Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

issrg.gt4
Class SimplePermisPDP

java.lang.Object
  extended by issrg.gt4.SimplePermisPDP
All Implemented Interfaces:
SignatureVerifier
public class SimplePermisPDP
extends java.lang.Object
implements SignatureVerifier

This class should be replace by uk.ac.kent.dpa.custom.pdp.PermisPDP, which supports more flexiable adf configuration and the XACML request context so that it can work with the GT4 PIPs. Linying

Field Summary
static java.lang.String GSP_LDAP_AC_KEY
           
static java.lang.String GSP_USE_GRID_SHIB
           
static java.lang.String IDP_PROVIDER_ID_KEY
           
 
Constructor Summary
SimplePermisPDP()
           
 
Method Summary
 boolean checkSignature(byte[] Value, byte[] Signature, java.lang.String algorithmID, TokenLocator Signer)
          This is a simple signature verification - always returns true.
 void close()
          The standard PDP method;
protected  PBAAPI getADF(java.lang.String soa, java.lang.String oid, java.lang.String ldapURL, java.lang.String uRL, java.lang.String ldapAC_attribute, java.lang.String ldapPKC_attribute, java.lang.String rootCA)
          This method retrieves an instance of PBAAPI for a given configuration.
 org.w3c.dom.Node getPolicy(org.w3c.dom.Node query)
          The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.
 java.lang.String[] getPolicyNames()
          The standard PDP method; returns an empty array, since the behaviour was not defined by GT4 at the time of writing.
 void initialize(PDPConfig config, java.lang.String name, java.lang.String id)
          The standard PDP method initialises the PDP given the configuration.
 boolean isPermitted(javax.security.auth.Subject peerSubject, MessageContext context, javax.xml.namespace.QName operation)
          This method is invoked by GT4 when an authorisation decision must be made about a request.
 org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
          The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GSP_LDAP_AC_KEY

public static final java.lang.String GSP_LDAP_AC_KEY
See Also:
Constant Field Values

GSP_USE_GRID_SHIB

public static final java.lang.String GSP_USE_GRID_SHIB
See Also:
Constant Field Values

IDP_PROVIDER_ID_KEY

public static final java.lang.String IDP_PROVIDER_ID_KEY
See Also:
Constant Field Values
Constructor Detail

SimplePermisPDP

public SimplePermisPDP()
Method Detail

getPolicyNames

public java.lang.String[] getPolicyNames()
The standard PDP method; returns an empty array, since the behaviour was not defined by GT4 at the time of writing.

getPolicy

public org.w3c.dom.Node getPolicy(org.w3c.dom.Node query)
                           throws InvalidPolicyException
The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.

Throws:
InvalidPolicyException

setPolicy

public org.w3c.dom.Node setPolicy(org.w3c.dom.Node policy)
                           throws InvalidPolicyException
The standard PDP method; returns null, since the behaviour was not defined by GT4 at the time of writing.

Throws:
InvalidPolicyException

close

public void close()
The standard PDP method;

initialize

public void initialize(PDPConfig config,
                       java.lang.String name,
                       java.lang.String id)
                throws InitializeException
The standard PDP method initialises the PDP given the configuration.

Parameters:
config - - the PDPConfig obtained by GT4
name - - the name of the PDP (the thing before the ":" in the security descriptor for the service)
id - - the id of the PDP; not used in this implementation
Throws:
InitializeException

getADF

protected PBAAPI getADF(java.lang.String soa,
                        java.lang.String oid,
                        java.lang.String ldapURL,
                        java.lang.String uRL,
                        java.lang.String ldapAC_attribute,
                        java.lang.String ldapPKC_attribute,
                        java.lang.String rootCA)
                 throws InitializeException
This method retrieves an instance of PBAAPI for a given configuration. First, it looks for a PBAAPI for the given Policy OID in the cache, and if one is found, that one is used; otherwise a new one is created and cached.

Parameters:
soa - - the SOA name (LDAP DN)
oid - - the OID of the policy
ldapURL - - the URL of the LDAP repository to use to retrieve the policy and user ACs
uRL - - the URL of another repository where the user ACs are stored (this may be different from the policy LDAP)
ldapAC_attribute - - the attribute name of the ACs in the repositories
ldapPKC_attribute - - the attribute name of the PKCs in the repositories
rootCA - - the filename of the Root CA PKC; can be null, if no signature verification is required (NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS!)
Throws:
InitializeException

checkSignature

public boolean checkSignature(byte[] Value,
                              byte[] Signature,
                              java.lang.String algorithmID,
                              TokenLocator Signer)
This is a simple signature verification - always returns true.

Specified by:
checkSignature in interface SignatureVerifier
Parameters:
Value - is the byte array that had been signed
Signature - is the byte array of the resulting signature
algorithmID - is the String representation (dotted form) of the object identifier of the algorithm used for signing
Signer - is the TokenLocator of the signer
Returns:
true, if there is a valid non-revoked PKI token, which proves the signature is valid; false otherwise

isPermitted

public boolean isPermitted(javax.security.auth.Subject peerSubject,
                           MessageContext context,
                           javax.xml.namespace.QName operation)
                    throws AuthorizationException
This method is invoked by GT4 when an authorisation decision must be made about a request.

Parameters:
peerSubject - - the subject that makes/on whose behalf the request is made
context - - the MessageContext that describes the call
operation - - the operation name
Throws:
AuthorizationException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD