issrg.pba.rbac.policies
Class MSoDPolicySet

java.lang.Object
  extended by issrg.pba.rbac.policies.MSoDPolicySet

public class MSoDPolicySet
extends java.lang.Object

This is the class representing the MSoD Policy. It contains a vector of MSoD rules. It determines whether a access request is allowed by the MSoD rules.

Version:
0.1
Author:
W. Xu

Field Summary
protected  java.util.List<MSoDRule> msodRules
           
protected  RetainedADI retainedADI
           
 
Constructor Summary
protected MSoDPolicySet()
           
  MSoDPolicySet(java.util.List<MSoDRule> m, RetainedADI r, SAWSServer sawsServer, PolicyParser pp)
          This constructor creates the MSoDPolicySet object.
 
Method Summary
 boolean separationOfDutiesApplies(Credentials creds, Action a, Target t, java.util.Map environment)
          This method is to determine if this MSoD policy applies to this user access request.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

msodRules

protected java.util.List<MSoDRule> msodRules

retainedADI

protected RetainedADI retainedADI
Constructor Detail

MSoDPolicySet

protected MSoDPolicySet()

MSoDPolicySet

public MSoDPolicySet(java.util.List<MSoDRule> m,
                     RetainedADI r,
                     SAWSServer sawsServer,
                     PolicyParser pp)
This constructor creates the MSoDPolicySet object.

Method Detail

separationOfDutiesApplies

public boolean separationOfDutiesApplies(Credentials creds,
                                         Action a,
                                         Target t,
                                         java.util.Map environment)
This method is to determine if this MSoD policy applies to this user access request. If this MSoD policy applies, then it means the user access request has broken one of the MSoD rules in this MSoD policy and it should be forbidden by this MSoD policy, and this method will return true; otherwise this method will return false.

Parameters:
creds - is the user credential
a - is the user action
t - is the user requested target
environment - is the environment of the decision by PERMIS
Returns:
true if this MSoD policy applies to this user requested access; otherwise false.