|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.glite.security.authz.providers.AbstractChain
The AbstractChain
class ties together and evaluates
chains of ServicePDP
and ServicePIP
implementations.
The chains are evaluated in a strict configuration determined order.
Chains can also be linked, in which case the parent chain is
evaluated before the child chain. See the
ServiceAuthorizationChainSpi
documentation for information about
the individual operations.
Constructor Summary | |
AbstractChain()
|
Method Summary | |
boolean |
engineAuthorize(javax.security.auth.Subject peerSubject,
javax.xml.rpc.handler.MessageContext context)
called by the framework if an authorization decision must be made for an authenticated subject. |
void |
engineClose()
called by the framework when the chain shoudl be closed. |
java.util.Collection |
engineGetPolicy(org.w3c.dom.Node policy)
gets the policies of all the PDPs in this chain. |
java.lang.String[] |
engineGetPolicyNames()
gets the names of the policies implemented by this engine. |
void |
engineInitialize(ChainConfig config,
java.lang.String name,
java.lang.String id)
initializes the chain with a given configuration of PIPs and PDPs. |
boolean |
engineIsPermitted(javax.security.auth.Subject peerSubject,
javax.xml.rpc.handler.MessageContext context,
javax.xml.namespace.QName operation)
called by the framework if an authorization decision must be made for an authenticated subject. |
void |
engineSetParent(ServiceAuthorizationChain chain)
sets the parent chain, which will be evaluated before the current chain all authorization, get- and setPolicy, and getPolicyNames requests are propagated to the parent, wheras initialize and close are always only done on the local chain. |
java.util.Collection |
engineSetPolicy(org.w3c.dom.Node policy)
sets the policies of all the PDPs in this chain. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public AbstractChain()
Method Detail |
public void engineSetParent(ServiceAuthorizationChain chain)
engineSetParent
in interface ServiceAuthorizationChainSpi
chain
- parent chain to connect to this chain.public void engineInitialize(ChainConfig config, java.lang.String name, java.lang.String id) throws InitializeException
engineInitialize
in interface ServiceAuthorizationChainSpi
config
- configuration holding the names and classes of the
ServicePDP and ServicePIP inteceptorsname
- name of this chainid
- service id associated with this chain
InitializeException
- if the chain was not
initialized correctly.public java.lang.String[] engineGetPolicyNames()
engineGetPolicyNames
in interface ServiceAuthorizationChainSpi
public java.util.Collection engineGetPolicy(org.w3c.dom.Node policy) throws InvalidPolicyException
engineGetPolicy
in interface ServiceAuthorizationChainSpi
policy
- possible filter restricting the result of query
InvalidPolicyException
- if an invalid policy filter was
specifiedpublic java.util.Collection engineSetPolicy(org.w3c.dom.Node policy) throws InvalidPolicyException
engineSetPolicy
in interface ServiceAuthorizationChainSpi
policy
- the new policy or an update request
InvalidPolicyException
- if an invalid policy was specifiedpublic boolean engineAuthorize(javax.security.auth.Subject peerSubject, javax.xml.rpc.handler.MessageContext context) throws AuthorizationException
engineAuthorize
in interface ServiceAuthorizationChainSpi
peerSubject
- subject to be authorizedcontext
- JAX-RPC runtime context
AuthorizationException
- if the authorization must be denied
without further processingpublic boolean engineIsPermitted(javax.security.auth.Subject peerSubject, javax.xml.rpc.handler.MessageContext context, javax.xml.namespace.QName operation) throws AuthorizationException
engineIsPermitted
in interface ServiceAuthorizationChainSpi
peerSubject
- subject to be authorizedcontext
- JAX-RPC runtime contextoperation
- operation requested to be performed
AuthorizationException
- if the authorization must be denied
without further processingpublic void engineClose() throws CloseException
engineClose
in interface ServiceAuthorizationChainSpi
CloseException
- if there was a problem closing this chain
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |