Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

uk.ac.soton.itinnovation.grid.pbac2.pdp
Class GroupUtils

java.lang.Object
  extended by uk.ac.soton.itinnovation.grid.pbac2.pdp.GroupUtils

public class GroupUtils
extends Object

Helper classes for managing PBAC groups.

Often, many resources share some of their match rules. For example, every account has a different "budget holder", but the same "service administrator".

To avoid storing the service administrator match rules on every account we can instead create a 'service-admins' group resource and store them on that. Then, every account contains a MatchRule stating that any member of the 'service-admins' group is an administrator of the account.

Any PBAC resource is a group if it contains a PDP.GROUP_MEMBER_ROLE process role. This class defines a single simple type which includes this role.

Field Summary
static String GROUP_RESOURCE_TYPE
          Groups managed using this class must have this PBAC resource type.
 
Constructor Summary
GroupUtils(PDP pdp)
           
 
Method Summary
 void ensureGroupDeployed(String resourceID)
          If the group 'resourceID' does not yet exist, create it.
 void ensureGroupDeployed(String resourceID, PolicyRule[] initialRules)
          If the group 'resourceID' does not yet exist, create it and add initialRules to its control list.
 void ensureSpecialGroup(String resourceID, MatchPattern... members)
          Ensure that this group exists, and has the given members.
 String[] getGroups()
          Find all PBAC resources which can be used as groups.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

GROUP_RESOURCE_TYPE

public static final String GROUP_RESOURCE_TYPE
Groups managed using this class must have this PBAC resource type. A policy for the type is deployed automatically the first time you create a group.

See Also:
Constant Field Values
Constructor Detail

GroupUtils

public GroupUtils(PDP pdp)
Method Detail

ensureGroupDeployed

public void ensureGroupDeployed(String resourceID)
If the group 'resourceID' does not yet exist, create it. If it already exists, do nothing.

ensureGroupDeployed

public void ensureGroupDeployed(String resourceID,
                                PolicyRule[] initialRules)
If the group 'resourceID' does not yet exist, create it and add initialRules to its control list. If it already exists, do nothing.

getGroups

public String[] getGroups()
Find all PBAC resources which can be used as groups. This is for the groups menu in ACLadmin.

ensureSpecialGroup

public void ensureSpecialGroup(String resourceID,
                               MatchPattern... members)
Ensure that this group exists, and has the given members. Unlike ensureGroupDeployed, this method will modify an existing group. Normally, the group name should start with "special:", which may affect its presentation. In particular, the admin interface will not let the user modify such groups, on the assumption that they are managed automatically.

Parameters:
resourceID - the name of the group (e.g. "special:this-service")
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2001-2008 University of Southampton IT Innovation Centre. All Rights Reserved.