|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object issrg.utils.handler.Handler
public class Handler
Field Summary | |
---|---|
static int |
AC
|
static int |
AC_POLICY
|
static java.lang.String |
ACTION_ID
|
static java.lang.String |
INPUT_CONTEXT_ONLY
|
static java.lang.String |
PERMIS_NAME_SPACE
|
static int |
PKC
|
static int |
POLICY_BINARY
|
static int |
POLICY_PATH
|
static java.lang.String |
PULL_MODE
|
static java.lang.String |
PULLPUSH_MODE
|
static java.lang.String |
PUSH_MODE
|
static java.lang.String |
RESOURCE_ID
|
static java.lang.String |
RETURN_CONTEXT
|
static int |
SAML
|
static java.lang.String |
SAML_ASSERTION_10
|
static java.lang.String |
SAML_ASSERTION_20
|
static java.lang.String |
SAML_PROTOCOL_10
|
static java.lang.String |
SAML_PROTOCOL_20
|
static java.lang.String |
SAML_SUBJECT_ID_10
|
static java.lang.String |
SAML_SUBJECT_ID_20
|
static java.lang.String |
SAML_VERSION_10
|
static java.lang.String |
SAML_VERSION_20
|
static java.lang.String |
SUBJECT_ID
|
static int |
UNKNOWN
|
static int |
WS_TRUST
|
static java.lang.String |
WS_TRUST_CLAIMS
|
static java.lang.String |
WS_TRUST_NAME_SAPCE_VALIDATE
|
static java.lang.String |
WS_TRUST_NAME_SPACE
|
static java.lang.String |
WS_TRUST_REQUEST_TOKEN
|
static java.lang.String |
WS_TRUST_REQUEST_TOKEN_RESPONSE
|
static java.lang.String |
WS_TRUST_REQUEST_TYPE
|
static java.lang.String |
WS_TRUST_REQUESTED_TOKEN
|
static java.lang.String |
WS_TRUST_STATUS_INVALID
|
static java.lang.String |
WS_TRUST_STATUS_VALID
|
static java.lang.String |
WS_TRUST_TOKEN_TYPE
|
static java.lang.String |
WSSE_NAME_SPACE
|
static java.lang.String |
WSU_NAME_SPACE
|
static java.lang.String |
X509_ATTRIBUTE_CERTIFICATE
|
static java.lang.String |
X509_SUBJECT_NAME_FORMAT
|
static int |
XACML
|
static java.lang.String |
XACML_AUTHZ_DECISION_QUERY
|
static java.lang.String |
XACML_CONTEXT_NAME_SPACE
|
static java.lang.String |
XACML_CONTEXT_REQUEST
|
static java.lang.String |
XACML_DATA_TYPE
|
static java.lang.String |
XACML_DECISION_DENY
|
static java.lang.String |
XACML_DECISION_INDETERMINATE
|
static java.lang.String |
XACML_DECISION_NOT_APPLICABLE
|
static java.lang.String |
XACML_DECISION_PERMIT
|
static java.lang.String |
XACML_NAME_FORMAT
|
static java.lang.String |
XACML_PROFILE
|
static int |
XACML_SAML
|
static java.lang.String |
XACML_SAML_ASSERTION_20
|
static java.lang.String |
XACML_SAML_PROTOCOL_20
|
static java.lang.String |
XACML_SAMLP
|
static java.lang.String |
XACML_STATUS_MISSING_ATTRIBUTE
|
static java.lang.String |
XACML_STATUS_OK
|
static java.lang.String |
XACML_STATUS_PROCESSING_ERROR
|
static java.lang.String |
XACML_STATUS_SYNTAX_ERROR
|
static int |
XML_POLICY
|
static java.lang.String |
XSI_NAME_SPACE
|
Constructor Summary | |
---|---|
Handler()
Creates a new instance of PermisWebService |
Method Summary | |
---|---|
org.w3c.dom.Element |
createRequestContext(java.lang.String DNIn)
This method returns a simple WS-Trust request security token, which takes the given DNIn as the X509SubjectName value. |
org.w3c.dom.Element |
createRequestContext(java.lang.String DNIn,
java.lang.String[] x509ACs,
java.lang.String[] x509ProxyCerts,
org.w3c.dom.Element[] assertions,
java.lang.String mode)
This method returns a WS-Trust request security token, which takes DNIn as an X509SubjectName value. |
org.w3c.dom.Element |
createRequestContext(java.lang.String actionIn,
java.lang.String resourceIn,
org.w3c.dom.Element subject)
this method returns an XACML request context, in which the given action and resource are used as the action-id and resource-id value, and the given subject is the Subject section in the context. |
org.w3c.dom.Element |
createSamlReuest(java.lang.String userDN,
java.lang.String actionName,
java.lang.String targetDN)
this method create a SAML request to include an authorisation decision query. |
org.w3c.dom.Element |
createSimpleContext(java.lang.String attrValue,
java.lang.String type)
This method returns an XACML request context for a resource or action in the form of XML Element |
Subject |
createSubject(org.w3c.dom.Element saml,
java.lang.Object[] creds)
to create a subject in the push mode This method creates a Permis subject object. |
Subject |
createSubject(org.w3c.dom.Element reqCtx,
java.lang.String issuer,
java.lang.Object[] creds,
java.lang.String[] parsers)
This method creates a Permis subject object. |
Action |
getAction(org.w3c.dom.Element reqCtx)
This method gets a Permis Action object from an XACML request context. |
org.w3c.dom.Element |
getAttributes()
This method is used to get all of the environmental attributes in the current policy |
org.w3c.dom.Element |
getAuthzDecision(org.w3c.dom.Element reqCtx)
This method provides an XACML interface to call PERMIS PDP for authz decisions |
byte[][] |
getBase64(java.util.ArrayList list)
this method returns a set of base64 strings, which represent ACs or PKCs |
org.w3c.dom.Element |
getCreds(org.w3c.dom.Element contextIn)
This method returns an XML, which represents a WS-Trust security token response |
org.w3c.dom.Element |
getCreds(Subject subject)
This method returns an XML, which represents an XACML request context |
static java.lang.String |
getDecision(org.w3c.dom.Element responseCtx)
this method returns the decision result as a string. |
java.util.Hashtable |
getEnvironment(org.w3c.dom.Element reqCtx)
This method gets a Permis environment object from an XACML request context. |
java.lang.String |
getId(org.w3c.dom.Element reqCtx,
java.lang.String type)
This method get subject/resource Id from a request context. |
PermisRBAC |
getPDP()
This method returns the constructed PermisRBAC |
org.w3c.dom.Element |
getResourceCreds(org.w3c.dom.Element wst_request)
This method returns a resource XACML request context by given a WS-Trust request |
org.w3c.dom.Element |
getSamlAssertion(Tvalue[] pairs,
java.lang.String subjectDN,
java.lang.String issuer)
this method is used to create a SAML assertion, which includes the attributes given by an array of type-value text pairs. |
org.w3c.dom.Element |
getSamlAuthzDecision(org.w3c.dom.Element samlRequest)
This method provides a SAML interface to call PERMIS PDP for making authz decisions |
org.w3c.dom.Element |
getSamlAuthzDecision(org.w3c.dom.Element samlRequest,
java.lang.String url,
boolean grid)
This method provides a SAML interface to call PERMIS authz server for making authz decisions |
PermisSubject |
getSubject(org.w3c.dom.Element reqCtx,
java.lang.String policyId)
This method creates a Permis subject object. |
org.w3c.dom.Element |
getSubjectCreds(org.w3c.dom.Element wst_request)
This method returns a subject XACML request context by given a WS-Trust request |
java.lang.String |
getSubjectDN(java.lang.Object token)
this method returns the subject DN from a WS-Trust request token |
org.w3c.dom.Element |
getSubjectXACML(Subject subject)
this method returns an XACML request context, which contains only subject attributes. |
PermisTarget |
getTarget(org.w3c.dom.Element reqCtx)
This method gets a Permis target object from an XACML request context. |
java.util.Date |
getTime()
The time is stopped forever, so the latch returns the same as getTime() |
int |
getType(org.w3c.dom.Element message)
this method is used to return the message type of a given message. |
org.w3c.dom.Element |
getXacmlSamlAuthzDecision(org.w3c.dom.Element request)
this method uses |
void |
initialise(int type,
int format,
java.lang.String policy,
java.lang.String soa,
java.lang.String oid,
java.lang.String acattribute,
java.lang.String pkcattribute,
java.lang.String rootca,
java.lang.String url)
|
void |
initialise(java.lang.String inputFilename)
This method is to construct PermisRBAC with the configuration file |
java.util.Date |
latch()
The time is stopped forever, so the latch returns the same as getTime() |
org.w3c.dom.Element |
message(org.w3c.dom.Element message)
this method is used to process a message and return a resonse. |
void |
setAttributeType(java.lang.String acType,
java.lang.String pkcType)
this method is used to set LDAP attribute names for holding ACs and PKCs |
void |
setLogLevel(java.lang.String configFile)
This method is used to set log information by a configuration file |
void |
setPDP(PermisRBAC rbac)
this is to set the PDP of this Handler object to the specific one. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final int POLICY_PATH
public static final int POLICY_BINARY
public static final int XML_POLICY
public static final int AC_POLICY
public static final int PKC
public static final int AC
public static final int UNKNOWN
public static final int WS_TRUST
public static final int XACML
public static final int SAML
public static final int XACML_SAML
public static final java.lang.String SAML_VERSION_10
public static final java.lang.String SAML_VERSION_20
public static final java.lang.String SAML_ASSERTION_10
public static final java.lang.String SAML_ASSERTION_20
public static final java.lang.String XACML_SAML_PROTOCOL_20
public static final java.lang.String XACML_SAML_ASSERTION_20
public static final java.lang.String XACML_AUTHZ_DECISION_QUERY
public static final java.lang.String XACML_SAMLP
public static final java.lang.String INPUT_CONTEXT_ONLY
public static final java.lang.String RETURN_CONTEXT
public static final java.lang.String XACML_CONTEXT_REQUEST
public static final java.lang.String SAML_PROTOCOL_10
public static final java.lang.String SAML_PROTOCOL_20
public static final java.lang.String SAML_SUBJECT_ID_10
public static final java.lang.String SAML_SUBJECT_ID_20
public static final java.lang.String X509_SUBJECT_NAME_FORMAT
public static final java.lang.String PULL_MODE
public static final java.lang.String PUSH_MODE
public static final java.lang.String PULLPUSH_MODE
public static final java.lang.String X509_ATTRIBUTE_CERTIFICATE
public static final java.lang.String WS_TRUST_REQUEST_TOKEN
public static final java.lang.String WS_TRUST_REQUESTED_TOKEN
public static final java.lang.String WS_TRUST_NAME_SPACE
public static final java.lang.String WS_TRUST_TOKEN_TYPE
public static final java.lang.String WS_TRUST_REQUEST_TOKEN_RESPONSE
public static final java.lang.String WS_TRUST_REQUEST_TYPE
public static final java.lang.String WS_TRUST_NAME_SAPCE_VALIDATE
public static final java.lang.String WS_TRUST_CLAIMS
public static final java.lang.String WS_TRUST_STATUS_VALID
public static final java.lang.String WS_TRUST_STATUS_INVALID
public static final java.lang.String XACML_PROFILE
public static final java.lang.String XACML_STATUS_OK
public static final java.lang.String XACML_STATUS_PROCESSING_ERROR
public static final java.lang.String XACML_STATUS_MISSING_ATTRIBUTE
public static final java.lang.String XACML_STATUS_SYNTAX_ERROR
public static final java.lang.String XACML_DECISION_INDETERMINATE
public static final java.lang.String XACML_DECISION_DENY
public static final java.lang.String XACML_DECISION_PERMIT
public static final java.lang.String XACML_DECISION_NOT_APPLICABLE
public static final java.lang.String XACML_CONTEXT_NAME_SPACE
public static final java.lang.String XACML_DATA_TYPE
public static final java.lang.String XACML_NAME_FORMAT
public static final java.lang.String RESOURCE_ID
public static final java.lang.String SUBJECT_ID
public static final java.lang.String ACTION_ID
public static final java.lang.String XSI_NAME_SPACE
public static final java.lang.String PERMIS_NAME_SPACE
public static final java.lang.String WSSE_NAME_SPACE
public static final java.lang.String WSU_NAME_SPACE
Constructor Detail |
---|
public Handler() throws HandlerServiceException
HandlerServiceException
Method Detail |
---|
public void setLogLevel(java.lang.String configFile) throws HandlerServiceException
configFile,
- which is the configuratin file name
This file contains e.g.
log-level = debug
layout = %-5p - %m%n [optional]
log-file = /home/log/permis.log [optional]
HandlerServiceException
public void initialise(java.lang.String inputFilename) throws HandlerServiceException
inputFilename,
- which is the configuration file name.
An example configuration file:
ini: soa=cn=SOA,ou=admin,o=permis,c=GB
...: oid=1.2.826.0.1.3344810.6.0.0.1
...: rootca=/home/ac/cacert.cer
...: pkcattribute=userCertificate;binary
...: acattribute=attributeCertificateAttribute
...: url=ldap://localhost/
...: init
HandlerServiceException
public void initialise(int type, int format, java.lang.String policy, java.lang.String soa, java.lang.String oid, java.lang.String acattribute, java.lang.String pkcattribute, java.lang.String rootca, java.lang.String url) throws HandlerServiceException
type
- indicates whether the policy parameter (i.e. the third parameter) contains
a policy (i.e. POLICY_BINARY)or is a policy file (POLICY_PATH).format
- indicates what format the policy is in; AC_POLICY or XML_POLICY.policy
- is an either policy string or policy file path. base64 encoded if it is an AC_POLICY.soa
- is the Source Of Authority identified by a LDAP DN, who holds and issues the policy.oid
- is the policy name.acattribute
- is the field name, where the attribute certificate is stored.pkcattribute
- is the field name, where the pkc attribute certificate is stored.rootca
- is the root CA PKC file path. if this parameter is set then signature verificateion is on.url
- is the URL of a repository, where ACs and PKCs are stored.
HandlerServiceException
public PermisRBAC getPDP()
public org.w3c.dom.Element createRequestContext(java.lang.String DNIn, java.lang.String[] x509ACs, java.lang.String[] x509ProxyCerts, org.w3c.dom.Element[] assertions, java.lang.String mode) throws HandlerServiceException
createRequestContext
in interface Protocol
DNIn
- - this is the LDAP DN of the subjectx509ACs
- - a set of pushed ACs, it can be null.x509ProxyCerts
- - a set of pushed proxy certificates, it can be null.assertions
- - a set of pushed SAML assertions, it can be null.mode
- - a string to specifiy the mode of PERMIS CVS, i.e. pull, push, pullpush
HandlerServiceException
public org.w3c.dom.Element createRequestContext(java.lang.String DNIn) throws HandlerServiceException
createRequestContext
in interface Protocol
DNIn
- - this is the LDAP DN
HandlerServiceException
public org.w3c.dom.Element getCreds(org.w3c.dom.Element contextIn) throws HandlerServiceException
contextIn,
- which represent a wst:RequestSecurityToken element
HandlerServiceException
public org.w3c.dom.Element getCreds(Subject subject) throws HandlerServiceException
subject,
- which represent a PERMIS subject
HandlerServiceException
public org.w3c.dom.Element getSubjectCreds(org.w3c.dom.Element wst_request) throws HandlerServiceException
getSubjectCreds
in interface Protocol
wst_request
- represents the WS-Trust request.
HandlerServiceException
public org.w3c.dom.Element getResourceCreds(org.w3c.dom.Element wst_request) throws HandlerServiceException
getResourceCreds
in interface Protocol
wst_request
- represents the WS-Trust request.
HandlerServiceException
public org.w3c.dom.Element getAuthzDecision(org.w3c.dom.Element reqCtx) throws HandlerServiceException
getAuthzDecision
in interface Protocol
reqCtx,
- which is an XACML request context
In order to use the request context to query XACML PDP, PERMIS roleTypes,
action parameters and environmental attributes should be named in URIs.
HandlerServiceException
public org.w3c.dom.Element getSamlAuthzDecision(org.w3c.dom.Element samlRequest) throws HandlerServiceException
getSamlAuthzDecision
in interface Protocol
samlRequest,
- which is a SAML authz request.
HandlerServiceException
public org.w3c.dom.Element getSamlAuthzDecision(org.w3c.dom.Element samlRequest, java.lang.String url, boolean grid) throws HandlerServiceException
getSamlAuthzDecision
in interface Protocol
samlRequest,
- which is a SAML authz request.url
- is an URL of the saml service (host and port might be only needed).grid
- indicates the service is a globus one, if it is true.
HandlerServiceException
public org.w3c.dom.Element createSimpleContext(java.lang.String attrValue, java.lang.String type) throws HandlerServiceException
attrValue
- represents the attribute value; type can be "Action" or "Resource"
HandlerServiceException
public org.w3c.dom.Element getSamlAssertion(Tvalue[] pairs, java.lang.String subjectDN, java.lang.String issuer) throws java.lang.Exception
pairs
- is the type-value text array.subjectDN
- is the subject name of the aasertion.issuer
- is the issuer name of the assertion.
java.lang.Exception
public java.util.Date latch()
public java.util.Date getTime()
public org.w3c.dom.Element getAttributes() throws HandlerServiceException
HandlerServiceException
public java.lang.String getId(org.w3c.dom.Element reqCtx, java.lang.String type)
reqCtx
- is a XACML request context, type is either "Subject" or "Resource"
public java.util.Hashtable getEnvironment(org.w3c.dom.Element reqCtx) throws EnvironmentException
reqCtx
- is the XACML request context
EnvironmentException
public Action getAction(org.w3c.dom.Element reqCtx) throws ActionException
reqCtx
- is the XACML request context
ActionException
public PermisTarget getTarget(org.w3c.dom.Element reqCtx) throws TargetException
reqCtx
- is the XACML request context. this context should contain at least the resource-id attribute
i.e. urn:oasis:names:tc:xacml:1.0:resource:resource-id
TargetException
public org.w3c.dom.Element getSubjectXACML(Subject subject) throws java.lang.Exception
subject
- is the given subject
java.lang.Exception
public PermisSubject getSubject(org.w3c.dom.Element reqCtx, java.lang.String policyId) throws SubjectException
reqCtx
- is a XACML request context. policyId is the policy OID
SubjectException
public Subject createSubject(org.w3c.dom.Element saml, java.lang.Object[] creds) throws SubjectException
saml
- must be a valid SAML attribute assertion. This is the place
to hold text attributes for validation.a
- set of other credentials, which should be represented as
Attribute objects. These credentials must be in the same subject as the
SAML assertion. Otherwise, they will be discarded.
SubjectException
public java.lang.String getSubjectDN(java.lang.Object token) throws HandlerServiceException
HandlerServiceException
public org.w3c.dom.Element createRequestContext(java.lang.String actionIn, java.lang.String resourceIn, org.w3c.dom.Element subject) throws HandlerServiceException
createRequestContext
in interface Protocol
actionIn
- will be the action-id value.resourceIn
- will be the resource-id valuesubject
- is the subject request context
HandlerServiceException
public byte[][] getBase64(java.util.ArrayList list)
list
- a list of binary ACs or PKCs.public void setAttributeType(java.lang.String acType, java.lang.String pkcType)
public static java.lang.String getDecision(org.w3c.dom.Element responseCtx) throws java.lang.Exception
responseCtx
- is the XACML response context
java.lang.Exception
public org.w3c.dom.Element createSamlReuest(java.lang.String userDN, java.lang.String actionName, java.lang.String targetDN)
createSamlReuest
in interface Protocol
userDN
- is a LDAP DNaction
- can be any string valuetargetDN
- is either a LDAP DN or URLpublic org.w3c.dom.Element message(org.w3c.dom.Element message) throws HandlerServiceException
message
- is the message, which is processed according to its type.
HandlerServiceException
public int getType(org.w3c.dom.Element message) throws HandlerServiceException
message
- is the given message.
HandlerServiceException
public Subject createSubject(org.w3c.dom.Element reqCtx, java.lang.String issuer, java.lang.Object[] creds, java.lang.String[] parsers) throws SubjectException
reqCtx
- is a XACML request context, which represents known subject attributes.issuer
- is the DN of the issuer, who issues the above attributes.
SubjectException
public org.w3c.dom.Element getXacmlSamlAuthzDecision(org.w3c.dom.Element request) throws HandlerServiceException
request,
- the input HandlerServiceException
public void setPDP(PermisRBAC rbac)
rbac,
- Permis PDP represented as a PermisRBAC object.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |