issrg.pba
Interface ParsedToken

All Known Subinterfaces:
DelegatableToken, WebDAVRevocable
All Known Implementing Classes:
DefaultDelegatableToken, DefaultParsedToken, SAMLParsedToken, WebDAVRevocableDelegatableParsedToken, WebDAVRevocableParsedToken

public interface ParsedToken

This interface represents a implementation-independent Authorisation Token. In default PERMIS RBAC the implementation-specific AuthZ Tokens are X.509 Attribute Certificates. In Shibboleth PERMIS RBAC they are Shibboleth Attributes. Other may be supplied.


Method Summary
 Credentials getCredentials()
          This method extracts the Credentials from the object representing the Authorisation Token.
 Entry getHolder()
          This method extracts the Holder's Entry from the Authorisation Token.
 TokenLocator getIssuerTokenLocator()
          This method extracts the Issuer's Token Locator from the Authorisation token.
 boolean isRevocable()
          This method will return a boolean identifying the token as revocable or not A token can be not-revocable if the AC contain the noRevAvail extension defined in X.509 or if it is a short-lived SAML assertion or Shibboleth credential.
 

Method Detail

getCredentials

Credentials getCredentials()
This method extracts the Credentials from the object representing the Authorisation Token.

The result is never null.

Returns:
Credentials is the Credentials that the Authorisation Token contains

getHolder

Entry getHolder()
This method extracts the Holder's Entry from the Authorisation Token. The returned object can be used to perform subject domain matching and location of the holder's authorisation tokens.

Returns:
Entry of the Holder, which can be used for finding other tokens and for matching subject domains

getIssuerTokenLocator

TokenLocator getIssuerTokenLocator()
This method extracts the Issuer's Token Locator from the Authorisation token. This information may not be available in the Authorisation token, but the implementation should return at least a TokenLocator that returns the Entry. This is needed to perform matching of the issuer name.


isRevocable

boolean isRevocable()
This method will return a boolean identifying the token as revocable or not A token can be not-revocable if the AC contain the noRevAvail extension defined in X.509 or if it is a short-lived SAML assertion or Shibboleth credential.

Returns:
a boolen identifying the parsed token as revocable. May be used by the RevocationChecker.