issrg.utils.handler
Class Handler

java.lang.Object
  issrg.utils.handler.Handler

All Implemented Interfaces:

Protocol

public class Handler
extends java.lang.Object
implements Protocol

Author:

Linying Su

Field Summary

static int	AC
static int	AC_POLICY
static java.lang.String	ACTION_ID
static java.lang.String	INPUT_CONTEXT_ONLY
static java.lang.String	PERMIS_NAME_SPACE
static int	PKC
static int	POLICY_BINARY
static int	POLICY_PATH
static java.lang.String	PULL_MODE
static java.lang.String	PULLPUSH_MODE
static java.lang.String	PUSH_MODE
static java.lang.String	RESOURCE_ID
static java.lang.String	RETURN_CONTEXT
static int	SAML
static java.lang.String	SAML_ASSERTION_10
static java.lang.String	SAML_ASSERTION_20
static java.lang.String	SAML_PROTOCOL_10
static java.lang.String	SAML_PROTOCOL_20
static java.lang.String	SAML_SUBJECT_ID_10
static java.lang.String	SAML_SUBJECT_ID_20
static java.lang.String	SAML_VERSION_10
static java.lang.String	SAML_VERSION_20
static java.lang.String	SUBJECT_ID
static int	UNKNOWN
static int	WS_TRUST
static java.lang.String	WS_TRUST_CLAIMS
static java.lang.String	WS_TRUST_NAME_SAPCE_VALIDATE
static java.lang.String	WS_TRUST_NAME_SPACE
static java.lang.String	WS_TRUST_REQUEST_TOKEN
static java.lang.String	WS_TRUST_REQUEST_TOKEN_RESPONSE
static java.lang.String	WS_TRUST_REQUEST_TYPE
static java.lang.String	WS_TRUST_REQUESTED_TOKEN
static java.lang.String	WS_TRUST_STATUS_INVALID
static java.lang.String	WS_TRUST_STATUS_VALID
static java.lang.String	WS_TRUST_TOKEN_TYPE
static java.lang.String	WSSE_NAME_SPACE
static java.lang.String	WSU_NAME_SPACE
static java.lang.String	X509_ATTRIBUTE_CERTIFICATE
static java.lang.String	X509_SUBJECT_NAME_FORMAT
static int	XACML
static java.lang.String	XACML_AUTHZ_DECISION_QUERY
static java.lang.String	XACML_CONTEXT_NAME_SPACE
static java.lang.String	XACML_CONTEXT_REQUEST
static java.lang.String	XACML_DATA_TYPE
static java.lang.String	XACML_DECISION_DENY
static java.lang.String	XACML_DECISION_INDETERMINATE
static java.lang.String	XACML_DECISION_NOT_APPLICABLE
static java.lang.String	XACML_DECISION_PERMIT
static java.lang.String	XACML_NAME_FORMAT
static java.lang.String	XACML_PROFILE
static int	XACML_SAML
static java.lang.String	XACML_SAML_ASSERTION_20
static java.lang.String	XACML_SAML_PROTOCOL_20
static java.lang.String	XACML_SAMLP
static java.lang.String	XACML_STATUS_MISSING_ATTRIBUTE
static java.lang.String	XACML_STATUS_OK
static java.lang.String	XACML_STATUS_PROCESSING_ERROR
static java.lang.String	XACML_STATUS_SYNTAX_ERROR
static int	XML_POLICY
static java.lang.String	XSI_NAME_SPACE

Constructor Summary

Handler()
Creates a new instance of PermisWebService

Method Summary

org.w3c.dom.Element	createRequestContext(java.lang.String DNIn) This method returns a simple WS-Trust request security token, which takes the given DNIn as the X509SubjectName value.
org.w3c.dom.Element	createRequestContext(java.lang.String DNIn, java.lang.String[] x509ACs, java.lang.String[] x509ProxyCerts, org.w3c.dom.Element[] assertions, java.lang.String mode) This method returns a WS-Trust request security token, which takes DNIn as an X509SubjectName value.
org.w3c.dom.Element	createRequestContext(java.lang.String actionIn, java.lang.String resourceIn, org.w3c.dom.Element subject) this method returns an XACML request context, in which the given action and resource are used as the action-id and resource-id value, and the given subject is the Subject section in the context.
org.w3c.dom.Element	createSamlReuest(java.lang.String userDN, java.lang.String actionName, java.lang.String targetDN) this method create a SAML request to include an authorisation decision query.
org.w3c.dom.Element	createSimpleContext(java.lang.String attrValue, java.lang.String type) This method returns an XACML request context for a resource or action in the form of XML Element
Subject	createSubject(org.w3c.dom.Element saml, java.lang.Object[] creds) to create a subject in the push mode This method creates a Permis subject object.
Subject	createSubject(org.w3c.dom.Element reqCtx, java.lang.String issuer, java.lang.Object[] creds, java.lang.String[] parsers) This method creates a Permis subject object.
Action	getAction(org.w3c.dom.Element reqCtx) This method gets a Permis Action object from an XACML request context.
org.w3c.dom.Element	getAttributes() This method is used to get all of the environmental attributes in the current policy
org.w3c.dom.Element	getAuthzDecision(org.w3c.dom.Element reqCtx) This method provides an XACML interface to call PERMIS PDP for authz decisions
byte[][]	getBase64(java.util.ArrayList list) this method returns a set of base64 strings, which represent ACs or PKCs
org.w3c.dom.Element	getCreds(org.w3c.dom.Element contextIn) This method returns an XML, which represents a WS-Trust security token response
org.w3c.dom.Element	getCreds(Subject subject) This method returns an XML, which represents an XACML request context
static java.lang.String	getDecision(org.w3c.dom.Element responseCtx) this method returns the decision result as a string.
java.util.Hashtable	getEnvironment(org.w3c.dom.Element reqCtx) This method gets a Permis environment object from an XACML request context.
java.lang.String	getId(org.w3c.dom.Element reqCtx, java.lang.String type) This method get subject/resource Id from a request context.
PermisRBAC	getPDP() This method returns the constructed PermisRBAC
org.w3c.dom.Element	getResourceCreds(org.w3c.dom.Element wst_request) This method returns a resource XACML request context by given a WS-Trust request
org.w3c.dom.Element	getSamlAssertion(Tvalue[] pairs, java.lang.String subjectDN, java.lang.String issuer) this method is used to create a SAML assertion, which includes the attributes given by an array of type-value text pairs.
org.w3c.dom.Element	getSamlAuthzDecision(org.w3c.dom.Element samlRequest) This method provides a SAML interface to call PERMIS PDP for making authz decisions
org.w3c.dom.Element	getSamlAuthzDecision(org.w3c.dom.Element samlRequest, java.lang.String url, boolean grid) This method provides a SAML interface to call PERMIS authz server for making authz decisions
PermisSubject	getSubject(org.w3c.dom.Element reqCtx, java.lang.String policyId) This method creates a Permis subject object.
org.w3c.dom.Element	getSubjectCreds(org.w3c.dom.Element wst_request) This method returns a subject XACML request context by given a WS-Trust request
java.lang.String	getSubjectDN(java.lang.Object token) this method returns the subject DN from a WS-Trust request token
org.w3c.dom.Element	getSubjectXACML(Subject subject) this method returns an XACML request context, which contains only subject attributes.
PermisTarget	getTarget(org.w3c.dom.Element reqCtx) This method gets a Permis target object from an XACML request context.
java.util.Date	getTime() The time is stopped forever, so the latch returns the same as getTime()
int	getType(org.w3c.dom.Element message) this method is used to return the message type of a given message.
org.w3c.dom.Element	getXacmlSamlAuthzDecision(org.w3c.dom.Element request) this method uses to make an authorisation decision.
void	initialise(int type, int format, java.lang.String policy, java.lang.String soa, java.lang.String oid, java.lang.String acattribute, java.lang.String pkcattribute, java.lang.String rootca, java.lang.String url)
void	initialise(java.lang.String inputFilename) This method is to construct PermisRBAC with the configuration file
java.util.Date	latch() The time is stopped forever, so the latch returns the same as getTime()
org.w3c.dom.Element	message(org.w3c.dom.Element message) this method is used to process a message and return a resonse.
void	setAttributeType(java.lang.String acType, java.lang.String pkcType) this method is used to set LDAP attribute names for holding ACs and PKCs
void	setLogLevel(java.lang.String configFile) This method is used to set log information by a configuration file
void	setPDP(PermisRBAC rbac) this is to set the PDP of this Handler object to the specific one.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

POLICY_PATH

public static final int POLICY_PATH

See Also:

Constant Field Values

POLICY_BINARY

public static final int POLICY_BINARY

See Also:

Constant Field Values

XML_POLICY

public static final int XML_POLICY

See Also:

Constant Field Values

AC_POLICY

public static final int AC_POLICY

See Also:

Constant Field Values

PKC

public static final int PKC

See Also:

Constant Field Values

AC

public static final int AC

See Also:

Constant Field Values

UNKNOWN

public static final int UNKNOWN

See Also:

Constant Field Values

WS_TRUST

public static final int WS_TRUST

See Also:

Constant Field Values

XACML

public static final int XACML

See Also:

Constant Field Values

SAML

public static final int SAML

See Also:

Constant Field Values

XACML_SAML

public static final int XACML_SAML

See Also:

Constant Field Values

SAML_VERSION_10

public static final java.lang.String SAML_VERSION_10

See Also:

Constant Field Values

SAML_VERSION_20

public static final java.lang.String SAML_VERSION_20

See Also:

Constant Field Values

SAML_ASSERTION_10

public static final java.lang.String SAML_ASSERTION_10

See Also:

Constant Field Values

SAML_ASSERTION_20

public static final java.lang.String SAML_ASSERTION_20

See Also:

Constant Field Values

XACML_SAML_PROTOCOL_20

public static final java.lang.String XACML_SAML_PROTOCOL_20

See Also:

Constant Field Values

XACML_SAML_ASSERTION_20

public static final java.lang.String XACML_SAML_ASSERTION_20

See Also:

Constant Field Values

XACML_AUTHZ_DECISION_QUERY

public static final java.lang.String XACML_AUTHZ_DECISION_QUERY

See Also:

Constant Field Values

XACML_SAMLP

public static final java.lang.String XACML_SAMLP

See Also:

Constant Field Values

INPUT_CONTEXT_ONLY

public static final java.lang.String INPUT_CONTEXT_ONLY

See Also:

Constant Field Values

RETURN_CONTEXT

public static final java.lang.String RETURN_CONTEXT

See Also:

Constant Field Values

XACML_CONTEXT_REQUEST

public static final java.lang.String XACML_CONTEXT_REQUEST

See Also:

Constant Field Values

SAML_PROTOCOL_10

public static final java.lang.String SAML_PROTOCOL_10

See Also:

Constant Field Values

SAML_PROTOCOL_20

public static final java.lang.String SAML_PROTOCOL_20

See Also:

Constant Field Values

SAML_SUBJECT_ID_10

public static final java.lang.String SAML_SUBJECT_ID_10

See Also:

Constant Field Values

SAML_SUBJECT_ID_20

public static final java.lang.String SAML_SUBJECT_ID_20

See Also:

Constant Field Values

X509_SUBJECT_NAME_FORMAT

public static final java.lang.String X509_SUBJECT_NAME_FORMAT

See Also:

Constant Field Values

PULL_MODE

public static final java.lang.String PULL_MODE

See Also:

Constant Field Values

PUSH_MODE

public static final java.lang.String PUSH_MODE

See Also:

Constant Field Values

PULLPUSH_MODE

public static final java.lang.String PULLPUSH_MODE

See Also:

Constant Field Values

X509_ATTRIBUTE_CERTIFICATE

public static final java.lang.String X509_ATTRIBUTE_CERTIFICATE

See Also:

Constant Field Values

WS_TRUST_REQUEST_TOKEN

public static final java.lang.String WS_TRUST_REQUEST_TOKEN

See Also:

Constant Field Values

WS_TRUST_REQUESTED_TOKEN

public static final java.lang.String WS_TRUST_REQUESTED_TOKEN

See Also:

Constant Field Values

WS_TRUST_NAME_SPACE

public static final java.lang.String WS_TRUST_NAME_SPACE

See Also:

Constant Field Values

WS_TRUST_TOKEN_TYPE

public static final java.lang.String WS_TRUST_TOKEN_TYPE

See Also:

Constant Field Values

WS_TRUST_REQUEST_TOKEN_RESPONSE

public static final java.lang.String WS_TRUST_REQUEST_TOKEN_RESPONSE

See Also:

Constant Field Values

WS_TRUST_REQUEST_TYPE

public static final java.lang.String WS_TRUST_REQUEST_TYPE

See Also:

Constant Field Values

WS_TRUST_NAME_SAPCE_VALIDATE

public static final java.lang.String WS_TRUST_NAME_SAPCE_VALIDATE

See Also:

Constant Field Values

WS_TRUST_CLAIMS

public static final java.lang.String WS_TRUST_CLAIMS

See Also:

Constant Field Values

WS_TRUST_STATUS_VALID

public static final java.lang.String WS_TRUST_STATUS_VALID

See Also:

Constant Field Values

WS_TRUST_STATUS_INVALID

public static final java.lang.String WS_TRUST_STATUS_INVALID

See Also:

Constant Field Values

XACML_PROFILE

public static final java.lang.String XACML_PROFILE

See Also:

Constant Field Values

XACML_STATUS_OK

public static final java.lang.String XACML_STATUS_OK

See Also:

Constant Field Values

XACML_STATUS_PROCESSING_ERROR

public static final java.lang.String XACML_STATUS_PROCESSING_ERROR

See Also:

Constant Field Values

XACML_STATUS_MISSING_ATTRIBUTE

public static final java.lang.String XACML_STATUS_MISSING_ATTRIBUTE

See Also:

Constant Field Values

XACML_STATUS_SYNTAX_ERROR

public static final java.lang.String XACML_STATUS_SYNTAX_ERROR

See Also:

Constant Field Values

XACML_DECISION_INDETERMINATE

public static final java.lang.String XACML_DECISION_INDETERMINATE

See Also:

Constant Field Values

XACML_DECISION_DENY

public static final java.lang.String XACML_DECISION_DENY

See Also:

Constant Field Values

XACML_DECISION_PERMIT

public static final java.lang.String XACML_DECISION_PERMIT

See Also:

Constant Field Values

XACML_DECISION_NOT_APPLICABLE

public static final java.lang.String XACML_DECISION_NOT_APPLICABLE

See Also:

Constant Field Values

XACML_CONTEXT_NAME_SPACE

public static final java.lang.String XACML_CONTEXT_NAME_SPACE

See Also:

Constant Field Values

XACML_DATA_TYPE

public static final java.lang.String XACML_DATA_TYPE

See Also:

Constant Field Values

XACML_NAME_FORMAT

public static final java.lang.String XACML_NAME_FORMAT

See Also:

Constant Field Values

RESOURCE_ID

public static final java.lang.String RESOURCE_ID

See Also:

Constant Field Values

SUBJECT_ID

public static final java.lang.String SUBJECT_ID

See Also:

Constant Field Values

ACTION_ID

public static final java.lang.String ACTION_ID

See Also:

Constant Field Values

XSI_NAME_SPACE

public static final java.lang.String XSI_NAME_SPACE

See Also:

Constant Field Values

PERMIS_NAME_SPACE

public static final java.lang.String PERMIS_NAME_SPACE

See Also:

Constant Field Values

WSSE_NAME_SPACE

public static final java.lang.String WSSE_NAME_SPACE

See Also:

Constant Field Values

WSU_NAME_SPACE

public static final java.lang.String WSU_NAME_SPACE

See Also:

Constant Field Values

Constructor Detail

Handler

public Handler()
        throws HandlerServiceException

Creates a new instance of PermisWebService

Throws:

HandlerServiceException

Method Detail

setLogLevel

public void setLogLevel(java.lang.String configFile)
                 throws HandlerServiceException

This method is used to set log information by a configuration file

Parameters:

configFile, - which is the configuratin file name This file contains e.g. log-level = debug layout = %-5p - %m%n [optional] log-file = /home/log/permis.log [optional]

Throws:

HandlerServiceException

initialise

public void initialise(java.lang.String inputFilename)
                throws HandlerServiceException

This method is to construct PermisRBAC with the configuration file

Parameters:

inputFilename, - which is the configuration file name. An example configuration file: ini: soa=cn=SOA,ou=admin,o=permis,c=GB ...: oid=1.2.826.0.1.3344810.6.0.0.1 ...: rootca=/home/ac/cacert.cer ...: pkcattribute=userCertificate;binary ...: acattribute=attributeCertificateAttribute ...: url=ldap://localhost/ ...: init

Throws:

HandlerServiceException

initialise

public void initialise(int type,
                       int format,
                       java.lang.String policy,
                       java.lang.String soa,
                       java.lang.String oid,
                       java.lang.String acattribute,
                       java.lang.String pkcattribute,
                       java.lang.String rootca,
                       java.lang.String url)
                throws HandlerServiceException

Parameters:

type - indicates whether the policy parameter (i.e. the third parameter) contains a policy (i.e. POLICY_BINARY)or is a policy file (POLICY_PATH).

format - indicates what format the policy is in; AC_POLICY or XML_POLICY.

policy - is an either policy string or policy file path. base64 encoded if it is an AC_POLICY.

soa - is the Source Of Authority identified by a LDAP DN, who holds and issues the policy.

oid - is the policy name.

acattribute - is the field name, where the attribute certificate is stored.

pkcattribute - is the field name, where the pkc attribute certificate is stored.

rootca - is the root CA PKC file path. if this parameter is set then signature verificateion is on.

url - is the URL of a repository, where ACs and PKCs are stored.

Throws:

HandlerServiceException

getPDP

public PermisRBAC getPDP()

This method returns the constructed PermisRBAC

Returns:

issrg.pba.rbac.PermisRBAC

createRequestContext

public org.w3c.dom.Element createRequestContext(java.lang.String DNIn,
                                                java.lang.String[] x509ACs,
                                                java.lang.String[] x509ProxyCerts,
                                                org.w3c.dom.Element[] assertions,
                                                java.lang.String mode)
                                         throws HandlerServiceException

This method returns a WS-Trust request security token, which takes DNIn as an X509SubjectName value.

Specified by:

createRequestContext in interface Protocol

Parameters:

DNIn - - this is the LDAP DN of the subject

x509ACs - - a set of pushed ACs, it can be null.

x509ProxyCerts - - a set of pushed proxy certificates, it can be null.

assertions - - a set of pushed SAML assertions, it can be null.

mode - - a string to specifiy the mode of PERMIS CVS, i.e. pull, push, pullpush

Throws:

HandlerServiceException

createRequestContext

public org.w3c.dom.Element createRequestContext(java.lang.String DNIn)
                                         throws HandlerServiceException

This method returns a simple WS-Trust request security token, which takes the given DNIn as the X509SubjectName value.

Specified by:

createRequestContext in interface Protocol

Parameters:

DNIn - - this is the LDAP DN

Throws:

HandlerServiceException

getCreds

public org.w3c.dom.Element getCreds(org.w3c.dom.Element contextIn)
                             throws HandlerServiceException

This method returns an XML, which represents a WS-Trust security token response

Parameters:

contextIn, - which represent a wst:RequestSecurityToken element

Returns:

wst:RequestSecurityTokenResponse

Throws:

HandlerServiceException

getCreds

public org.w3c.dom.Element getCreds(Subject subject)
                             throws HandlerServiceException

This method returns an XML, which represents an XACML request context

Parameters:

subject, - which represent a PERMIS subject

Returns:

wst:RequestSecurityTokenResponse

Throws:

HandlerServiceException

getSubjectCreds

public org.w3c.dom.Element getSubjectCreds(org.w3c.dom.Element wst_request)
                                    throws HandlerServiceException

This method returns a subject XACML request context by given a WS-Trust request

Specified by:

getSubjectCreds in interface Protocol

Parameters:

wst_request - represents the WS-Trust request.

Returns:

the XACML request context

Throws:

HandlerServiceException

getResourceCreds

public org.w3c.dom.Element getResourceCreds(org.w3c.dom.Element wst_request)
                                     throws HandlerServiceException

This method returns a resource XACML request context by given a WS-Trust request

Specified by:

getResourceCreds in interface Protocol

Parameters:

wst_request - represents the WS-Trust request.

Returns:

the XACML request context

Throws:

HandlerServiceException

getAuthzDecision

public org.w3c.dom.Element getAuthzDecision(org.w3c.dom.Element reqCtx)
                                     throws HandlerServiceException

This method provides an XACML interface to call PERMIS PDP for authz decisions

Specified by:

getAuthzDecision in interface Protocol

Parameters:

reqCtx, - which is an XACML request context In order to use the request context to query XACML PDP, PERMIS roleTypes, action parameters and environmental attributes should be named in URIs.

Returns:

an XACML response context in the form of XML Element

Throws:

HandlerServiceException

getSamlAuthzDecision

public org.w3c.dom.Element getSamlAuthzDecision(org.w3c.dom.Element samlRequest)
                                         throws HandlerServiceException

This method provides a SAML interface to call PERMIS PDP for making authz decisions

Specified by:

getSamlAuthzDecision in interface Protocol

Parameters:

samlRequest, - which is a SAML authz request.

Returns:

a SAML authz response in the form of XML Element

Throws:

HandlerServiceException

getSamlAuthzDecision

public org.w3c.dom.Element getSamlAuthzDecision(org.w3c.dom.Element samlRequest,
                                                java.lang.String url,
                                                boolean grid)
                                         throws HandlerServiceException

This method provides a SAML interface to call PERMIS authz server for making authz decisions

Specified by:

getSamlAuthzDecision in interface Protocol

Parameters:

samlRequest, - which is a SAML authz request.

url - is an URL of the saml service (host and port might be only needed).

grid - indicates the service is a globus one, if it is true.

Returns:

a SAML authz response in the form of XML Element

Throws:

HandlerServiceException

createSimpleContext

public org.w3c.dom.Element createSimpleContext(java.lang.String attrValue,
                                               java.lang.String type)
                                        throws HandlerServiceException

This method returns an XACML request context for a resource or action in the form of XML Element

Parameters:

attrValue - represents the attribute value; type can be "Action" or "Resource"

Returns:

the XACML request context

Throws:

HandlerServiceException

getSamlAssertion

public org.w3c.dom.Element getSamlAssertion(Tvalue[] pairs,
                                            java.lang.String subjectDN,
                                            java.lang.String issuer)
                                     throws java.lang.Exception

this method is used to create a SAML assertion, which includes the attributes given by an array of type-value text pairs.

Parameters:

pairs - is the type-value text array.

subjectDN - is the subject name of the aasertion.

issuer - is the issuer name of the assertion.

Throws:

java.lang.Exception

latch

public java.util.Date latch()

The time is stopped forever, so the latch returns the same as getTime()

getTime

public java.util.Date getTime()

The time is stopped forever, so the latch returns the same as getTime()

getAttributes

public org.w3c.dom.Element getAttributes()
                                  throws HandlerServiceException

This method is used to get all of the environmental attributes in the current policy

Returns:

an <Attributes> element. For example, <Attributes xmlns="urn:oasis:names:tc:xacml:1.0:context"> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:environment:balance.student[id(S)]" DataType="http://www.w3.org/2001/XMLSchema#integer"/> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:environment:balance.staff[id(S)]" DataType="http://www.w3.org/2001/XMLSchema#integer"/> </Attributes>

Throws:

HandlerServiceException

getId

public java.lang.String getId(org.w3c.dom.Element reqCtx,
                              java.lang.String type)

This method get subject/resource Id from a request context.

Parameters:

reqCtx - is a XACML request context, type is either "Subject" or "Resource"

Returns:

the Id, if the or contains such atribute otherwise, return null

getEnvironment

public java.util.Hashtable getEnvironment(org.w3c.dom.Element reqCtx)
                                   throws EnvironmentException

This method gets a Permis environment object from an XACML request context.

Parameters:

reqCtx - is the XACML request context

Returns:

the Hashtable as the Permis environment. This Hashtable could be empty if the request context does not contain any environmental attribute

Throws:

EnvironmentException

getAction

public Action getAction(org.w3c.dom.Element reqCtx)
                 throws ActionException

This method gets a Permis Action object from an XACML request context.

Parameters:

reqCtx - is the XACML request context

Returns:

the Action object.

Throws:

ActionException

getTarget

public PermisTarget getTarget(org.w3c.dom.Element reqCtx)
                       throws TargetException

This method gets a Permis target object from an XACML request context.

Parameters:

reqCtx - is the XACML request context. this context should contain at least the resource-id attribute i.e. urn:oasis:names:tc:xacml:1.0:resource:resource-id

Returns:

the Target object.

Throws:

TargetException

getSubjectXACML

public org.w3c.dom.Element getSubjectXACML(Subject subject)
                                    throws java.lang.Exception

this method returns an XACML request context, which contains only subject attributes.

Parameters:

subject - is the given subject

Throws:

java.lang.Exception

getSubject

public PermisSubject getSubject(org.w3c.dom.Element reqCtx,
                                java.lang.String policyId)
                         throws SubjectException

This method creates a Permis subject object.

Parameters:

reqCtx - is a XACML request context. policyId is the policy OID

Returns:

the PermisSubject object.

Throws:

SubjectException

createSubject

public Subject createSubject(org.w3c.dom.Element saml,
                             java.lang.Object[] creds)
                      throws SubjectException

to create a subject in the push mode This method creates a Permis subject object.

Parameters:

saml - must be a valid SAML attribute assertion. This is the place to hold text attributes for validation.

a - set of other credentials, which should be represented as Attribute objects. These credentials must be in the same subject as the SAML assertion. Otherwise, they will be discarded.

Returns:

the PermisSubject object.

Throws:

SubjectException

getSubjectDN

public java.lang.String getSubjectDN(java.lang.Object token)
                              throws HandlerServiceException

this method returns the subject DN from a WS-Trust request token

Throws:

HandlerServiceException

createRequestContext

public org.w3c.dom.Element createRequestContext(java.lang.String actionIn,
                                                java.lang.String resourceIn,
                                                org.w3c.dom.Element subject)
                                         throws HandlerServiceException

this method returns an XACML request context, in which the given action and resource are used as the action-id and resource-id value, and the given subject is the Subject section in the context.

Specified by:

createRequestContext in interface Protocol

Parameters:

actionIn - will be the action-id value.

resourceIn - will be the resource-id value

subject - is the subject request context

Throws:

HandlerServiceException

getBase64

public byte[][] getBase64(java.util.ArrayList list)

this method returns a set of base64 strings, which represent ACs or PKCs

Parameters:

list - a list of binary ACs or PKCs.

setAttributeType

public void setAttributeType(java.lang.String acType,
                             java.lang.String pkcType)

this method is used to set LDAP attribute names for holding ACs and PKCs

getDecision

public static java.lang.String getDecision(org.w3c.dom.Element responseCtx)
                                    throws java.lang.Exception

this method returns the decision result as a string.

Parameters:

responseCtx - is the XACML response context

Throws:

java.lang.Exception

createSamlReuest

public org.w3c.dom.Element createSamlReuest(java.lang.String userDN,
                                            java.lang.String actionName,
                                            java.lang.String targetDN)

this method create a SAML request to include an authorisation decision query.

Specified by:

createSamlReuest in interface Protocol

Parameters:

userDN - is a LDAP DN

action - can be any string value

targetDN - is either a LDAP DN or URL

message

public org.w3c.dom.Element message(org.w3c.dom.Element message)
                            throws HandlerServiceException

this method is used to process a message and return a resonse.

Parameters:

message - is the message, which is processed according to its type.

Throws:

HandlerServiceException

getType

public int getType(org.w3c.dom.Element message)
            throws HandlerServiceException

this method is used to return the message type of a given message. the type can be WS_TRUST,XACML or SAML.

Parameters:

message - is the given message.

Throws:

HandlerServiceException

createSubject

public Subject createSubject(org.w3c.dom.Element reqCtx,
                             java.lang.String issuer,
                             java.lang.Object[] creds,
                             java.lang.String[] parsers)
                      throws SubjectException

This method creates a Permis subject object.

Parameters:

reqCtx - is a XACML request context, which represents known subject attributes.

issuer - is the DN of the issuer, who issues the above attributes.

Returns:

the PermisSubject object.

Throws:

SubjectException

getXacmlSamlAuthzDecision

public org.w3c.dom.Element getXacmlSamlAuthzDecision(org.w3c.dom.Element request)
                                              throws HandlerServiceException

this method uses to make an authorisation decision.

Parameters:

request, - the input XML element.

Returns:

a SAML response, which includes

Throws:

HandlerServiceException

setPDP

public void setPDP(PermisRBAC rbac)

this is to set the PDP of this Handler object to the specific one.

Parameters:

rbac, - Permis PDP represented as a PermisRBAC object.