PDP (Globus® Toolkit 4.0.7 Java API Docs for globus_java_ws

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.globus.wsrf.security.authorization
Interface PDP

All Superinterfaces:: Interceptor, java.io.Serializable

All Known Implementing Classes:: GridMapAuthorization, HostAuthorization, IdentityAuthorization, LocalConfigPDP, NoAuthorization, SAMLAuthorizationCallout, SelfAuthorization, UsernameAuthorization

public interface PDP
extends Interceptor

Interface that must be implemented by all PDPs in an interceptor chain A PDP is responsible for making decisions whether a subject is allowed to invoke a certain operation. The subject may contain public or private credentials holding attributes collected and verified by PIPs. A PDP is also responsible for managing a policy associated with a service. The service is associated with the PDP in the initialize call in Interceptor through the id parameter.

See Also:: ServiceAuthorizationChain, PIP

Method Summary
`org.w3c.dom.Node`	`getPolicy(org.w3c.dom.Node query)` gets the current policy of the PDP
`java.lang.String[]`	`getPolicyNames()` gets the names (typically uris) of all the policies that the PDP supports
`boolean`	`isPermitted(javax.security.auth.Subject peerSubject, javax.xml.rpc.handler.MessageContext context, javax.xml.namespace.QName operation)` this operation is called by the PDP Framework whenever the application needs to call secured operations.
`org.w3c.dom.Node`	`setPolicy(org.w3c.dom.Node policy)` sets the current policy of the PDP

Methods inherited from interface org.globus.wsrf.security.authorization.Interceptor

close, initialize

Method Detail

getPolicyNames

public java.lang.String[] getPolicyNames()

gets the names (typically uris) of all the policies that the PDP supports

Returns:: array of policy names

getPolicy

public org.w3c.dom.Node getPolicy(org.w3c.dom.Node query)
                           throws InvalidPolicyException

gets the current policy of the PDP

Parameters:: query - may be used to query for a subset of a policy
Returns:: the policy
Throws:: InvalidPolicyException

setPolicy

public org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
                           throws InvalidPolicyException

sets the current policy of the PDP

Parameters:: policy - new policy
Returns:: optional set policy result
Throws:: InvalidPolicyException

isPermitted

public boolean isPermitted(javax.security.auth.Subject peerSubject,
                           javax.xml.rpc.handler.MessageContext context,
                           javax.xml.namespace.QName operation)
                    throws AuthorizationException

this operation is called by the PDP Framework whenever the application needs to call secured operations. The PDP should return true if the local policy allows the subject to invoke the operation. If the PDP has no local knowledge about whether the operation is allowed or not it should return false to allow other PDPs and PIPs in the chain to continue the evaluation. Obligations to be read by other PIPs or PDPs may be set as attributes in the Subject credentials.

Parameters:: peerSubject - authenticated client subject with credentials and attributes; context - holds properties of this XML message exchange; operation - operation that the subject wants to invoke
Throws:: AuthorizationException