|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object issrg.dis.DISCore
public abstract class DISCore
This class contains the core functionality of DIS. Extend it to tailor DIS to the execution environment.
Nested Class Summary | |
---|---|
class |
DISCore.DepthsCreds
This class is used for storing credentials and delegation depths before and during the checking/constraining process |
static class |
DISCore.DISConfig
|
static interface |
DISCore.Repository
|
Field Summary | |
---|---|
protected static org.apache.log4j.Appender |
appender
|
protected DISCore.DISConfig |
dcfg
|
protected static org.apache.log4j.Layout |
layout
|
protected static Logger |
log
|
protected PolicyFinder |
policy
|
protected static Logger |
root
|
protected SignatureVerifier |
sv
|
protected AuthzTokenParser |
tokenParser
|
Constructor Summary | |
---|---|
DISCore(DISCore.DISConfig dcfg)
|
Method Summary | |
---|---|
protected java.lang.String |
delegateForMe(java.lang.String issuerDN,
java.lang.String holderDN,
java.lang.String[] roleValues,
java.lang.String roleType,
java.lang.String from,
java.lang.String to,
java.lang.String assertion,
int deep)
This function will receive request of issuing AC from Apache Webserver |
protected java.lang.String |
revokeACForMe(byte[] ac,
java.lang.String requestor)
This function is used for revoking one AC. |
protected java.lang.String[] |
revokeForMe(java.lang.String requestorDN,
java.lang.String holderDN,
java.lang.String[] issuerDN,
java.lang.String[] serials)
This function is used for revoking one or more ACs. |
protected java.lang.String[] |
searchForMe(java.lang.String requestorDN,
java.lang.String holderDN)
This function searchs for ACs of an user and returns information about these ACs. |
protected java.lang.String |
storeACForMe(byte[] ac,
java.lang.String requestor)
This function will receive a request of storing an AC from a client (ACM tool). |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static Logger root
protected static Logger log
protected static org.apache.log4j.Appender appender
protected static org.apache.log4j.Layout layout
protected DISCore.DISConfig dcfg
protected SignatureVerifier sv
protected AuthzTokenParser tokenParser
protected PolicyFinder policy
Constructor Detail |
---|
public DISCore(DISCore.DISConfig dcfg) throws java.lang.Exception
java.lang.Exception
Method Detail |
---|
protected java.lang.String storeACForMe(byte[] ac, java.lang.String requestor)
base64AC
- is the AC in base64 format sent to the DIS
protected java.lang.String delegateForMe(java.lang.String issuerDN, java.lang.String holderDN, java.lang.String[] roleValues, java.lang.String roleType, java.lang.String from, java.lang.String to, java.lang.String assertion, int deep)
issuerUID
- is the UID of the issuer and it is used when checking
privileges of issuer compare to privileges of the AC to-be-signholderDN
- is the intended holder of the AC to-be-signroleValues
- is the array of role values that the issuer
wants to issue to the holderroleType
- is the type of role that the issuer wants to delegate to
the holderfrom
- is the starting time of validity period of the ACto
- is the ending time of validity period of the ACassertion
- states whether or not the holder of the AC can assert
privileges in this AC. If this parameter equals to "can" then the holder
can assert privileges in this AC. Otherwise, the holder can not assert
privileges in this AC.deep
- is capability of further delegation for the holder. The value "-1"
means the holder can not delegate privileges in this AC to anyone. The value
"1" means the holder can delegate privileges in this AC just downto one level.
"2" means the holder can delegate privileges in this AC just downto two level.
"0" means the holder can delegate privileges in this AC downto unlimited level.
Note that the above parameters mean the issuer intend to issue one AC with these properties. These properties could be changed by the DIS java object when checking the issuer's privileges and checking with delegation policy.
protected java.lang.String[] searchForMe(java.lang.String requestorDN, java.lang.String holderDN)
holderDN
- is the DN of user that one wants to retrieve his/her ACsrequestorDN
- is the DN of the requestor
protected java.lang.String revokeACForMe(byte[] ac, java.lang.String requestor)
base64AC
- is the encoded AC in Base64 format
protected java.lang.String[] revokeForMe(java.lang.String requestorDN, java.lang.String holderDN, java.lang.String[] issuerDN, java.lang.String[] serials)
requestorDN
- is the DN of the requestorholderDN
- is the DN of the ACs' holderissuerDN
- is an array of strings that represents the list of issuers of the requested ACsserials
- is an array of strings that represents the list of serialnumbers of the requested ACs
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |