|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object issrg.shibboleth.ShibbolethAuthzTokenParser
public class ShibbolethAuthzTokenParser
This class is a AuthTokenParser that can be used in connection with Shibboleth. mod_permis Apache module collects the attributes that are made available by Shibboleth, then it can use PERMIS to make access control decisions. For this purpose it should call getCreds method on PERMIS RBAC. Since by default PermisRBAC uses RoleBasedACParser (which expects X.509 Attribute Certificates) a different AuthTokenParser should be provided for PermisRBAC at construction time (see CustomisePERMIS).
By extending from RoleBasedAuthTokenParser it inherits some existing functionality.
issrg.pba.rbac.CustomisePERMIS, issrg.pba.rbac.RoleBasedAuthTokenParser
Field Summary | |
---|---|
protected Entry |
h
|
protected RoleHierarchyPolicy |
roleHierarchy
|
Constructor Summary | |
---|---|
ShibbolethAuthzTokenParser()
|
Method Summary | |
---|---|
ParsedToken |
decode(java.lang.Object creds)
This method decodes the given Shibboleth credentials. |
ParsedToken |
decode(java.lang.Object creds,
Entry h)
This method parses the Credentials that is a String encoding of a role and assumes the holder of the Credentials is provided. |
java.util.Map |
getAuthzTokenParsingRules()
This method returns the Auth Token parsing rules currently used by the parser. |
SignatureVerifier |
getSignatureVerifier()
This method always returns null, as no signature verification happens. |
void |
setAuthzTokenParsingRules(java.util.Map m)
This method sets the Auth Token parsing rules. |
void |
setRoleHierarchy(RoleHierarchyPolicy rhp)
Sets the Role Hierarchy Policy. |
void |
setSignatureVerifier(SignatureVerifier sv)
This method does nothing, as Shibboleth Credentials are not signed. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected RoleHierarchyPolicy roleHierarchy
protected Entry h
Constructor Detail |
---|
public ShibbolethAuthzTokenParser()
Method Detail |
---|
public java.util.Map getAuthzTokenParsingRules()
AuthzTokenParser
getAuthzTokenParsingRules
in interface AuthzTokenParser
public void setAuthzTokenParsingRules(java.util.Map m)
AuthzTokenParser
setAuthzTokenParsingRules
in interface AuthzTokenParser
public void setRoleHierarchy(RoleHierarchyPolicy rhp)
RoleBasedAuthzTokenParser
setRoleHierarchy
in interface RoleBasedAuthzTokenParser
rhp
- is a reference to the Role Hierarchypublic ParsedToken decode(java.lang.Object creds) throws PbaException
Note that the type of the role and its value are taken from HTTP Header. by mod_permis. This method assumes the holder of the Credentials is "whole world", which corresponds to a null LDAP Distinguished Name.
decode
in interface AuthzTokenParser
creds
- - the Object representing a credentials; must be a String of
a format, supported by ShibbolethPrincipal
PbaException
- if any error occurs; for example, the given object is
not a proper Authorisation Token that the implementation can handleShibbolethPrincipal
public ParsedToken decode(java.lang.Object creds, Entry h) throws PbaException
creds
- - the Credentials to be decodedh
- - the holder of the Credentials
PbaException
ShibbolethPrincipal
public void setSignatureVerifier(SignatureVerifier sv)
setSignatureVerifier
in interface AuthzTokenParser
public SignatureVerifier getSignatureVerifier()
getSignatureVerifier
in interface AuthzTokenParser
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |