Interface CredentialsService

All Known Subinterfaces:
All Known Implementing Classes:
DefaultRiskAssessment, SimpleCountingRiskAssessment, SimpleCredentialsService, SimplePeriodicRiskAssessment

public interface CredentialsService

This interface defines a call-back mechanism to let the AEF (Access decision Enforcement Function; refer to ISO 10181-3 access control framework) define its own criteria for credential usage. It is envisaged a Session Time can be useful in this respect, so a SessionTimeService object should implement this interface and notify the caller when the session time has elapsed. The actual implementations may not only throw exceptions, but may encapsulate references to their own call-back objects.

In case the set of credentials is not suitable for use, or a decision cannot be made, a PbaException should be thrown.

A Otenko

Method Summary
 void service(Subject user)
          This method provides the required service.
 void service(Subject user, Target target, Action action)

Method Detail


void service(Subject user)
             throws PbaException
This method provides the required service. It should always throw an exception if the subject is not suitable for use.

The method is always called at decision time and the thrown exception, if any, will be passed on to the AEF.

user - is the subject that contains the credentials on which the service is exerted
PbaException - in case the credentials cannot be used


void service(Subject user,
             Target target,
             Action action)
             throws PbaException