You can extend the com.novell.nam.nidp.risk.core.rules.Rule class to create a custom rule class. This class is available in risk-service-sdk.jar. This class must override the abstract method called evaluate() in the custom class. This method must contain the business logic for the custom rule and this method must return true if the rule condition is met. Else, the method must return false.
Class Details of com.novell.nam.nidp.risk.core.rules.Rule:
Authentication Methods |
Description |
---|---|
evaluate() |
Takes HTTPContext, LocationContext, DeviceContext, UserContext, and ResponseObject as its arguments. Example of using these classes are provided in the code below. Returns true if the rule evaluation is successful. If failed, false is returned and risk score is considered for this rule. |
isHistoricalDataEnabled() |
Returns true if historical data is enabled for the rule |
getName() |
Returns the name of the Rule inString |
getPriority() |
Returns the priority of the rule in integer. |
isExceptionRule() |
Returns true if this rule is a Privileged Rule. |
isRuleEnabled() |
Returns true if this rule is enabled |
isNATed() |
Returns true if Nat setting is enabled for this server |
setType() |
Takes String or List as argument. This is used as part of the constructor to inform the Risk Engine to get the type of History data this Rule needs |
clearType() |
Clears the Types set so far |
getType() |
Returns the List of Types set by this Rule |
isHistoryEnabled() |
Same as isHistoricalDataEnabled() |
getBoolean() |
Takes name of the property in String as argument and returns its boolean value. These are Rule properties set as part of the configuration. |
getProperty() |
Takes name of the Property in String and returns the value that is configured for this Rule in String |
getLong() |
Takes name of the property in String as argument and returns its long value. These are Rule properties set as part of the configuration. |
getInteger() |
Takes name of the property in String as argument and returns its int value. These are Rule properties set as part of the configuration. |
getClientIP() |
Takes HTTPContext & LocationContext as arguments and returns IP of the connecting client in String |
isServerNATed() |
Same as isNATed() |
isNegateResult() |
Returns true if negate results options is enabled for the rule |
getReturnValue() |
Evaluated result is passed to it and this applies isNegateResult on it |
getRiskScore() |
Returns the risk score assigned to this rule in int |
SaveOnSuccessfulAuth() |
Return true in your custom rule class, if you want to set a cookie back to the browser. You will need to write a small piece of code to set the cookie value. Example of this will be provided in this document. |
getRequiredAttributes() |
Override this method in your class. This must return Array of String of user attributes that is required for your rule to evaluate the risk. |
Class Details of com.novell.nam.nidp.risk.context.HTTPContext:
Authentication Methods |
Description |
---|---|
getM_HTTPHeaders() |
Returns the name/value map of http headers of the connecting client. |
getCookieValue() |
Returns the cookie value in string. Takes the cookie name as argument in string. |
Class Details of com.novell.nam.nidp.risk.context.LocationContext:
Authentication Methods |
Description |
---|---|
GetClientIPAddress() |
Returns the client IP from the Http Request object |
Class Details of com.novell.nam.nidp.risk.context.UserContext:
Authentication Methods |
Description |
---|---|
getUserLoginTimeStamp() |
Returns the long value of Clients login time. Its same value as returned by Calendar.getInstance().getTimeInMillis() |
get() |
Returns Object for the provided name. This could be Attribute of the user that was requested using getRequiredAttributes() or could be the History Record requested through setType() of Rule class. Examples of this method will be part of Custom Rule example codes. |
You can use the user session properties, which are set by a custom authentication class, as part of custom risk authentication rules. HTTPContext that is sent to the rule evaluation contains this information.
With the following code snippet, you can get the previously set session values by using a custom risk rule class:
Inside evaluate method,
public boolean evaluate(HTTPContext httpContext, LocationContext lContext, DeviceContext dContext, UserContext uContext, ResponseObject rspObject) { String email = (String)httpContext.getSessionContext().get("ExernalEmail"); // Continue evaluation. }