uk.ac.soton.itinnovation.grid.service.utils.gridservit
Class GridServiceLite

java.lang.Object
  uk.ac.soton.itinnovation.grid.service.utils.gridservit.GridServiceLite

All Implemented Interfaces:

PolicyManagement, ResourceMetadata

Direct Known Subclasses:

AccountServiceImpl, CltMgtRegistryResourceImpl, CltMgtRegistryServiceImpl, DataServiceModule, JobServiceModule, ManagedDataResource, MembershipGroupResourceImpl, MembershipServiceImpl, SampleResourceImpl, SampleServiceImpl, SLAServiceImpl, STServiceImpl

public abstract class GridServiceLite
extends Object
implements PolicyManagement, ResourceMetadata

GridServiceLite is an abstract base class for web services. It provides a collection of useful helper methods for writing grid services.

Field Summary

protected org.hibernate.SessionFactory	factory A hibernate session factory.
protected GroupUtils	groupUtils
protected TrustedManagementServices	management For services which may requires an account or SLA to be used, this object can be used to access the configuration relating to this.
static String	NO_ACCOUNT_NEEDED Deprecated.
protected PBACUtils	pbacUtils
protected PDP	pdp PBAC 2 PDP implementation.
static HelperProxyFactory	proxyFactory
protected URL	thisServiceAddress The endpoint of this SOAP service.
static WSDLCache	wsdlCache

Constructor Summary

GridServiceLite(String serviceName)
Constructor.

Method Summary

protected void	addHibernatedObject(Object object) Persist an object with hibernate.
void	addPolicyRule(PolicyRule rule) Add an access control rule to this resource's dynamic access control policy.
void	addTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
protected void	deleteHibernatedObject(Object object) Delete an object persisted with hibernate.
protected org.apache.axis.message.addressing.EndpointReferenceType	generateEPR(GridResource bean) Generate an EPR from a resource's bean.
String[]	getAvailableSignals()
protected String	getConversationFromContext() Returns the resource ID given in the SOAP header.
protected SubjectDescription	getCurrentUser() Create a SubjectDescription from the Axis context's certificate (set by wss4j).
org.apache.axis.message.addressing.EndpointReferenceType	getEPR() Get the EPR for this resource.
org.apache.axis.message.addressing.EndpointReferenceType	getEPR(String conversationID) This can be used locally if you already have the resource ID.
StorableInStateRepository	getManagingConversation(GridResource resource) Get a client proxy to a management resource.
PolicyRule[]	getPolicyRules() Get the access control rules in this resource's dynamic access control policy.
protected Key	getPrivateKey() Get the service's private key.
protected String	getResourceFromEPR(org.apache.axis.message.addressing.EndpointReferenceType EPR) Extract the resource ID from an EPR.
Document	GetResourceProperty(QName qname)
protected org.apache.axis.message.addressing.EndpointReferenceType[]	getResources(String pbacType, Class type)
protected org.apache.axis.message.addressing.EndpointReferenceType[]	getResources(String pbacType, Class type, String state) Shared code for each service's getResources().
protected List<String>	getResourcesFromEPRs(List<org.apache.axis.message.addressing.EndpointReferenceType> EPRs) Extract the resource IDs from a list of EPR.
protected Class<? extends GridResource>	getResourceType(String resourceID) Return the class of this resource's bean.
static List<SimpleRegistry>	getSelectedRegistries() Return the search path of the invocation engine.
Class	getServiceDatabaseKey() subclasses should overide this method to use a common key for to the hibernate database for number of interfaces on your service- ie in OGSA-DAI - OgsaDaiServiceI2 and OgsaDaiService
protected URL	getServiceFromEPR(org.apache.axis.message.addressing.EndpointReferenceType EPR) Extract the service endpoint from an EPR.
MatchPattern	getServiceMatchPattern()
X509Certificate	getServiceProviderCertificate() Deprecated.
SubjectDescription	getServiceProviderID() External function that returns the service provider ID, in the form of an Issuer key and Subject DN.
SubjectDescription	getServiceProviderIssuer() External function that returns the identity of the isser of the service's certificate.
org.apache.axis.message.addressing.EndpointReferenceType[]	getTrustedAccountServices()
String[]	getValidRoles() List the roles the caller is permitted to see.
static void	loadLocalRegistry() Reload local registry configuration and update this.engine.
void	removePolicyRule(PolicyRule rule) Remove an access control rule from this resource's dynamic access control policy.
void	removeTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
protected Document	RequestSecurityToken_Issuance(Element request) Issue a security token.
protected Document	RequestSecurityToken_Validation(Element request) Validate security tokens.
Document	RequestSecurityToken(Element request) Process a WS-Trust token request.
void	setLabel(String label) Change the resource's label.
protected void	setLabel(String label, String conversationID)
String	signal(String signalName)
protected MatchRule[]	toMatchRules(PolicyRule[] rules) For deprecrated methods.
protected void	validateOwner(MatchRule owner, SubjectDescription currentUser, String ownerRole) Deprecated. use PBACUtils.validateOwner(uk.ac.soton.itinnovation.grid.types.MatchRule, uk.ac.soton.itinnovation.grid.types.SubjectDescription, java.lang.String)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

factory

protected org.hibernate.SessionFactory factory

A hibernate session factory. This is used to get new connections to the hibernate database.

NO_ACCOUNT_NEEDED

@Deprecated
public static final String NO_ACCOUNT_NEEDED

Deprecated.

See Also:

Constant Field Values

thisServiceAddress

protected URL thisServiceAddress

The endpoint of this SOAP service.

pdp

protected PDP pdp

PBAC 2 PDP implementation.

pbacUtils

protected PBACUtils pbacUtils

groupUtils

protected GroupUtils groupUtils

wsdlCache

public static final WSDLCache wsdlCache

proxyFactory

public static final HelperProxyFactory proxyFactory

management

protected final TrustedManagementServices management

For services which may requires an account or SLA to be used, this object can be used to access the configuration relating to this.

Constructor Detail

GridServiceLite

public GridServiceLite(String serviceName)

Constructor.

Parameters:

serviceName - the name of the service (the bit after the "/services/" part of the endpoint)

Method Detail

getServiceDatabaseKey

public Class getServiceDatabaseKey()

subclasses should overide this method to use a common key for to the hibernate database for number of interfaces on your service- ie in OGSA-DAI - OgsaDaiServiceI2 and OgsaDaiService

Returns:

getSelectedRegistries

public static List<SimpleRegistry> getSelectedRegistries()

Return the search path of the invocation engine.

loadLocalRegistry

public static void loadLocalRegistry()

Reload local registry configuration and update this.engine.

getServiceMatchPattern

public MatchPattern getServiceMatchPattern()
                                    throws RemoteException

Throws:

RemoteException

signal

@AccessControl(disableCheck=true)
public String signal(String signalName)
              throws RemoteException

Throws:

RemoteException

getAvailableSignals

public String[] getAvailableSignals()
                             throws RemoteException

Throws:

RemoteException

getServiceProviderID

public SubjectDescription getServiceProviderID()
                                        throws RemoteException

External function that returns the service provider ID, in the form of an Issuer key and Subject DN. All services export this method.

Returns:

the ID of the service provider

Throws:

RemoteException

getServiceProviderIssuer

public SubjectDescription getServiceProviderIssuer()
                                            throws RemoteException

External function that returns the identity of the isser of the service's certificate. All services export this method.

Returns:

the ID of the service provider's certificate's issuer.

Throws:

RemoteException

getServiceProviderCertificate

@Deprecated
public X509Certificate getServiceProviderCertificate()
                                              throws RemoteException

Deprecated.

Get certificate used by the service (for signing replies, or for delegating access to this service. Currently only used by the unit tests.

Throws:

RemoteException

getPrivateKey

protected Key getPrivateKey()
                     throws RemoteException

Get the service's private key. This is used when signing SAML assertions, for example.

Throws:

RemoteException

getConversationFromContext

protected String getConversationFromContext()
                                     throws ContextUnavailableException

Returns the resource ID given in the SOAP header.

Returns:

resource ID

Throws:

ContextUnavailableException - if no context header was present

getCurrentUser

protected SubjectDescription getCurrentUser()

Create a SubjectDescription from the Axis context's certificate (set by wss4j).

getResourceFromEPR

protected String getResourceFromEPR(org.apache.axis.message.addressing.EndpointReferenceType EPR)
                             throws GridFailureException

Extract the resource ID from an EPR.

Throws:

GridFailureException - if the EPR does not contain a resource ID.

getResourcesFromEPRs

protected List<String> getResourcesFromEPRs(List<org.apache.axis.message.addressing.EndpointReferenceType> EPRs)
                                     throws GridFailureException

Extract the resource IDs from a list of EPR.

Throws:

GridFailureException - if any EPR does not contain a resource ID.

getServiceFromEPR

protected URL getServiceFromEPR(org.apache.axis.message.addressing.EndpointReferenceType EPR)
                         throws GridFailureException

Extract the service endpoint from an EPR.

Returns:

the endpoint URL

Throws:

GridFailureException - if the endpoint is missing or malformed

validateOwner

@Deprecated
protected void validateOwner(MatchRule owner,
                                        SubjectDescription currentUser,
                                        String ownerRole)
                      throws RemoteException

Deprecated. use PBACUtils.validateOwner(uk.ac.soton.itinnovation.grid.types.MatchRule, uk.ac.soton.itinnovation.grid.types.SubjectDescription, java.lang.String)

When creating a new resource, the client must specify a match rule to allow them further access. This method checks that the supplied MatchRule is correct: - Must give correct role (ownerRole) - Must not be a DENY rule - Must match the user invoking the operation (currentUser)

Throws:

GridFailureException - if these requirements are not met

RemoteException

setLabel

protected void setLabel(String label,
                        String conversationID)
                 throws RemoteException

Throws:

RemoteException

setLabel

public void setLabel(String label)
              throws RemoteException

Description copied from interface: ResourceMetadata

Change the resource's label. Each resource is given a label by the client when it is created. This label is returned in the metadata from getResources, making it easier for other users to identify the resource.

Specified by:

setLabel in interface ResourceMetadata

Parameters:

label - the new label

Throws:

RemoteException

getResourceType

protected Class<? extends GridResource> getResourceType(String resourceID)
                                                 throws RemoteException

Return the class of this resource's bean. Override this in subclasses if your service is contextualised. Often, resourceID can be ignored as each service only manages one type of bean anyway.

Throws:

RemoteException

getEPR

public org.apache.axis.message.addressing.EndpointReferenceType getEPR()
                                                                throws RemoteException

Description copied from interface: ResourceMetadata

Get the EPR for this resource. The EPR gives the canonical endpoint for the service, and various meta-data items.

Specified by:

getEPR in interface ResourceMetadata

Throws:

RemoteException

See Also:

the label set with {@link setLabel}, a unique type URI, the state of the resource, the resource which manages this one (e.g. an SLA manages a job), the resource which contains this one (e.g. a job service is the parent of a job)

getEPR

public org.apache.axis.message.addressing.EndpointReferenceType getEPR(String conversationID)
                                                                throws RemoteException

This can be used locally if you already have the resource ID.

Throws:

RemoteException

See Also:

getEPR()

generateEPR

protected org.apache.axis.message.addressing.EndpointReferenceType generateEPR(GridResource bean)

Generate an EPR from a resource's bean. Note: the bean's hibernate session is open when this method is invoked, and can be retreived using SingletonSessionFactory.getFactory()'s getCurrentSession method. Override this in sub-classes to provide extra information.

getResources

protected org.apache.axis.message.addressing.EndpointReferenceType[] getResources(String pbacType,
                                                                                  Class type)
                                                                           throws GridFailureException

Throws:

GridFailureException

getResources

protected org.apache.axis.message.addressing.EndpointReferenceType[] getResources(String pbacType,
                                                                                  Class type,
                                                                                  String state)
                                                                           throws GridFailureException

Shared code for each service's getResources().

Throws:

GridFailureException

GetResourceProperty

public Document GetResourceProperty(QName qname)
                             throws RemoteException

Throws:

RemoteException

addHibernatedObject

protected void addHibernatedObject(Object object)

Persist an object with hibernate. This is just a convenience function that opens the session and creates a transaction for you.

deleteHibernatedObject

protected void deleteHibernatedObject(Object object)

Delete an object persisted with hibernate. This is just a convenience function that opens the session and creates a transaction for you.

getValidRoles

public String[] getValidRoles()
                       throws RemoteException

Description copied from interface: PolicyManagement

List the roles the caller is permitted to see. This is the list of roles whose rules are returned by PolicyManagement.getPolicyRules().

Specified by:

getValidRoles in interface PolicyManagement

Throws:

RemoteException

See Also:

PDP.getValidProcessRoles(java.lang.String)

addPolicyRule

@AccessControl(disableCheck=true)
public void addPolicyRule(PolicyRule rule)
                   throws RemoteException

Description copied from interface: PolicyManagement

Add an access control rule to this resource's dynamic access control policy.

Specified by:

addPolicyRule in interface PolicyManagement

Throws:

RemoteException

See Also:

uk.ac.soton.itinnovation.grid.pbac2.pdp.PDP#addAccessControlRule

removePolicyRule

@AccessControl(disableCheck=true)
public void removePolicyRule(PolicyRule rule)
                      throws RemoteException

Description copied from interface: PolicyManagement

Remove an access control rule from this resource's dynamic access control policy.

Specified by:

removePolicyRule in interface PolicyManagement

Throws:

RemoteException

See Also:

uk.ac.soton.itinnovation.grid.pbac2.pdp.PDP#removeAccessControlRule

getPolicyRules

@AccessControl(disableCheck=true)
public PolicyRule[] getPolicyRules()
                            throws RemoteException

Description copied from interface: PolicyManagement

Get the access control rules in this resource's dynamic access control policy. Rules are only returned for the roles the caller is permitted to see. Note: The rules are filtered to only include those for roles listed by PolicyManagement.getValidRoles().

Specified by:

getPolicyRules in interface PolicyManagement

Throws:

RemoteException

See Also:

uk.ac.soton.itinnovation.grid.pbac2.pdp.PDP#getAccessControlRules

toMatchRules

protected MatchRule[] toMatchRules(PolicyRule[] rules)

For deprecrated methods.

RequestSecurityToken

@AccessControl(disableCheck=true)
public final Document RequestSecurityToken(Element request)
                                    throws RemoteException

Process a WS-Trust token request. This method just dispatches to a method specific to the request type. Do not override this method directly. This method performs the access control check before dispatching.

Throws:

RemoteException

See Also:

RequestSecurityToken_Issuance(org.w3c.dom.Element), RequestSecurityToken_Validation(org.w3c.dom.Element)

RequestSecurityToken_Issuance

protected Document RequestSecurityToken_Issuance(Element request)
                                          throws RemoteException

Issue a security token. Called by RequestSecurityToken(org.w3c.dom.Element) for issuance requests.

Throws:

RemoteException

RequestSecurityToken_Validation

protected Document RequestSecurityToken_Validation(Element request)
                                            throws RemoteException

Validate security tokens. Called by RequestSecurityToken(org.w3c.dom.Element) for validation requests.

Throws:

RemoteException

getTrustedAccountServices

public org.apache.axis.message.addressing.EndpointReferenceType[] getTrustedAccountServices()

addTrustedAccountService

public void addTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
                              throws RemoteException

Throws:

RemoteException

removeTrustedAccountService

public void removeTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)

getManagingConversation

public StorableInStateRepository getManagingConversation(GridResource resource)

Get a client proxy to a management resource.

Returns:

null if free, or a TradeAccountConversation or SLAConversation proxy otherwise