Package com.ibm.security.access.extension.authz

Interface ObligationHandler

public interface ObligationHandler

A server side obligation handler object.

Method Summary

Modifier and Type	Method	Description
boolean	handleObligation(String obligationId, Map<String,Object> attributes, RequestContext context, boolean responseDecision)	Invoked when an authorization decision contains an obligation that is mapped to this handler.
void	shutdown()	Called on system shutdown or re-initialization of the Verify Identity Access runtime.
void	startup(Properties props)	Called on initialization.

Method Details

startup

void startup(Properties props)

Called on initialization. The Properties passed are from the obligation handler configuration.

Parameters:

props - properties read from the configuration file.

shutdown

void shutdown()

Called on system shutdown or re-initialization of the Verify Identity Access runtime. Enables the plugin to clean up.

handleObligation

boolean handleObligation(String obligationId,
 Map<String,Object> attributes,
 RequestContext context,
 boolean responseDecision)
                  throws ObligationHandlerException

Invoked when an authorization decision contains an obligation that is mapped to this handler.

Parameters:

obligationId - The ID of the obligation.

attributes - The attributes defined in the obligation.

context - The current request context.

responseDecision - The current response decision. This is set to true if the policy evaluation had returned permit, false if the policy evaluation had returned deny.

Returns:

True if the obligation was handled, false if not. If true is returned then this obligation is removed from the response and is not returned to the policy enforcement point. If false is returned then this obligation is not removed from the response.

Throws:

ObligationHandlerException - If this method throws an exception then an INDETERMINATE decision is sent to the PEP.