|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Virtual Organisation Membership Service Trusted Admin Interface.
This interface is to be used by frontends to VOMS that wish to use the voms-admin service as a backend, but are unable to delegate their clients' credentials to the edg-voms-admin service.
The access control through this interface is done in two levels: first, we check that the frontend (the credential in the SSL context) is a registered frontend. Then we check that the remote client given by the frontend has the necessary privilege to perform the requested operation. Access is denied if either of these checks fails.
This interface is disabled by default. Note that enabling and actively using this interface is a potential security problem, as clients with trusted access can masquarade as any other client. Trusted clients override the normal authentication mechanisms.
Method Summary | |
void |
addACLEntry(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String container,
ACLEntry aclEntry)
Adds a new entry to an ACL of a container. |
void |
addDefaultACLEntry(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
ACLEntry aclEntry)
Manipulates the default ACL, which is applied on every group created as a subgroup of this one. |
void |
addMember(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
java.lang.String username,
java.lang.String userca)
Adds a new member to the group. |
void |
assignCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability,
java.lang.String username,
java.lang.String userca)
Assigns a new capability to the user. |
void |
assignRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
java.lang.String rolename,
java.lang.String username,
java.lang.String userca)
Assigns a new role to the user. |
void |
createCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability)
Creates a new capability. |
void |
createGroup(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String parentname,
java.lang.String groupname)
Creates a new group as a subgroup of an existing group. |
void |
createRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String rolename)
Creates a new role. |
void |
createUser(java.lang.String delegatedDN,
java.lang.String delegatedCA,
User user)
Creates a new user in the VOMS database. |
void |
deleteCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability)
Deletes a capability. |
void |
deleteGroup(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Deletes a group. |
void |
deleteRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String rolename)
Deletes a role. |
void |
deleteUser(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Removes a user from the VOMS database. |
void |
dismissCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability,
java.lang.String username,
java.lang.String userca)
Dismisses a capability of a user. |
void |
dismissRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String parentname,
java.lang.String rolename,
java.lang.String username,
java.lang.String userca)
Dismisses a role of a user. |
ACLEntry[] |
getACL(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String container)
Returns the whole ACL associated with a container. |
ACLEntry[] |
getDefaultACL(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Manipulates the default ACL, which is applied on every group created as a subgroup of this one. |
java.lang.String[] |
getGroupPath(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Returns the absolute "path" down to this group. |
int |
getMajorVersionNumber()
Returns the major version number. |
int |
getMinorVersionNumber()
Returns the minor version number. |
int |
getPatchVersionNumber()
Returns the patch version number. |
User |
getUser(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Returns information about a user in the VOMS database. |
java.lang.String |
getVOName(java.lang.String delegatedDN,
java.lang.String delegatedCA)
Return the name of this VO. |
java.lang.String[] |
listCapabilities(java.lang.String delegatedDN,
java.lang.String delegatedCA)
Lists capabilities. |
java.lang.String[] |
listCapabilities(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Lists capabilities of a user. |
java.lang.String[] |
listCAs(java.lang.String delegatedDN,
java.lang.String delegatedCA)
Lists certificate authorities. |
java.lang.String[] |
listGroups(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Lists groups of a user. |
User[] |
listMembers(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Lists members of a group. |
java.lang.String[] |
listRoles(java.lang.String delegatedDN,
java.lang.String delegatedCA)
Lists roles. |
java.lang.String[] |
listRoles(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Lists roles of a user. |
java.lang.String[] |
listSubGroups(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Lists immediate sub-groups of a group. |
User[] |
listUsersWithCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability)
Lists assigned users of a capability. |
User[] |
listUsersWithRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
java.lang.String rolename)
Lists assigned users of a role associated with a group. |
void |
removeACLEntry(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String container,
ACLEntry aclEntry)
Removes an existing entry from the ACL. |
void |
removeDefaultACLEntry(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
ACLEntry aclEntry)
Manipulates the default ACL, which is applied on every group created as a subgroup of this one. |
void |
removeMember(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
java.lang.String username,
java.lang.String userca)
Removes a member of a group. |
void |
setACL(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String container,
ACLEntry[] acl)
Replaces the existing ACL on this container. |
void |
setDefaultACL(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
ACLEntry[] aclEntry)
Manipulates the default ACL, which is applied on every group created as a subgroup of this one. |
void |
setUser(java.lang.String delegatedDN,
java.lang.String delegatedCA,
User user)
Updates auxiliary information about a user in the VOMS database. |
Method Detail |
public java.lang.String getVOName(java.lang.String delegatedDN, java.lang.String delegatedCA) throws VOMSException
Permission:LIST on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.
VOMSException
VOMSAdmin.getVOName()
public User getUser(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws VOMSException
Permission: LIST on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- The name of the user to look up.userca
- The certificate authority of the user.
VOMSException
VOMSAdmin.getUser(java.lang.String, java.lang.String)
public void setUser(java.lang.String delegatedDN, java.lang.String delegatedCA, User user) throws VOMSException
User
object.
Permission: ADD on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.user
- The user to update.
VOMSException
User
,
VOMSAdmin.setUser(org.glite.security.voms.service.User)
public void createUser(java.lang.String delegatedDN, java.lang.String delegatedCA, User user) throws VOMSException
Permission: ADD on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.user
- The user to be added.
VOMSException
VOMSAdmin.createUser(org.glite.security.voms.service.User)
public void deleteUser(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws VOMSException
removeMember(VO, user)
.
Permission: REMOVE on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- The user's DN.userca
- The user's CA.
VOMSException
removeMember(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
,
VOMSAdmin.deleteUser(java.lang.String, java.lang.String)
public void createGroup(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String parentname, java.lang.String groupname) throws VOMSException
Permission: CREATE on parent group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.parentname
- The parent group's name.groupname
- The group's name.
VOMSException
VOMSAdmin.createGroup(java.lang.String, java.lang.String)
public void deleteGroup(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws VOMSException
Warning: Deleting the VO "group" effectively wipes out the whole database, so use with care!
Permission: DELETE on the group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name.
VOMSException
VOMSAdmin.deleteGroup(java.lang.String)
public void createRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String rolename) throws VOMSException
Permission: CREATE on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.rolename
- The role to be added.
VOMSException
VOMSAdmin.createRole(java.lang.String)
public void deleteRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String rolename) throws VOMSException
Permission: DELETE on the role.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.rolename
- The role to be deleted.
VOMSException
VOMSAdmin.deleteRole(java.lang.String)
public void createCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability) throws VOMSException
Permission: CREATE on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- The capability to be created.
VOMSException
VOMSAdmin.createCapability(java.lang.String)
public void deleteCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability) throws VOMSException
Permission: DELETE on the capability.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- The capability to be deleted.
VOMSException
VOMSAdmin.deleteCapability(java.lang.String)
public void addMember(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, java.lang.String username, java.lang.String userca) throws VOMSException
Permission: ADD on the group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name.username
- The user's DN.userca
- The user's CA.
VOMSException
VOMSAdmin.addMember(java.lang.String, java.lang.String, java.lang.String)
public void removeMember(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, java.lang.String username, java.lang.String userca) throws VOMSException
Permission: REMOVE on the group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name.username
- The user's DN.userca
- The user's CA.
VOMSException
deleteUser(java.lang.String, java.lang.String, java.lang.String, java.lang.String)
,
VOMSAdmin.removeMember(java.lang.String, java.lang.String, java.lang.String)
public void assignRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, java.lang.String rolename, java.lang.String username, java.lang.String userca) throws VOMSException
Permission: ADD on the role.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The name of the group associated with this assignment.rolename
- The role's name.username
- The name of the user to add.userca
- The CA of the user to add.
VOMSException
VOMSAdmin.assignRole(java.lang.String, java.lang.String, java.lang.String, java.lang.String)
public void dismissRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String parentname, java.lang.String rolename, java.lang.String username, java.lang.String userca) throws VOMSException
Permission: REMOVE on the role.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.parentname
- The parent group's name.rolename
- The role's name.username
- The user's DN.userca
- The user's CA.
VOMSException
VOMSAdmin.dismissRole(java.lang.String, java.lang.String, java.lang.String, java.lang.String)
public void assignCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability, java.lang.String username, java.lang.String userca) throws VOMSException
Permission: ADD on the capability.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- The capability's name.username
- The user's DN.userca
- The user's CA.
VOMSException
VOMSAdmin.assignCapability(java.lang.String, java.lang.String, java.lang.String)
public void dismissCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability, java.lang.String username, java.lang.String userca) throws VOMSException
Permission: REMOVE on the capability.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- The capability's name.username
- The user's DN.userca
- The user's CA.
VOMSException
VOMSAdmin.dismissCapability(java.lang.String, java.lang.String, java.lang.String)
public User[] listMembers(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws VOMSException
Permission:LIST on the group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name (null is the VO group).
VOMSException
VOMSAdmin.listMembers(java.lang.String)
public User[] listUsersWithRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, java.lang.String rolename) throws VOMSException
Permission:LIST on the role.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name.rolename
- The role's name.
VOMSException
VOMSAdmin.listUsersWithRole(java.lang.String, java.lang.String)
public User[] listUsersWithCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability) throws VOMSException
Permission:LIST on the capability.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- The capability's name.
VOMSException
VOMSAdmin.listUsersWithCapability(java.lang.String)
public java.lang.String[] getGroupPath(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws VOMSException
Permission:LIST on parent groups.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name (null is the VO group).
VOMSException
VOMSAdmin.getGroupPath(java.lang.String)
public java.lang.String[] listSubGroups(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws VOMSException
Permission:LIST on the group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name (null is the VO group).
VOMSException
VOMSAdmin.listSubGroups(java.lang.String)
public java.lang.String[] listGroups(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws VOMSException
Permission:LIST on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- The user's DN.userca
- The user's CA.
VOMSException
VOMSAdmin.listGroups(java.lang.String, java.lang.String)
public java.lang.String[] listRoles(java.lang.String delegatedDN, java.lang.String delegatedCA) throws VOMSException
Permission:LIST on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.
VOMSException
VOMSAdmin.listRoles()
public java.lang.String[] listRoles(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws VOMSException
Permission:LIST on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- The user's DN.userca
- The user's CA.
VOMSException
VOMSAdmin.listRoles()
public java.lang.String[] listCapabilities(java.lang.String delegatedDN, java.lang.String delegatedCA) throws VOMSException
Permission:LIST on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.
VOMSException
VOMSAdmin.listCapabilities()
public java.lang.String[] listCapabilities(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws VOMSException
Permission:LIST on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- The user's DN.userca
- The user's CA.
VOMSException
VOMSAdmin.listCapabilities()
public java.lang.String[] listCAs(java.lang.String delegatedDN, java.lang.String delegatedCA) throws VOMSException
Permission:LIST on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.
VOMSException
VOMSAdmin.listCAs()
public ACLEntry[] getACL(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String container) throws VOMSException
Permission: GETACL on the container.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.container
- The container's name (null is the VO group).
VOMSException
VOMSAdmin.getACL(java.lang.String)
public void setACL(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String container, ACLEntry[] acl) throws VOMSException
Permission: SETACL on the container.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.container
- The container's name.acl
- The new access control list.
VOMSException
VOMSAdmin.setACL(java.lang.String, org.glite.security.voms.service.ACLEntry[])
public void addACLEntry(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String container, ACLEntry aclEntry) throws VOMSException
Permission: SETACL on the container.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.container
- The container's name.aclEntry
- The new access control list entry.
VOMSException
VOMSAdmin.addACLEntry(java.lang.String, org.glite.security.voms.service.ACLEntry)
public void removeACLEntry(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String container, ACLEntry aclEntry) throws VOMSException
Permission: SETACL on the container.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.container
- The container's name.aclEntry
- The access control list entry to be removed.
VOMSException
VOMSAdmin.removeACLEntry(java.lang.String, org.glite.security.voms.service.ACLEntry)
public ACLEntry[] getDefaultACL(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws VOMSException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name.
VOMSException
getACL(java.lang.String, java.lang.String, java.lang.String)
,
VOMSAdmin.getDefaultACL(java.lang.String)
public void setDefaultACL(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, ACLEntry[] aclEntry) throws VOMSException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name.aclEntry
- The new access control list.
VOMSException
setACL(java.lang.String, java.lang.String, java.lang.String, org.glite.security.voms.service.ACLEntry[])
,
VOMSAdmin.setDefaultACL(java.lang.String, org.glite.security.voms.service.ACLEntry[])
public void addDefaultACLEntry(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, ACLEntry aclEntry) throws VOMSException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name.aclEntry
- The new access control list entry.
VOMSException
addACLEntry(java.lang.String, java.lang.String, java.lang.String, org.glite.security.voms.service.ACLEntry)
,
VOMSAdmin.addDefaultACLEntry(java.lang.String, org.glite.security.voms.service.ACLEntry)
public void removeDefaultACLEntry(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, ACLEntry aclEntry) throws VOMSException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- The group's name.aclEntry
- The access control list entry to be removed.
VOMSException
removeACLEntry(java.lang.String, java.lang.String, java.lang.String, org.glite.security.voms.service.ACLEntry)
,
VOMSAdmin.removeDefaultACLEntry(java.lang.String, org.glite.security.voms.service.ACLEntry)
public int getMajorVersionNumber()
public int getMinorVersionNumber()
public int getPatchVersionNumber()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |