Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

uk.ac.soton.itinnovation.grid.pbac2.pdp
Class PBACUtils

java.lang.Object
  extended by uk.ac.soton.itinnovation.grid.pbac2.pdp.PBACUtils

public class PBACUtils
extends Object

Useful utility methods for using PBAC.

Constructor Summary
PBACUtils()
           
 
Method Summary
static Document createValidationResponse(String code, String reason)
          Create a RequestSecurityTokenResponse for a status validation.
static void ensureDeployed(String type, String policyFileName)
          Try to deploy an XML policy as a PBAC policy.
static void ensureDeployed(String type, String policyFileName, ClassLoader loader)
          Try to deploy an XML policy as a PBAC policy.
static boolean ensureServiceResource(Object serviceImpl, MatchRule[] initialRules)
          Ensure that a singleton service resource for this interface exists, creating a new one if not.
static boolean ensureServiceResource(String type, Class iface, boolean worldRole)
          Deprecated. Use ensureServiceResource(Object, MatchRule[]).
static void ensureServiceResource(String type, Class iface, boolean worldRole, MatchRule[] initialRules)
          Deprecated. Use ensureServiceResource(Object, MatchRule[]).
static void ensureValidationSuccessful(Document response)
          Process a WS-Trust validation response.
static String getDefaultVersion(String policyType)
          Return the default version of this policy.
static ArrayList<String> getResourceTypes()
          Returns a list of known policy types.
static void registerDefaultPolicy(String resourceType, String defaultPolicy)
          Register the default policy for a type.
static void validateOwner(MatchRule owner, SubjectDescription currentUser, String ownerRole)
          Ensure that the 'owner' rule grants 'currentUser' the 'ownerRole' role.
static void validatePattern(MatchPattern pattern, SubjectDescription currentUser)
          Ensure that the pattern matches 'currentUser'.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PBACUtils

public PBACUtils()
Method Detail

ensureDeployed

public static void ensureDeployed(String type,
                                  String policyFileName)
Try to deploy an XML policy as a PBAC policy. If a policy with this type is already deployed, this method has no effect.

Parameters:
type - the type of resource that will be protected with this policy.
policyFileName - the resource name of an XML file (in classpath).

ensureDeployed

public static void ensureDeployed(String type,
                                  String policyFileName,
                                  ClassLoader loader)
Try to deploy an XML policy as a PBAC policy. If a policy with this type is already deployed, this method has no effect.

Parameters:
type - the type of resource that will be protected with this policy.
policyFileName - the resource name of an XML file (in classpath).
loader - ClassLoader to use to locate the resource

getDefaultVersion

public static String getDefaultVersion(String policyType)
Return the default version of this policy. Defaults can be registered using registerDefaultPolicy(java.lang.String, java.lang.String). Otherwise, this reads the old pbacpolicyversions.properties file to get the version for a given type. The built-in group type's version is hard-coded. If no default version is set, returns a suitable error string and logs a warning

Parameters:
policyType - the PBAC resource type to check
Returns:
the service's default version (typically stored inside the .war file)

registerDefaultPolicy

public static void registerDefaultPolicy(String resourceType,
                                         String defaultPolicy)
Register the default policy for a type. This should be called during initialisation, or at least before the administration interface is accessed. It is used to warn the user if their policies need to be updated.

Parameters:
resourceType - the type to register
defaultPolicy - the policy, which is an XML string with a version attribute on the root

getResourceTypes

public static ArrayList<String> getResourceTypes()
Returns a list of known policy types. Combines the contents of pbacpolicyversions.properties and any policies registered using registerDefaultPolicy(java.lang.String, java.lang.String).

Returns:
A list of string of resource types in the file

ensureServiceResource

public static boolean ensureServiceResource(String type,
                                            Class iface,
                                            boolean worldRole)
                                     throws GridFailureException
Deprecated. Use ensureServiceResource(Object, MatchRule[]).

Ensure that a singleton service resource for this interface exists, creating a new one if not. If a service resource for this interface already exists, this method does nothing.

Parameters:
type - the resource type of the service policy.
iface - the interface given as the className in the server-config.wsdd file.
worldRole - when creating the resource, give everyone the 'world' role by default.
Returns:
true if the service resource was created, false if it already existed.
Throws:
GridFailureException

ensureServiceResource

public static void ensureServiceResource(String type,
                                         Class iface,
                                         boolean worldRole,
                                         MatchRule[] initialRules)
                                  throws GridFailureException
Deprecated. Use ensureServiceResource(Object, MatchRule[]).

Ensure that a singleton service resource for this interface exists, creating a new one if not. If a service resource for this interface already exists, this method does nothing. Otherwise, the service resource is created and the match rules in initialRules are added also.

Parameters:
type - the resource type of the service policy.
iface - the interface given as the className in the server-config.wsdd file.
worldRole - when creating the resource, give everyone the 'world' role by default.
initialRules - the set of initial match rules to add for the service resource
Throws:
GridFailureException

ensureServiceResource

public static boolean ensureServiceResource(Object serviceImpl,
                                            MatchRule[] initialRules)
                                     throws GridFailureException
Ensure that a singleton service resource for this interface exists, creating a new one if not. If a service resource for this interface already exists, this method does nothing. Otherwise, the service resource is created and the match rules in initialRules are added also.

Parameters:
serviceImpl - the service object, with a PEPServiceResource annotation
initialRules - the set of initial match rules to add for the service resource
Throws:
GridFailureException
Since:
5.1

validateOwner

public static void validateOwner(MatchRule owner,
                                 SubjectDescription currentUser,
                                 String ownerRole)
                          throws GridFailureException
Ensure that the 'owner' rule grants 'currentUser' the 'ownerRole' role. Note: consider taking a MatchPattern instead, and using validatePattern(uk.ac.soton.itinnovation.grid.types.MatchPattern, uk.ac.soton.itinnovation.grid.types.SubjectDescription).

Throws:
GridFailureException - if currentUser would not get the role

validatePattern

public static void validatePattern(MatchPattern pattern,
                                   SubjectDescription currentUser)
                            throws GridFailureException
Ensure that the pattern matches 'currentUser'. This is used as a sanity check when the client specifies the pattern for a new resource.

Throws:
GridFailureException - if currentUser does not match, or the pattern is not valid

createValidationResponse

public static Document createValidationResponse(String code,
                                                String reason)
Create a RequestSecurityTokenResponse for a status validation.

Parameters:
code - should be WSTrust.WSTRUST_STATUS_VALID or WSTrust.WSTRUST_STATUS_INVALID
reason - a human-readable reason, or null
Returns:
a RequestSecurityTokenResponse

ensureValidationSuccessful

public static void ensureValidationSuccessful(Document response)
                                       throws TokenInvalidException
Process a WS-Trust validation response.

Parameters:
response - from a validation operation
Throws:
TokenInvalidException - if the response code is not WSTrust.WSTRUST_STATUS_VALID
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2001-2007 University of Southampton IT Innovation Centre. All Rights Reserved.