org.glite.security.authz
Class SimpleServicePIP

java.lang.Object
  extended byorg.glite.security.authz.SimpleServicePIP
All Implemented Interfaces:
ServiceInterceptor, ServicePIP

public class SimpleServicePIP
extends java.lang.Object
implements ServicePIP

Simple ServicePIP implementation maintaining Subject DN to role mappings.

See Also:
ServicePIP

Field Summary
static java.lang.String ROLE_MAPPINGS
          This configuration property should point to a user (Subject DN) keyed Map of arrays of Strings representing roles.
static java.lang.String ROLES
          The name of the attribute used to set the matching roles.
 
Constructor Summary
SimpleServicePIP()
           
 
Method Summary
 void close()
          this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call.
 void collectAttributes(javax.security.auth.Subject peerSubject, javax.xml.rpc.handler.MessageContext context, javax.xml.namespace.QName operation)
          collects attributes and populates the subject with public or private credentials to be checked by subsequent PDPs in the same interceptor chain.
 void initialize(ChainConfig config, java.lang.String name, java.lang.String id)
          initializes the interceptor with configuration information that are valid up until the point when close is called.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ROLE_MAPPINGS

public static final java.lang.String ROLE_MAPPINGS
This configuration property should point to a user (Subject DN) keyed Map of arrays of Strings representing roles.

See Also:
Constant Field Values

ROLES

public static final java.lang.String ROLES
The name of the attribute used to set the matching roles.

See Also:
Constant Field Values
Constructor Detail

SimpleServicePIP

public SimpleServicePIP()
Method Detail

initialize

public void initialize(ChainConfig config,
                       java.lang.String name,
                       java.lang.String id)
                throws InitializeException
initializes the interceptor with configuration information that are valid up until the point when close is called.

Specified by:
initialize in interface ServiceInterceptor
Parameters:
config - holding interceptor specific configuration values, that may be obtained using the name paramter
name - the name that should be used to access all the interceptor local configuration
id - the id in common for all interceptors in a chain (it is valid up until close is called) if close is not called the interceptor may assume that the id still exists after a process restart
Throws:
InitializeException - if role mappings were not set

collectAttributes

public void collectAttributes(javax.security.auth.Subject peerSubject,
                              javax.xml.rpc.handler.MessageContext context,
                              javax.xml.namespace.QName operation)
                       throws AttributeException
collects attributes and populates the subject with public or private credentials to be checked by subsequent PDPs in the same interceptor chain.

Specified by:
collectAttributes in interface ServicePIP
Parameters:
peerSubject - authenticated subject for which attributes should be collected
context - holds properties of this XML message exchange
operation - operation that the subject wants to invoke
Throws:
AttributeException - if an exception occurred while getting the attributes

close

public void close()
           throws CloseException
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call.

Specified by:
close in interface ServiceInterceptor
Throws:
CloseException - if exception occured when closing this PIP