issrg.utils.handler
Class Handler

java.lang.Object
  extended by issrg.utils.handler.Handler
All Implemented Interfaces:
Protocol

public class Handler
extends java.lang.Object
implements Protocol

Author:
Linying Su

Field Summary
static int AC
           
static int AC_POLICY
           
static java.lang.String ACTION_ID
           
static java.lang.String INPUT_CONTEXT_ONLY
           
static java.lang.String PERMIS_NAME_SPACE
           
static int PKC
           
static int POLICY_BINARY
           
static int POLICY_PATH
           
static java.lang.String PULL_MODE
           
static java.lang.String PULLPUSH_MODE
           
static java.lang.String PUSH_MODE
           
static java.lang.String RESOURCE_ID
           
static java.lang.String RETURN_CONTEXT
           
static int SAML
           
static java.lang.String SAML_ASSERTION_10
           
static java.lang.String SAML_ASSERTION_20
           
static java.lang.String SAML_PROTOCOL_10
           
static java.lang.String SAML_PROTOCOL_20
           
static java.lang.String SAML_SUBJECT_ID_10
           
static java.lang.String SAML_SUBJECT_ID_20
           
static java.lang.String SAML_VERSION_10
           
static java.lang.String SAML_VERSION_20
           
static java.lang.String SUBJECT_ID
           
static int UNKNOWN
           
static int WS_TRUST
           
static java.lang.String WS_TRUST_CLAIMS
           
static java.lang.String WS_TRUST_NAME_SAPCE_VALIDATE
           
static java.lang.String WS_TRUST_NAME_SPACE
           
static java.lang.String WS_TRUST_REQUEST_TOKEN
           
static java.lang.String WS_TRUST_REQUEST_TOKEN_RESPONSE
           
static java.lang.String WS_TRUST_REQUEST_TYPE
           
static java.lang.String WS_TRUST_REQUESTED_TOKEN
           
static java.lang.String WS_TRUST_STATUS_INVALID
           
static java.lang.String WS_TRUST_STATUS_VALID
           
static java.lang.String WS_TRUST_TOKEN_TYPE
           
static java.lang.String WSSE_NAME_SPACE
           
static java.lang.String WSU_NAME_SPACE
           
static java.lang.String X509_ATTRIBUTE_CERTIFICATE
           
static java.lang.String X509_SUBJECT_NAME_FORMAT
           
static int XACML
           
static java.lang.String XACML_AUTHZ_DECISION_QUERY
           
static java.lang.String XACML_CONTEXT_NAME_SPACE
           
static java.lang.String XACML_CONTEXT_REQUEST
           
static java.lang.String XACML_DATA_TYPE
           
static java.lang.String XACML_DECISION_DENY
           
static java.lang.String XACML_DECISION_INDETERMINATE
           
static java.lang.String XACML_DECISION_NOT_APPLICABLE
           
static java.lang.String XACML_DECISION_PERMIT
           
static java.lang.String XACML_NAME_FORMAT
           
static java.lang.String XACML_PROFILE
           
static int XACML_SAML
           
static java.lang.String XACML_SAML_ASSERTION_20
           
static java.lang.String XACML_SAML_PROTOCOL_20
           
static java.lang.String XACML_SAMLP
           
static java.lang.String XACML_STATUS_MISSING_ATTRIBUTE
           
static java.lang.String XACML_STATUS_OK
           
static java.lang.String XACML_STATUS_PROCESSING_ERROR
           
static java.lang.String XACML_STATUS_SYNTAX_ERROR
           
static int XML_POLICY
           
static java.lang.String XSI_NAME_SPACE
           
 
Constructor Summary
Handler()
          Creates a new instance of PermisWebService
 
Method Summary
 org.w3c.dom.Element createRequestContext(java.lang.String DNIn)
          This method returns a simple WS-Trust request security token, which takes the given DNIn as the X509SubjectName value.
 org.w3c.dom.Element createRequestContext(java.lang.String DNIn, java.lang.String[] x509ACs, java.lang.String[] x509ProxyCerts, org.w3c.dom.Element[] assertions, java.lang.String mode)
          This method returns a WS-Trust request security token, which takes DNIn as an X509SubjectName value.
 org.w3c.dom.Element createRequestContext(java.lang.String actionIn, java.lang.String resourceIn, org.w3c.dom.Element subject)
          this method returns an XACML request context, in which the given action and resource are used as the action-id and resource-id value, and the given subject is the Subject section in the context.
 org.w3c.dom.Element createSamlReuest(java.lang.String userDN, java.lang.String actionName, java.lang.String targetDN)
          this method create a SAML request to include an authorisation decision query.
 org.w3c.dom.Element createSimpleContext(java.lang.String attrValue, java.lang.String type)
          This method returns an XACML request context for a resource or action in the form of XML Element
 Subject createSubject(org.w3c.dom.Element saml, java.lang.Object[] creds)
          to create a subject in the push mode This method creates a Permis subject object.
 Subject createSubject(org.w3c.dom.Element reqCtx, java.lang.String issuer, java.lang.Object[] creds, java.lang.String[] parsers)
          This method creates a Permis subject object.
 Action getAction(org.w3c.dom.Element reqCtx)
          This method gets a Permis Action object from an XACML request context.
 org.w3c.dom.Element getAttributes()
          This method is used to get all of the environmental attributes in the current policy
 org.w3c.dom.Element getAuthzDecision(org.w3c.dom.Element reqCtx)
          This method provides an XACML interface to call PERMIS PDP for authz decisions
 byte[][] getBase64(java.util.ArrayList list)
          this method returns a set of base64 strings, which represent ACs or PKCs
 org.w3c.dom.Element getCreds(org.w3c.dom.Element contextIn)
          This method returns an XML, which represents a WS-Trust security token response
 org.w3c.dom.Element getCreds(Subject subject)
          This method returns an XML, which represents an XACML request context
static java.lang.String getDecision(org.w3c.dom.Element responseCtx)
          this method returns the decision result as a string.
 java.util.Hashtable getEnvironment(org.w3c.dom.Element reqCtx)
          This method gets a Permis environment object from an XACML request context.
 java.lang.String getId(org.w3c.dom.Element reqCtx, java.lang.String type)
          This method get subject/resource Id from a request context.
 PermisRBAC getPDP()
          This method returns the constructed PermisRBAC
 org.w3c.dom.Element getResourceCreds(org.w3c.dom.Element wst_request)
          This method returns a resource XACML request context by given a WS-Trust request
 org.w3c.dom.Element getSamlAssertion(Tvalue[] pairs, java.lang.String subjectDN, java.lang.String issuer)
          this method is used to create a SAML assertion, which includes the attributes given by an array of type-value text pairs.
 org.w3c.dom.Element getSamlAuthzDecision(org.w3c.dom.Element samlRequest)
          This method provides a SAML interface to call PERMIS PDP for making authz decisions
 org.w3c.dom.Element getSamlAuthzDecision(org.w3c.dom.Element samlRequest, java.lang.String url, boolean grid)
          This method provides a SAML interface to call PERMIS authz server for making authz decisions
 PermisSubject getSubject(org.w3c.dom.Element reqCtx, java.lang.String policyId)
          This method creates a Permis subject object.
 org.w3c.dom.Element getSubjectCreds(org.w3c.dom.Element wst_request)
          This method returns a subject XACML request context by given a WS-Trust request
 java.lang.String getSubjectDN(java.lang.Object token)
          this method returns the subject DN from a WS-Trust request token
 org.w3c.dom.Element getSubjectXACML(Subject subject)
          this method returns an XACML request context, which contains only subject attributes.
 PermisTarget getTarget(org.w3c.dom.Element reqCtx)
          This method gets a Permis target object from an XACML request context.
 java.util.Date getTime()
          The time is stopped forever, so the latch returns the same as getTime()
 int getType(org.w3c.dom.Element message)
          this method is used to return the message type of a given message.
 org.w3c.dom.Element getXacmlSamlAuthzDecision(org.w3c.dom.Element request)
          this method uses to make an authorisation decision.
 void initialise(int type, int format, java.lang.String policy, java.lang.String soa, java.lang.String oid, java.lang.String acattribute, java.lang.String pkcattribute, java.lang.String rootca, java.lang.String url)
           
 void initialise(java.lang.String inputFilename)
          This method is to construct PermisRBAC with the configuration file
 java.util.Date latch()
          The time is stopped forever, so the latch returns the same as getTime()
 org.w3c.dom.Element message(org.w3c.dom.Element message)
          this method is used to process a message and return a resonse.
 void setAttributeType(java.lang.String acType, java.lang.String pkcType)
          this method is used to set LDAP attribute names for holding ACs and PKCs
 void setLogLevel(java.lang.String configFile)
          This method is used to set log information by a configuration file
 void setPDP(PermisRBAC rbac)
          this is to set the PDP of this Handler object to the specific one.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

POLICY_PATH

public static final int POLICY_PATH
See Also:
Constant Field Values

POLICY_BINARY

public static final int POLICY_BINARY
See Also:
Constant Field Values

XML_POLICY

public static final int XML_POLICY
See Also:
Constant Field Values

AC_POLICY

public static final int AC_POLICY
See Also:
Constant Field Values

PKC

public static final int PKC
See Also:
Constant Field Values

AC

public static final int AC
See Also:
Constant Field Values

UNKNOWN

public static final int UNKNOWN
See Also:
Constant Field Values

WS_TRUST

public static final int WS_TRUST
See Also:
Constant Field Values

XACML

public static final int XACML
See Also:
Constant Field Values

SAML

public static final int SAML
See Also:
Constant Field Values

XACML_SAML

public static final int XACML_SAML
See Also:
Constant Field Values

SAML_VERSION_10

public static final java.lang.String SAML_VERSION_10
See Also:
Constant Field Values

SAML_VERSION_20

public static final java.lang.String SAML_VERSION_20
See Also:
Constant Field Values

SAML_ASSERTION_10

public static final java.lang.String SAML_ASSERTION_10
See Also:
Constant Field Values

SAML_ASSERTION_20

public static final java.lang.String SAML_ASSERTION_20
See Also:
Constant Field Values

XACML_SAML_PROTOCOL_20

public static final java.lang.String XACML_SAML_PROTOCOL_20
See Also:
Constant Field Values

XACML_SAML_ASSERTION_20

public static final java.lang.String XACML_SAML_ASSERTION_20
See Also:
Constant Field Values

XACML_AUTHZ_DECISION_QUERY

public static final java.lang.String XACML_AUTHZ_DECISION_QUERY
See Also:
Constant Field Values

XACML_SAMLP

public static final java.lang.String XACML_SAMLP
See Also:
Constant Field Values

INPUT_CONTEXT_ONLY

public static final java.lang.String INPUT_CONTEXT_ONLY
See Also:
Constant Field Values

RETURN_CONTEXT

public static final java.lang.String RETURN_CONTEXT
See Also:
Constant Field Values

XACML_CONTEXT_REQUEST

public static final java.lang.String XACML_CONTEXT_REQUEST
See Also:
Constant Field Values

SAML_PROTOCOL_10

public static final java.lang.String SAML_PROTOCOL_10
See Also:
Constant Field Values

SAML_PROTOCOL_20

public static final java.lang.String SAML_PROTOCOL_20
See Also:
Constant Field Values

SAML_SUBJECT_ID_10

public static final java.lang.String SAML_SUBJECT_ID_10
See Also:
Constant Field Values

SAML_SUBJECT_ID_20

public static final java.lang.String SAML_SUBJECT_ID_20
See Also:
Constant Field Values

X509_SUBJECT_NAME_FORMAT

public static final java.lang.String X509_SUBJECT_NAME_FORMAT
See Also:
Constant Field Values

PULL_MODE

public static final java.lang.String PULL_MODE
See Also:
Constant Field Values

PUSH_MODE

public static final java.lang.String PUSH_MODE
See Also:
Constant Field Values

PULLPUSH_MODE

public static final java.lang.String PULLPUSH_MODE
See Also:
Constant Field Values

X509_ATTRIBUTE_CERTIFICATE

public static final java.lang.String X509_ATTRIBUTE_CERTIFICATE
See Also:
Constant Field Values

WS_TRUST_REQUEST_TOKEN

public static final java.lang.String WS_TRUST_REQUEST_TOKEN
See Also:
Constant Field Values

WS_TRUST_REQUESTED_TOKEN

public static final java.lang.String WS_TRUST_REQUESTED_TOKEN
See Also:
Constant Field Values

WS_TRUST_NAME_SPACE

public static final java.lang.String WS_TRUST_NAME_SPACE
See Also:
Constant Field Values

WS_TRUST_TOKEN_TYPE

public static final java.lang.String WS_TRUST_TOKEN_TYPE
See Also:
Constant Field Values

WS_TRUST_REQUEST_TOKEN_RESPONSE

public static final java.lang.String WS_TRUST_REQUEST_TOKEN_RESPONSE
See Also:
Constant Field Values

WS_TRUST_REQUEST_TYPE

public static final java.lang.String WS_TRUST_REQUEST_TYPE
See Also:
Constant Field Values

WS_TRUST_NAME_SAPCE_VALIDATE

public static final java.lang.String WS_TRUST_NAME_SAPCE_VALIDATE
See Also:
Constant Field Values

WS_TRUST_CLAIMS

public static final java.lang.String WS_TRUST_CLAIMS
See Also:
Constant Field Values

WS_TRUST_STATUS_VALID

public static final java.lang.String WS_TRUST_STATUS_VALID
See Also:
Constant Field Values

WS_TRUST_STATUS_INVALID

public static final java.lang.String WS_TRUST_STATUS_INVALID
See Also:
Constant Field Values

XACML_PROFILE

public static final java.lang.String XACML_PROFILE
See Also:
Constant Field Values

XACML_STATUS_OK

public static final java.lang.String XACML_STATUS_OK
See Also:
Constant Field Values

XACML_STATUS_PROCESSING_ERROR

public static final java.lang.String XACML_STATUS_PROCESSING_ERROR
See Also:
Constant Field Values

XACML_STATUS_MISSING_ATTRIBUTE

public static final java.lang.String XACML_STATUS_MISSING_ATTRIBUTE
See Also:
Constant Field Values

XACML_STATUS_SYNTAX_ERROR

public static final java.lang.String XACML_STATUS_SYNTAX_ERROR
See Also:
Constant Field Values

XACML_DECISION_INDETERMINATE

public static final java.lang.String XACML_DECISION_INDETERMINATE
See Also:
Constant Field Values

XACML_DECISION_DENY

public static final java.lang.String XACML_DECISION_DENY
See Also:
Constant Field Values

XACML_DECISION_PERMIT

public static final java.lang.String XACML_DECISION_PERMIT
See Also:
Constant Field Values

XACML_DECISION_NOT_APPLICABLE

public static final java.lang.String XACML_DECISION_NOT_APPLICABLE
See Also:
Constant Field Values

XACML_CONTEXT_NAME_SPACE

public static final java.lang.String XACML_CONTEXT_NAME_SPACE
See Also:
Constant Field Values

XACML_DATA_TYPE

public static final java.lang.String XACML_DATA_TYPE
See Also:
Constant Field Values

XACML_NAME_FORMAT

public static final java.lang.String XACML_NAME_FORMAT
See Also:
Constant Field Values

RESOURCE_ID

public static final java.lang.String RESOURCE_ID
See Also:
Constant Field Values

SUBJECT_ID

public static final java.lang.String SUBJECT_ID
See Also:
Constant Field Values

ACTION_ID

public static final java.lang.String ACTION_ID
See Also:
Constant Field Values

XSI_NAME_SPACE

public static final java.lang.String XSI_NAME_SPACE
See Also:
Constant Field Values

PERMIS_NAME_SPACE

public static final java.lang.String PERMIS_NAME_SPACE
See Also:
Constant Field Values

WSSE_NAME_SPACE

public static final java.lang.String WSSE_NAME_SPACE
See Also:
Constant Field Values

WSU_NAME_SPACE

public static final java.lang.String WSU_NAME_SPACE
See Also:
Constant Field Values
Constructor Detail

Handler

public Handler()
        throws HandlerServiceException
Creates a new instance of PermisWebService

Throws:
HandlerServiceException
Method Detail

setLogLevel

public void setLogLevel(java.lang.String configFile)
                 throws HandlerServiceException
This method is used to set log information by a configuration file

Parameters:
configFile, - which is the configuratin file name This file contains e.g. log-level = debug layout = %-5p - %m%n [optional] log-file = /home/log/permis.log [optional]
Throws:
HandlerServiceException

initialise

public void initialise(java.lang.String inputFilename)
                throws HandlerServiceException
This method is to construct PermisRBAC with the configuration file

Parameters:
inputFilename, - which is the configuration file name. An example configuration file: ini: soa=cn=SOA,ou=admin,o=permis,c=GB ...: oid=1.2.826.0.1.3344810.6.0.0.1 ...: rootca=/home/ac/cacert.cer ...: pkcattribute=userCertificate;binary ...: acattribute=attributeCertificateAttribute ...: url=ldap://localhost/ ...: init
Throws:
HandlerServiceException

initialise

public void initialise(int type,
                       int format,
                       java.lang.String policy,
                       java.lang.String soa,
                       java.lang.String oid,
                       java.lang.String acattribute,
                       java.lang.String pkcattribute,
                       java.lang.String rootca,
                       java.lang.String url)
                throws HandlerServiceException
Parameters:
type - indicates whether the policy parameter (i.e. the third parameter) contains a policy (i.e. POLICY_BINARY)or is a policy file (POLICY_PATH).
format - indicates what format the policy is in; AC_POLICY or XML_POLICY.
policy - is an either policy string or policy file path. base64 encoded if it is an AC_POLICY.
soa - is the Source Of Authority identified by a LDAP DN, who holds and issues the policy.
oid - is the policy name.
acattribute - is the field name, where the attribute certificate is stored.
pkcattribute - is the field name, where the pkc attribute certificate is stored.
rootca - is the root CA PKC file path. if this parameter is set then signature verificateion is on.
url - is the URL of a repository, where ACs and PKCs are stored.
Throws:
HandlerServiceException

getPDP

public PermisRBAC getPDP()
This method returns the constructed PermisRBAC

Returns:
issrg.pba.rbac.PermisRBAC

createRequestContext

public org.w3c.dom.Element createRequestContext(java.lang.String DNIn,
                                                java.lang.String[] x509ACs,
                                                java.lang.String[] x509ProxyCerts,
                                                org.w3c.dom.Element[] assertions,
                                                java.lang.String mode)
                                         throws HandlerServiceException
This method returns a WS-Trust request security token, which takes DNIn as an X509SubjectName value.

Specified by:
createRequestContext in interface Protocol
Parameters:
DNIn - - this is the LDAP DN of the subject
x509ACs - - a set of pushed ACs, it can be null.
x509ProxyCerts - - a set of pushed proxy certificates, it can be null.
assertions - - a set of pushed SAML assertions, it can be null.
mode - - a string to specifiy the mode of PERMIS CVS, i.e. pull, push, pullpush
Throws:
HandlerServiceException

createRequestContext

public org.w3c.dom.Element createRequestContext(java.lang.String DNIn)
                                         throws HandlerServiceException
This method returns a simple WS-Trust request security token, which takes the given DNIn as the X509SubjectName value.

Specified by:
createRequestContext in interface Protocol
Parameters:
DNIn - - this is the LDAP DN
Throws:
HandlerServiceException

getCreds

public org.w3c.dom.Element getCreds(org.w3c.dom.Element contextIn)
                             throws HandlerServiceException
This method returns an XML, which represents a WS-Trust security token response

Parameters:
contextIn, - which represent a wst:RequestSecurityToken element
Returns:
wst:RequestSecurityTokenResponse
Throws:
HandlerServiceException

getCreds

public org.w3c.dom.Element getCreds(Subject subject)
                             throws HandlerServiceException
This method returns an XML, which represents an XACML request context

Parameters:
subject, - which represent a PERMIS subject
Returns:
wst:RequestSecurityTokenResponse
Throws:
HandlerServiceException

getSubjectCreds

public org.w3c.dom.Element getSubjectCreds(org.w3c.dom.Element wst_request)
                                    throws HandlerServiceException
This method returns a subject XACML request context by given a WS-Trust request

Specified by:
getSubjectCreds in interface Protocol
Parameters:
wst_request - represents the WS-Trust request.
Returns:
the XACML request context
Throws:
HandlerServiceException

getResourceCreds

public org.w3c.dom.Element getResourceCreds(org.w3c.dom.Element wst_request)
                                     throws HandlerServiceException
This method returns a resource XACML request context by given a WS-Trust request

Specified by:
getResourceCreds in interface Protocol
Parameters:
wst_request - represents the WS-Trust request.
Returns:
the XACML request context
Throws:
HandlerServiceException

getAuthzDecision

public org.w3c.dom.Element getAuthzDecision(org.w3c.dom.Element reqCtx)
                                     throws HandlerServiceException
This method provides an XACML interface to call PERMIS PDP for authz decisions

Specified by:
getAuthzDecision in interface Protocol
Parameters:
reqCtx, - which is an XACML request context In order to use the request context to query XACML PDP, PERMIS roleTypes, action parameters and environmental attributes should be named in URIs.
Returns:
an XACML response context in the form of XML Element
Throws:
HandlerServiceException

getSamlAuthzDecision

public org.w3c.dom.Element getSamlAuthzDecision(org.w3c.dom.Element samlRequest)
                                         throws HandlerServiceException
This method provides a SAML interface to call PERMIS PDP for making authz decisions

Specified by:
getSamlAuthzDecision in interface Protocol
Parameters:
samlRequest, - which is a SAML authz request.
Returns:
a SAML authz response in the form of XML Element
Throws:
HandlerServiceException

getSamlAuthzDecision

public org.w3c.dom.Element getSamlAuthzDecision(org.w3c.dom.Element samlRequest,
                                                java.lang.String url,
                                                boolean grid)
                                         throws HandlerServiceException
This method provides a SAML interface to call PERMIS authz server for making authz decisions

Specified by:
getSamlAuthzDecision in interface Protocol
Parameters:
samlRequest, - which is a SAML authz request.
url - is an URL of the saml service (host and port might be only needed).
grid - indicates the service is a globus one, if it is true.
Returns:
a SAML authz response in the form of XML Element
Throws:
HandlerServiceException

createSimpleContext

public org.w3c.dom.Element createSimpleContext(java.lang.String attrValue,
                                               java.lang.String type)
                                        throws HandlerServiceException
This method returns an XACML request context for a resource or action in the form of XML Element

Parameters:
attrValue - represents the attribute value; type can be "Action" or "Resource"
Returns:
the XACML request context
Throws:
HandlerServiceException

getSamlAssertion

public org.w3c.dom.Element getSamlAssertion(Tvalue[] pairs,
                                            java.lang.String subjectDN,
                                            java.lang.String issuer)
                                     throws java.lang.Exception
this method is used to create a SAML assertion, which includes the attributes given by an array of type-value text pairs.

Parameters:
pairs - is the type-value text array.
subjectDN - is the subject name of the aasertion.
issuer - is the issuer name of the assertion.
Throws:
java.lang.Exception

latch

public java.util.Date latch()
The time is stopped forever, so the latch returns the same as getTime()


getTime

public java.util.Date getTime()
The time is stopped forever, so the latch returns the same as getTime()


getAttributes

public org.w3c.dom.Element getAttributes()
                                  throws HandlerServiceException
This method is used to get all of the environmental attributes in the current policy

Returns:
an <Attributes> element. For example, <Attributes xmlns="urn:oasis:names:tc:xacml:1.0:context"> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:environment:balance.student[id(S)]" DataType="http://www.w3.org/2001/XMLSchema#integer"/> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:environment:balance.staff[id(S)]" DataType="http://www.w3.org/2001/XMLSchema#integer"/> </Attributes>
Throws:
HandlerServiceException

getId

public java.lang.String getId(org.w3c.dom.Element reqCtx,
                              java.lang.String type)
This method get subject/resource Id from a request context.

Parameters:
reqCtx - is a XACML request context, type is either "Subject" or "Resource"
Returns:
the Id, if the or contains such atribute otherwise, return null

getEnvironment

public java.util.Hashtable getEnvironment(org.w3c.dom.Element reqCtx)
                                   throws EnvironmentException
This method gets a Permis environment object from an XACML request context.

Parameters:
reqCtx - is the XACML request context
Returns:
the Hashtable as the Permis environment. This Hashtable could be empty if the request context does not contain any environmental attribute
Throws:
EnvironmentException

getAction

public Action getAction(org.w3c.dom.Element reqCtx)
                 throws ActionException
This method gets a Permis Action object from an XACML request context.

Parameters:
reqCtx - is the XACML request context
Returns:
the Action object.
Throws:
ActionException

getTarget

public PermisTarget getTarget(org.w3c.dom.Element reqCtx)
                       throws TargetException
This method gets a Permis target object from an XACML request context.

Parameters:
reqCtx - is the XACML request context. this context should contain at least the resource-id attribute i.e. urn:oasis:names:tc:xacml:1.0:resource:resource-id
Returns:
the Target object.
Throws:
TargetException

getSubjectXACML

public org.w3c.dom.Element getSubjectXACML(Subject subject)
                                    throws java.lang.Exception
this method returns an XACML request context, which contains only subject attributes.

Parameters:
subject - is the given subject
Throws:
java.lang.Exception

getSubject

public PermisSubject getSubject(org.w3c.dom.Element reqCtx,
                                java.lang.String policyId)
                         throws SubjectException
This method creates a Permis subject object.

Parameters:
reqCtx - is a XACML request context. policyId is the policy OID
Returns:
the PermisSubject object.
Throws:
SubjectException

createSubject

public Subject createSubject(org.w3c.dom.Element saml,
                             java.lang.Object[] creds)
                      throws SubjectException
to create a subject in the push mode This method creates a Permis subject object.

Parameters:
saml - must be a valid SAML attribute assertion. This is the place to hold text attributes for validation.
a - set of other credentials, which should be represented as Attribute objects. These credentials must be in the same subject as the SAML assertion. Otherwise, they will be discarded.
Returns:
the PermisSubject object.
Throws:
SubjectException

getSubjectDN

public java.lang.String getSubjectDN(java.lang.Object token)
                              throws HandlerServiceException
this method returns the subject DN from a WS-Trust request token

Throws:
HandlerServiceException

createRequestContext

public org.w3c.dom.Element createRequestContext(java.lang.String actionIn,
                                                java.lang.String resourceIn,
                                                org.w3c.dom.Element subject)
                                         throws HandlerServiceException
this method returns an XACML request context, in which the given action and resource are used as the action-id and resource-id value, and the given subject is the Subject section in the context.

Specified by:
createRequestContext in interface Protocol
Parameters:
actionIn - will be the action-id value.
resourceIn - will be the resource-id value
subject - is the subject request context
Throws:
HandlerServiceException

getBase64

public byte[][] getBase64(java.util.ArrayList list)
this method returns a set of base64 strings, which represent ACs or PKCs

Parameters:
list - a list of binary ACs or PKCs.

setAttributeType

public void setAttributeType(java.lang.String acType,
                             java.lang.String pkcType)
this method is used to set LDAP attribute names for holding ACs and PKCs


getDecision

public static java.lang.String getDecision(org.w3c.dom.Element responseCtx)
                                    throws java.lang.Exception
this method returns the decision result as a string.

Parameters:
responseCtx - is the XACML response context
Throws:
java.lang.Exception

createSamlReuest

public org.w3c.dom.Element createSamlReuest(java.lang.String userDN,
                                            java.lang.String actionName,
                                            java.lang.String targetDN)
this method create a SAML request to include an authorisation decision query.

Specified by:
createSamlReuest in interface Protocol
Parameters:
userDN - is a LDAP DN
action - can be any string value
targetDN - is either a LDAP DN or URL

message

public org.w3c.dom.Element message(org.w3c.dom.Element message)
                            throws HandlerServiceException
this method is used to process a message and return a resonse.

Parameters:
message - is the message, which is processed according to its type.
Throws:
HandlerServiceException

getType

public int getType(org.w3c.dom.Element message)
            throws HandlerServiceException
this method is used to return the message type of a given message. the type can be WS_TRUST,XACML or SAML.

Parameters:
message - is the given message.
Throws:
HandlerServiceException

createSubject

public Subject createSubject(org.w3c.dom.Element reqCtx,
                             java.lang.String issuer,
                             java.lang.Object[] creds,
                             java.lang.String[] parsers)
                      throws SubjectException
This method creates a Permis subject object.

Parameters:
reqCtx - is a XACML request context, which represents known subject attributes.
issuer - is the DN of the issuer, who issues the above attributes.
Returns:
the PermisSubject object.
Throws:
SubjectException

getXacmlSamlAuthzDecision

public org.w3c.dom.Element getXacmlSamlAuthzDecision(org.w3c.dom.Element request)
                                              throws HandlerServiceException
this method uses to make an authorisation decision.

Parameters:
request, - the input XML element.
Returns:
a SAML response, which includes
Throws:
HandlerServiceException

setPDP

public void setPDP(PermisRBAC rbac)
this is to set the PDP of this Handler object to the specific one.

Parameters:
rbac, - Permis PDP represented as a PermisRBAC object.