com.ibm.tscc.rtss.authz.api

Interface IExternalFinder


  1. public interface IExternalFinder

Is the mechanism by which attributes can be provided to the request context using custom code. This interface is usually implemented to retrieve information from external data sources.

For example, a custom web service client can be generated to call an Enterprise Service Bus and retrieve information about the current resource being accessed.

As an implementation of this interface usually calls the RequestContext to retrieve attributes about the current user or resource, it is possible for one implementation to trigger a call to another implementation of IExternalFinder. Avoid infinite loops in this case.

Since:
7.1.0.1
See Also:
RequestContext, AttributeFactory, Attribute

Nested Class Summary

Modifier and Type Interface and Description
  1. static class
IExternalFinder.RequestSection
Defines the sections of an XACML request.

Field Summary

Modifier and Type Field and Description
  1. static
  2. java.lang.String
PROP_ENABLED
  1. static
  2. java.lang.String
PROP_ID
  1. static
  2. java.lang.String
PROP_RETURN_ATTRIBUTE_ID
  1. static
  2. java.lang.String
PROP_RETURN_SECTION

Method Summary

Modifier and Type Method and Description
  1. java.util.List<Attribute>
getActionAttributes(RequestContext context,java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to get action attributes.
  1. java.util.List<Attribute>
getEnvironmentAttributes(RequestContext context,java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to get environment attributes.
  1. java.util.List<Attribute>
getResourceAttributes(RequestContext context,java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to get resource attributes.
  1. java.util.List<Attribute>
getSubjectAttributes(RequestContext context,java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer,java.lang.String subjectCategory)
Called to get subject attributes.
  1. boolean
hasActionAttributes(java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to determine if this attribute finder supports getting action attributes for the current attributeId, dataType and issuer.
  1. boolean
hasEnvironmentAttributes(java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to determine if this attribute finder supports getting environment attributes for the current attributeId, dataType and issuer.
  1. boolean
hasResourceAttributes(java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to determine if this attribute finder supports getting resource attributes for the current attributeId, dataType and issuer.
  1. boolean
hasSubjectAttributes(java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer,java.lang.String subjectCategory)
Called to determine if this attribute finder supports getting subject attributes for the current attributeId, dataType and issuer.
  1. void
init(java.util.Properties props)
Called during startup of Tivoli Runtime Security Services.

Field Detail

PROP_ENABLED

  1. static final java.lang.String PROP_ENABLED
See Also:

PROP_ID

  1. static final java.lang.String PROP_ID
See Also:

PROP_RETURN_ATTRIBUTE_ID

  1. static final java.lang.String PROP_RETURN_ATTRIBUTE_ID
See Also:

PROP_RETURN_SECTION

  1. static final java.lang.String PROP_RETURN_SECTION
See Also:

Method Detail

init

  1. void init(java.util.Properties props)
Called during startup of Tivoli Runtime Security Services. The Properties passed are from the Tivoli Runtime Security Services configuration file.
Parameters:
props - properties read from the configuration file.

getActionAttributes

  1. java.util.List<Attribute> getActionAttributes( RequestContext context,
  2. java.lang.String attributeId,
  3. java.lang.String dataType,
  4. java.lang.String issuer)
Called to get action attributes. This method is called when the hasActionAttributes method returns true.
Parameters:
context - object to get access to information in the current request.
attributeId - the id of the attribute to find.
dataType - the data type of the attribute to find.
issuer - the name of the issuer associated with this attribute finder call.
Returns:
list of attributes to return. If multiple values exist for an attribute, then multiple Attribute objects with the same name are created and returned in the list.

getEnvironmentAttributes

  1. java.util.List<Attribute> getEnvironmentAttributes( RequestContext context,
  2. java.lang.String attributeId,
  3. java.lang.String dataType,
  4. java.lang.String issuer)
Called to get environment attributes. This method is called when the hasEnvironmentAttributes method returns true.
Parameters:
context - object to get access to information in the current request.
attributeId - the id of the attribute to find.
dataType - the data type of the attribute to find.
issuer - the name of the issuer associated with this attribute finder call.
Returns:
list of attributes to return. If multiple values exist for an attribute, then multiple Attribute objects with the same name are created and returned in the list.

getResourceAttributes

  1. java.util.List<Attribute> getResourceAttributes( RequestContext context,
  2. java.lang.String attributeId,
  3. java.lang.String dataType,
  4. java.lang.String issuer)
Called to get resource attributes. This method is called when the hasResourceAttributes method returns true.
Parameters:
context - object to get access to information in the current request.
attributeId - the id of the attribute to find.
dataType - the data type of the attribute to find.
issuer - the name of the issuer associated with this attribute finder call.
Returns:
list of attributes to return. If multiple values exist for an attribute, then multiple Attribute objects with the same name are created and returned in the list.

getSubjectAttributes

  1. java.util.List<Attribute> getSubjectAttributes( RequestContext context,
  2. java.lang.String attributeId,
  3. java.lang.String dataType,
  4. java.lang.String issuer,
  5. java.lang.String subjectCategory)
Called to get subject attributes. This method is called when the hasSubjectAttributes method returns true.
Parameters:
context - object to get access to information in the current request.
attributeId - the id of the attribute to find.
dataType - the data type of the attribute to find.
issuer - the name of the issuer associated with this attribute finder call.
Returns:
list of attributes to return. If multiple values exist for an attribute, then multiple Attribute objects with the same name are created and returned in the list.

hasActionAttributes

  1. boolean hasActionAttributes(java.lang.String attributeId,
  2. java.lang.String dataType,
  3. java.lang.String issuer)
Called to determine if this attribute finder supports getting action attributes for the current attributeId, dataType and issuer.
Parameters:
attributeId - the id of the attribute to find.
dataType - the data type of the attribute to find.
issuer - the name of the issuer associated with this attribute finder call.
Returns:
boolean

hasEnvironmentAttributes

  1. boolean hasEnvironmentAttributes( java.lang.String attributeId,
  2. java.lang.String dataType,
  3. java.lang.String issuer)
Called to determine if this attribute finder supports getting environment attributes for the current attributeId, dataType and issuer.
Parameters:
attributeId - the id of the attribute to find.
dataType - the data type of the attribute to find.
issuer - the name of the issuer associated with this attribute finder call.
Returns:
boolean

hasResourceAttributes

  1. boolean hasResourceAttributes(java.lang.String attributeId,
  2. java.lang.String dataType,
  3. java.lang.String issuer)
Called to determine if this attribute finder supports getting resource attributes for the current attributeId, dataType and issuer.
Parameters:
attributeId - the id of the attribute to find.
dataType - the data type of the attribute to find.
issuer - the name of the issuer associated with this attribute finder call.
Returns:
boolean

hasSubjectAttributes

  1. boolean hasSubjectAttributes(java.lang.String attributeId,
  2. java.lang.String dataType,
  3. java.lang.String issuer,
  4. java.lang.String subjectCategory)
Called to determine if this attribute finder supports getting subject attributes for the current attributeId, dataType and issuer.
Parameters:
attributeId - the id of the attribute to find.
dataType - the data type of the attribute to find.
issuer - the name of the issuer associated with this attribute finder call.
Returns:
boolean