issrg.pba.rbac
Class CustomisePERMIS

java.lang.Object
  extended by issrg.pba.rbac.CustomisePERMIS

public class CustomisePERMIS
extends java.lang.Object

This class should be used to customise the components PERMIS RBAC uses.

These include:

CustomisePERMIS and the creation of PermisRBAC should be in a synchronized block, so the other threads do not modify your settings.

Version:
1.0
Author:
A.Otenko

Field Summary
protected static java.lang.Class authTokenParser
          The class of the default AuthTokenParser (issrg.simplePERMIS.SimplePERMISTokenParser).
protected static boolean certFirst
           
static java.lang.Class comparator
          This is the default Role Assignment Rule Comparator, used to optimise the delegation chain validation by applying the most relevant Role Assignment Rules first.
protected static int rev_time
           
protected static java.lang.Class revocationChecker
           
protected static boolean shouldRevoke
           
static Clock systemClock
          This is the secure source of time used by PERMIS.
 
Constructor Summary
CustomisePERMIS()
           
 
Method Summary
static void addURLHandler(java.lang.String className)
          This method adds a URL Handler.
static boolean checkCertificateFirst()
          This is the method which administrators should change if they want to reverse the order of revocation checking The values are: certFirst and crlFirst The default setting is to get the certificate first for performance.
static void configureX509Flavour()
          This is the method to configure X.509 flavour into PERMIS: after this PERMIS will accept X.509 ACs by default.
static java.lang.String getAttributeCertificateAttribute()
          This method returns the LDAP attribute name used to retrieve the Attribute Certificates.
static AuthzTokenParser getAuthzTokenParser()
          This method returns an instance of a AuthTokenParser configured into PERMIS.
static java.util.Calendar getCalendar()
          This method returns the calendar to be used by all classes interpreting time.
static RuleComparator getComparator()
          This method returns an instance of the default Role Assignment Rule Comparator.
static java.lang.String getDefaultSchemaLocation()
          This method is used by W3CXMLSchemaValidator's default constructor to find out the path to the default schema for policies.
static RevocationChecker getRevocationChecker()
          The revocation checker is used to check if certificates are revoked
static int getRevocationCount()
           
static int getRevocationTimeOut()
           
static SAMLSecurity getSAMLSecurity()
          this method is used to get SAML security object in order to retrieve user's keys
static Clock getSystemClock()
          This method returns the clock that will be used for calculating relative validity periods and a time reference for decision-making.
static java.lang.String getUserCertificateAttribute()
          This method returns the LDAP attribute name used to retrieve the Public Key Certificates.
static boolean isMultiParserUsed()
          it returns true if multiple parsers are used.
static void registerACExtensions()
          This method registers the default X.509 AC extension parsing classes.
static void registerACExtensions(java.lang.String[] exts)
          This method registers the X.509 AC extension parsing classes provided in addition to already registered exntensions.
static void setAttributeCertificateAttribute(java.lang.String id)
          This method sets the LDAP attribute name used to retrieve the Attribute Certificates.
static void setAuthzTokenParser(java.lang.String className)
          Sets the default Auth Token Parser to be used by PERMIS.
static void setCheckCRLRevocationFirst(boolean shouldCRLbeCheckedFirst)
           
static void setComparator(java.lang.String className)
          This method sets the name of the class of the default Role Assignment Rule Comparator.
static void setDefaultSchemaLocation(java.lang.String defaultSchemaLocation)
          Set the path to the default permis schema at runtime.
static void setMultiParser(boolean mp)
          this method is used to flag whether multiple parsers are used.
static void setRevocationChecker(java.lang.String className)
          Sets the default Revocation checker to be used by PERMIS.
static void setRevocationCheckerRevoking(boolean revoke)
           
static void setSAMLSecurity(SAMLSecurity security)
          this method is used to set the SAML security object for holding user's security information, e.g.
static void setSystemClock(java.lang.String className)
          Sets the default System Clock to be used by PERMIS.
static void setUserCertificateAttribute(java.lang.String id)
          This method sets the LDAP attribute name used to retrieve the Public Key Certificates.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

systemClock

public static Clock systemClock
This is the secure source of time used by PERMIS.


revocationChecker

protected static java.lang.Class revocationChecker

certFirst

protected static boolean certFirst

rev_time

protected static int rev_time

shouldRevoke

protected static boolean shouldRevoke

authTokenParser

protected static java.lang.Class authTokenParser
The class of the default AuthTokenParser (issrg.simplePERMIS.SimplePERMISTokenParser).


comparator

public static java.lang.Class comparator
This is the default Role Assignment Rule Comparator, used to optimise the delegation chain validation by applying the most relevant Role Assignment Rules first.

See Also:
RuleComparator
Constructor Detail

CustomisePERMIS

public CustomisePERMIS()
Method Detail

getSystemClock

public static Clock getSystemClock()
This method returns the clock that will be used for calculating relative validity periods and a time reference for decision-making. Replace it using setSystemClock with your implementation, if you find SystemClock is not secure enough.

Replacing the value does not affect any of the objects already created.


getCalendar

public static java.util.Calendar getCalendar()
This method returns the calendar to be used by all classes interpreting time. By using the same method of constructing the Calendar, it can be ensured that interpretation of time is consistent throughout the code, taking into account both the TimeZone and Daylight Saving.


getAuthzTokenParser

public static AuthzTokenParser getAuthzTokenParser()
This method returns an instance of a AuthTokenParser configured into PERMIS.


checkCertificateFirst

public static boolean checkCertificateFirst()
This is the method which administrators should change if they want to reverse the order of revocation checking The values are: certFirst and crlFirst The default setting is to get the certificate first for performance. The administrator can change the order dynamically by calling the method setCheckCRLRevocationFirst(true);

Returns:
if the certificate

setCheckCRLRevocationFirst

public static void setCheckCRLRevocationFirst(boolean shouldCRLbeCheckedFirst)

getRevocationTimeOut

public static int getRevocationTimeOut()
Returns:

getRevocationCount

public static int getRevocationCount()

getRevocationChecker

public static RevocationChecker getRevocationChecker()
The revocation checker is used to check if certificates are revoked

Returns:
a revocation checker

setRevocationCheckerRevoking

public static void setRevocationCheckerRevoking(boolean revoke)

setAuthzTokenParser

public static void setAuthzTokenParser(java.lang.String className)
                                throws java.lang.ClassNotFoundException
Sets the default Auth Token Parser to be used by PERMIS. The default is issrg.simplePERMIS.SimplePERMISTokenParser, but other implementations may need a parser for a different token format.

Parameters:
className - - the name of the class to use as the authorisation token parser
Throws:
java.lang.ClassNotFoundException
See Also:
SimplePERMISTokenParser

setRevocationChecker

public static void setRevocationChecker(java.lang.String className)
                                 throws java.lang.ClassNotFoundException
Sets the default Revocation checker to be used by PERMIS. The default is issrg.pba.rbac.DefaultRevocationChecker.

Parameters:
className - - the name of the class to use as the revocation checker
Throws:
java.lang.ClassNotFoundException
See Also:
RevocationChecker

setSystemClock

public static void setSystemClock(java.lang.String className)
                           throws java.lang.ClassNotFoundException
Sets the default System Clock to be used by PERMIS. The default is issrg.pba.rbac.SystemClock, but other implementations may need a secure timestamping clock.

Parameters:
className - - the name of the class to use as the system clock
Throws:
java.lang.ClassNotFoundException
See Also:
SystemClock

addURLHandler

public static void addURLHandler(java.lang.String className)
                          throws java.lang.ClassNotFoundException
This method adds a URL Handler. This helps XMLParser to construct the policy representation.

Parameters:
className - - the name of the class to be added as a URLHandler.
Throws:
java.lang.ClassNotFoundException
See Also:
URLHandler

configureX509Flavour

public static void configureX509Flavour()
                                 throws PbaException
This is the method to configure X.509 flavour into PERMIS: after this PERMIS will accept X.509 ACs by default.

The method registers the default AuthTokenParser that supports X.509 Attribute Certificates and registers all the AC Extensions.

Throws:
PbaException

getAttributeCertificateAttribute

public static java.lang.String getAttributeCertificateAttribute()
This method returns the LDAP attribute name used to retrieve the Attribute Certificates.


setAttributeCertificateAttribute

public static void setAttributeCertificateAttribute(java.lang.String id)
This method sets the LDAP attribute name used to retrieve the Attribute Certificates.


getUserCertificateAttribute

public static java.lang.String getUserCertificateAttribute()
This method returns the LDAP attribute name used to retrieve the Public Key Certificates.


setUserCertificateAttribute

public static void setUserCertificateAttribute(java.lang.String id)
This method sets the LDAP attribute name used to retrieve the Public Key Certificates.


registerACExtensions

public static void registerACExtensions()
                                 throws PbaException
This method registers the default X.509 AC extension parsing classes.

Throws:
PbaException

registerACExtensions

public static void registerACExtensions(java.lang.String[] exts)
                                 throws PbaException
This method registers the X.509 AC extension parsing classes provided in addition to already registered exntensions.

Throws:
PbaException

getComparator

public static RuleComparator getComparator()
This method returns an instance of the default Role Assignment Rule Comparator.

See Also:
RuleComparator

setComparator

public static void setComparator(java.lang.String className)
                          throws java.lang.ClassNotFoundException
This method sets the name of the class of the default Role Assignment Rule Comparator. It checks that it implements the RuleComparator interface.

Throws:
java.lang.ClassNotFoundException
See Also:
RuleComparator

setMultiParser

public static void setMultiParser(boolean mp)
this method is used to flag whether multiple parsers are used.


isMultiParserUsed

public static boolean isMultiParserUsed()
it returns true if multiple parsers are used.


setSAMLSecurity

public static void setSAMLSecurity(SAMLSecurity security)
this method is used to set the SAML security object for holding user's security information, e.g. key pair.


getSAMLSecurity

public static SAMLSecurity getSAMLSecurity()
this method is used to get SAML security object in order to retrieve user's keys


getDefaultSchemaLocation

public static java.lang.String getDefaultSchemaLocation()
This method is used by W3CXMLSchemaValidator's default constructor to find out the path to the default schema for policies.

Returns:
the path to the default schema to be used for validating the policies

setDefaultSchemaLocation

public static void setDefaultSchemaLocation(java.lang.String defaultSchemaLocation)
Set the path to the default permis schema at runtime. IMPORTANT: The static initialiser of W3CXMLSchemaValidator class uses this method to set the path to the value from the schema_checking.properties file. It is therefore vital that the W3CXMLSchemaValidator class is referenced BEFORE this method is called with the custom path to the schema.

Parameters:
defaultSchemaLocation - the new location of the default schema