Index
A
add(Permission) -
Method in class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection
ApplicationAttributes - Class in com.ibm.sec.authz.jaccplus
Manages the instances of
IAttributesHandler
for a
particular section of a request, such as Subject or Resource.
ApplicationAttributes() -
Constructor for class com.ibm.sec.authz.jaccplus.ApplicationAttributes
An implementation of
EvaluationContext
that requires the application
code to create and register an ApplicationSubject
instance representing
the currently authenticated user.
ApplicationEvaluationContext() -
Constructor for class com.ibm.sec.authz.jaccplus.ApplicationEvaluationContext
Construct a EvaluationContext instance.
An implementation of a
Principal
that represents a group by a string identifier.
ApplicationGroupPrincipal(String) -
Constructor for class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
ApplicationPermission - Class in com.ibm.sec.authz.jaccplus
The mechanism by which a resource identifier and an action identifier are passed
to the authorization engine for evaluation.
ApplicationPermission(String, String) -
Constructor for class com.ibm.sec.authz.jaccplus.ApplicationPermission
ApplicationPolicy - Class in com.ibm.sec.authz.jaccplus
The primary interface for invoking authorization decisions.
ApplicationPolicy(Properties) -
Constructor for class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Constructs a new instance of ApplicationPolicy using the passed configuration properties.
ApplicationPolicy() -
Constructor for class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Default Constructor.
ApplicationSubject - Class in com.ibm.sec.authz.jaccplus
The container for user ID and group information for use
with
ApplicationEvaluationContext
.
ApplicationSubject() -
Constructor for class com.ibm.sec.authz.jaccplus.ApplicationSubject
An
IEvaluationContextHandler
implementation for
the handling of the Subject and SubjectAttributes keys when
container security is not used.
ApplicationSubjectContext() -
Constructor for class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
An implementation of a
Principal
that represents a user by a string identifier.
ApplicationUserPrincipal(String) -
Constructor for class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
ATTR_ACTION_KEY -
Static variable in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
The context key for getting or registering an AttributesHandler for Action attributes.
ATTR_ENVIRONMENT_KEY -
Static variable in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
The context key for getting or registering an AttributesHandler for Environment attributes.
ATTR_RESOURCE_KEY -
Static variable in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
The context key for getting or registering an AttributesHandler for Resource attributes.
ATTR_SUBJECT_KEY -
Static variable in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
The context key for getting or registering an AttributesHandler for Subject attributes.
C
com.ibm.sec.authz.jaccplus - package com.ibm.sec.authz.jaccplus
This document is the API specification for JACCPlus.
An implementation of
EvaluationContext
for use when using the authenticated subject from a
a supported container such as WebSphere Application Server.
ContainerEvaluationContext() -
Constructor for class com.ibm.sec.authz.jaccplus.ContainerEvaluationContext
Constructs a ContainerEvaluationContext instance.
ContainerProperties - Class in com.ibm.sec.authz.jaccplus
An internal class.
D
Primarily used for passing to
ApplicationPolicy.implies( String, EvaluationContext, PermissionCollection)
,
and typically contains ApplicationPermission
objects.
DelegatedPermissionCollection() -
Constructor for class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection
E
elements() -
Method in class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection
equals(Object) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
equals(Object) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
equals(Object) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
equals(Object) -
Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
evaluate(Request, String) -
Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Makes the actual evaluation decision.
EvaluationContext - Interface in com.ibm.sec.authz.jaccplus
This is the interface to an evaluation context from which the authorization
engine can retrieve various context objects specific to each access request.
G
An implementation of
Permission
that can be used as a
holder for a role name.
GenericRoleRefPermission(String) -
Constructor for class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
getActions() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
getActions() -
Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
The getActions method is not supported for this Permission
type.
getAttribute(String, EvaluationContext) -
Method in interface com.ibm.sec.authz.jaccplus.IAttributesHandler
This method is used to retrieve all of the required attributes from the handler data.
getAttributes(String, EvaluationContext) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Gets all the values of the specified attribute identifier by calling all registered
instances of
IAttributesHandler
and collating the results.
getAuthenticationToken() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
This method gets the token used to authenticate.
getContent() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
Method used to retrieve the content Node from this instance.
getContext(String, Map<String, Object>) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
getContext(String) -
Method in interface com.ibm.sec.authz.jaccplus.EvaluationContext
Given a key, returns the corresponding context object.
getContext(String, Map<String, Object>) -
Method in interface com.ibm.sec.authz.jaccplus.IEvaluationContextHandler
Method to retrieve the context data for the passed key.
getEntitlements(EntitlementRequest, String) -
Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Makes an entitlements call.
getGroupPrincipals() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
Gets the principals representing the groups of this subject.
getHandlerData() -
Method in interface com.ibm.sec.authz.jaccplus.EvaluationContext
Gets the thread-scoped handler data object.
getKeys() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
getKeys() -
Method in interface com.ibm.sec.authz.jaccplus.EvaluationContext
Returns the set of keys that this evaluation context can handle.
getKeys() -
Method in interface com.ibm.sec.authz.jaccplus.IEvaluationContextHandler
Method to return a list of all the keys supported by this handler.
getName() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
getName() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
getObligationHandler(String) -
Method in interface com.ibm.sec.authz.jaccplus.IObligationManager
Method for retrieving all of the registered handlers from the context.
getObligationHandler(String) -
Method in class com.ibm.sec.authz.jaccplus.ObligationManager
getPermissions(CodeSource) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Implementation of the
Policy
getPermissions() implementation.
getPermissions(String, EvaluationContext, Class<?>) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Calculates the set of entitlements, in the form of Permission objects, to which the current user
(as specified in the EvaluationContext) has access to.
getPolicy() -
Static method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Gets the singleton instance of ApplicationPolicy.
getProperties() -
Static method in class com.ibm.sec.authz.jaccplus.ContainerProperties
getSupportedAttributes() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Method used to retrieve all of the attribute identifiers that all registered
IAttributesHandler
implementations can retrieve.
getSupportedAttributes() -
Method in interface com.ibm.sec.authz.jaccplus.IAttributesHandler
Retrieves all of the attributes that this handler implementation can provide.
getUserPrincipal() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
Gets the principal representing the user identity for this subject.
H
handleObligation(String, boolean, EvaluationContext, Map<String, Object>) -
Method in interface com.ibm.sec.authz.jaccplus.IContextObligationHandler
This method is invoked when an obligation is received
in a response from the authorization engine.
hashCode() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
hashCode() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
hashCode() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
hashCode() -
Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
I
IAttributesHandler - Interface in com.ibm.sec.authz.jaccplus
This interface implements handlers that retrieve attributes for
runtime evaluation decisions.
IAuthzProvider - Interface in com.ibm.sec.authz.jaccplus
This is an internal interface.
IContextObligationHandler - Interface in com.ibm.sec.authz.jaccplus
This class provides the interface to registered obligation handlers in an
application context.
IEvaluationContextHandler - Interface in com.ibm.sec.authz.jaccplus
This class provides the interface to various handlers of context data.
implies(Permission) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
This Permission implies another if the other Permission is also an ApplicationPermission
and has name and action the same.
implies(ProtectionDomain, Permission) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Implementation of the
Policy
implies() method.
implies(String, EvaluationContext, Permission) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
This method evaluates the passed Permission against the the policy for the passed in context identifier.
implies(String, EvaluationContext, PermissionCollection) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
This method evaluates the given set of Permissions against the policy specified by the context
identifier passed.
implies(Permission) -
Method in class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection
implies(Permission) -
Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
This permission implies another, if the other permission is also a GenericRoleRefPermission
and has an equal name (ie role).
IObligationManager - Interface in com.ibm.sec.authz.jaccplus
This class provides the interface to the Obligations manager for obligation support.
L
lockPolicy(String) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Locks the policy underlying this context to ensure that multiple calls
to implies() are evaluated against the same policy.
lockPolicy(String) -
Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Locks the policy for the given context so that a series of evaluate()
requests are evaluated against the same policy.
O
OBLIGATION_MANAGER_KEY -
Static variable in interface com.ibm.sec.authz.jaccplus.IObligationManager
The context key for storing the handlers in the container.
ObligationManager - Class in com.ibm.sec.authz.jaccplus
An implementation of the
IObligationManager
interface.
ObligationManager() -
Constructor for class com.ibm.sec.authz.jaccplus.ObligationManager
R
refresh() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Refreshes, or reloads, the policy that makes access decisions.
refresh() -
Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Refreshes the underlying policy.
registerHandler(String, IAttributesHandler) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Method used to register a particular
IAttributesHandler
to retrieve
a specific attribute identifier.
registerHandler(IAttributesHandler) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Method used to register an
IAttributesHandler
to retrieve all
attributes it supports.
registerHandler(String, IEvaluationContextHandler, boolean) -
Method in interface com.ibm.sec.authz.jaccplus.EvaluationContext
This method registers a
PolicyContextHandler
implementation for a particular
key.
registerObligationHandler(String, IContextObligationHandler) -
Method in interface com.ibm.sec.authz.jaccplus.IObligationManager
Method for adding Obligation handlers to the context.
registerObligationHandler(String, IContextObligationHandler) -
Method in class com.ibm.sec.authz.jaccplus.ObligationManager
removePermission(Permission) -
Method in class com.ibm.sec.authz.jaccplus.DelegatedPermissionCollection
This method removes the given Permission from the collection.
S
setAuthenticationToken(Element) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
This method sets the token used to authenticate this Subject.
setContent(Node) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPermission
Method used to set the content Node for this instance.
setGroupPrincipals(Principal[]) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
Sets the group principals for this subject.
setUserPrincipal(Principal) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationSubject
Sets the principal representing the user identity for this subject.
shutdown() -
Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Called on JACC cleanup().
startup() -
Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Called on JACC initialization (if used as a JACC provider) or before
the first authorization request.
SUBJECT_ATTRIBUTES_KEY -
Static variable in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
SUBJECT_KEY -
Static variable in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
supports(String) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationAttributes
Method used to determine if an attribute identifier can be retrieved
from any registered handlers.
supports(String) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationSubjectContext
supports(String) -
Method in interface com.ibm.sec.authz.jaccplus.IAttributesHandler
Checks whether or not this handler implementation can provide this attribute.
supports(String) -
Method in interface com.ibm.sec.authz.jaccplus.IEvaluationContextHandler
Method to find out if this handler instance can
retrieve the context data for the given key.
supportsObligation(String) -
Method in interface com.ibm.sec.authz.jaccplus.IObligationManager
Method for checking if whether or not this handler implementation can
retrieve an attribute.
supportsObligation(String) -
Method in class com.ibm.sec.authz.jaccplus.ObligationManager
T
toString() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationGroupPrincipal
toString() -
Method in class com.ibm.sec.authz.jaccplus.ApplicationUserPrincipal
toString() -
Method in class com.ibm.sec.authz.jaccplus.GenericRoleRefPermission
U
unlockPolicy(String) -
Method in class com.ibm.sec.authz.jaccplus.ApplicationPolicy
Unlocks the policy underlying this context, so that the policy to be refreshed
if any updates are pending.
unlockPolicy(String) -
Method in interface com.ibm.sec.authz.jaccplus.IAuthzProvider
Unlocks the policy for the given context.