org.glite.security.authz
Interface ServicePIP

All Superinterfaces:
ServiceInterceptor
All Known Implementing Classes:
SimpleServicePIP

public interface ServicePIP
extends ServiceInterceptor

The ServicePIP interface should be implemeted by interceptors that are responsible for collecting attributes for subject that later on can be used by PDPs to determine whether the subject is allowed to invoke the requested operation. The ServicePIPs can be put into interceptor chains together with PDPs.

See Also:
ServicePDP, ServiceAuthorizationChain

Method Summary
 void collectAttributes(javax.security.auth.Subject peerSubject, javax.xml.rpc.handler.MessageContext context, javax.xml.namespace.QName operation)
          collects attributes and populates the subject with public or private credentials to be checked by subsequent PDPs in the same interceptor chain.
 
Methods inherited from interface org.glite.security.authz.ServiceInterceptor
close, initialize
 

Method Detail

collectAttributes

public void collectAttributes(javax.security.auth.Subject peerSubject,
                              javax.xml.rpc.handler.MessageContext context,
                              javax.xml.namespace.QName operation)
                       throws AttributeException
collects attributes and populates the subject with public or private credentials to be checked by subsequent PDPs in the same interceptor chain.

Parameters:
peerSubject - authenticated subject for which attributes should be collected
context - holds properties of this XML message exchange
operation - operation that the subject wants to invoke
Throws:
AttributeException - if an error occured while collecting the attributes