Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

uk.ac.soton.itinnovation.grid.pbac2.pdp
Class PBACUtils

java.lang.Object
  extended by uk.ac.soton.itinnovation.grid.pbac2.pdp.PBACUtils

public class PBACUtils
extends Object

Useful utility methods for using PBAC.

Constructor Summary
PBACUtils(PDP pdp)
           
 
Method Summary
 void ensureDeployed(String type, String policyFileName)
          Try to deploy an XML policy as a PBAC policy.
 void ensureDeployed(String type, String policyFileName, ClassLoader loader)
          Try to deploy an XML policy as a PBAC policy.
 boolean ensureServiceResource(Object serviceImpl, PolicyRule... initialRules)
          Ensure that a singleton service resource for this interface exists, creating a new one if not.
 boolean ensureServiceResource(String type, String resourceID, boolean worldRole, PolicyRule[] initialRules)
          Ensure that a singleton service resource for this interface exists, creating a new one if not.
static String getDefaultVersion(String policyType)
          Return the default version of this policy.
static ArrayList<String> getResourceTypes()
          Returns a list of known policy types.
static String getStringFromResource(ClassLoader loader, String resourceName)
           
static void registerDefaultPolicy(String resourceType, String defaultPolicy)
          Register the default policy for a type.
static void validateOwner(MatchRule owner, SubjectDescription currentUser, String ownerRole)
          Ensure that the 'owner' rule grants 'currentUser' the 'ownerRole' role.
static void validatePattern(MatchPattern pattern, SubjectDescription currentUser)
          Ensure that the pattern matches 'currentUser'.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PBACUtils

public PBACUtils(PDP pdp)
Method Detail

ensureDeployed

public void ensureDeployed(String type,
                           String policyFileName)
Try to deploy an XML policy as a PBAC policy. If a policy with this type is already deployed, this method has no effect.

Parameters:
type - the type of resource that will be protected with this policy.
policyFileName - the resource name of an XML file (in classpath).

ensureDeployed

public void ensureDeployed(String type,
                           String policyFileName,
                           ClassLoader loader)
Try to deploy an XML policy as a PBAC policy. If a policy with this type is already deployed, this method has no effect.

Parameters:
type - the type of resource that will be protected with this policy.
policyFileName - the resource name of an XML file (in classpath).
loader - ClassLoader to use to locate the resource

getDefaultVersion

public static String getDefaultVersion(String policyType)
Return the default version of this policy. Defaults can be registered using registerDefaultPolicy(java.lang.String, java.lang.String). Otherwise, this reads the old pbacpolicyversions.properties file to get the version for a given type. The built-in group type's version is hard-coded. If no default version is set, returns a suitable error string and logs a warning

Parameters:
policyType - the PBAC resource type to check
Returns:
the service's default version (typically stored inside the .war file)

registerDefaultPolicy

public static void registerDefaultPolicy(String resourceType,
                                         String defaultPolicy)
Register the default policy for a type. This should be called during initialisation, or at least before the administration interface is accessed. It is used to warn the user if their policies need to be updated.

Parameters:
resourceType - the type to register
defaultPolicy - the policy, which is an XML string with a version attribute on the root

getResourceTypes

public static ArrayList<String> getResourceTypes()
Returns a list of known policy types. Combines the contents of pbacpolicyversions.properties and any policies registered using registerDefaultPolicy(java.lang.String, java.lang.String).

Returns:
A list of string of resource types in the file

ensureServiceResource

public boolean ensureServiceResource(Object serviceImpl,
                                     PolicyRule... initialRules)
                              throws RemoteException
Ensure that a singleton service resource for this interface exists, creating a new one if not. If a service resource for this interface already exists, this method does nothing. Otherwise, the service resource is created and the match rules in initialRules are added also.

Parameters:
serviceImpl - the service object, with a PEPServiceResource annotation
initialRules - the set of initial rules to add for the service resource
Throws:
RemoteException
Since:
5.1

ensureServiceResource

public boolean ensureServiceResource(String type,
                                     String resourceID,
                                     boolean worldRole,
                                     PolicyRule[] initialRules)
                              throws RemoteException
Ensure that a singleton service resource for this interface exists, creating a new one if not. If a service resource for this interface already exists, this method does nothing. Otherwise, the service resource is created and the match rules in initialRules are added also.

Parameters:
type - the resource type of the service policy.
resourceID - the interface given as the className in the server-config.wsdd file.
worldRole - when creating the resource, give everyone the 'world' role by default.
initialRules - the set of initial match rules to add for the service resource
Throws:
RemoteException

validateOwner

public static void validateOwner(MatchRule owner,
                                 SubjectDescription currentUser,
                                 String ownerRole)
                          throws RemoteException
Ensure that the 'owner' rule grants 'currentUser' the 'ownerRole' role. Note: consider taking a MatchPattern instead, and using validatePattern(uk.ac.soton.itinnovation.grid.types.MatchPattern, uk.ac.soton.itinnovation.grid.types.SubjectDescription).

Throws:
RemoteException - if currentUser would not get the role

validatePattern

public static void validatePattern(MatchPattern pattern,
                                   SubjectDescription currentUser)
                            throws RemoteException
Ensure that the pattern matches 'currentUser'. This is used as a sanity check when the client specifies the pattern for a new resource.

Throws:
RemoteException - if currentUser does not match, or the pattern is not valid

getStringFromResource

public static String getStringFromResource(ClassLoader loader,
                                           String resourceName)
                                    throws IOException
Throws:
IOException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2001-2008 University of Southampton IT Innovation Centre. All Rights Reserved.