issrg.pba.rbac.policies
Class AccessRule

java.lang.Object
  extended by issrg.pba.rbac.policies.AccessRule

public class AccessRule
extends java.lang.Object

This is the object representing an Access Rule. It can verify if the given set of credentials is enough to access certain target domain in accordance with the IF-statement. It is not aware of what action it is applied to, this is the responsibility of the caller to create an appropriate action definition, to name the parameters to the action and pass this environment to this object for decision making.

Note that if the rule does not allow access to the target, it does not mean that access should be denied: there could exist another rule that allows the action.

This is the kind of objects that are stored as the Target Access Policy.

Version:
1.0
Author:
A Otenko
See Also:
AccessPolicy

Constructor Summary
protected AccessRule()
           
  AccessRule(Subtree targetDomain, Credentials cred, Term ifStatement)
          This constructor builds the AccessRule object that can make a decision for one Target Domain.
  AccessRule(Subtree targetDomain, Credentials cred, Term ifStatement, Obligations obligations)
           
 
Method Summary
 boolean decide(Credentials c, java.lang.Object t, java.util.Map args, java.util.Map env)
          This method decides if the action can be performed or not.
 Credentials getCreds()
           
 Obligations getObligations()
           
 java.lang.String toString()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

AccessRule

protected AccessRule()

AccessRule

public AccessRule(Subtree targetDomain,
                  Credentials cred,
                  Term ifStatement)
This constructor builds the AccessRule object that can make a decision for one Target Domain.

Parameters:
targetDomain - is the target domain to which this rule is applicable
cred - is the minimal set of credentials that the user must possess in order to access the target
ifStatement - is the IF-statement that is applied in this rule

AccessRule

public AccessRule(Subtree targetDomain,
                  Credentials cred,
                  Term ifStatement,
                  Obligations obligations)
Method Detail

decide

public boolean decide(Credentials c,
                      java.lang.Object t,
                      java.util.Map args,
                      java.util.Map env)
               throws PbaException
This method decides if the action can be performed or not. It compares if the given set of credentials contains the initial set, if the target to access is contained within the specified domain. If the target is in the specified domain it then executes the IF-statement passing the action arguments and the environment to it.

Parameters:
c - is the credential the user possesses
t - is the TargetADI of the target the user wants to access; note that it is not an abstract target, it should be the Entry object, corresponding to the target; if it is not an Entry object, the target domain matching cannot be performed, so the access is denied: false is returned
args - is the collection of arguments to the action, indexed by the argument name; note that the argument type is defined inside the IF-statement
env - is the environmental variables: the contextual ADI
Returns:
true, if access can be granted, false, if not (but this does not mean the policy denied access - there may be another rule that grants access; deny access only if there was no rule that grants access)
Throws:
PbaException, - if anything goes wrong within the IF-statement
PbaException

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

getCreds

public Credentials getCreds()

getObligations

public Obligations getObligations()