ManagedPermisRBAC

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

issrg.pba.management.agent.managed
Class ManagedPermisRBAC

java.lang.Object
  issrg.pba.rbac.PermisRBAC
      issrg.pba.management.agent.managed.ManagedPermisRBAC

All Implemented Interfaces:: ManagedPermisRBACMBean, PBAAPI

public class ManagedPermisRBAC
extends PermisRBAC
implements ManagedPermisRBACMBean
extends PermisRBAC
implements ManagedPermisRBACMBean

This is a Managed PERMIS engine.

as a Managed PERMIS engine it must implement ManagedPermis, which is the Functionality provided to the PERMIS Agent. And it must implement an MBean interface, which provides the instrumentation to the PERMIS Manager.

one purpose of this class it to encapsulate the initialisation parameters, in order that they can be used to re get the policy should the PERMIS Manager instruct it to.

at the moment no initialisation parameters are required for the current management-information.

implementing the read lock on the PEP access to PermisRBAC methods only required overwriting two methods, performing the lock and calling the corresponding method in PermisRBAC.

The only problem may arise if the methods in PermisRBAC are ever changed in the future.

Version:: 0.3.2008.03.20
Author:: mfb4@kent.ac.uk

Field Summary

Fields inherited from class issrg.pba.rbac.PermisRBAC
`TIME_VARIABLE, TIMEOUT`

Constructor Summary
`ManagedPermisRBAC(PolicyFinder pf, AttributeRepository ar, AuthzTokenParser authParser, PAConfiguration configuration)` managed PERMIS engine.

Method Summary
`Response`	`authzDecision(Subject subject, Action action, Target target, java.util.Map contextualParams)` This overridden method adds a PEP read lock on the making of a decision.
`protected void`	`finalize()` ensure that the PERMIS agent stops listening for connections.
`protected Subject`	`getCreds(UserEntry subjectDN, java.lang.Object[] creds, AuthzTokenRepository repository, CredentialsService service)` This overridden method adds a PEP read lock to the getting of subject credentials.
`java.security.Principal`	`getPrincipalSOA()` the Source of Authority.
`protected PermisSubject`	`newPermisSubject(java.security.Principal dN, CredentialsService service, java.lang.String policyOID, Credentials creds)` This method is used by getCreds to return a PermisSubject.
`void`	`stopAgent()` stop the agent.
`void`	`stoppedAgent()` the agent has stopped.
`java.lang.String`	`updatePolicy(java.lang.String xmlPolicy)` Updates the policy with the given one.
`java.lang.String`	`updatePolicy(java.lang.String policyName, byte[] policyACbyteArray)` engine.updatePolicy instrumentation.
`java.lang.String`	`updatePolicyFromLDAP(java.lang.String policyName, java.lang.String host, java.lang.Integer port, java.lang.String aCName, java.lang.String version)` engine.updatePolicyInLDAP instrumentation.
`java.lang.String`	`updatePolicyFromWebDAV(java.lang.String policyName, java.lang.String host, java.lang.Integer port)` engine.updatePolicyFromWebDAV instrumentation.

Methods inherited from class issrg.pba.rbac.PermisRBAC
`decision, getCreds, getCreds, getCreds, getCreds, getCreds, getPolicyFinder, getRepositories, getRepositories, getTimeOut, initEnv, SAWSCloseLog`

Methods inherited from class java.lang.Object
`clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

ManagedPermisRBAC

public ManagedPermisRBAC(PolicyFinder pf,
                         AttributeRepository ar,
                         AuthzTokenParser authParser,
                         PAConfiguration configuration)
                  throws PbaException

managed PERMIS engine. If the configuration is not null then a PERMIS agent is created and used to allow PERMIS managers to connect.

Parameters:: pf - - the PolicyFinder that locates the policy it must implement "ManagedPolicyFinder" interface.; ar - - the AttributeRepository used to retrieve Authorisation; authParser - - the AuthTokenParser used to decode the Authorisation Tokens; configuration - - the configuration used to set up the PERMIS agent as a server and listen for PERMIS managers to connect.
Throws:: PbaException - if something goes wrong
Since:: 0.2.2008.02.20

Method Detail

getCreds

protected Subject getCreds(UserEntry subjectDN,
                           java.lang.Object[] creds,
                           AuthzTokenRepository repository,
                           CredentialsService service)
                    throws PbaException

This overridden method adds a PEP read lock to the getting of subject credentials. Parameter description taken form super method.

Overrides:: getCreds in class PermisRBAC

Parameters:: subjectDN - is the identifier of the subject; when X.509 flavour is configured it must contain either the PKC subject DN, or the PKC SerialNumber and Issuer DN, or both; creds - is an array of Authorisation Tokens (e.g. AttributeCertificates to use (push model); can be null (pull model); repository - - the AuthTokenRepository from which the missing Authorisation Tokens will be obtained; if null, the AuthTokenRepository provided at construction time will be used; if creds is not null, this parameter is ignored; service - is attached to the Subject object, and will be called each time a decision is made; this way, for example, it is possible to expire the Subject object by throwing an exception
Returns:: a Subject that implements ManagedSubject
Throws:: PbaException - if creating the subject fails.
Since:: 0.2.2008.02.20

newPermisSubject

protected PermisSubject newPermisSubject(java.security.Principal dN,
                                         CredentialsService service,
                                         java.lang.String policyOID,
                                         Credentials creds)

This method is used by getCreds to return a PermisSubject.

the default PermisSubject is being replaces with a ManagedPermisSubject, in order that the subject can keep a track of the policy version it was created against.

Overrides:: newPermisSubject in class PermisRBAC

Parameters:: dN - ??; service - ??; policyOID - ??; creds - ??
Returns:: a ManagedPermisSubject
Since:: 0.2.2008.02.20
See Also:: (java.security.Principal, issrg.pba.CredentialsService, java.lang.String, issrg.pba.Credentials)

authzDecision

public Response authzDecision(Subject subject,
                              Action action,
                              Target target,
                              java.util.Map contextualParams)
                       throws PbaException

This overridden method adds a PEP read lock on the making of a decision.

Specified by:: authzDecision in interface PBAAPI
Overrides:: authzDecision in class PermisRBAC

Parameters:: subject - wishing to carry out the action on the target; action - that the subject wishes to carry out; target - object on which the action is carried out; contextualParams - Application_Context a list of application contextual parameters
Returns:: a Response object with the decision
Throws:: PbaException - if something goes wrong whilst making a decision
Since:: 0.2.2008.02.20
See Also:: (issrg.pba.Subject, issrg.pba.Action, issrg.pba.Target, java.util.Map)

getPrincipalSOA

public java.security.Principal getPrincipalSOA()

the Source of Authority. who owns the policy.

Returns:: the principal object representing the SOA.
Since:: 0.2.2008.02.20

finalize

protected void finalize()

ensure that the PERMIS agent stops listening for connections.

Overrides:: finalize in class PermisRBAC

Since:: 0.3.2008.03.21

stopAgent

public void stopAgent()

stop the agent. i.e. stop the MBean server form listening on the port. and communication with any PERMIS managers.

Since:: 0.3.2008.03.21

stoppedAgent

public void stoppedAgent()

the agent has stopped.

this is a PERMIS agent callback method, informing this managed PERMIS that the agent has stopped listening to, and communicating with any PERMIS managers.

Since:: 0.3.2008.03.21

updatePolicy

public java.lang.String updatePolicy(java.lang.String policyName,
                                     byte[] policyACbyteArray)
                              throws PbaException

engine.updatePolicy instrumentation. replace the current policy with the one held in the policy contained in the AC.

Plase the the byte array containing the AC (with policy) into a Virtual Repository and pass it into the Policy Finders updatePolicy method.

Specified by:: updatePolicy in interface ManagedPermisRBACMBean

Parameters:: policyName - unique policy name (normally an object identifier); policyACbyteArray - the Attribute Certificate containing the policy
Returns:: A String value response (Message) to report back to the PERMIS Manager
Throws:: PbaException - - if one it thrown during the update Process
Since:: 0.3.2008.03.20

updatePolicyFromWebDAV

public java.lang.String updatePolicyFromWebDAV(java.lang.String policyName,
                                               java.lang.String host,
                                               java.lang.Integer port)
                                        throws PbaException

engine.updatePolicyFromWebDAV instrumentation. replace the current policy with the one held in the specified WevDAV directory.

Place the the location of the policy, which is in a WebDAV directory into a WebDAV Repository and pass that into the Policy Finders updatePolicy method.

Specified by:: updatePolicyFromWebDAV in interface ManagedPermisRBACMBean

Parameters:: policyName - unique policy name (normally an object identifier); host - location of the WebDAV directory; port - number of the WebDAV directory
Returns:: A String value response (Message) to report back to the PERMIS Manager
Throws:: PbaException - if one it thrown during the update Process
Since:: 0.3.2008.03.20

updatePolicyFromLDAP

public java.lang.String updatePolicyFromLDAP(java.lang.String policyName,
                                             java.lang.String host,
                                             java.lang.Integer port,
                                             java.lang.String aCName,
                                             java.lang.String version)
                                      throws PbaException

engine.updatePolicyInLDAP instrumentation. replace the current policy with the one held in the specified LDAP directory.

Place the location of the policy, which is in an LDAP directory into an LDAP Repository and pass that into the Policy Finders updatePolicy method.

Specified by:: updatePolicyFromLDAP in interface ManagedPermisRBACMBean

Parameters:: policyName - unique policy name (normally an object identifier); host - location of the LDAP directory; port - number of the LDAP directory; aCName - LDAP attribute name use to identify Attribute Certificate entries; version - of the LDAP installation
Returns:: A String value response (Message) to report back to the PERMIS Manager
Throws:: PbaException - if one it thrown during the update Process
Since:: 0.3.2008.03.20

updatePolicy

public java.lang.String updatePolicy(java.lang.String xmlPolicy)
                              throws PbaException

Updates the policy with the given one.

Specified by:: updatePolicy in interface ManagedPermisRBACMBean

Parameters:: xmlPolicy - a string containing the new policy
Returns:: a String containing the status
Throws:: PbaException - when something goes wrong while updating the policy

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

issrg.pba.management.agent.managed Class ManagedPermisRBAC

ManagedPermisRBAC

getCreds

newPermisSubject

authzDecision

getPrincipalSOA

finalize

stopAgent

stoppedAgent

updatePolicy

updatePolicyFromWebDAV

updatePolicyFromLDAP

updatePolicy

issrg.pba.management.agent.managed
Class ManagedPermisRBAC