issrg.pba.rbac
Class PermisSubject

java.lang.Object
  issrg.pba.rbac.PermisSubject

All Implemented Interfaces:

Subject

Direct Known Subclasses:

HandlerSubject, ManagedPermisSubject

public class PermisSubject
extends java.lang.Object
implements Subject

The Permis implementation of a subject. It knows the holder and its credentials, it contains additional service for checking the credentials validity. It knows what policy it is applicable to, and works for one PermisRBAC object only.

Version:

0.2

Author:

A Otenko, E Ball, D W Chadwick

Field Summary

protected PBAAPI	owner
protected java.lang.String	PolicyOID

Constructor Summary

protected	PermisSubject()
protected	PermisSubject(PBAAPI owner, java.security.Principal DN, CredentialsService service, java.lang.String PolicyOID, Credentials creds) This constructor builds a subject from a distinguished name and the credentials the holder possesses.

Method Summary

Credentials	exportCreds() This method returns the Credentials (roles for the Permis project) of the subject.
java.security.Principal	getHolder() This method returns the distinguished name of the subject.
java.lang.String	getName() This method returns the distinguished name of the subject as a string.
PBAAPI	getOwner() This method returns the owner of the Subject object.
CredentialsService	getService() This method returns the object providing additional service on the set of credentials.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PolicyOID

protected java.lang.String PolicyOID

owner

protected PBAAPI owner

Constructor Detail

PermisSubject

protected PermisSubject()

PermisSubject

protected PermisSubject(PBAAPI owner,
                        java.security.Principal DN,
                        CredentialsService service,
                        java.lang.String PolicyOID,
                        Credentials creds)

This constructor builds a subject from a distinguished name and the credentials the holder possesses.

Parameters:

owner - is the reference to the PBA API implementation that has created this object; so the owner could ensure it uses the subject for the right policy

DN - the distinguished name of the subject

service - is the run-time restriction on use of the credential set contained within this Subject

policyOID - The OID of the policy controlling the subject

creds - the Credential of the subject

Method Detail

exportCreds

public Credentials exportCreds()

This method returns the Credentials (roles for the Permis project) of the subject.

Specified by:

exportCreds in interface Subject

Returns:

the Credential of the subject

getHolder

public java.security.Principal getHolder()

This method returns the distinguished name of the subject.

Specified by:

getHolder in interface Subject

Returns:

the Principal, representing the name of the holder

getName

public java.lang.String getName()

This method returns the distinguished name of the subject as a string.

Returns:

the String representation of the holder name

getService

public CredentialsService getService()

This method returns the object providing additional service on the set of credentials.

Specified by:

getService in interface Subject

Returns:

the CredentialService instance; can be null, if no additional services were attached to the credentials

getOwner

public PBAAPI getOwner()

This method returns the owner of the Subject object.

Specified by:

getOwner in interface Subject

Returns:

the parent PBAAPI