MSoDRule

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

issrg.pba.rbac.policies
Class MSoDRule

java.lang.Object
  issrg.pba.rbac.policies.MSoDRule

public class MSoDRule
extends java.lang.Object
extends java.lang.Object

This is the class representing the MSoD rule. It determines whether the request is allowed by this MSoD rule.

Version:: 0.1
Author:: W. Xu

Field Summary
`protected java.lang.String`	`contextName`
`protected java.util.Vector`	`mmepVec`
`protected java.util.Vector`	`mmerVec` This is where the MSoD Rules are stored
`protected ContextNamePrincipal`	`policyDN`

Constructor Summary
`protected`	`MSoDRule()`
	`MSoDRule(java.lang.String context, java.lang.String firstAction, java.lang.String firstTarget, java.lang.String lastAction, java.lang.String lastTarget, java.util.Vector mmerv, java.util.Vector mmepv)` Deprecated.
	`MSoDRule(java.lang.String context, UserAction firstStep, UserAction lastStep, java.util.Vector mmerv, java.util.Vector mmepv)`

Method Summary
`boolean`	`contains(ContextNamePrincipal instanceDN)` This method is for determining if a context instance is governed by this MSoD rule, ie if the context instance is contained by the policy context in this MSoD rule.
`ContextNamePrincipal`	`getPolicyContext()` This method returns the policy context of this MSoD rule.
`boolean`	`isLastStep(java.lang.String actionName, java.lang.String targetName)` This method is to determine if the input action and target is the last step in this context.
`boolean`	`separationOfDutiesApplies(RetainedADI retainedADI, Credentials creds, Subject subject, Action a, Target t, java.util.Map environment, ContextNamePrincipal instanceDN)` This method is to determine if this MSoD rule applies to this user access request.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

mmerVec

protected java.util.Vector mmerVec

This is where the MSoD Rules are stored

mmepVec

protected java.util.Vector mmepVec

contextName

protected java.lang.String contextName

policyDN

protected ContextNamePrincipal policyDN

Constructor Detail

MSoDRule

protected MSoDRule()

MSoDRule

@Deprecated
public MSoDRule(java.lang.String context,
                           java.lang.String firstAction,
                           java.lang.String firstTarget,
                           java.lang.String lastAction,
                           java.lang.String lastTarget,
                           java.util.Vector mmerv,
                           java.util.Vector mmepv)

Deprecated.

This constructor creates the MSoDRule object.

MSoDRule

public MSoDRule(java.lang.String context,
                UserAction firstStep,
                UserAction lastStep,
                java.util.Vector mmerv,
                java.util.Vector mmepv)

Method Detail

contains

public boolean contains(ContextNamePrincipal instanceDN)

This method is for determining if a context instance is governed by this MSoD rule, ie if the context instance is contained by the policy context in this MSoD rule.

Parameters:: instanceDN - is the input context instance.
Returns:: true if instanceDN is contained by the policy context of this MSoD rule; otherwise false.

getPolicyContext

public ContextNamePrincipal getPolicyContext()

This method returns the policy context of this MSoD rule.

Returns:: the ContextNamePrincipal of this MSoD rule.

isLastStep

public boolean isLastStep(java.lang.String actionName,
                          java.lang.String targetName)

This method is to determine if the input action and target is the last step in this context.

Parameters:: actionName - is the action.; targetName - is the target of the action
Returns:: true if the action and target is the last step in this context in this MSoD rule; otherwise false.

separationOfDutiesApplies

public boolean separationOfDutiesApplies(RetainedADI retainedADI,
                                         Credentials creds,
                                         Subject subject,
                                         Action a,
                                         Target t,
                                         java.util.Map environment,
                                         ContextNamePrincipal instanceDN)

This method is to determine if this MSoD rule applies to this user access request. If this MSoD rule applies, then it means the user access request has broken the MSoD rule and it should be forbidden by this MSoD rule, and this method will return true; otherwise this method will return false.

Parameters:: retainedADI - is the retained ADI, it contains the access request decisions in history; creds - is the user credential; subject - is the user subject; a - is the user action; t - is the user requested target; environment - is the environment of the decision by PERMIS; instanceDN - is the context instance name of this user requested action
Returns:: true if this MSoD rule applies to this user requested access; otherwise false.

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

issrg.pba.rbac.policies Class MSoDRule

mmerVec

mmepVec

contextName

policyDN

MSoDRule

MSoDRule

MSoDRule

contains

getPolicyContext

isLastStep

separationOfDutiesApplies

issrg.pba.rbac.policies
Class MSoDRule