uk.ac.soton.itinnovation.grid.service.utils.gridservit
Class GridServiceLite

java.lang.Object
  uk.ac.soton.itinnovation.grid.service.utils.gridservit.GridServiceLite

All Implemented Interfaces:

PolicyManagement, ResourceMetadata

Direct Known Subclasses:

AccountServiceImpl, CltMgtRegistryResourceImpl, CltMgtRegistryServiceImpl, DataServiceModule, JobServiceModule, ManagedDataResource, MembershipGroupResourceImpl, MembershipServiceImpl, SampleResourceImpl, SampleServiceImpl, SLAServiceImpl

public abstract class GridServiceLite
extends Object
implements PolicyManagement, ResourceMetadata

GridServiceLite is an abstract base class for web services. It provides a collection of useful helper methods for writing grid services.

Field Summary

protected org.hibernate.SessionFactory	factory A hibernate session factory.
protected TrustedManagementServices	management For services which may requires an account or SLA to be used, this object can be used to access the configuration relating to this.
static String	NO_ACCOUNT_NEEDED Deprecated.
protected PDP	pdp PBAC 2 PDP implementation.
protected URL	thisServiceAddress The endpoint of this SOAP service.

Constructor Summary

GridServiceLite(String serviceName)
Constructor.

Method Summary

protected void	addHibernatedObject(Object object) Persist an object with hibernate.
void	addPolicyRule(PolicyRule rule) Add an access control rule to this resource's dynamic access control policy.
void	addTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
protected void	deleteHibernatedObject(Object object) Delete an object persisted with hibernate.
protected org.apache.axis.message.addressing.EndpointReferenceType	generateEPR(GridResource bean) Generate an EPR from a resource's bean.
String[]	getAvailableSignals()
protected String	getConversationFromContext() Returns the resource ID given in the SOAP header.
protected SubjectDescription	getCurrentUser() Create a SubjectDescription from the Axis context's certificate (set by wss4j).
org.apache.axis.message.addressing.EndpointReferenceType	getEPR() Get the EPR for this resource.
org.apache.axis.message.addressing.EndpointReferenceType	getEPR(String conversationID) This can be used locally if you already have the resource ID.
Conversation	getManagingConversation(GridResource resource) Get a client proxy to a management resource.
PolicyRule[]	getPolicyRules() Get the access control rules in this resource's dynamic access control policy.
protected Key	getPrivateKey() Get the service's private key.
protected String	getResourceFromEPR(org.apache.axis.message.addressing.EndpointReferenceType EPR) Extract the resource ID from an EPR.
Document	GetResourceProperty(QName qname)
protected org.apache.axis.message.addressing.EndpointReferenceType[]	getResources(String pbacType, Class type)
protected org.apache.axis.message.addressing.EndpointReferenceType[]	getResources(String pbacType, Class type, String state) Shared code for each service's getResources().
protected List<String>	getResourcesFromEPRs(List<org.apache.axis.message.addressing.EndpointReferenceType> EPRs) Extract the resource IDs from a list of EPR.
protected Class<? extends GridResource>	getResourceType(String resourceID) Return the class of this resource's bean.
protected URL	getServiceFromEPR(org.apache.axis.message.addressing.EndpointReferenceType EPR) Extract the service endpoint from an EPR.
X509Certificate	getServiceProviderCertificate() Deprecated.
SubjectDescription	getServiceProviderID() External function that returns the service provider ID, in the form of an Issuer key and Subject DN.
SubjectDescription	getServiceProviderIssuer() External function that returns the identity of the isser of the service's certificate.
org.apache.axis.message.addressing.EndpointReferenceType[]	getTrustedAccountServices()
String[]	getValidRoles() List the roles the caller is permitted to see.
void	removePolicyRule(PolicyRule rule) Remove an access control rule from this resource's dynamic access control policy.
void	removeTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
protected Document	RequestSecurityToken_Issuance(Element request) Issue a security token.
protected Document	RequestSecurityToken_Validation(Element request) Validate security tokens.
Document	RequestSecurityToken(Element request) Process a WS-Trust token request.
void	setLabel(String label) Change the resource's label.
protected void	setLabel(String label, String conversationID)
String	signal(String signalName)
protected void	validateOwner(MatchRule owner, SubjectDescription currentUser, String ownerRole) Deprecated. use PBACUtils.validateOwner(uk.ac.soton.itinnovation.grid.types.MatchRule, uk.ac.soton.itinnovation.grid.types.SubjectDescription, java.lang.String)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

factory

protected org.hibernate.SessionFactory factory

A hibernate session factory. This is used to get new connections to the hibernate database.

NO_ACCOUNT_NEEDED

@Deprecated
public static final String NO_ACCOUNT_NEEDED

Deprecated.

See Also:

Constant Field Values

thisServiceAddress

protected URL thisServiceAddress

The endpoint of this SOAP service.

pdp

protected PDP pdp

PBAC 2 PDP implementation.

management

protected final TrustedManagementServices management

For services which may requires an account or SLA to be used, this object can be used to access the configuration relating to this.

Constructor Detail

GridServiceLite

public GridServiceLite(String serviceName)

Constructor.

Parameters:

serviceName - the name of the service (the bit after the "/services/" part of the endpoint)

Method Detail

signal

@AccessControl(disableCheck=true)
public String signal(String signalName)
              throws RemoteException

Throws:

RemoteException

getAvailableSignals

public String[] getAvailableSignals()
                             throws RemoteException

Throws:

RemoteException

getServiceProviderID

public SubjectDescription getServiceProviderID()

External function that returns the service provider ID, in the form of an Issuer key and Subject DN. All services export this method.

Returns:

the ID of the service provider

getServiceProviderIssuer

public SubjectDescription getServiceProviderIssuer()

External function that returns the identity of the isser of the service's certificate. All services export this method.

Returns:

the ID of the service provider's certificate's issuer.

getServiceProviderCertificate

@Deprecated
public X509Certificate getServiceProviderCertificate()

Deprecated.

Get certificate used by the service (for signing replies, or for delegating access to this service. Currently only used by the unit tests.

getPrivateKey

protected Key getPrivateKey()

Get the service's private key. This is used when signing SAML assertions, for example.

getConversationFromContext

protected String getConversationFromContext()
                                     throws ContextUnavailableException

Returns the resource ID given in the SOAP header.

Returns:

resource ID

Throws:

ContextUnavailableException - if no context header was present

getCurrentUser

protected SubjectDescription getCurrentUser()

Create a SubjectDescription from the Axis context's certificate (set by wss4j).

getResourceFromEPR

protected String getResourceFromEPR(org.apache.axis.message.addressing.EndpointReferenceType EPR)
                             throws GridFailureException

Extract the resource ID from an EPR.

Throws:

GridFailureException - if the EPR does not contain a resource ID.

getResourcesFromEPRs

protected List<String> getResourcesFromEPRs(List<org.apache.axis.message.addressing.EndpointReferenceType> EPRs)
                                     throws GridFailureException

Extract the resource IDs from a list of EPR.

Throws:

GridFailureException - if any EPR does not contain a resource ID.

getServiceFromEPR

protected URL getServiceFromEPR(org.apache.axis.message.addressing.EndpointReferenceType EPR)
                         throws GridFailureException

Extract the service endpoint from an EPR.

Returns:

the endpoint URL

Throws:

GridFailureException - if the endpoint is missing or malformed

validateOwner

@Deprecated
protected void validateOwner(MatchRule owner,
                                        SubjectDescription currentUser,
                                        String ownerRole)
                      throws GridFailureException

Deprecated. use PBACUtils.validateOwner(uk.ac.soton.itinnovation.grid.types.MatchRule, uk.ac.soton.itinnovation.grid.types.SubjectDescription, java.lang.String)

When creating a new resource, the client must specify a match rule to allow them further access. This method checks that the supplied MatchRule is correct: - Must give correct role (ownerRole) - Must not be a DENY rule - Must match the user invoking the operation (currentUser)

Throws:

GridFailureException - if these requirements are not met

setLabel

protected void setLabel(String label,
                        String conversationID)
                 throws RemoteException

Throws:

RemoteException

setLabel

public void setLabel(String label)
              throws RemoteException

Description copied from interface: ResourceMetadata

Change the resource's label. Each resource is given a label by the client when it is created. This label is returned in the metadata from getResources, making it easier for other users to identify the resource.

Specified by:

setLabel in interface ResourceMetadata

Parameters:

label - the new label

Throws:

RemoteException

getResourceType

protected Class<? extends GridResource> getResourceType(String resourceID)
                                                 throws RemoteException

Return the class of this resource's bean. Override this in subclasses if your service is contextualised. Often, resourceID can be ignored as each service only manages one type of bean anyway.

Throws:

RemoteException

getEPR

public org.apache.axis.message.addressing.EndpointReferenceType getEPR()
                                                                throws RemoteException

Description copied from interface: ResourceMetadata

Get the EPR for this resource. The EPR gives the canonical endpoint for the service, and various meta-data items.

Specified by:

getEPR in interface ResourceMetadata

Throws:

RemoteException

See Also:

the label set with {@link setLabel}, a unique type URI, the state of the resource, the resource which manages this one (e.g. an SLA manages a job), the resource which contains this one (e.g. a job service is the parent of a job)

getEPR

public org.apache.axis.message.addressing.EndpointReferenceType getEPR(String conversationID)
                                                                throws RemoteException

This can be used locally if you already have the resource ID.

Throws:

RemoteException

See Also:

getEPR()

generateEPR

protected org.apache.axis.message.addressing.EndpointReferenceType generateEPR(GridResource bean)

Generate an EPR from a resource's bean. Note: the bean's hibernate session is open when this method is invoked, and can be retreived using SingletonSessionFactory.getFactory()'s getCurrentSession method. Override this in sub-classes to provide extra information.

getResources

protected org.apache.axis.message.addressing.EndpointReferenceType[] getResources(String pbacType,
                                                                                  Class type)
                                                                           throws GridFailureException

Throws:

GridFailureException

getResources

protected org.apache.axis.message.addressing.EndpointReferenceType[] getResources(String pbacType,
                                                                                  Class type,
                                                                                  String state)
                                                                           throws GridFailureException

Shared code for each service's getResources().

Throws:

GridFailureException

GetResourceProperty

public Document GetResourceProperty(QName qname)
                             throws GridFailureException

Throws:

GridFailureException

addHibernatedObject

protected void addHibernatedObject(Object object)

Persist an object with hibernate. This is just a convenience function that opens the session and creates a transaction for you.

deleteHibernatedObject

protected void deleteHibernatedObject(Object object)

Delete an object persisted with hibernate. This is just a convenience function that opens the session and creates a transaction for you.

getValidRoles

public String[] getValidRoles()
                       throws GridFailureException

Description copied from interface: PolicyManagement

List the roles the caller is permitted to see. This is the list of roles whose rules are returned by PolicyManagement.getPolicyRules().

Specified by:

getValidRoles in interface PolicyManagement

Throws:

GridFailureException

See Also:

PDP.getValidProcessRoles(java.lang.String)

addPolicyRule

@AccessControl(disableCheck=true)
public void addPolicyRule(PolicyRule rule)
                   throws RemoteException

Description copied from interface: PolicyManagement

Add an access control rule to this resource's dynamic access control policy.

Specified by:

addPolicyRule in interface PolicyManagement

Throws:

RemoteException

See Also:

PDP.addAccessControlRule(java.lang.String, uk.ac.soton.itinnovation.grid.types.MatchRule)

removePolicyRule

@AccessControl(disableCheck=true)
public void removePolicyRule(PolicyRule rule)
                      throws RemoteException

Description copied from interface: PolicyManagement

Remove an access control rule from this resource's dynamic access control policy.

Specified by:

removePolicyRule in interface PolicyManagement

Throws:

RemoteException

See Also:

PDP.removeAccessControlRule(java.lang.String, uk.ac.soton.itinnovation.grid.types.MatchRule)

getPolicyRules

@AccessControl(disableCheck=true)
public PolicyRule[] getPolicyRules()
                            throws RemoteException

Description copied from interface: PolicyManagement

Get the access control rules in this resource's dynamic access control policy. Rules are only returned for the roles the caller is permitted to see. Note: The rules are filtered to only include those for roles listed by PolicyManagement.getValidRoles().

Specified by:

getPolicyRules in interface PolicyManagement

Throws:

RemoteException

See Also:

PDP.getAccessControlRules(java.lang.String, java.lang.String)

RequestSecurityToken

@AccessControl(disableCheck=true)
public final Document RequestSecurityToken(Element request)
                                    throws RemoteException

Process a WS-Trust token request. This method just dispatches to a method specific to the request type. Do not override this method directly. This method performs the access control check before dispatching.

Throws:

RemoteException

See Also:

RequestSecurityToken_Issuance(org.w3c.dom.Element), RequestSecurityToken_Validation(org.w3c.dom.Element)

RequestSecurityToken_Issuance

protected Document RequestSecurityToken_Issuance(Element request)
                                          throws RemoteException

Issue a security token. Called by RequestSecurityToken(org.w3c.dom.Element) for issuance requests.

Throws:

RemoteException

RequestSecurityToken_Validation

protected Document RequestSecurityToken_Validation(Element request)
                                            throws RemoteException

Validate security tokens. Called by RequestSecurityToken(org.w3c.dom.Element) for validation requests.

Throws:

RemoteException

getTrustedAccountServices

public org.apache.axis.message.addressing.EndpointReferenceType[] getTrustedAccountServices()

addTrustedAccountService

public void addTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
                              throws RemoteException

Throws:

RemoteException

removeTrustedAccountService

public void removeTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)

getManagingConversation

public Conversation getManagingConversation(GridResource resource)

Get a client proxy to a management resource.

Returns:

null if free, or a TradeAccountConversation or SLAConversation proxy otherwise