issrg.pba.rbac.xmlpolicy
Class DefaultRuleComparator
java.lang.Object
issrg.pba.rbac.xmlpolicy.DefaultRuleComparator
- All Implemented Interfaces:
- RuleComparator, java.util.Comparator
public class DefaultRuleComparator
- extends java.lang.Object
- implements RuleComparator, java.util.Comparator
Method Summary |
int |
compare(java.lang.Object o1,
java.lang.Object o2)
This function compare two object o1 and o2 according to the assertion. |
boolean |
isSufficient(AssignmentRule asRAR,
AssignmentRule vaRAR,
java.lang.Object assertion,
java.lang.Object validated)
This function test whether the constrained assertion is good enough |
ParsedToken[] |
predict(java.lang.Object assertion,
java.util.Vector tokens,
Entry holder)
This function will take the vector of asserted RARs of issuer, ignore unrelevant RARs for the assertion,
and sort relevant RARs according to the assertion |
void |
setFlag(boolean manySOAs)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface java.util.Comparator |
equals |
DefaultRuleComparator
public DefaultRuleComparator()
- Creates a new instance of DefaultComparator
compare
public int compare(java.lang.Object o1,
java.lang.Object o2)
- This function compare two object o1 and o2 according to the assertion. They are two DelegateableToken objects.
Order of priority: credentials - validity period - delegation depth.
Get the delegateable credentials of the two objects and try to compare them with the credentials in the assertion by the
morePriority function. If one object has more priority than the other then return the value -1 or 1.
Compare two validity periods of the two objects. If one has more priority then return -1 or 1.
Compare two delegation depths then return -1 or 1.
- Specified by:
compare
in interface java.util.Comparator
- Parameters:
o1
- is the first object. It is a DelegateableToken objecto2
- is the second object. It is a DelegateableToken object.
- Returns:
- -1 if o1 is greater or equal o2, otherwise return 1
predict
public ParsedToken[] predict(java.lang.Object assertion,
java.util.Vector tokens,
Entry holder)
- This function will take the vector of asserted RARs of issuer, ignore unrelevant RARs for the assertion,
and sort relevant RARs according to the assertion
- Specified by:
predict
in interface RuleComparator
- Parameters:
assertion
- is either a credentials or a RoleAssignmentRule of the holder that needs to be validatedtokens
- stores all the RARs of issuerholder
- is the holder of the assertion
- Returns:
- an array of ParsedToken that is sorted according to the assertion.
setFlag
public void setFlag(boolean manySOAs)
- Specified by:
setFlag
in interface RuleComparator
isSufficient
public boolean isSufficient(AssignmentRule asRAR,
AssignmentRule vaRAR,
java.lang.Object assertion,
java.lang.Object validated)
- This function test whether the constrained assertion is good enough
- Specified by:
isSufficient
in interface RuleComparator
- Parameters:
asRAR
- is the RoleAssignmentRule of the issuervaRAR
- is the validated RoleAssignmentRule of the issuer. Both of these RoleAssignmentRules may be null.
If they are null, it means RoleAssignmentRule of the issuer is totally trusted and we do not care about it.assertion
- is either a credentials or a RoleAssignmentRule of the holder that needs to be validatedvalidated
- is a validated credentials or a Vecor of validated RoleAssignmentRules of the holder
- Returns:
- a boolean value. If it is true then the issuer's RAR is good enough for validating the request and
we do not need to use another issuer'RAR for validating the request. Otherwise, we need to use another RAR
to validate the request.