Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.globus.wsrf.impl.security.authorization
Class HostAuthorization

java.lang.Object
  extended byorg.globus.wsrf.impl.security.authorization.HostAuthorization
All Implemented Interfaces:
Authorization, Interceptor, PDP, java.io.Serializable
public class HostAuthorization
extends java.lang.Object
implements PDP, Authorization

Performs host based authorization and implements PDP and Authorization interface.

See Also:
Serialized Form

Field Summary
(package private)  org.ietf.jgss.GSSName expected
           
private static org.globus.util.I18n i18n
           
private static org.apache.commons.logging.Log logger
           
private  java.lang.String namePrefix
           
private  PDPConfig pdpConfig
           
private  java.lang.String service
           
static java.lang.String SERVICE_PROPERTY
           
static java.lang.String URL_PROPERTY
           
 
Fields inherited from interface org.globus.wsrf.impl.security.authorization.Authorization
AUTHORIZATION, AUTHZ_CLASS, AUTHZ_GRIDMAP, AUTHZ_HOST, AUTHZ_IDENTITY, AUTHZ_NONE, AUTHZ_SAML, AUTHZ_SELF, AUTHZ_USERNAME, GRIDMAP_PREFIX, HOST_PREFIX, IDENTITY_PREFIX, NONE_PREFIX, RESOURCE, SAML_PREFIX, SELF_PREFIX, USERNAME_PREFIX
 
Constructor Summary
HostAuthorization()
           
HostAuthorization(java.lang.String service)
           
 
Method Summary
private  boolean authorize(java.lang.String peerIdentity)
           
 void authorize(javax.security.auth.Subject peerSubject, javax.xml.rpc.handler.MessageContext context)
          Does host based authorization of the service.
 void close()
          this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call
static HostAuthorization getInstance()
          Returns an instance of host authentication.
 org.ietf.jgss.GSSName getName(javax.xml.rpc.handler.MessageContext ctx)
          Returns the identity of the authorized entity
 org.ietf.jgss.GSSName getName(java.net.URL endpoint)
           
 org.w3c.dom.Node getPolicy(org.w3c.dom.Node policy)
          gets the current policy of the PDP
 java.lang.String[] getPolicyNames()
          gets the names (typically uris) of all the policies that the PDP supports
 void initialize(PDPConfig config, java.lang.String name, java.lang.String _servicePath)
          Initializes the interceptor with configuration information that are valid up until the point when close is called.
 boolean isPermitted(javax.security.auth.Subject peerSubject, javax.xml.rpc.handler.MessageContext context, javax.xml.namespace.QName op)
          Does host based authorization of the client.
 org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
          sets the current policy of the PDP
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

i18n

private static org.globus.util.I18n i18n

logger

private static org.apache.commons.logging.Log logger

expected

org.ietf.jgss.GSSName expected

service

private java.lang.String service

pdpConfig

private PDPConfig pdpConfig

namePrefix

private java.lang.String namePrefix

URL_PROPERTY

public static final java.lang.String URL_PROPERTY
See Also:
Constant Field Values

SERVICE_PROPERTY

public static final java.lang.String SERVICE_PROPERTY
See Also:
Constant Field Values
Constructor Detail

HostAuthorization

public HostAuthorization()

HostAuthorization

public HostAuthorization(java.lang.String service)
Method Detail

getInstance

public static HostAuthorization getInstance()
Returns an instance of host authentication.

Returns:
an instance of this class initialized with host as a service.

initialize

public void initialize(PDPConfig config,
                       java.lang.String name,
                       java.lang.String _servicePath)
                throws InitializeException
Description copied from interface: Interceptor
Initializes the interceptor with configuration information that are valid up until the point when close is called.

Specified by:
initialize in interface Interceptor
Parameters:
config - holding interceptor specific configuration values, that may be obtained using the name paramter
name - the name that should be used to access all the interceptor local configuration
_servicePath - the id in common for all interceptors in a chain (it is valid up until close is called) if close is not called the interceptor may assume that the id still exists after a process restart
Throws:
InitializeException

getPolicyNames

public java.lang.String[] getPolicyNames()
Description copied from interface: PDP
gets the names (typically uris) of all the policies that the PDP supports

Specified by:
getPolicyNames in interface PDP
Returns:
array of policy names

getPolicy

public org.w3c.dom.Node getPolicy(org.w3c.dom.Node policy)
                           throws InvalidPolicyException
Description copied from interface: PDP
gets the current policy of the PDP

Specified by:
getPolicy in interface PDP
Parameters:
policy - may be used to query for a subset of a policy
Returns:
the policy
Throws:
InvalidPolicyException

setPolicy

public org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
                           throws InvalidPolicyException
Description copied from interface: PDP
sets the current policy of the PDP

Specified by:
setPolicy in interface PDP
Parameters:
policy - new policy
Returns:
optional set policy result
Throws:
InvalidPolicyException

close

public void close()
           throws CloseException
Description copied from interface: Interceptor
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call

Specified by:
close in interface Interceptor
Throws:
CloseException

isPermitted

public boolean isPermitted(javax.security.auth.Subject peerSubject,
                           javax.xml.rpc.handler.MessageContext context,
                           javax.xml.namespace.QName op)
                    throws AuthorizationException
Does host based authorization of the client. It reads the property url from the configured PDPConfig and does authorization based on the host name.

Specified by:
isPermitted in interface PDP
Parameters:
peerSubject - authenticated client subject with credentials and attributes
context - holds properties of this XML message exchange
op - operation that the subject wants to invoke
Throws:
AuthorizationException

authorize

public void authorize(javax.security.auth.Subject peerSubject,
                      javax.xml.rpc.handler.MessageContext context)
               throws AuthorizationException
Does host based authorization of the service. The host name is picked up from the MessageContext

Specified by:
authorize in interface Authorization
Throws:
AuthorizationException

authorize

private boolean authorize(java.lang.String peerIdentity)
                   throws AuthorizationException
Throws:
AuthorizationException

getName

public org.ietf.jgss.GSSName getName(javax.xml.rpc.handler.MessageContext ctx)
                              throws AuthorizationException
Description copied from interface: Authorization
Returns the identity of the authorized entity

Specified by:
getName in interface Authorization
Throws:
AuthorizationException

getName

public org.ietf.jgss.GSSName getName(java.net.URL endpoint)
                              throws AuthorizationException
Throws:
AuthorizationException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD