com.ibm.sec.authz.jaccplus
Interface IContextObligationHandler
- public interface IContextObligationHandler
This class provides the interface to registered obligation handlers in an application context. Registered handlers need to implement this interface to return the obligations in the application context. Obligations are handled via registered obligation handlers.
Obligations define actions that must be performed before access can be granted; or actions that must be performed along with a deny decision. Defined in the policy, such actions may include "audit this information before granting access" or "deny access and send an email to a security officer."
Method Summary
Modifier and Type | Method and Description |
---|---|
|
handleObligation(java.lang.String obligationId,boolean implied,EvaluationContext context,java.util.Map<java.lang.String,java.lang.Object> attributes)
This method is invoked when an obligation is received
in a response from the authorization engine.
|
Method Detail
handleObligation
- void handleObligation(java.lang.String obligationId,
- boolean implied,
- EvaluationContext context,
- java.util.Map<java.lang.String,java.lang.Object> attributes)
This method is invoked when an obligation is received
in a response from the authorization engine.
Parameters:
obligationId
- The string identifier of the obligation. implied
- Whether the evaluation returned permit (true) or deny (false). context
- The evaluation context passed to the initial
{@link ApplicationPolicy#implies(String, EvaluationContext, java.security.Permission) call.
The obligation handler can access the handler data from this object. attributes
- The attributes returned with the obligation.