issrg.pba.rbac.policies
Class AccessRule

java.lang.Object
  issrg.pba.rbac.policies.AccessRule

public class AccessRule
extends java.lang.Object

This is the object representing an Access Rule. It can verify if the given set of credentials is enough to access certain target domain in accordance with the IF-statement. It is not aware of what action it is applied to, this is the responsibility of the caller to create an appropriate action definition, to name the parameters to the action and pass this environment to this object for decision making.

Note that if the rule does not allow access to the target, it does not mean that access should be denied: there could exist another rule that allows the action.

This is the kind of objects that are stored as the Target Access Policy.

Version:

1.0

Author:

A Otenko

See Also:

AccessPolicy

Constructor Summary

protected	AccessRule()
	AccessRule(Subtree targetDomain, Credentials cred, Term ifStatement) This constructor builds the AccessRule object that can make a decision for one Target Domain.
	AccessRule(Subtree targetDomain, Credentials cred, Term ifStatement, Obligations obligations)

Method Summary

boolean	decide(Credentials c, java.lang.Object t, java.util.Map args, java.util.Map env) This method decides if the action can be performed or not.
Credentials	getCreds()
Obligations	getObligations()
java.lang.String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

AccessRule

protected AccessRule()

AccessRule

public AccessRule(Subtree targetDomain,
                  Credentials cred,
                  Term ifStatement)

This constructor builds the AccessRule object that can make a decision for one Target Domain.

Parameters:

targetDomain - is the target domain to which this rule is applicable

cred - is the minimal set of credentials that the user must possess in order to access the target

ifStatement - is the IF-statement that is applied in this rule

AccessRule

public AccessRule(Subtree targetDomain,
                  Credentials cred,
                  Term ifStatement,
                  Obligations obligations)

Method Detail

decide

public boolean decide(Credentials c,
                      java.lang.Object t,
                      java.util.Map args,
                      java.util.Map env)
               throws PbaException

This method decides if the action can be performed or not. It compares if the given set of credentials contains the initial set, if the target to access is contained within the specified domain. If the target is in the specified domain it then executes the IF-statement passing the action arguments and the environment to it.

Parameters:

c - is the credential the user possesses

t - is the TargetADI of the target the user wants to access; note that it is not an abstract target, it should be the Entry object, corresponding to the target; if it is not an Entry object, the target domain matching cannot be performed, so the access is denied: false is returned

args - is the collection of arguments to the action, indexed by the argument name; note that the argument type is defined inside the IF-statement

env - is the environmental variables: the contextual ADI

Returns:

true, if access can be granted, false, if not (but this does not mean the policy denied access - there may be another rule that grants access; deny access only if there was no rule that grants access)

Throws:

PbaException, - if anything goes wrong within the IF-statement

PbaException

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

getCreds

public Credentials getCreds()

getObligations

public Obligations getObligations()