Purpose of EntitlementSubject.isIdentity

This topic has 3 replies, 2 voices, and was last updated 7 years ago by Peter Major.

  • Author
  • #5500

    We are developing a custom subject condition by implementing the EntitlementSubject interface. The one method on the interface whose meaning is not entirely clear is ‘isIdentity()’. Could someone please explain when we should return true vs. false for ‘isIdentity()’, and how the return value affects policy editing vs. policy evaluation.

     Peter Major

    Looks like that method doesn’t serve much purpose.. Just return true in your impl and that should get you going.


    Out of curiosity, if the method serves no purpose, why do we get a “JSON string is invalid” if we try to save a policy with one or more subject conditions that just return “false” from isIdentity()?

     Peter Major

    Because of this:

        void validateSubject(EntitlementSubject sbj)
            throws EntitlementException {
            if (sbj == null) {
                sbj = NOT_SUBJECT;
            } else if (!sbj.isIdentity()) {
                Object[] params = {name};
                throw new EntitlementException(310, params);

    The method isn’t really used elsewhere, not sure why we have it.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?