Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.globus.wsrf.security
Class SecurityManager

java.lang.Object
  extended by org.globus.wsrf.security.SecurityManager
Direct Known Subclasses:
SecurityManagerImpl
public abstract class SecurityManager
extends java.lang.Object

Constructor Summary
SecurityManager()
           
 
Method Summary
abstract  java.lang.String getCaller()
          Returns the identity of the current caller.
abstract  java.security.Principal getCallerPrincipal()
          Returns the identity of the current caller.
abstract  java.lang.String[] getLocalUsernames()
          Returns the local user name of the caller as mapped in the configured grid map file.
static SecurityManager getManager()
          Returns an instance of the security manager.
static SecurityManager getManager(javax.xml.rpc.handler.soap.SOAPMessageContext ctx)
          Returns an instance of the security manager.
abstract  javax.security.auth.Subject getPeerSubject()
          Returns the subject of the caller/client Might return null if client did not authenticate.
abstract  javax.security.auth.Subject getServiceSubject()
          Returns effective service subject.
abstract  javax.security.auth.Subject getServiceSubject(java.lang.String servicePath)
          Returns effective service subject.
abstract  javax.security.auth.Subject getSubject()
           
abstract  javax.security.auth.Subject getSubject(Resource resource)
           
abstract  javax.security.auth.Subject getSubject(java.lang.String servicePath, Resource resource)
          Returns effective resource subject.
abstract  javax.security.auth.Subject getSystemSubject()
          Returns the system subject (containing the container credentials).
abstract  void setResourceOwnerFromContext(ResourceSecurityDescriptor desc)
          Sets the resource descriptor object with the current invocation subject.
abstract  javax.security.auth.Subject setServiceOwnerFromContext()
          Sets the target service with the current invocation subject.
abstract  javax.security.auth.Subject setServiceOwnerFromContext(java.lang.String servicePath)
          Sets the service with the current invocation subject.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecurityManager

public SecurityManager()
Method Detail

getManager

public static SecurityManager getManager()
Returns an instance of the security manager.

Returns:
an instance of the security manager.

getManager

public static SecurityManager getManager(javax.xml.rpc.handler.soap.SOAPMessageContext ctx)
Returns an instance of the security manager.

Returns:
an instance of the security manager.

getSystemSubject

public abstract javax.security.auth.Subject getSystemSubject()
                                                      throws SecurityException
Returns the system subject (containing the container credentials).

Returns:
the system subject.
Throws:
SecurityException - if failed to obtain container credentials.

getServiceSubject

public abstract javax.security.auth.Subject getServiceSubject()
                                                       throws SecurityException
Returns effective service subject. Returns subject in this order depending on which is set: service subject, system subject.

Returns:
the service subject if set, system subject otherwise.
Throws:
SecurityException - if failed to obtain credentials.

getServiceSubject

public abstract javax.security.auth.Subject getServiceSubject(java.lang.String servicePath)
                                                       throws SecurityException
Returns effective service subject. Returns subject in this order depending on which is set: service subject, system subject.

Parameters:
servicePath - service path
Returns:
the service subject if set, system subject otherwise.
Throws:
SecurityException - if failed to obtain credentials.

getSubject

public abstract javax.security.auth.Subject getSubject(Resource resource)
                                                throws SecurityException
Throws:
SecurityException

getSubject

public abstract javax.security.auth.Subject getSubject()
                                                throws SecurityException
Throws:
SecurityException

getSubject

public abstract javax.security.auth.Subject getSubject(java.lang.String servicePath,
                                                       Resource resource)
                                                throws SecurityException
Returns effective resource subject. Returns subject in this order depending on which is set: resource subject, service subject, system subject.

Parameters:
servicePath - service path
resource - object representing the resource
Returns:
the service subject if set, system subject otherwise.
Throws:
SecurityException - if failed to obtain credentials.

getCaller

public abstract java.lang.String getCaller()
Returns the identity of the current caller. Might return null if client did not authenticate.

Returns:
the identity of the caller. Might be null.

getCallerPrincipal

public abstract java.security.Principal getCallerPrincipal()
Returns the identity of the current caller. Might return null if client did not authenticate.

Returns:
the identity of the caller. Might be null.

getPeerSubject

public abstract javax.security.auth.Subject getPeerSubject()
Returns the subject of the caller/client Might return null if client did not authenticate.

Returns:
the subject of the caller. Might be null.

setServiceOwnerFromContext

public abstract javax.security.auth.Subject setServiceOwnerFromContext(java.lang.String servicePath)
                                                                throws SecurityException
Sets the service with the current invocation subject. The invocation subject must contain some private credentials. All GlobusPrincipals in invocation subject are added as authorized users to access the service.
Note: On a GridMap refresh this user data is lost.

Parameters:
servicePath - the service to set the subject on.
Returns:
the new service subject object
Throws:
SecurityException - if the operation fails.

setServiceOwnerFromContext

public abstract javax.security.auth.Subject setServiceOwnerFromContext()
                                                                throws SecurityException
Sets the target service with the current invocation subject. The invocation subject must contain some private credentials. All GlobusPrincipals in invocation subject are added as authorized users to access the service.
Note: On a GridMap refresh this user data is lost.

Returns:
the new service subject object
Throws:
SecurityException - if the operation fails.

setResourceOwnerFromContext

public abstract void setResourceOwnerFromContext(ResourceSecurityDescriptor desc)
                                          throws SecurityException
Sets the resource descriptor object with the current invocation subject. The invocation subject must contain some private credentials. All GlobusPrincipals in invocation subject are added as authorized users to access the resource.
Note: On a GridMap refresh this user data is lost.

Parameters:
desc - the resource security descriptor to set the subject on.
Throws:
SecurityException - if the operation fails.

getLocalUsernames

public abstract java.lang.String[] getLocalUsernames()
                                              throws SecurityException
Returns the local user name of the caller as mapped in the configured grid map file. Will be null if GridMap Authorization is not used.

Throws:
SecurityException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD