgerock.openam.sts.tokengeneration.saml2.statements;
018
019import com.iplanet.sso.SSOToken;
020import com.sun.identity.saml2.assertion.AuthzDecisionStatement;
021import org.forgerock.openam.sts.config.user.SAML2Config;
022
023import java.util.List;
024
025/**
026 * This interface defines the plug-in point for producing AuthzDecisionStatements. Note that there is no implementation
027 * of the AuthzDecisionStatement in OpenAM, and no processing of these statements, other than calling toXMLString(bool, bool)
028 * on them when toXMLString(bool, bool) is called on the encapsulating Assertion, and isMutable and makeImmutable.
029 * The isMutable method should always return true prior to signature generation, and the makeImmutable is called after
030 * the signature is generated to tell the object to reject any subsequent changes.
031 *
032 * Thus a 'bare-bones' implementation of this interface could return a List of implementations of the AuthzDecisionStatement
033 * interface, where the implementation simply returns the xml string corresponding to the AuthzDecisionStatement in
034 * toXMLString, and always return true from isMutable. Note that the toXMLString method of the AssertionImpl class should be
035 * consulted to determine the proper formatting and character escaping in the String returned from toXMLString in the
036 * AuthzDecisionStatement implementations.
037 * @see com.sun.identity.saml2.assertion.AuthzDecisionStatement
038 * @supported.all.api
039 */
040public interface AuthzDecisionStatementsProvider {
041    /**
042     * @param ssoToken The SSOToken corresponding to the asserted subject
043     * @param config The SAML2Config state for the invoked STS instance.
044     * @return The List of AuthzDecisionStatement instances to be included in the assertion. List must be non-null - return
045     * Collections.emptyList() if no AuthzDecisionStatements are to be included in the assertion.
046     */
047    List<AuthzDecisionStatement> get(SSOToken ssoToken, SAML2Config config);
048}