|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.glite.security.authz.SimpleServicePDP
Simple ServicePDP implementation allowing role permissions and blacklists to be set.
ServicePDP
Field Summary | |
static java.lang.String |
BLACK_LIST
This configuration property should point to a Map of blacklisted Subject DNs. |
static java.lang.String |
ROLE_PERMISSION
This configuration property should point to an operation (QName) keyed Map of Maps with allowed users (Subject DNs). |
Constructor Summary | |
SimpleServicePDP()
|
Method Summary | |
void |
close()
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call. |
java.util.Collection |
getPolicy(org.w3c.dom.Node query)
gets the current policy of the PDP. |
java.lang.String[] |
getPolicyNames()
gets the names (typically uris) of all the policies that the PDP supports. |
void |
initialize(ChainConfig config,
java.lang.String name,
java.lang.String id)
initializes the interceptor with configuration information that are valid up until the point when close is called. |
boolean |
isPermitted(javax.security.auth.Subject peerSubject,
javax.xml.rpc.handler.MessageContext context,
javax.xml.namespace.QName operation)
this operation is called by the PDP Framework whenever the application needs to call secured operations. |
java.util.Collection |
setPolicy(org.w3c.dom.Node policy)
sets the current policy of the PDP. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final java.lang.String BLACK_LIST
public static final java.lang.String ROLE_PERMISSION
Constructor Detail |
public SimpleServicePDP()
Method Detail |
public void initialize(ChainConfig config, java.lang.String name, java.lang.String id) throws InitializeException
initialize
in interface ServiceInterceptor
config
- holding interceptor specific configuration values, that
may be obtained using the name paramtername
- the name that should be used to access all the interceptor
local configurationid
- the id in common for all interceptors in a chain (it is valid
up until close is called)
if close is not called the interceptor may assume that the id
still exists after a process restart
InitializeException
- if role permission map was not setpublic java.lang.String[] getPolicyNames()
getPolicyNames
in interface ServicePAP
public java.util.Collection getPolicy(org.w3c.dom.Node query) throws InvalidPolicyException
getPolicy
in interface ServicePAP
query
- may be used to query for a subset of a policy
InvalidPolicyException
- if an invalid policy was detectedpublic java.util.Collection setPolicy(org.w3c.dom.Node policy) throws InvalidPolicyException
setPolicy
in interface ServicePAP
policy
- new policy
InvalidPolicyException
- if an invalid policy was passed inpublic boolean isPermitted(javax.security.auth.Subject peerSubject, javax.xml.rpc.handler.MessageContext context, javax.xml.namespace.QName operation) throws AuthorizationException
isPermitted
in interface ServicePDP
peerSubject
- authenticated client subject with credentials
and attributescontext
- holds properties of this XML message exchangeoperation
- operation that the subject wants to invoke
AuthorizationException
- if user was found on blacklistpublic void close() throws CloseException
close
in interface ServiceInterceptor
CloseException
- if exception occured when closing this PDP
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |