Source code

001package com.identityworksllc.iiq.common.access;
002
003import java.util.Map;
004
005/**
006 * Constants for the DelegatedAccess classes
007 */
008public class DelegatedAccessConstants {
009    public static final String ACCESS_ACCOUNT = "account";
010    public static final String ACCESS_BUTTON = "button";
011    public static final String ACCESS_EDIT = "edit";
012    public static final String ACCESS_FIELD = "field";
013    public static final String ACCESS_VIEW = "view";
014    public static final String ACCESS_VIEW_ACCOUNT = "view:account";
015    public static final String ACCESS_VIEW_ACCOUNT_FIELD = "view:account:field";
016    public static final String ACCESS_VIEW_FIELD = "view:field";
017
018    /**
019     * The audit event for an access check
020     */
021    public static final String AUDIT_DA_CHECK = "daCanSeeIdentity";
022
023    /**
024     * Indicates that particular actions (purposes) should be bypassed, invoking
025     * their native security checks instead of the DA check.
026     */
027    public static final String CONFIG_BYPASS_ACTIONS = "_bypassActions";
028
029    /**
030     * The System Config entry indicating the access check cache time
031     */
032    public static final String CONFIG_DA_CACHE_TIMEOUT = "IIQCommon.DelegatedAccessController.CacheTimeoutMillis";
033
034    /**
035     * The System Config entry indicating the name of the Delegated Access config
036     */
037    public static final String CONFIG_DELEGATED_ACCESS = "IIQCommon.DelegatedAccessController.Configuration";
038
039    /**
040     * The action being performed, whose access is being checked
041     */
042    public static final String INPUT_ACTION = "action";
043
044    /**
045     * The configuration object for the DA check; probably a Common Security map
046     */
047    public static final String INPUT_CONFIG = "config";
048
049    /**
050     * The IIQ context
051     */
052    public static final String INPUT_CONTEXT = "context";
053
054    /**
055     * The plugin resource, or a fake one, used for Identity-level security checking
056     */
057    public static final String INPUT_PLUGIN_RESOURCE = "pluginResource";
058
059    /**
060     * The target Identity object, if one exists
061     */
062    public static final String INPUT_TARGET = "target";
063
064    /**
065     * The target thing name
066     */
067    public static final String INPUT_THING_NAME = "name";
068
069    /**
070     * A constant indicating the return value from {@link DelegatedAccessAdapter#apply(Map)}
071     * when the access is allowed.
072     */
073    public static final boolean OUTCOME_ALLOWED = false;
074
075    /**
076     * A constant indicating the return value from {@link DelegatedAccessAdapter#apply(Map)}
077     * when the access is NOT allowed.
078     */
079    public static final boolean OUTCOME_DENIED = true;
080
081    /**
082     * The divider between all tokens
083     */
084    public static final String TOKEN_DIVIDER = ":";
085
086    private DelegatedAccessConstants() {}
087}