com.ibm.sec.authz.jaccplus

Interface IContextObligationHandler


  1. public interface IContextObligationHandler

This class provides the interface to registered obligation handlers in an application context. Registered handlers need to implement this interface to return the obligations in the application context. Obligations are handled via registered obligation handlers.

Obligations define actions that must be performed before access can be granted; or actions that must be performed along with a deny decision. Defined in the policy, such actions may include "audit this information before granting access" or "deny access and send an email to a security officer."


Method Summary

Modifier and Type Method and Description
  1. void
handleObligation(java.lang.String obligationId,boolean implied,EvaluationContext context,java.util.Map<java.lang.String,java.lang.Object> attributes)
This method is invoked when an obligation is received in a response from the authorization engine.

Method Detail

handleObligation

  1. void handleObligation(java.lang.String obligationId,
  2. boolean implied,
  3. EvaluationContext context,
  4. java.util.Map<java.lang.String,java.lang.Object> attributes)
This method is invoked when an obligation is received in a response from the authorization engine.
Parameters:
obligationId - The string identifier of the obligation.
implied - Whether the evaluation returned permit (true) or deny (false).
context - The evaluation context passed to the initial {@link ApplicationPolicy#implies(String, EvaluationContext, java.security.Permission) call. The obligation handler can access the handler data from this object.
attributes - The attributes returned with the obligation.