issrg.pba.rbac.xmlpolicy
Class DefaultRuleComparator

java.lang.Object
  extended by issrg.pba.rbac.xmlpolicy.DefaultRuleComparator
All Implemented Interfaces:
RuleComparator, java.util.Comparator

public class DefaultRuleComparator
extends java.lang.Object
implements RuleComparator, java.util.Comparator


Constructor Summary
DefaultRuleComparator()
          Creates a new instance of DefaultComparator
 
Method Summary
 int compare(java.lang.Object o1, java.lang.Object o2)
          This function compare two object o1 and o2 according to the assertion.
 boolean isSufficient(AssignmentRule asRAR, AssignmentRule vaRAR, java.lang.Object assertion, java.lang.Object validated)
          This function test whether the constrained assertion is good enough
 ParsedToken[] predict(java.lang.Object assertion, java.util.Vector tokens, Entry holder)
          This function will take the vector of asserted RARs of issuer, ignore unrelevant RARs for the assertion, and sort relevant RARs according to the assertion
 void setFlag(boolean manySOAs)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface java.util.Comparator
equals
 

Constructor Detail

DefaultRuleComparator

public DefaultRuleComparator()
Creates a new instance of DefaultComparator

Method Detail

compare

public int compare(java.lang.Object o1,
                   java.lang.Object o2)
This function compare two object o1 and o2 according to the assertion. They are two DelegateableToken objects. Order of priority: credentials - validity period - delegation depth. Get the delegateable credentials of the two objects and try to compare them with the credentials in the assertion by the morePriority function. If one object has more priority than the other then return the value -1 or 1. Compare two validity periods of the two objects. If one has more priority then return -1 or 1. Compare two delegation depths then return -1 or 1.

Specified by:
compare in interface java.util.Comparator
Parameters:
o1 - is the first object. It is a DelegateableToken object
o2 - is the second object. It is a DelegateableToken object.
Returns:
-1 if o1 is greater or equal o2, otherwise return 1

predict

public ParsedToken[] predict(java.lang.Object assertion,
                             java.util.Vector tokens,
                             Entry holder)
This function will take the vector of asserted RARs of issuer, ignore unrelevant RARs for the assertion, and sort relevant RARs according to the assertion

Specified by:
predict in interface RuleComparator
Parameters:
assertion - is either a credentials or a RoleAssignmentRule of the holder that needs to be validated
tokens - stores all the RARs of issuer
holder - is the holder of the assertion
Returns:
an array of ParsedToken that is sorted according to the assertion.

setFlag

public void setFlag(boolean manySOAs)
Specified by:
setFlag in interface RuleComparator

isSufficient

public boolean isSufficient(AssignmentRule asRAR,
                            AssignmentRule vaRAR,
                            java.lang.Object assertion,
                            java.lang.Object validated)
This function test whether the constrained assertion is good enough

Specified by:
isSufficient in interface RuleComparator
Parameters:
asRAR - is the RoleAssignmentRule of the issuer
vaRAR - is the validated RoleAssignmentRule of the issuer. Both of these RoleAssignmentRules may be null. If they are null, it means RoleAssignmentRule of the issuer is totally trusted and we do not care about it.
assertion - is either a credentials or a RoleAssignmentRule of the holder that needs to be validated
validated - is a validated credentials or a Vecor of validated RoleAssignmentRules of the holder
Returns:
a boolean value. If it is true then the issuer's RAR is good enough for validating the request and we do not need to use another issuer'RAR for validating the request. Otherwise, we need to use another RAR to validate the request.