|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object issrg.pba.rbac.policies.AccessRule
public class AccessRule
This is the object representing an Access Rule. It can verify if the given set of credentials is enough to access certain target domain in accordance with the IF-statement. It is not aware of what action it is applied to, this is the responsibility of the caller to create an appropriate action definition, to name the parameters to the action and pass this environment to this object for decision making.
Note that if the rule does not allow access to the target, it does not mean that access should be denied: there could exist another rule that allows the action.
This is the kind of objects that are stored as the Target Access Policy.
AccessPolicy
Constructor Summary | |
---|---|
protected |
AccessRule()
|
|
AccessRule(Subtree targetDomain,
Credentials cred,
Term ifStatement)
This constructor builds the AccessRule object that can make a decision for one Target Domain. |
|
AccessRule(Subtree targetDomain,
Credentials cred,
Term ifStatement,
Obligations obligations)
|
Method Summary | |
---|---|
boolean |
decide(Credentials c,
java.lang.Object t,
java.util.Map args,
java.util.Map env)
This method decides if the action can be performed or not. |
Credentials |
getCreds()
|
Obligations |
getObligations()
|
java.lang.String |
toString()
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
protected AccessRule()
public AccessRule(Subtree targetDomain, Credentials cred, Term ifStatement)
targetDomain
- is the target domain to which this rule is applicablecred
- is the minimal set of credentials that the user must possess
in
order to access the targetifStatement
- is the IF-statement that is applied in this rulepublic AccessRule(Subtree targetDomain, Credentials cred, Term ifStatement, Obligations obligations)
Method Detail |
---|
public boolean decide(Credentials c, java.lang.Object t, java.util.Map args, java.util.Map env) throws PbaException
c
- is the credential the user possessest
- is the TargetADI of the target the user wants to access; note
that it is not an
abstract target, it should be the Entry object, corresponding to
the target; if it is not an Entry object, the target domain matching
cannot
be performed, so the access is denied: false is returnedargs
- is the collection of arguments to the action, indexed by the
argument name; note that the argument type is defined inside the
IF-statementenv
- is the environmental variables: the contextual ADI
PbaException,
- if anything goes wrong within the IF-statement
PbaException
public java.lang.String toString()
toString
in class java.lang.Object
public Credentials getCreds()
public Obligations getObligations()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |