LDSTechForumProjects

ClientLib4J IPolicyClient Interface

As of clientlib4j version CD-OESv1-1.2+ the IPolicyClient interface provides the following methods. Note that all calls for fine grained permissions ultimately route through the arePermitted call which supports bulk requests. If the complete set of fine grained permissions is known for an application and http session caching is enabled for the SSOContextFilter then an application can choose to issue a single bulk call upon session creation for a user and all other calls to the interface including those from JSP or JSF Facelets tags will be answered out of cache thus improving performance.

Note the addition of the getToken method. This was added for applications that must perform server-side mashup of content obtained from other SSO protected resources. For such calls issued by the server the application is responsible for adding the SSO cookie via use of the getToken and getSsoCookieName returned values.

Note also that the CanonicalHelper class is now exposed directly through this interface making it accessible to all application code.

public interface IPolicyClient {
	/**
	 * Returns the value of the named attribute passed into a web application via custom headers
	 * from the policy agent as http traffic passes through it to the application or null if
	 * no such header is available.
     *
	 * @param header the policy header
     * @return the policy attribute or null if no policy attribute was found for the header
	 */
	public String getPolicyAttribute(PolicyHeader header);

	/**
	 * Returns true if the IPolicyClient instance represents a valid session. This
	 * call will not be cached and will be passed all the way to the backing
	 * web service if the client is an implementation that supports a sesion so 
	 * use with caution. 
	 */
	public boolean isSessionValid();
	
	/**
	 * Returns the name of the cookie used for identifying sso session state.
	 * This should not be necessary for most applications since the token is 
	 * extracted automatically and used internally. But for some serverside
	 * mashups where calls must be made to sso protected resources access to
	 * this cookie name is necessary to craft a suitable call to such a service.
	 * 
	 * @return the cookie name or null if not available.
	 * @throws IOException 
	 * @throws HttpException 
	 */
	public String getSsoCookieName() throws HttpException, IOException;
	
    /**
     * Returns the token extracted from the cookie used for identifying sso session state.
     * This should not be necessary for most applications since the token is 
     * extracted automatically and used internally. But for some serverside
     * mashups where calls must be made to sso protected resources access to
     * this value is necessary to craft a suitable call to such a service.
     * 
     * @return a token value or null if no session is in place.
     */
	public String getToken();
	
	/**
	 * Returns true if the user represented by the thread making the call is
	 * allowed to perform the indicated action on the indicated resource in the
	 * specified policy domain. This should only be used when evaluating policies
	 * domains distinct from the default domain set on  the {@link SsoContextFilter}.
	 * 
	 * @param action the HTTP action (GET, POST)
	 * @param resource the resource for the intended action
	 * @param domain the policy domain in which the policy is defined
	 * @return true if the action is permitted on the uri for the user
	 */
	public boolean isPermitted(String action, String resource, String domain);
	public boolean isPermitted(String action, String resource, String domain, Map<String, String> ctx);

	/**
	 * Returns true if the user represented by the thread making the call is
	 * allowed to perform the indicated action on the indicated resource in the
	 * default policy domain. If no policy domain was set on the {@link SsoContextFilter}
	 * then the domain defaults to an empty string.
	 * 
	 * @param action the HTTP action (GET, POST)
	 * @param resource the resource for the intended action
	 * @return true if the action is permitted on the uri for the user
	 */
	public boolean isPermitted(String action, String resource);
	public boolean isPermitted(String action, String resource, Map<String, String> ctx);
	
	/**
	 * Modifies the {@link ResourceAction#isPermitted()} value of each passed-in
	 * value according to configured policy for the resource, action, optional
	 * context, and current user.
	 * 
	 * @param pairs
	 */
	public void arePermitted(List<ResourceAction> pairs);

    public boolean hasPosition(PositionType position);

    /**
     * Returns a list of one or more {@link PositionType} objects representing
     * the positions held by a user or null if the user has no
     * positions.
     * 
     * @return
     */
    public List<PositionType> getPositions();
    
    /**
     * Returns a list of one or more {@link Assignment} objects
     * representing assignments held by a user or null if they have
     * no assignments.
     * 
     * @return
     */
    public List<Assignment> getAssignments();

    public int getUnitNumberForAssignment(PositionType... position);

    public UnitHierarchy getUnitHierarchy();

    public long getIndividualId();
    
    public CanonicalHelper getCanonicalHelper();
}
This page was last modified on 8 March 2011, at 13:32.

Note: Content found in this wiki may not always reflect official Church information. See Terms of Use.