001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: ActionMapper.java,v 1.4 2008/08/19 19:11:13 veiming Exp $ 026 * 027 * Portions Copyrighted 2015 ForgeRock AS. 028 */ 029 030package com.sun.identity.saml.plugins; 031 032import com.sun.identity.saml.assertion.Assertion; 033import com.sun.identity.saml.common.SAMLException; 034import com.sun.identity.saml.protocol.AuthorizationDecisionQuery; 035 036import java.util.Map; 037import java.util.Set; 038 039/** 040 * The class <code>ActionMapper</code> is an interface that is 041 * implemented to get SSO information and map partner actions to 042 * OpenAM authorization decisions. 043 * <p> 044 * A different implementation of the interface may be developed for different 045 * partner. The mapping between the partner source ID and the implementation 046 * class are configured at the <code>Trusted Partner Sites</code> field 047 * in SAML service. 048 * 049 * @supported.all.api 050 */ 051public interface ActionMapper { 052 053 /** 054 * Key to hold a list of actions that are permitted. 055 */ 056 public static final String PERMIT = "Permit"; 057 058 /** 059 * Key to hold a list of actions that are denied. 060 */ 061 public static final String DENY = "Deny"; 062 063 /** 064 * Key to hold a list of actions that are indeterminate. 065 */ 066 public static final String INDETERMINATE = "Indeterminate"; 067 068 /** 069 * Returns the single sign on token id to OpenAM from the query. 070 * 071 * @param query The received <code>AuthorizationDecisionQuery</code>. 072 * @return String which is the single sign on token ID. Return null if the 073 * OpenAM single sign on token id could not be obtained 074 * from the query. 075 */ 076 public String getSSOTokenID(AuthorizationDecisionQuery query); 077 078 /** 079 * Returns the Assertion that contains Authentication information that 080 * can be used to obtain single sign on token. 081 * 082 * @param query The received <code>AuthorizationDecisionQuery</code>. 083 * @param sourceID The <code>SourceID</code> from which this query is 084 * coming from. 085 * @return Assertion The assertion contained inside the query. 086 */ 087 public Assertion getSSOAssertion(AuthorizationDecisionQuery query, 088 String sourceID); 089 090 /** 091 * Returns Action Decisions for the user. 092 * The returned Map is subject to changes per SAML specification. 093 * 094 * @param query The received <code>AuthorizationDecisionQuery</code>. 095 * @param token User sessioin to retrieve the decisions. 096 * @param sourceID The <code>sourceID</code> from which the query is coming 097 * from. 098 * @return Map which contains the following possible key value pairs: 099 * <ul> 100 * <li><code>PERMIT</code> List of permitted actions, or 101 * <li><code>DENY</code> List of denied actions, or 102 * <li><code>INDETERMINATE</code> List of indeterminate actions 103 * </ul> 104 * @exception SAMLException if an error occurs 105 */ 106 public Map getAuthorizationDecisions(AuthorizationDecisionQuery query, 107 Object token, String sourceID) throws SAMLException; 108}