com.ibm.sec.authz.jaccplus
Interface EvaluationContext
- public interface EvaluationContext
This is the interface to an evaluation context from which the authorization
engine can retrieve various context objects specific to each access request. It
is designed to function in a similar way to the javax.security.jacc.PolicyContext
defined by the JACC specification.
Each piece of context information is identified by a unique string. Instances of
the IEvaluationContextHandler
interface are registered to provide this
information.
The following context keys are defined:
- java.security.auth.Subject.container - Returns the Subject representing the currently authenticated user. The exact type of the returned Subject depends on the runtime environment.
- com.ibm.sec.auth.subjectx.SubjectAttributes.container - Returns a
ApplicationAttributes
object allowing access to attributes about the Subject. - com.ibm.sec.auth.subjectx.ResourceAttributes.container - Returns a
ApplicationAttributes
object allowing access to attributes about the Resource. - com.ibm.sec.auth.subjectx.ActionAttributes.container - Returns a
ApplicationAttributes
object allowing access to attributes about the Action. - com.ibm.sec.auth.subjectx.EnvironmnentAttributes.container - Returns a
ApplicationAttributes
object allowing access to attributes about the Environment. - com.ibm.sec.auth.subjectx.ObligationManager.container - Returns the
IObligationManager
object that allows handlers for XACML Obligations to be registered.
The Map<String, Object> returned from getHandlerData()
is a thread-
local map that passes information between the application code and the authorization
engine.
Once created re-use the instance of EvaluationContext for the life of the application and across threads.
Method Summary
Modifier and Type | Method and Description |
---|---|
|
getContext(java.lang.String key)
Given a key, returns the corresponding context object.
|
|
getHandlerData()
Gets the thread-scoped handler data object.
|
|
getKeys()
Returns the set of keys that this evaluation context can handle.
|
|
registerHandler(java.lang.String key,IEvaluationContextHandler handler,boolean replace)
This method registers a
PolicyContextHandler implementation for a particular
key.
|
Method Detail
getContext
- java.lang.Object getContext(java.lang.String key)
- throws PolicyContextException
key
- the key. java.lang.IllegalArgumentException
- - if a handler has not been
registered for the key or
the registered handler no
longer supports the key PolicyContextException
getKeys
- java.util.Set<java.lang.String> getKeys( )
getHandlerData
- java.util.Map<java.lang.String,java.lang.Object> getHandlerData( )
registerHandler
- void registerHandler(java.lang.String key,
- IEvaluationContextHandler handler,
- boolean replace)
- throws PolicyContextException
PolicyContextHandler
implementation for a particular
key. A single handler implementation can be registered to handle multiple keys.
key
- the key. handler
- the policy context handler implementation. replace
- this boolean value defines the behaviour of this method if,
when it is called, a policy context handler implementation
has already been registered to handle the same key.
In that case and if the value of this argument is true,
the existing handler is replaced with the argument handler.
If the value of this parameter is false, the existing registration is
preserved and an exception is thrown. PolicyContextException
- if an error occurs.