PolicyCondition Interface

Apex interface that allows an implementing class to specify actions to take when certain events occur based on a transaction security policy.

Namespace

TxnSecurity

Usage

The evaluate method is called upon the occurrence of an event monitored by a transaction security policy. A typical implementation first selects the item of interest from the event. Then the item is tested to see if it meets the condition being monitored. If the condition is met, the method returns true.

For example, imagine a transaction security policy that checks for the same user logging in more than once. For each login event, the method would check if the user logging in already has a login session in progress, and if so, true is returned.

PolicyCondition Methods

The following is the method for PolicyCondition.

evaluate(event)

Evaluates an event against a transaction security policy. If the event triggers the policy, true is returned.

Signature

public Boolean evaluate(TxnSecurity.Event event)

Parameters

event
Type: TxnSecurity.Event
The event to check against the transaction security policy.

Return Value

Type: Boolean

When the policy is triggered, True is returned. For example, let’s suppose the policy is to limit users to a single login session. If anyone tries to log in a second time, the policy’s action requires that they end their current session. The policy also sends an email notification to the Salesforce admin. The evaluate() method only checks the login event, and returns True if it’s the user’s second login. The Transaction Security system performs the action and notification, and not the evaluate() method.

PolicyCondition Example Implementation

This sample is an example implementation of the TxnSecurity.PolicyCondition interface. This example implements a policy that triggers when there’s a login from localhost.

global class BlockLocalhostCondition implements TxnSecurity.PolicyCondition {

  public boolean evaluate(TxnSecurity.Event e) {
    // Get the IP address.
    String sourceIp = e.data.get('SourceIp');
    // If it’s localhost the policy is triggered and true is returned.
    if(sourceIp != null && sourceIp.equals('127.0.0.1')){
      return true; 
    } else {
      return false;
    }
  }
}

The following example tests the implementation:

@isTest
public class TestLogin {
  public static testMethod void testLocalhostLogin() {
    Map<String, String> eventData = new Map<String, String>();

    /* Insert localhost IP address into the event data map */
    eventData.put('SourceIp', '127.0.0.1');

    TxnSecurity.Event e = new TxnSecurity.Event(
         '00Dxxx123123123' /* organizationId */,
         '005xxx123123123'/* userId */,
         'AuthSession' /* entityName */ ,
         'Login' /* action */,
         'LoginHistory' /* resourceType */,
         '01pR00000009D2H' /* entityId */,
          Datetime.newInstance(2015, 9, 15) /* timeStamp */,
          eventData /* data - Map containing information about the event */ );

    /* We are unit testing a PolicyCondition that triggers
       when an event is generated from localhost */
    BlockLocalhostCondition condition = new BlockLocalhostCondition();

    /* Assert that the condition is triggered */
    System.assertEquals(true, condition.evaluate(e));
  }

  public static testMethod void testNonLocalhostLogin() {
    Map<String, String> eventData = new Map<String, String>();

    /* Insert non-localhost IP address into the event data map */
    eventData.put('SourceIp', '1.1.1.1');

    TxnSecurity.Event e = new TxnSecurity.Event(
         '00Dxxx123123123' /* organizationId */,
         '005xxx123123123'/* userId */,
         'AuthSession' /* entityName */ ,
         'Login' /* action */,
         'LoginHistory' /* resourceName */,
         '01pR00000009D2H' /* entityId */,
          Datetime.newInstance(2015, 9, 15) /* timeStamp */,
          eventData /* data - Map containing information about the event */ );

    /* We are unit testing a PolicyCondition that triggers
       when an event is generated from localhost */
    BlockLocalhostCondition condition = new BlockLocalhostCondition();

    /* Assert that the condition is NOT triggered */
    System.assertEquals(false, condition.evaluate(e));
  }
}