Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.globus.wsrf.impl.security.authorization
Class LocalConfigPDP

java.lang.Object
  extended byorg.globus.wsrf.impl.security.authorization.LocalConfigPDP
All Implemented Interfaces:
Interceptor, PDP, java.io.Serializable
public class LocalConfigPDP
extends java.lang.Object
implements PDP

A PDP implementation that is intended to be used by services to easily bootstrap an ACL into the PDP. The deployment descriptor of the service should have an authzConfigFile parameter that points to a file with mappings between users and their allowed operations. One user mapping is specified per line and multiple operations are separated by semicolon (;). The file may be modified without restarting the hosting environemnt

Example:

 /O\=Grid/O\=Globus/OU\=Sample\
 Org/CN\=AdminUser={http://www.gridforum.org/namespaces/2003/03/OGSI}findServiceData;
 \ {http://www.gridforum.org/namespaces/2003/03/OGSI}setServiceData;
 /O\=Grid/O\=Globus/OU\=Sample\
 Org/CN\=User={http://www.gridforum.org/namespaces/2003/03/OGSI}findServiceData

Note that white spaces and equal signs (=) need to be escaped with backslash (\)

Further note that the mappings are on a service level, and this pdp is thus appropriate to use in e.g. a ServiceAuthorizationChain

See Also:
PDP, Interceptor, Serialized Form

Field Summary
static java.lang.String[] CONFIG_LOCATIONS
           
private  java.io.File configFile
           
private  java.lang.String configFileName
           
private  long configLastModified
           
static java.lang.String DEFAULT_SECURITY_CONFIG_FILE
           
private static org.globus.util.I18n i18n
           
private static org.apache.commons.logging.Log logger
           
static java.lang.String SECURITY_CONFIG_FILE
           
private  java.util.Map userRightsMap
           
 
Constructor Summary
LocalConfigPDP()
           
 
Method Summary
 void close()
          this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call
private  java.io.File findConfigFile(java.lang.String fileName)
           
private  java.lang.String getConfigFileName(PDPConfig config, java.lang.String name)
           
 org.w3c.dom.Node getPolicy(org.w3c.dom.Node policy)
          gets the current policy of the PDP
 java.lang.String[] getPolicyNames()
          gets the names (typically uris) of all the policies that the PDP supports
 void initialize(PDPConfig config, java.lang.String name, java.lang.String id)
          Initializes the interceptor with configuration information that are valid up until the point when close is called.
 boolean isPermitted(javax.security.auth.Subject peer, javax.xml.rpc.handler.MessageContext context, javax.xml.namespace.QName op)
          this operation is called by the PDP Framework whenever the application needs to call secured operations.
private  java.util.Map readConfigFile(java.io.File configFile)
           
 org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
          sets the current policy of the PDP
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

i18n

private static org.globus.util.I18n i18n

SECURITY_CONFIG_FILE

public static final java.lang.String SECURITY_CONFIG_FILE
See Also:
Constant Field Values

DEFAULT_SECURITY_CONFIG_FILE

public static final java.lang.String DEFAULT_SECURITY_CONFIG_FILE
See Also:
Constant Field Values

CONFIG_LOCATIONS

public static final java.lang.String[] CONFIG_LOCATIONS

logger

private static org.apache.commons.logging.Log logger

configFileName

private java.lang.String configFileName

configFile

private java.io.File configFile

userRightsMap

private java.util.Map userRightsMap

configLastModified

private long configLastModified
Constructor Detail

LocalConfigPDP

public LocalConfigPDP()
Method Detail

initialize

public void initialize(PDPConfig config,
                       java.lang.String name,
                       java.lang.String id)
                throws InitializeException
Description copied from interface: Interceptor
Initializes the interceptor with configuration information that are valid up until the point when close is called.

Specified by:
initialize in interface Interceptor
Parameters:
config - holding interceptor specific configuration values, that may be obtained using the name paramter
name - the name that should be used to access all the interceptor local configuration
id - the id in common for all interceptors in a chain (it is valid up until close is called) if close is not called the interceptor may assume that the id still exists after a process restart
Throws:
InitializeException

getPolicyNames

public java.lang.String[] getPolicyNames()
Description copied from interface: PDP
gets the names (typically uris) of all the policies that the PDP supports

Specified by:
getPolicyNames in interface PDP
Returns:
array of policy names

isPermitted

public boolean isPermitted(javax.security.auth.Subject peer,
                           javax.xml.rpc.handler.MessageContext context,
                           javax.xml.namespace.QName op)
                    throws AuthorizationException
Description copied from interface: PDP
this operation is called by the PDP Framework whenever the application needs to call secured operations. The PDP should return true if the local policy allows the subject to invoke the operation. If the PDP has no local knowledge about whether the operation is allowed or not it should return false to allow other PDPs and PIPs in the chain to continue the evaluation. Obligations to be read by other PIPs or PDPs may be set as attributes in the Subject credentials.

Specified by:
isPermitted in interface PDP
Parameters:
peer - authenticated client subject with credentials and attributes
context - holds properties of this XML message exchange
op - operation that the subject wants to invoke
Throws:
AuthorizationException

findConfigFile

private java.io.File findConfigFile(java.lang.String fileName)

getConfigFileName

private java.lang.String getConfigFileName(PDPConfig config,
                                           java.lang.String name)

readConfigFile

private java.util.Map readConfigFile(java.io.File configFile)

getPolicy

public org.w3c.dom.Node getPolicy(org.w3c.dom.Node policy)
                           throws InvalidPolicyException
Description copied from interface: PDP
gets the current policy of the PDP

Specified by:
getPolicy in interface PDP
Parameters:
policy - may be used to query for a subset of a policy
Returns:
the policy
Throws:
InvalidPolicyException

setPolicy

public org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
                           throws InvalidPolicyException
Description copied from interface: PDP
sets the current policy of the PDP

Specified by:
setPolicy in interface PDP
Parameters:
policy - new policy
Returns:
optional set policy result
Throws:
InvalidPolicyException

close

public void close()
           throws CloseException
Description copied from interface: Interceptor
this method is called by the PDP framework to indicate that the interceptor now should remove all state that was allocated in the initialize call

Specified by:
close in interface Interceptor
Throws:
CloseException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD