com.ibm.tscc.rtss.authz.api
Interface IExternalFinder
- public interface IExternalFinder
Is the mechanism by which attributes can be provided to the request context using custom code. This interface is usually implemented to retrieve information from external data sources.
For example, a custom web service client can be generated to call an Enterprise Service Bus and retrieve information about the current resource being accessed.
As an implementation of this interface usually calls the RequestContext to retrieve attributes about the current user or resource, it is possible for one implementation to trigger a call to another implementation of IExternalFinder. Avoid infinite loops in this case.
Since:
7.1.0.1
See Also:
Nested Class Summary
Modifier and Type | Interface and Description |
---|---|
|
IExternalFinder.RequestSection
Defines the sections of an XACML request.
|
Field Summary
Modifier and Type | Field and Description |
---|---|
|
PROP_ENABLED
|
|
PROP_ID
|
|
PROP_RETURN_ATTRIBUTE_ID
|
|
PROP_RETURN_SECTION
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
getActionAttributes(RequestContext context,java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to get action attributes.
|
|
getEnvironmentAttributes(RequestContext context,java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to get environment attributes.
|
|
getResourceAttributes(RequestContext context,java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to get resource attributes.
|
|
getSubjectAttributes(RequestContext context,java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer,java.lang.String subjectCategory)
Called to get subject attributes.
|
|
hasActionAttributes(java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to determine if this attribute finder supports getting action attributes for the current
attributeId, dataType and issuer.
|
|
hasEnvironmentAttributes(java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to determine if this attribute finder supports getting environment attributes for the current
attributeId, dataType and issuer.
|
|
hasResourceAttributes(java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer)
Called to determine if this attribute finder supports getting resource attributes for the current
attributeId, dataType and issuer.
|
|
hasSubjectAttributes(java.lang.String attributeId,java.lang.String dataType,java.lang.String issuer,java.lang.String subjectCategory)
Called to determine if this attribute finder supports getting subject attributes for the current
attributeId, dataType and issuer.
|
|
init(java.util.Properties props)
Called during startup of Tivoli Runtime Security Services.
|
Field Detail
PROP_ENABLED
- static final java.lang.String PROP_ENABLED
See Also:
PROP_ID
- static final java.lang.String PROP_ID
See Also:
PROP_RETURN_ATTRIBUTE_ID
- static final java.lang.String PROP_RETURN_ATTRIBUTE_ID
See Also:
PROP_RETURN_SECTION
- static final java.lang.String PROP_RETURN_SECTION
See Also:
Method Detail
init
- void init(java.util.Properties props)
Called during startup of Tivoli Runtime Security Services. The Properties passed are from the
Tivoli Runtime Security Services configuration file.
Parameters:
props
- properties read from the configuration file. getActionAttributes
- java.util.List<Attribute> getActionAttributes( RequestContext context,
- java.lang.String attributeId,
- java.lang.String dataType,
- java.lang.String issuer)
Called to get action attributes. This method is called
when the
hasActionAttributes
method returns true.
Parameters:
context
- object to get access to information in the current request. attributeId
- the id of the attribute to find. dataType
- the data type of the attribute to find. issuer
- the name of the issuer associated with this attribute finder call. Returns:
list of attributes to return. If multiple values exist for an attribute,
then multiple
Attribute
objects with the same name are created and returned
in the list. getEnvironmentAttributes
- java.util.List<Attribute> getEnvironmentAttributes( RequestContext context,
- java.lang.String attributeId,
- java.lang.String dataType,
- java.lang.String issuer)
Called to get environment attributes. This method is called
when the
hasEnvironmentAttributes
method returns true.
Parameters:
context
- object to get access to information in the current request. attributeId
- the id of the attribute to find. dataType
- the data type of the attribute to find. issuer
- the name of the issuer associated with this attribute finder call. Returns:
list of attributes to return. If multiple values exist for an attribute,
then multiple
Attribute
objects with the same name are created and returned
in the list. getResourceAttributes
- java.util.List<Attribute> getResourceAttributes( RequestContext context,
- java.lang.String attributeId,
- java.lang.String dataType,
- java.lang.String issuer)
Called to get resource attributes. This method is called
when the
hasResourceAttributes
method returns true.
Parameters:
context
- object to get access to information in the current request. attributeId
- the id of the attribute to find. dataType
- the data type of the attribute to find. issuer
- the name of the issuer associated with this attribute finder call. Returns:
list of attributes to return. If multiple values exist for an attribute,
then multiple
Attribute
objects with the same name are created and returned
in the list. getSubjectAttributes
- java.util.List<Attribute> getSubjectAttributes( RequestContext context,
- java.lang.String attributeId,
- java.lang.String dataType,
- java.lang.String issuer,
- java.lang.String subjectCategory)
Called to get subject attributes. This method is called
when the
hasSubjectAttributes
method returns true.
Parameters:
context
- object to get access to information in the current request. attributeId
- the id of the attribute to find. dataType
- the data type of the attribute to find. issuer
- the name of the issuer associated with this attribute finder call. Returns:
list of attributes to return. If multiple values exist for an attribute,
then multiple
Attribute
objects with the same name are created and returned
in the list. hasActionAttributes
- boolean hasActionAttributes(java.lang.String attributeId,
- java.lang.String dataType,
- java.lang.String issuer)
Called to determine if this attribute finder supports getting action attributes for the current
attributeId, dataType and issuer.
Parameters:
attributeId
- the id of the attribute to find. dataType
- the data type of the attribute to find. issuer
- the name of the issuer associated with this attribute finder call. Returns:
boolean
hasEnvironmentAttributes
- boolean hasEnvironmentAttributes( java.lang.String attributeId,
- java.lang.String dataType,
- java.lang.String issuer)
Called to determine if this attribute finder supports getting environment attributes for the current
attributeId, dataType and issuer.
Parameters:
attributeId
- the id of the attribute to find. dataType
- the data type of the attribute to find. issuer
- the name of the issuer associated with this attribute finder call. Returns:
boolean
hasResourceAttributes
- boolean hasResourceAttributes(java.lang.String attributeId,
- java.lang.String dataType,
- java.lang.String issuer)
Called to determine if this attribute finder supports getting resource attributes for the current
attributeId, dataType and issuer.
Parameters:
attributeId
- the id of the attribute to find. dataType
- the data type of the attribute to find. issuer
- the name of the issuer associated with this attribute finder call. Returns:
boolean
hasSubjectAttributes
- boolean hasSubjectAttributes(java.lang.String attributeId,
- java.lang.String dataType,
- java.lang.String issuer,
- java.lang.String subjectCategory)
Called to determine if this attribute finder supports getting subject attributes for the current
attributeId, dataType and issuer.
Parameters:
attributeId
- the id of the attribute to find. dataType
- the data type of the attribute to find. issuer
- the name of the issuer associated with this attribute finder call. Returns:
boolean