issrg.pba.rbac.policies
Class MSoDRule

java.lang.Object
  extended by issrg.pba.rbac.policies.MSoDRule

public class MSoDRule
extends java.lang.Object

This is the class representing the MSoD rule. It determines whether the request is allowed by this MSoD rule.

Version:
0.1
Author:
W. Xu

Field Summary
protected  java.lang.String contextName
           
protected  java.util.Vector mmepVec
           
protected  java.util.Vector mmerVec
          This is where the MSoD Rules are stored
protected  ContextNamePrincipal policyDN
           
 
Constructor Summary
protected MSoDRule()
           
  MSoDRule(java.lang.String context, java.lang.String firstAction, java.lang.String firstTarget, java.lang.String lastAction, java.lang.String lastTarget, java.util.Vector mmerv, java.util.Vector mmepv)
          Deprecated. 
  MSoDRule(java.lang.String context, UserAction firstStep, UserAction lastStep, java.util.Vector mmerv, java.util.Vector mmepv)
           
 
Method Summary
 boolean contains(ContextNamePrincipal instanceDN)
          This method is for determining if a context instance is governed by this MSoD rule, ie if the context instance is contained by the policy context in this MSoD rule.
 ContextNamePrincipal getPolicyContext()
          This method returns the policy context of this MSoD rule.
 boolean isLastStep(java.lang.String actionName, java.lang.String targetName)
          This method is to determine if the input action and target is the last step in this context.
 boolean separationOfDutiesApplies(RetainedADI retainedADI, Credentials creds, Subject subject, Action a, Target t, java.util.Map environment, ContextNamePrincipal instanceDN)
          This method is to determine if this MSoD rule applies to this user access request.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

mmerVec

protected java.util.Vector mmerVec
This is where the MSoD Rules are stored


mmepVec

protected java.util.Vector mmepVec

contextName

protected java.lang.String contextName

policyDN

protected ContextNamePrincipal policyDN
Constructor Detail

MSoDRule

protected MSoDRule()

MSoDRule

@Deprecated
public MSoDRule(java.lang.String context,
                           java.lang.String firstAction,
                           java.lang.String firstTarget,
                           java.lang.String lastAction,
                           java.lang.String lastTarget,
                           java.util.Vector mmerv,
                           java.util.Vector mmepv)
Deprecated. 

This constructor creates the MSoDRule object.


MSoDRule

public MSoDRule(java.lang.String context,
                UserAction firstStep,
                UserAction lastStep,
                java.util.Vector mmerv,
                java.util.Vector mmepv)
Method Detail

contains

public boolean contains(ContextNamePrincipal instanceDN)
This method is for determining if a context instance is governed by this MSoD rule, ie if the context instance is contained by the policy context in this MSoD rule.

Parameters:
instanceDN - is the input context instance.
Returns:
true if instanceDN is contained by the policy context of this MSoD rule; otherwise false.

getPolicyContext

public ContextNamePrincipal getPolicyContext()
This method returns the policy context of this MSoD rule.

Returns:
the ContextNamePrincipal of this MSoD rule.

isLastStep

public boolean isLastStep(java.lang.String actionName,
                          java.lang.String targetName)
This method is to determine if the input action and target is the last step in this context.

Parameters:
actionName - is the action.
targetName - is the target of the action
Returns:
true if the action and target is the last step in this context in this MSoD rule; otherwise false.

separationOfDutiesApplies

public boolean separationOfDutiesApplies(RetainedADI retainedADI,
                                         Credentials creds,
                                         Subject subject,
                                         Action a,
                                         Target t,
                                         java.util.Map environment,
                                         ContextNamePrincipal instanceDN)
This method is to determine if this MSoD rule applies to this user access request. If this MSoD rule applies, then it means the user access request has broken the MSoD rule and it should be forbidden by this MSoD rule, and this method will return true; otherwise this method will return false.

Parameters:
retainedADI - is the retained ADI, it contains the access request decisions in history
creds - is the user credential
subject - is the user subject
a - is the user action
t - is the user requested target
environment - is the environment of the decision by PERMIS
instanceDN - is the context instance name of this user requested action
Returns:
true if this MSoD rule applies to this user requested access; otherwise false.