ActiveExpression (CA SiteMinder SDK r12.51)

Overview

Package

Class

Tree

Deprecated

Index

Help

SiteMinder
Java SDK r12.51

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.netegrity.policyserver.smapi
Interface ActiveExpression

public interface ActiveExpression

The base interface in the Java Authorization API that each class providing custom authorization functionality must implement. SiteMinder calls the methods in the custom class.

The Java Authorization API lets you implement custom functionality for controlling access to protected resources. The functionality is provided through custom Java classes that are referenced in Policy Server active expressions. An active expression is a string of variable definitions that appears in the following Policy Server objects:

Active policy
Active response
Active rule

For detailed information about active expressions, see Active Expressions in the Programming Guide to Java.

Other classes in the Java Authorization API:

In addition, the Java Authorization API uses the following common classes. These classes are available to both the Java Authentication API and the Java Authorization API.

Note: Classes that implement ActiveExpression should be implemented on a stateless model that does not depend on instance state stored in member variables of the ActiveExpression class.

Since:: SDK 6.0

Method Summary
`int`	`init(APIContext context)` Performs any initialization procedures that the custom Java class requires.
`java.lang.String`	`invoke(ActiveExpressionContext context, java.lang.String parameter)` Performs the custom authorization functionality in the `ActiveExpression` object and returns a result.
`int`	`release(APIContext context)` Performs any rundown procedures that the `ActiveExpression` object requires.

Method Detail

init

int init(APIContext context)
         throws java.lang.Exception

Performs any initialization procedures that the custom Java class requires.

SiteMinder calls this method once per instance of the custom ActiveExpression class.

Parameters:: context - A context object that includes access to AppSpecificContext. It also provides methods for sending log, trace, and error messages to the Policy Server.
Returns:: 0 if initialization succeeded, or -1 if an error occurred.
Throws:: java.lang.Exception

invoke

java.lang.String invoke(ActiveExpressionContext context,
                        java.lang.String parameter)
                        throws java.lang.Exception

Performs the custom authorization functionality in the ActiveExpression object and returns a result.

Parameters:

context - A context object that includes access to AppSpecificContext. This object also provides methods for sending log, trace, and error messages to the Policy Server.

parameter - The optional parameter string specified in the Policy Server User Interface, used in any way that the custom class requires.

Returns:

The result of the custom authorization operation. SiteMinder interprets the result according to the type of active expression that references the custom Java class, as follows:

Active Policy. If the result returned is an empty string or if an exception is thrown, authorization is denied.
The policy does not fire if the result returned matches any of the following strings (not case-sensitive): FALSE, F, or 0. Any other result causes the policy to fire.
Active Rule. If the result returned is an empty string or if an exception is thrown, the following behavior occurs:
- With Allow Access rules, the rule does not fire.
- With Deny Access rules, the rule fires.
Otherwise, the behavior is the same as for Active Policies.
Active Response. The result is a string that corresponds to a response attribute. How SiteMinder interprets the result string is determined by the response attribute specified in the Policy Server User Interface. For example:
- WebAgent-OnReject-Redirect. SiteMinder expects the result string to specify a location, such as a URL, to redirect a user who is denied access to a resource.
- WebAgent-HTTP-Cookie-Variable. SiteMinder expects that the result string, such as the user’s common name, is to be assigned to a cookie variable. You can use the result string any way you like, such as to display the user’s common name to personalize a form. For more information about resonse attributes, see the chapter "Using SiteMinder with Web Applications" in the CA eTrust SiteMinder Agent Guide.

If the method fails (that is, returns -1 or 0), the response attribute is ignored.

Throws:

java.lang.Exception

release

int release(APIContext context)
            throws java.lang.Exception

Performs any rundown procedures that the ActiveExpression object requires.

SiteMinder calls this method once for each instance of an ActiveExpression class, when SiteMinder is shutting down.

Parameters:: context - A context object that includes access to AppSpecificContext. It also provides methods for sending log, trace, and error messages to the Policy Server.
Returns:: 0 if shutdown succeeded, or -1 if an error occurred.
Throws:: java.lang.Exception