001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyrighted [year] [name of copyright owner]". 013 * 014 * Copyright 2014-2016 ForgeRock AS. All rights reserved. 015 */ 016 017package org.forgerock.openam.sts.tokengeneration.saml2.statements; 018 019import com.iplanet.sso.SSOToken; 020import com.sun.identity.saml2.assertion.AuthzDecisionStatement; 021import org.forgerock.openam.sts.config.user.SAML2Config; 022 023import java.util.List; 024 025/** 026 * This interface defines the plug-in point for producing AuthzDecisionStatements. Note that there is no implementation 027 * of the AuthzDecisionStatement in OpenAM, and no processing of these statements, other than calling toXMLString(bool, bool) 028 * on them when toXMLString(bool, bool) is called on the encapsulating Assertion, and isMutable and makeImmutable. 029 * The isMutable method should always return true prior to signature generation, and the makeImmutable is called after 030 * the signature is generated to tell the object to reject any subsequent changes. 031 * 032 * Thus a 'bare-bones' implementation of this interface could return a List of implementations of the AuthzDecisionStatement 033 * interface, where the implementation simply returns the xml string corresponding to the AuthzDecisionStatement in 034 * toXMLString, and always return true from isMutable. Note that the toXMLString method of the AssertionImpl class should be 035 * consulted to determine the proper formatting and character escaping in the String returned from toXMLString in the 036 * AuthzDecisionStatement implementations. 037 * @see com.sun.identity.saml2.assertion.AuthzDecisionStatement 038 * @supported.all.api 039 */ 040public interface AuthzDecisionStatementsProvider { 041 /** 042 * @param ssoToken The SSOToken corresponding to the asserted subject 043 * @param config The SAML2Config state for the invoked STS instance. 044 * @return The List of AuthzDecisionStatement instances to be included in the assertion. List must be non-null - return 045 * Collections.emptyList() if no AuthzDecisionStatements are to be included in the assertion. 046 */ 047 List<AuthzDecisionStatement> get(SSOToken ssoToken, SAML2Config config); 048}