Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.globus.wsrf.impl.security
Class SecurityManagerImpl

java.lang.Object
  extended byorg.globus.wsrf.security.SecurityManager
      extended byorg.globus.wsrf.impl.security.SecurityManagerImpl
public class SecurityManagerImpl
extends SecurityManager

Field Summary
private  org.apache.axis.MessageContext context
           
private static org.globus.util.I18n i18n
           
private static org.apache.commons.logging.Log logger
           
 
Constructor Summary
SecurityManagerImpl()
           
SecurityManagerImpl(javax.xml.rpc.handler.soap.SOAPMessageContext ctx)
           
 
Method Summary
private  void addAuthorizedUser(javax.security.auth.Subject subject, org.globus.security.gridmap.GridMap gridMap)
           
 java.lang.String getCaller()
          Returns the identity of the current caller.
 java.security.Principal getCallerPrincipal()
          Returns the identity of the current caller.
 java.security.Principal getCallerPrincipal(javax.security.auth.Subject caller)
          Extracts the principal from caller subject
 java.lang.String[] getLocalUsernames()
          Returns the local user name of the caller as mapped in the configured grid map file.
private  javax.security.auth.Subject getResourceSubject(Resource resource)
           
 javax.security.auth.Subject getServiceSubject()
          Returns effective service subject.
 javax.security.auth.Subject getServiceSubject(java.lang.String servicePath)
          Returns effective service subject.
private  javax.security.auth.Subject getSubject()
           
 javax.security.auth.Subject getSubject(Resource resource)
          Returns effective resource subject.
 javax.security.auth.Subject getSubject(java.lang.String servicePath, Resource resource)
          Returns effective resource subject.
 javax.security.auth.Subject getSystemSubject()
          Returns the system subject (containing the container credentials).
 void setResourceOwnerFromContext(ResourceSecurityDescriptor desc)
          Sets the resource descriptor object with the current invocation subject.
 javax.security.auth.Subject setServiceOwnerFromContext()
          Sets the service object with the current invocation subject.
 javax.security.auth.Subject setServiceOwnerFromContext(java.lang.String servicePath)
          Sets the service object with the current invocation subject.
 
Methods inherited from class org.globus.wsrf.security.SecurityManager
getManager, getManager
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

context

private org.apache.axis.MessageContext context

logger

private static org.apache.commons.logging.Log logger

i18n

private static org.globus.util.I18n i18n
Constructor Detail

SecurityManagerImpl

public SecurityManagerImpl()

SecurityManagerImpl

public SecurityManagerImpl(javax.xml.rpc.handler.soap.SOAPMessageContext ctx)
Method Detail

getSystemSubject

public javax.security.auth.Subject getSystemSubject()
                                             throws SecurityException
Returns the system subject (containing the container credentials).

Specified by:
getSystemSubject in class SecurityManager
Returns:
the system subject.
Throws:
SecurityException - if failed to obtain container credentials.

getServiceSubject

public javax.security.auth.Subject getServiceSubject()
                                              throws SecurityException
Returns effective service subject. Returns subject in this order depending on which is set: service subject, system subject. The target service set in the message context is used.

Specified by:
getServiceSubject in class SecurityManager
Returns:
the service subject if set, system subject otherwise.
Throws:
SecurityException - if failed to obtain credentials.

getServiceSubject

public javax.security.auth.Subject getServiceSubject(java.lang.String servicePath)
                                              throws SecurityException
Returns effective service subject. Returns subject in this order depending on which is set: service subject, system subject.

Specified by:
getServiceSubject in class SecurityManager
Parameters:
servicePath - service path
Returns:
the service subject if set, system subject otherwise.
Throws:
SecurityException - if failed to obtain credentials.

getSubject

public javax.security.auth.Subject getSubject(Resource resource)
                                       throws SecurityException
Returns effective resource subject. Returns subject in this order depending on which is set: resource subject, service subject, system subject. Target service associated with message context is used.

Specified by:
getSubject in class SecurityManager
Parameters:
resource - object representing the resource
Returns:
the service subject if set, system subject otherwise.
Throws:
SecurityException - if failed to obtain credentials.

getSubject

public javax.security.auth.Subject getSubject(java.lang.String servicePath,
                                              Resource resource)
                                       throws SecurityException
Returns effective resource subject. Returns subject in this order depending on which is set: resource subject, service subject, system subject.

Specified by:
getSubject in class SecurityManager
Parameters:
servicePath - service path
resource - object representing the resource
Returns:
the service subject if set, system subject otherwise.
Throws:
SecurityException - if failed to obtain credentials.

getResourceSubject

private javax.security.auth.Subject getResourceSubject(Resource resource)
                                                throws SecurityException
Throws:
SecurityException

getCaller

public java.lang.String getCaller()
Returns the identity of the current caller. Might return null if client did not authenticate.

Specified by:
getCaller in class SecurityManager
Returns:
the identity of the caller. Might be null.

getCallerPrincipal

public java.security.Principal getCallerPrincipal()
Returns the identity of the current caller. Might return null if client did not authenticate.

Specified by:
getCallerPrincipal in class SecurityManager
Returns:
the identity of the caller. Might be null.

getCallerPrincipal

public java.security.Principal getCallerPrincipal(javax.security.auth.Subject caller)
Extracts the principal from caller subject

Specified by:
getCallerPrincipal in class SecurityManager
Parameters:
caller - Subject
Returns:
principal associated with subject

setServiceOwnerFromContext

public javax.security.auth.Subject setServiceOwnerFromContext()
                                                       throws SecurityException
Sets the service object with the current invocation subject. The invocation subject must contain some private credentials. All GlobusPrincipals in invocation subject are added as authorized users to access the service. The service associated with the message context is used.
Note: On a GridMap refresh this user data is lost.

Specified by:
setServiceOwnerFromContext in class SecurityManager
Returns:
the new service subject object
Throws:
SecurityException - if the operation fails.

setServiceOwnerFromContext

public javax.security.auth.Subject setServiceOwnerFromContext(java.lang.String servicePath)
                                                       throws SecurityException
Sets the service object with the current invocation subject. The invocation subject must contain some private credentials. All GlobusPrincipals in invocation subject are added as authorized users to access the service.
Note: On a GridMap refresh this user data is lost.

Specified by:
setServiceOwnerFromContext in class SecurityManager
Parameters:
servicePath - the service to set the subject on.
Returns:
the new service subject object
Throws:
SecurityException - if the operation fails.

setResourceOwnerFromContext

public void setResourceOwnerFromContext(ResourceSecurityDescriptor desc)
                                 throws SecurityException
Sets the resource descriptor object with the current invocation subject. The invocation subject must contain some private credentials. All GlobusPrincipals in invocation subject are added as authorized users to access the resource.
Note: On a GridMap refresh this user data is lost.

Specified by:
setResourceOwnerFromContext in class SecurityManager
Parameters:
desc - the resource security descriptor to set the subject on.
Throws:
SecurityException - if the operation fails.

addAuthorizedUser

private void addAuthorizedUser(javax.security.auth.Subject subject,
                               org.globus.security.gridmap.GridMap gridMap)

getSubject

private javax.security.auth.Subject getSubject()
                                        throws SecurityException
Throws:
SecurityException

getLocalUsernames

public java.lang.String[] getLocalUsernames()
                                     throws SecurityException
Returns the local user name of the caller as mapped in the configured grid map file. Will be null if GridMap Authorization is not used.

Specified by:
getLocalUsernames in class SecurityManager
Returns:
String[] Array of usernames the caller assocaited with this invocation is mapped to.
Throws:
SecurityException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD