Purpose of EntitlementSubject.isIdentity

This topic has 3 replies, 2 voices, and was last updated 7 years ago by Peter Major.

  • Author
    Posts
  • #5500
     seth.zurborg
    Participant

    We are developing a custom subject condition by implementing the EntitlementSubject interface. The one method on the interface whose meaning is not entirely clear is ‘isIdentity()’. Could someone please explain when we should return true vs. false for ‘isIdentity()’, and how the return value affects policy editing vs. policy evaluation.

    #5507
     Peter Major
    Moderator

    Looks like that method doesn’t serve much purpose.. Just return true in your impl and that should get you going.

    #5512
     seth.zurborg
    Participant

    Out of curiosity, if the method serves no purpose, why do we get a “JSON string is invalid” if we try to save a policy with one or more subject conditions that just return “false” from isIdentity()?

    #5513
     Peter Major
    Moderator

    Because of this:

        void validateSubject(EntitlementSubject sbj)
            throws EntitlementException {
            if (sbj == null) {
                sbj = NOT_SUBJECT;
            } else if (!sbj.isIdentity()) {
                Object[] params = {name};
                throw new EntitlementException(310, params);
            }
        }

    The method isn’t really used elsewhere, not sure why we have it.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?