Index

A

add(Permission) - Method in class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection
ApplicationAttributes - Class in com.ibm.sec.authz.jaccplus
Manages the instances of IAttributesHandler for a particular section of a request, such as Subject or Resource.
ApplicationAttributes() - Constructor for class com.ibm.sec.authz.jaccplus.ApplicationAttributes
ApplicationEvaluationContext - Class in com.ibm.sec.authz.jaccplus
An implementation of EvaluationContext that requires the application code to create and register an ApplicationSubject instance representing the currently authenticated user.
ApplicationEvaluationContext() - Constructor for class com.ibm.sec.authz.jaccplus.ApplicationEvaluationContext
Construct a EvaluationContext instance.
ApplicationGroupPrincipal - Class in com.ibm.sec.authz.jaccplus
An implementation of a Principal that represents a group by a string identifier.
ApplicationGroupPrincipal(String) - Constructor for class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
ApplicationPermission - Class in com.ibm.sec.authz.jaccplus
The mechanism by which a resource identifier and an action identifier are passed to the authorization engine for evaluation.
ApplicationPermission(String, String) - Constructor for class com.ibm.sec.authz.jaccplus.ApplicationPermission
ApplicationPolicy - Class in com.ibm.sec.authz.jaccplus
The primary interface for invoking authorization decisions.
ApplicationPolicy(Properties) - Constructor for class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Constructs a new instance of ApplicationPolicy using the passed configuration properties.
ApplicationPolicy() - Constructor for class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Default Constructor.
ApplicationSubject - Class in com.ibm.sec.authz.jaccplus
The container for user ID and group information for use with ApplicationEvaluationContext.
ApplicationSubject() - Constructor for class com.ibm.sec.authz.jaccplus.ApplicationSubject
ApplicationSubjectContext - Class in com.ibm.sec.authz.jaccplus
An IEvaluationContextHandler implementation for the handling of the Subject and SubjectAttributes keys when container security is not used.
ApplicationSubjectContext() - Constructor for class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
ApplicationUserPrincipal - Class in com.ibm.sec.authz.jaccplus
An implementation of a Principal that represents a user by a string identifier.
ApplicationUserPrincipal(String) - Constructor for class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
ATTR_ACTION_KEY - Static variable in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
The context key for getting or registering an AttributesHandler for Action attributes.
ATTR_ENVIRONMENT_KEY - Static variable in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
The context key for getting or registering an AttributesHandler for Environment attributes.
ATTR_RESOURCE_KEY - Static variable in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
The context key for getting or registering an AttributesHandler for Resource attributes.
ATTR_SUBJECT_KEY - Static variable in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
The context key for getting or registering an AttributesHandler for Subject attributes.

C

com.ibm.sec.authz.jaccplus - package com.ibm.sec.authz.jaccplus
This document is the API specification for JACCPlus.
ContainerEvaluationContext - Class in com.ibm.sec.authz.jaccplus
An implementation of EvaluationContext for use when using the authenticated subject from a a supported container such as WebSphere Application Server.
ContainerEvaluationContext() - Constructor for class com.ibm.sec.authz.jaccplus.ContainerEvaluationContext
Constructs a ContainerEvaluationContext instance.
ContainerProperties - Class in com.ibm.sec.authz.jaccplus
An internal class.

D

DelegatedPermissionCollection - Class in com.ibm.sec.authz.jaccplus
Primarily used for passing to ApplicationPolicy.implies( String, EvaluationContext, PermissionCollection), and typically contains ApplicationPermission objects.
DelegatedPermissionCollection() - Constructor for class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection

E

elements() - Method in class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection
equals(Object) - Method in class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
equals(Object) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
equals(Object) - Method in class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
equals(Object) - Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
evaluate(Request, String) - Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Makes the actual evaluation decision.
EvaluationContext - Interface in com.ibm.sec.authz.jaccplus
This is the interface to an evaluation context from which the authorization engine can retrieve various context objects specific to each access request.

G

GenericRoleRefPermission - Class in com.ibm.sec.authz.jaccplus
An implementation of Permission that can be used as a holder for a role name.
GenericRoleRefPermission(String) - Constructor for class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
getActions() - Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
getActions() - Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
The getActions method is not supported for this Permission type.
getAttribute(String, EvaluationContext) - Method in interface com.ibm.sec.authz.jaccplus.IAttributesHandler
This method is used to retrieve all of the required attributes from the handler data.
getAttributes(String, EvaluationContext) - Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Gets all the values of the specified attribute identifier by calling all registered instances of IAttributesHandler and collating the results.
getAuthenticationToken() - Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
This method gets the token used to authenticate.
getContent() - Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
Method used to retrieve the content Node from this instance.
getContext(String, Map<String, Object>) - Method in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
getContext(String) - Method in interface com.ibm.sec.authz.jaccplus.EvaluationContext
Given a key, returns the corresponding context object.
getContext(String, Map<String, Object>) - Method in interface com.ibm.sec.authz.jaccplus.IEvaluationContextHandler
Method to retrieve the context data for the passed key.
getEntitlements(EntitlementRequest, String) - Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Makes an entitlements call.
getGroupPrincipals() - Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
Gets the principals representing the groups of this subject.
getHandlerData() - Method in interface com.ibm.sec.authz.jaccplus.EvaluationContext
Gets the thread-scoped handler data object.
getKeys() - Method in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
getKeys() - Method in interface com.ibm.sec.authz.jaccplus.EvaluationContext
Returns the set of keys that this evaluation context can handle.
getKeys() - Method in interface com.ibm.sec.authz.jaccplus.IEvaluationContextHandler
Method to return a list of all the keys supported by this handler.
getName() - Method in class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
getName() - Method in class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
getObligationHandler(String) - Method in interface com.ibm.sec.authz.jaccplus.IObligationManager
Method for retrieving all of the registered handlers from the context.
getObligationHandler(String) - Method in class com.ibm.sec.authz.jaccplus.ObligationManager
getPermissions(CodeSource) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Implementation of the Policy getPermissions() implementation.
getPermissions(String, EvaluationContext, Class<?>) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Calculates the set of entitlements, in the form of Permission objects, to which the current user (as specified in the EvaluationContext) has access to.
getPolicy() - Static method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Gets the singleton instance of ApplicationPolicy.
getProperties() - Static method in class com.ibm.sec.authz.jaccplus.ContainerProperties
getSupportedAttributes() - Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Method used to retrieve all of the attribute identifiers that all registered IAttributesHandler implementations can retrieve.
getSupportedAttributes() - Method in interface com.ibm.sec.authz.jaccplus.IAttributesHandler
Retrieves all of the attributes that this handler implementation can provide.
getUserPrincipal() - Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
Gets the principal representing the user identity for this subject.

H

handleObligation(String, boolean, EvaluationContext, Map<String, Object>) - Method in interface com.ibm.sec.authz.jaccplus.IContextObligationHandler
This method is invoked when an obligation is received in a response from the authorization engine.
hashCode() - Method in class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
hashCode() - Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
hashCode() - Method in class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
hashCode() - Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission

I

IAttributesHandler - Interface in com.ibm.sec.authz.jaccplus
This interface implements handlers that retrieve attributes for runtime evaluation decisions.
IAuthzProvider - Interface in com.ibm.sec.authz.jaccplus
This is an internal interface.
IContextObligationHandler - Interface in com.ibm.sec.authz.jaccplus
This class provides the interface to registered obligation handlers in an application context.
IEvaluationContextHandler - Interface in com.ibm.sec.authz.jaccplus
This class provides the interface to various handlers of context data.
implies(Permission) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
This Permission implies another if the other Permission is also an ApplicationPermission and has name and action the same.
implies(ProtectionDomain, Permission) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Implementation of the Policy implies() method.
implies(String, EvaluationContext, Permission) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
This method evaluates the passed Permission against the the policy for the passed in context identifier.
implies(String, EvaluationContext, PermissionCollection) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
This method evaluates the given set of Permissions against the policy specified by the context identifier passed.
implies(Permission) - Method in class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection
implies(Permission) - Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
This permission implies another, if the other permission is also a GenericRoleRefPermission and has an equal name (ie role).
IObligationManager - Interface in com.ibm.sec.authz.jaccplus
This class provides the interface to the Obligations manager for obligation support.

L

lockPolicy(String) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Locks the policy underlying this context to ensure that multiple calls to implies() are evaluated against the same policy.
lockPolicy(String) - Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Locks the policy for the given context so that a series of evaluate() requests are evaluated against the same policy.

O

OBLIGATION_MANAGER_KEY - Static variable in interface com.ibm.sec.authz.jaccplus.IObligationManager
The context key for storing the handlers in the container.
ObligationManager - Class in com.ibm.sec.authz.jaccplus
An implementation of the IObligationManager interface.
ObligationManager() - Constructor for class com.ibm.sec.authz.jaccplus.ObligationManager

R

refresh() - Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Refreshes, or reloads, the policy that makes access decisions.
refresh() - Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Refreshes the underlying policy.
registerHandler(String, IAttributesHandler) - Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Method used to register a particular IAttributesHandler to retrieve a specific attribute identifier.
registerHandler(IAttributesHandler) - Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Method used to register an IAttributesHandler to retrieve all attributes it supports.
registerHandler(String, IEvaluationContextHandler, boolean) - Method in interface com.ibm.sec.authz.jaccplus.EvaluationContext
This method registers a PolicyContextHandler implementation for a particular key.
registerObligationHandler(String, IContextObligationHandler) - Method in interface com.ibm.sec.authz.jaccplus.IObligationManager
Method for adding Obligation handlers to the context.
registerObligationHandler(String, IContextObligationHandler) - Method in class com.ibm.sec.authz.jaccplus.ObligationManager
removePermission(Permission) - Method in class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection
This method removes the given Permission from the collection.

S

setAuthenticationToken(Element) - Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
This method sets the token used to authenticate this Subject.
setContent(Node) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
Method used to set the content Node for this instance.
setGroupPrincipals(Principal[]) - Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
Sets the group principals for this subject.
setUserPrincipal(Principal) - Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
Sets the principal representing the user identity for this subject.
shutdown() - Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Called on JACC cleanup().
startup() - Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Called on JACC initialization (if used as a JACC provider) or before the first authorization request.
SUBJECT_ATTRIBUTES_KEY - Static variable in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
SUBJECT_KEY - Static variable in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
supports(String) - Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Method used to determine if an attribute identifier can be retrieved from any registered handlers.
supports(String) - Method in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
supports(String) - Method in interface com.ibm.sec.authz.jaccplus.IAttributesHandler
Checks whether or not this handler implementation can provide this attribute.
supports(String) - Method in interface com.ibm.sec.authz.jaccplus.IEvaluationContextHandler
Method to find out if this handler instance can retrieve the context data for the given key.
supportsObligation(String) - Method in interface com.ibm.sec.authz.jaccplus.IObligationManager
Method for checking if whether or not this handler implementation can retrieve an attribute.
supportsObligation(String) - Method in class com.ibm.sec.authz.jaccplus.ObligationManager

T

toString() - Method in class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
toString() - Method in class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
toString() - Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission

U

unlockPolicy(String) - Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Unlocks the policy underlying this context, so that the policy to be refreshed if any updates are pending.
unlockPolicy(String) - Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Unlocks the policy for the given context.