A B C D E F G I L O P R S V

A

ACTION - Static variable in class org.glite.security.authz.AuthzConstants
Custom action that can be set in a MessageContext used to check pdp authorization.
ATTR_SECURITY_CONFIG_FILE - Static variable in class org.glite.security.authz.pdp.VomsServicePDP
Property used to set grid map file name.
AbstractChain - class org.glite.security.authz.providers.AbstractChain.
The AbstractChain class ties together and evaluates chains of ServicePDP and ServicePIP implementations.
AbstractChain() - Constructor for class org.glite.security.authz.providers.AbstractChain
 
AttributeException - exception org.glite.security.authz.AttributeException.
This exception is thrown when an exception occured during attribute collection.
AttributeException(String) - Constructor for class org.glite.security.authz.AttributeException
Constructor.
AttributeException(String, Exception) - Constructor for class org.glite.security.authz.AttributeException
Constructor.
AuthorizationException - exception org.glite.security.authz.AuthorizationException.
This exception is thrown to stop the evaluation of an authorization chain.
AuthorizationException(String) - Constructor for class org.glite.security.authz.AuthorizationException
Constructor.
AuthorizationException(String, Exception) - Constructor for class org.glite.security.authz.AuthorizationException
Constructor.
AuthzConstants - class org.glite.security.authz.AuthzConstants.
Constants collection.
AuthzConstants() - Constructor for class org.glite.security.authz.AuthzConstants
 
AuthzProvider - class org.glite.security.authz.providers.AuthzProvider.
Provider for implementation of ServiceAuthorizationChains.
AuthzProvider() - Constructor for class org.glite.security.authz.providers.AuthzProvider
Constructor.
AuthzUtil - class org.glite.security.authz.AuthzUtil.
Utility class with miscellaneous authorizaion utilities.
addAttr(String) - Method in class org.glite.security.authz.VomsPDPPolicy
 
addPrivate(Subject) - Method in class org.glite.security.authz.PIPAttribute
adds this attribute to the private credentials of specified subject.
addProvider() - Static method in class org.glite.security.authz.providers.AuthzProvider
adds provider to global list of trusted security providers.
addPublic(Subject) - Method in class org.glite.security.authz.PIPAttribute
adds this attribute to the public credentials of specified subject.
authorize(Subject, MessageContext) - Method in class org.glite.security.authz.ServiceAuthorizationChain
should be called if an authorization decision must be made for an authenticated subject.

B

BLACK_LIST - Static variable in class org.glite.security.authz.SimpleServicePDP
This configuration property should point to a Map of blacklisted Subject DNs.
BLACK_LIST_FILE - Static variable in class org.glite.security.authz.pdp.BlackListServicePDP
This configuration property should point to a file containing a row separated list of Subject DNs that should be denied access.
BlackListServicePDP - class org.glite.security.authz.pdp.BlackListServicePDP.
BlackList ServicePDP implementation allowing blacklist files to be set.
BlackListServicePDP() - Constructor for class org.glite.security.authz.pdp.BlackListServicePDP
 

C

CONFIG_LOCATIONS - Static variable in class org.glite.security.authz.pdp.VomsServicePDP
 
ChainConfig - interface org.glite.security.authz.ChainConfig.
This interface is used to encapsulate and shield the interceptor configuration mechanism from the core PDP framework.
CloseException - exception org.glite.security.authz.CloseException.
This exception is thrown when an exception occured when closing down an interceptor chain.
CloseException(String) - Constructor for class org.glite.security.authz.CloseException
Constructor.
CloseException(String, Exception) - Constructor for class org.glite.security.authz.CloseException
Constructor.
ConfigException - exception org.glite.security.authz.ConfigException.
This exception is thrown when congiguration is missing or incorrect.
ConfigException(String) - Constructor for class org.glite.security.authz.ConfigException
Constructor.
ConfigException(String, Exception) - Constructor for class org.glite.security.authz.ConfigException
Constructor.
clearPolicy() - Method in class org.glite.security.authz.VomsPDPPolicy
Delete all entries.
close() - Method in class org.glite.security.authz.ServiceAuthorizationChain
should be called when the chain should be closed.
close() - Method in interface org.glite.security.authz.ServiceInterceptor
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call.
close() - Method in class org.glite.security.authz.SimpleServicePDP
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call.
close() - Method in class org.glite.security.authz.SimpleServicePIP
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call.
close() - Method in class org.glite.security.authz.pdp.BlackListServicePDP
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call.
close() - Method in class org.glite.security.authz.pdp.GridMapServicePDP
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call.
close() - Method in class org.glite.security.authz.pdp.VomsServicePDP
 
collectAttributes(Subject, MessageContext, QName) - Method in interface org.glite.security.authz.ServicePIP
collects attributes and populates the subject with public or private credentials to be checked by subsequent PDPs in the same interceptor chain.
collectAttributes(Subject, MessageContext, QName) - Method in class org.glite.security.authz.SimpleServicePIP
collects attributes and populates the subject with public or private credentials to be checked by subsequent PDPs in the same interceptor chain.
containsProperty(String) - Method in class org.glite.security.authz.SimpleMessageContext
checks if context contains property.

D

DENY_OVERRIDES_ALGORITHM - Static variable in class org.glite.security.authz.ServiceAuthorizationChain
Algorithm that stops evaluation if a deny result is detected (default).
DenyOverridesChain - class org.glite.security.authz.providers.DenyOverridesChain.
The DenyOverridesChain class ties together and evaluates chains of ServicePDP and ServicePIP implementations.
DenyOverridesChain() - Constructor for class org.glite.security.authz.providers.DenyOverridesChain
 

E

engineAuthorize(Subject, MessageContext) - Method in interface org.glite.security.authz.ServiceAuthorizationChainSpi
called by the framework if an authorization decision must be made for an authenticated subject.
engineAuthorize(Subject, MessageContext) - Method in class org.glite.security.authz.providers.AbstractChain
called by the framework if an authorization decision must be made for an authenticated subject.
engineClose() - Method in interface org.glite.security.authz.ServiceAuthorizationChainSpi
called by the framework when the chain should be closed.
engineClose() - Method in class org.glite.security.authz.providers.AbstractChain
called by the framework when the chain shoudl be closed.
engineGetPolicy(Node) - Method in interface org.glite.security.authz.ServiceAuthorizationChainSpi
gets the policies of all the PDPs in this chain.
engineGetPolicy(Node) - Method in class org.glite.security.authz.providers.AbstractChain
gets the policies of all the PDPs in this chain.
engineGetPolicyNames() - Method in interface org.glite.security.authz.ServiceAuthorizationChainSpi
gets the names of the policies implemented by this engine.
engineGetPolicyNames() - Method in class org.glite.security.authz.providers.AbstractChain
gets the names of the policies implemented by this engine.
engineInitialize(ChainConfig, String, String) - Method in interface org.glite.security.authz.ServiceAuthorizationChainSpi
initializes the chain with a given configuration of PIPs and PDPs.
engineInitialize(ChainConfig, String, String) - Method in class org.glite.security.authz.providers.AbstractChain
initializes the chain with a given configuration of PIPs and PDPs.
engineIsPermitted(Subject, MessageContext, QName) - Method in interface org.glite.security.authz.ServiceAuthorizationChainSpi
called by the framework if an authorization decision must be made for an authenticated subject.
engineIsPermitted(Subject, MessageContext, QName) - Method in class org.glite.security.authz.providers.AbstractChain
called by the framework if an authorization decision must be made for an authenticated subject.
engineSetParent(ServiceAuthorizationChain) - Method in interface org.glite.security.authz.ServiceAuthorizationChainSpi
sets the parent chain, which will be evaluated before the current chain all authorization, get- and setPolicy, and getPolicyNames requests are propagated to the parent, wheras initialize and close are always only done on the local chain.
engineSetParent(ServiceAuthorizationChain) - Method in class org.glite.security.authz.providers.AbstractChain
sets the parent chain, which will be evaluated before the current chain all authorization, get- and setPolicy, and getPolicyNames requests are propagated to the parent, wheras initialize and close are always only done on the local chain.
engineSetPolicy(Node) - Method in interface org.glite.security.authz.ServiceAuthorizationChainSpi
sets the policies of all the PDPs in this chain.
engineSetPolicy(Node) - Method in class org.glite.security.authz.providers.AbstractChain
sets the policies of all the PDPs in this chain.

F

FIRST_APPLICABLE_ALGORITHM - Static variable in class org.glite.security.authz.ServiceAuthorizationChain
Algorithm that stops evaluation if a permit or deny result is detected
FirstApplicableChain - class org.glite.security.authz.providers.FirstApplicableChain.
The FirstApplicableChain class ties together and evaluates chains of ServicePDP and ServicePIP implementations.
FirstApplicableChain() - Constructor for class org.glite.security.authz.providers.FirstApplicableChain
 

G

GRID_MAP - Static variable in class org.glite.security.authz.pdp.GridMapServicePDP
Property used to set in-memory grid map.
GRID_MAP_FILE - Static variable in class org.glite.security.authz.pdp.GridMapServicePDP
Property used to set grid map file name.
GridMapServicePDP - class org.glite.security.authz.pdp.GridMapServicePDP.
Simple ServicePDP implementation allowing role permissions and blacklists to be set.
GridMapServicePDP() - Constructor for class org.glite.security.authz.pdp.GridMapServicePDP
 
getAttrs() - Method in class org.glite.security.authz.VomsPDPPolicy
 
getIdentity(Subject) - Static method in class org.glite.security.authz.AuthzUtil
gets the identity from the specified subject.
getInstance() - Static method in class org.glite.security.authz.ServiceAuthorizationChain
gets an instance of a chain from a provider implementing the default algorithm.
getInstance(String) - Static method in class org.glite.security.authz.ServiceAuthorizationChain
gets an instance of a chain from a provider implementing the specified algorithm.
getInstance(Provider) - Static method in class org.glite.security.authz.ServiceAuthorizationChain
gets an instance of a chain from the specified provider implementing the default algorithm.
getInstance(String, Provider) - Static method in class org.glite.security.authz.ServiceAuthorizationChain
gets an instance of a chain from the specified provider implementing the specified algorithm.
getInstance() - Static method in class org.glite.security.authz.providers.AuthzProvider
gets an instance of a provider.
getInterceptor() - Method in class org.glite.security.authz.InterceptorConfig
gets the interceptor.
getInterceptorClass() - Method in class org.glite.security.authz.InterceptorConfig
gets the interceptor class.
getInterceptors() - Method in interface org.glite.security.authz.ChainConfig
gets the interceptors class names to be loaded, and their names (configuration scopes).
getInterceptors() - Method in class org.glite.security.authz.SimpleChainConfig
gets the interceptors' class names to be loaded, and their names (configuration scopes).
getName() - Method in class org.glite.security.authz.InterceptorConfig
gets the interceptor name attached to this interceptor.
getName() - Method in class org.glite.security.authz.PIPAttribute
gets the name of the attribute.
getPolicy(Node) - Method in class org.glite.security.authz.ServiceAuthorizationChain
gets the policies of all the PDPs in this chain.
getPolicy(Node) - Method in interface org.glite.security.authz.ServicePAP
gets the current policy of the PDP.
getPolicy(Node) - Method in class org.glite.security.authz.SimpleServicePDP
gets the current policy of the PDP.
getPolicy(Node) - Method in class org.glite.security.authz.pdp.VomsServicePDP
 
getPolicyNames() - Method in class org.glite.security.authz.ServiceAuthorizationChain
gets the names of the policies implemented by this engine.
getPolicyNames() - Method in interface org.glite.security.authz.ServicePAP
gets the names (typically uris) of all the policies that the PDP supports.
getPolicyNames() - Method in class org.glite.security.authz.SimpleServicePDP
gets the names (typically uris) of all the policies that the PDP supports.
getPolicyNames() - Method in class org.glite.security.authz.pdp.VomsServicePDP
 
getProperty(String, String) - Method in interface org.glite.security.authz.ChainConfig
gets a property based on the scoped name of the interceptor.
getProperty(String, String) - Method in class org.glite.security.authz.SimpleChainConfig
gets a property based on the scoped name of the interceptor.
getProperty(String) - Method in class org.glite.security.authz.SimpleMessageContext
gets property.
getPropertyNames() - Method in class org.glite.security.authz.SimpleMessageContext
gets the names of all properties in the context.
getUsers() - Method in class org.glite.security.authz.pdp.LocalUserPIPAttribute
gets the users in this attribute.
getValue() - Method in class org.glite.security.authz.PIPAttribute
gets the value of the attribute.

I

InitializeException - exception org.glite.security.authz.InitializeException.
This exception is thrown when an exception occurs during initialization.
InitializeException(String) - Constructor for class org.glite.security.authz.InitializeException
Constructor.
InitializeException(String, Exception) - Constructor for class org.glite.security.authz.InitializeException
Constructor.
InterceptorConfig - class org.glite.security.authz.InterceptorConfig.
The InterceptorConfig class is used to hold configuration information about an interceptor in a configuration mechanism independent way.
InterceptorConfig(String, ServiceInterceptor) - Constructor for class org.glite.security.authz.InterceptorConfig
Constructor.
InterceptorConfig(String, String) - Constructor for class org.glite.security.authz.InterceptorConfig
Constructor.
InvalidPolicyException - exception org.glite.security.authz.InvalidPolicyException.
This exception is thrown when an invalid policy was found.
InvalidPolicyException(String) - Constructor for class org.glite.security.authz.InvalidPolicyException
Constructor.
InvalidPolicyException(String, Exception) - Constructor for class org.glite.security.authz.InvalidPolicyException
Constructor.
initialize(ChainConfig, String, String) - Method in class org.glite.security.authz.ServiceAuthorizationChain
initializes the chain with a given configuration of PIPs and PDPs.
initialize(ChainConfig, String, String) - Method in interface org.glite.security.authz.ServiceInterceptor
initializes the interceptor with configuration information that are valid up until the point when close is called.
initialize(ChainConfig, String, String) - Method in class org.glite.security.authz.SimpleServicePDP
initializes the interceptor with configuration information that are valid up until the point when close is called.
initialize(ChainConfig, String, String) - Method in class org.glite.security.authz.SimpleServicePIP
initializes the interceptor with configuration information that are valid up until the point when close is called.
initialize(ChainConfig, String, String) - Method in class org.glite.security.authz.pdp.BlackListServicePDP
initializes the interceptor with configuration information that are valid up until the point when close is called.
initialize(ChainConfig, String, String) - Method in class org.glite.security.authz.pdp.GridMapServicePDP
initializes the interceptor with configuration information that are valid up until the point when close is called.
initialize(ChainConfig, String, String) - Method in class org.glite.security.authz.pdp.VomsServicePDP
initializes the interceptor with configuration information that are valid up until the point when close is called.
isLoaded() - Method in class org.glite.security.authz.InterceptorConfig
method to support eager loading of interceptors.
isPermitted(Subject, MessageContext, QName) - Method in class org.glite.security.authz.ServiceAuthorizationChain
should be called if an authorization decision must be made for an authenticated subject.
isPermitted(Subject, MessageContext, QName) - Method in interface org.glite.security.authz.ServicePDP
this operation is called by the PDP Framework whenever the application needs to call secured operations.
isPermitted(Subject, MessageContext, QName) - Method in class org.glite.security.authz.SimpleServicePDP
this operation is called by the PDP Framework whenever the application needs to call secured operations.
isPermitted(Subject, MessageContext, QName) - Method in class org.glite.security.authz.pdp.BlackListServicePDP
this operation is called by the PDP Framework whenever the application needs to call secured operations.
isPermitted(Subject, MessageContext, QName) - Method in class org.glite.security.authz.pdp.GridMapServicePDP
this operation is called by the PDP Framework whenever the application needs to call secured operations.
isPermitted(Subject, MessageContext, QName) - Method in class org.glite.security.authz.pdp.VomsServicePDP
this operation is called by the PDP Framework whenever the application needs to call secured operations.

L

LOCAL_USER - Static variable in class org.glite.security.authz.pdp.LocalUserPIPAttribute
Property defining the name of this attribute.
LocalUserPIPAttribute - class org.glite.security.authz.pdp.LocalUserPIPAttribute.
This class represents an attribute that is used to pupulate a subject with the local users found in the gridmap file.
LocalUserPIPAttribute(String[]) - Constructor for class org.glite.security.authz.pdp.LocalUserPIPAttribute
Constructor.

O

org.glite.security.authz - package org.glite.security.authz
This package contains the core gLite Authorization Framework providing an abstract policy evaluation runtime for integrating various policy engines with attribute authorities.
org.glite.security.authz.pdp - package org.glite.security.authz.pdp
This package contains Policy Decision Point (PDP) plugins for the gLite Authorization Framework, a BlackList PDP compares authenticated users against a blacklist that can be updated at runtime, a GridMap PDP checks if the authenticated user has a mapping in a gridmap file.
org.glite.security.authz.providers - package org.glite.security.authz.providers
This package contains ServiceAutorizationChain providers for the gLite Authorization Framework, a PermitOverrides provider implements a policy combining algorithm that evaluates all PDPs in turn but stops the evaluation if a PDP returns a successful authorization result.

P

PERMIT_OVERRIDES_ALGORITHM - Static variable in class org.glite.security.authz.ServiceAuthorizationChain
Algorithm that stops evaluation if a permit result is detected.
PIPAttribute - class org.glite.security.authz.PIPAttribute.
This class represents an attribute that is collected by a ServicePIP implementation, and put into the javax.security.auth.Subject public or private credentials, in order to later be read by ServicePDP implementations It is recommended to subclass this class for faster lookups of attributes of a specific type.
PIPAttribute(String, Object) - Constructor for class org.glite.security.authz.PIPAttribute
Constructor.
PermitOverridesChain - class org.glite.security.authz.providers.PermitOverridesChain.
The PermitOverridesChain class ties together and evaluates chains of ServicePDP and ServicePIP implementations.
PermitOverridesChain() - Constructor for class org.glite.security.authz.providers.PermitOverridesChain
 

R

ROLES - Static variable in class org.glite.security.authz.SimpleServicePIP
The name of the attribute used to set the matching roles.
ROLE_MAPPINGS - Static variable in class org.glite.security.authz.SimpleServicePIP
This configuration property should point to a user (Subject DN) keyed Map of arrays of Strings representing roles.
ROLE_PERMISSION - Static variable in class org.glite.security.authz.SimpleServicePDP
This configuration property should point to an operation (QName) keyed Map of Maps with allowed users (Subject DNs).
removeAttr(String) - Method in class org.glite.security.authz.VomsPDPPolicy
 
removeProperty(String) - Method in class org.glite.security.authz.SimpleMessageContext
removes a property.

S

ServiceAuthorizationChain - class org.glite.security.authz.ServiceAuthorizationChain.
The ServiceAuthorizationChain class ties together and evaluates chains of ServicePDP and ServicePIP implementations.
ServiceAuthorizationChainSpi - interface org.glite.security.authz.ServiceAuthorizationChainSpi.
The ServiceAuthorizationChainSpi is the interface that should be implemented by ServiceAuthorizationChain providers.
ServiceInterceptor - interface org.glite.security.authz.ServiceInterceptor.
Generic interface to be implemented by all interceptors (PIPs and PDPs) in a chain.
ServicePAP - interface org.glite.security.authz.ServicePAP.
Interface that must be implemented by all PAPs in an interceptor chain A PAP is responsible for setting and retrieving policies to clients (typically services or PEPs) ServiceInterceptor through the id parameter.
ServicePDP - interface org.glite.security.authz.ServicePDP.
Interface that must be implemented by all PDPs in an interceptor chain A PDP is responsible for making decisions whether a subject is allowed to invoke a certain operation.
ServicePIP - interface org.glite.security.authz.ServicePIP.
The ServicePIP interface should be implemeted by interceptors that are responsible for collecting attributes for subject that later on can be used by PDPs to determine whether the subject is allowed to invoke the requested operation.
SimpleChainConfig - class org.glite.security.authz.SimpleChainConfig.
Simple ChainConfig implementation allowing configuration properties to be set at runtime.
SimpleChainConfig(InterceptorConfig[]) - Constructor for class org.glite.security.authz.SimpleChainConfig
Constructor.
SimpleMessageContext - class org.glite.security.authz.SimpleMessageContext.
Simple JAX-RPC MessageContext implementation to allow the authorization framework to be used outside of a full JAX-RPC engine implementation.
SimpleMessageContext() - Constructor for class org.glite.security.authz.SimpleMessageContext
 
SimpleServicePDP - class org.glite.security.authz.SimpleServicePDP.
Simple ServicePDP implementation allowing role permissions and blacklists to be set.
SimpleServicePDP() - Constructor for class org.glite.security.authz.SimpleServicePDP
 
SimpleServicePIP - class org.glite.security.authz.SimpleServicePIP.
Simple ServicePIP implementation maintaining Subject DN to role mappings.
SimpleServicePIP() - Constructor for class org.glite.security.authz.SimpleServicePIP
 
setAttrs(ArrayList) - Method in class org.glite.security.authz.VomsPDPPolicy
 
setParent(ServiceAuthorizationChain) - Method in class org.glite.security.authz.ServiceAuthorizationChain
sets the parent chain, which typically will be evaluated before the current chain all authorization, get- and setPolicy, and getPolicyNames requests are propagated to the parent, wheras initialize and close are always only done on the local chain.
setPolicy(Node) - Method in class org.glite.security.authz.ServiceAuthorizationChain
sets the policies of all the PDPs in this chain.
setPolicy(Node) - Method in interface org.glite.security.authz.ServicePAP
sets the current policy of the PDP.
setPolicy(Node) - Method in class org.glite.security.authz.SimpleServicePDP
sets the current policy of the PDP.
setPolicy(Node) - Method in class org.glite.security.authz.pdp.VomsServicePDP
 
setProperty(String, String, Object) - Method in interface org.glite.security.authz.ChainConfig
sets a property based on the scoped name of the interceptor.
setProperty(String, String, Object) - Method in class org.glite.security.authz.SimpleChainConfig
sets a property based on the scoped name of the interceptor.
setProperty(String, Object) - Method in class org.glite.security.authz.SimpleMessageContext
sets a property.

V

VOMS_PDP_POLICY - Static variable in class org.glite.security.authz.pdp.VomsServicePDP
Property used to set in-memory grid map.
VomsPDPPolicy - class org.glite.security.authz.VomsPDPPolicy.
 
VomsPDPPolicy(String[]) - Constructor for class org.glite.security.authz.VomsPDPPolicy
 
VomsServicePDP - class org.glite.security.authz.pdp.VomsServicePDP.
 
VomsServicePDP() - Constructor for class org.glite.security.authz.pdp.VomsServicePDP
 

A B C D E F G I L O P R S V