|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object issrg.pba.rbac.policies.AssignmentRule
public class AssignmentRule
This class represents an assignment (and delegation) rule. It knows the Subject Domain to which it is applied, the delegation depth and the credentials (as obtained from the Policy) that can be assigned according to this rule.
Field Summary | |
---|---|
protected java.util.logging.Logger |
log
|
Constructor Summary | |
---|---|
protected |
AssignmentRule()
|
|
AssignmentRule(Subtree subjectDomain,
int delegationPathLength,
Credentials SOACreds)
This is the constructor the PolicyParser should use. |
Method Summary | |
---|---|
java.util.Vector |
allocate(Entry holder,
AssignmentRule ar)
This method determines the set of RARs that can be delegated to the given user, delegation depth distant from this SOA/AA out of the set of assumed RARs. |
Credentials |
allocate(Entry him,
Credentials assumedCreds)
This method determines the credential set that can be delegated to the given user, delegation depth distant from this SOA/AA out of the set of assumed credentials. |
SubjectCredsRules |
assign(ParsedToken token)
This method validates what Credentials and Assignment rules can be assigned. |
Credentials |
getCredentials()
|
int |
getDelegationDepth()
|
Subtree |
getSubjectDomain()
|
java.lang.String |
toString()
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
protected java.util.logging.Logger log
Constructor Detail |
---|
protected AssignmentRule()
public AssignmentRule(Subtree subjectDomain, int delegationPathLength, Credentials SOACreds)
subjectDomain
- is the domain of subjects that the given set of
credentials can be assigned todelegationPathLength
- is an integer number specifying how deep the
delegation can be; set to a negative number for unlimited delegationSOACreds
- is the credentials that can be assigned to a subject from
the given domain (subjectDomain)Method Detail |
---|
public Subtree getSubjectDomain()
public int getDelegationDepth()
public Credentials getCredentials()
public Credentials allocate(Entry him, Credentials assumedCreds)
If assignment is not allowed then it returns null, as if the intersection of credentials is null.
him
- is the user's Entry that must match one of the allowed Subject
DomainsassumedCreds
- is the set of assumed credentials - the set, extracted
from an Authorisation Token
public SubjectCredsRules assign(ParsedToken token)
token
- - the token with the credentials to be assigned to the holder
public java.util.Vector allocate(Entry holder, AssignmentRule ar)
If assignment is not allowed then it returns an empty set of RARs.
holder
- is the user's Entry that must match one of the allowed
Subject
Domainsar
- is the assumed RAR - as built from an Authorisation Token
public java.lang.String toString()
toString
in class java.lang.Object
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |