org.glite.security.authz.pdp
Class VomsServicePDP

java.lang.Object
  extended byorg.glite.security.authz.pdp.VomsServicePDP
All Implemented Interfaces:
ServiceInterceptor, ServicePDP

public class VomsServicePDP
extends java.lang.Object
implements ServicePDP


Field Summary
static java.lang.String ATTR_SECURITY_CONFIG_FILE
          Property used to set grid map file name.
static java.lang.String[] CONFIG_LOCATIONS
           
static java.lang.String VOMS_PDP_POLICY
          Property used to set in-memory grid map.
 
Constructor Summary
VomsServicePDP()
           
 
Method Summary
 void close()
          this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call.
 org.w3c.dom.Node getPolicy(org.w3c.dom.Node node)
           
 java.lang.String[] getPolicyNames()
           
 void initialize(ChainConfig config, java.lang.String name, java.lang.String id)
          initializes the interceptor with configuration information that are valid up until the point when close is called.
 boolean isPermitted(javax.security.auth.Subject peer, javax.xml.rpc.handler.MessageContext msgCtx, javax.xml.namespace.QName op)
          this operation is called by the PDP Framework whenever the application needs to call secured operations.
 org.w3c.dom.Node setPolicy(org.w3c.dom.Node node)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CONFIG_LOCATIONS

public static final java.lang.String[] CONFIG_LOCATIONS

VOMS_PDP_POLICY

public static final java.lang.String VOMS_PDP_POLICY
Property used to set in-memory grid map.

See Also:
Constant Field Values

ATTR_SECURITY_CONFIG_FILE

public static final java.lang.String ATTR_SECURITY_CONFIG_FILE
Property used to set grid map file name.

See Also:
Constant Field Values
Constructor Detail

VomsServicePDP

public VomsServicePDP()
Method Detail

getPolicyNames

public java.lang.String[] getPolicyNames()

getPolicy

public org.w3c.dom.Node getPolicy(org.w3c.dom.Node node)
                           throws InvalidPolicyException
Throws:
InvalidPolicyException

setPolicy

public org.w3c.dom.Node setPolicy(org.w3c.dom.Node node)
                           throws InvalidPolicyException
Throws:
InvalidPolicyException

isPermitted

public boolean isPermitted(javax.security.auth.Subject peer,
                           javax.xml.rpc.handler.MessageContext msgCtx,
                           javax.xml.namespace.QName op)
                    throws AuthorizationException
this operation is called by the PDP Framework whenever the application needs to call secured operations. The PDP should return true if the local policy allows the subject to invoke the operation. If the PDP has no local knowledge about whether the operation is allowed or not it should return false to allow other PDPs and PIPs in the chain to continue the evaluation. Obligations to be read by other PIPs or PDPs may be set as attributes in the Subject credentials.

Specified by:
isPermitted in interface ServicePDP
Parameters:
peer - authenticated client subject with credentials and attributes
msgCtx - holds properties of this XML message exchange
op - operation that the subject wants to invoke
Returns:
true if user was found, otherwise false
Throws:
AuthorizationException - if an exception occured during evaluation

initialize

public void initialize(ChainConfig config,
                       java.lang.String name,
                       java.lang.String id)
                throws InitializeException
initializes the interceptor with configuration information that are valid up until the point when close is called.

Specified by:
initialize in interface ServiceInterceptor
Parameters:
config - holding interceptor specific configuration values, that may be obtained using the name paramter
name - the name that should be used to access all the interceptor local configuration
id - the id in common for all interceptors in a chain (it is valid up until close is called) if close is not called the interceptor may assume that the id still exists after a process restart
Throws:
InitializeException - if vomspdp was not found

close

public void close()
           throws CloseException
Description copied from interface: ServiceInterceptor
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call.

Specified by:
close in interface ServiceInterceptor
Throws:
CloseException - if an error occured while closing this interceptor