issrg.test.pmi
Class XMLAuthTokenParser

java.lang.Object
  issrg.test.pmi.XMLAuthTokenParser

All Implemented Interfaces:

AuthzTokenParser, RoleBasedAuthzTokenParser

public class XMLAuthTokenParser
extends java.lang.Object
implements RoleBasedAuthzTokenParser

Field Summary

protected static Credentials

NullCreds

Constructor Summary

XMLAuthTokenParser()

Method Summary

ParsedToken	decode(java.lang.Object at) Decoding happens like this: at must be a ParsedToken or a org.w3c.dom.Element extract "dn" attribute from "holder" element extract "dn" attribute from "issuer" element build subjectDomain that includes the whole world, but excludes the holder of the ParsedToken; this is for use in DelegatableParsedToken extract "notBefore" and "notAfter" attributes from "validity" element look up a role for each "attribute" element, using the values of its "type" and "value" attributes; an ExpirableCredentials is built using that role and the validity period go through the "extension" elements if an "extension" element has "type" attribute set to "NoAssertion" the assertableCreds will be set to NullCreds if an "extension" element has "type" attribute set to "BasicAttConstaint", the value of its "depth" attribute is used to set the delegation depth if an "extension" element has "type" attribute that does not match either of the above and contains an attribute "critical" with value "true", delegatableCredentials and assertableCredentials are null construct a DelegatableParsedToken with delegatableCredentials, if they are specified; otherwise, construct ParsedToken with assertableCredentials only
java.util.Map	getAuthzTokenParsingRules() This method returns the Auth Token parsing rules currently used by the parser.
SignatureVerifier	getSignatureVerifier() This method gets the Signature Verifier used by the Token Parser.
void	setAuthzTokenParsingRules(java.util.Map rules) This method sets the Auth Token parsing rules.
void	setRoleHierarchy(RoleHierarchyPolicy rhp) Sets the Role Hierarchy Policy.
void	setSignatureVerifier(SignatureVerifier signatureVerifier) This method sets the Signature Verifier to be used by the Token Parser.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NullCreds

protected static final Credentials NullCreds

Constructor Detail

XMLAuthTokenParser

public XMLAuthTokenParser()

Method Detail

setRoleHierarchy

public void setRoleHierarchy(RoleHierarchyPolicy rhp)

Description copied from interface: RoleBasedAuthzTokenParser

Sets the Role Hierarchy Policy. The policy defines the types of the roles, the values of the roles of each type, and the hierarchical relationship between them.

Specified by:

setRoleHierarchy in interface RoleBasedAuthzTokenParser

Parameters:

rhp - is a reference to the Role Hierarchy

decode

public ParsedToken decode(java.lang.Object at)
                   throws PbaException

Decoding happens like this:

• at must be a ParsedToken or a org.w3c.dom.Element
• extract "dn" attribute from "holder" element
• extract "dn" attribute from "issuer" element
• build subjectDomain that includes the whole world, but excludes the holder of the ParsedToken; this is for use in DelegatableParsedToken
• extract "notBefore" and "notAfter" attributes from "validity" element
• look up a role for each "attribute" element, using the values of its "type" and "value" attributes; an ExpirableCredentials is built using that role and the validity period
• go through the "extension" elements
  • if an "extension" element has "type" attribute set to "NoAssertion" the assertableCreds will be set to NullCreds
  • if an "extension" element has "type" attribute set to "BasicAttConstaint", the value of its "depth" attribute is used to set the delegation depth
  • if an "extension" element has "type" attribute that does not match either of the above and contains an attribute "critical" with value "true", delegatableCredentials and assertableCredentials are null
• construct a DelegatableParsedToken with delegatableCredentials, if they are specified; otherwise, construct ParsedToken with assertableCredentials only

Specified by:

decode in interface AuthzTokenParser

Parameters:

at - - implementation-specific object returned by the Repository; it is the authorisation token to be decoded

Returns:

ParsedToken - implementation-independent representation of the Authorization token

Throws:

PbaException - if any error occurs; for example, the given object is not a proper Authorisation Token that the implementation can handle

getAuthzTokenParsingRules

public java.util.Map getAuthzTokenParsingRules()

Description copied from interface: AuthzTokenParser

This method returns the Auth Token parsing rules currently used by the parser.

Specified by:

getAuthzTokenParsingRules in interface AuthzTokenParser

setAuthzTokenParsingRules

public void setAuthzTokenParsingRules(java.util.Map rules)

Description copied from interface: AuthzTokenParser

This method sets the Auth Token parsing rules.

Specified by:

setAuthzTokenParsingRules in interface AuthzTokenParser

setSignatureVerifier

public void setSignatureVerifier(SignatureVerifier signatureVerifier)

Description copied from interface: AuthzTokenParser

This method sets the Signature Verifier to be used by the Token Parser. Token Parsers for tokens that do not have signatures may ignore this method call.

Specified by:

setSignatureVerifier in interface AuthzTokenParser

getSignatureVerifier

public SignatureVerifier getSignatureVerifier()

Description copied from interface: AuthzTokenParser

This method gets the Signature Verifier used by the Token Parser. Token Parsers for tokens that do not have signatures may return null. If the Signature Verifier has not been set yet, the method may return null.

Specified by:

getSignatureVerifier in interface AuthzTokenParser