Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

uk.ac.soton.itinnovation.grid.service.utils.trustedaccounts
Class TrustedManagementServices

java.lang.Object
  extended by uk.ac.soton.itinnovation.grid.service.utils.trustedaccounts.TrustedManagementServices

public class TrustedManagementServices
extends Object

Helper class for services whose resources are managed by resources at other services (accounts or SLAs).

See Also:
ManagedGridService, TrustedAccountsAdmin

Field Summary
static String FREE_SERVICE
          Deprecated. 
static String MANAGEMENT_ROLE
          The PBAC role a service must have to be able to manage this service: i.e.
static String MANAGEMENT_SERVICES_GROUP
          The group of management services (SLA services) that are allowed to call e.g.
static QName MANAGEMENT_TYPE
           
static String MANAGEMENT_TYPE_ACCOUNT_SERVICE
           
static String MANAGEMENT_TYPE_FREE
           
static String MANAGEMENT_TYPE_SLA_SERVICE
           
 
Constructor Summary
TrustedManagementServices(Class owningService, Transport transport, ProxyFactory proxyFactory)
           
 
Method Summary
 void addTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
          Add a trusted account service.
 void checkAccountServiceTrusted(URL accountEndpoint)
          Ensure that 'serviceEndpoint' is a trusted account service endpoint for this service.
 void checkFederations(ArrayList<Element> headers, SubjectDescription subject, String method)
          Checks the user supplied header, and the users credentials are sufficient enough to use the method according to the policy in the Additional Federation List
 List<String> getAdditionalFederationMethods()
          Gets the Methods in the additional federation list
 org.apache.neethi.Policy getAdditionalFederationPolicy(String method)
          Gets the Policy for a method.
 List<org.apache.axis.message.addressing.EndpointReferenceType> getAdditionalFederations()
          Gets the Additional Federation List
 org.apache.axis.message.addressing.EndpointReferenceType[] getAdditionalFederations(String method)
          Gets a list of EndpointReferenceTypes in the additional federation list for a method
 Conversation getBillingConversation(ArrayList<Element> billingHeaders, SubjectDescription user)
          Gets a proxy to the managing conversation the service needs, or null if the service is free.
 Conversation getBillingInfo(Element billingHeader, SubjectDescription user)
          If there is a billing information header in the SOAP request, return it.
 org.apache.neethi.Policy getPolicy()
           
 org.apache.axis.message.addressing.EndpointReferenceType[] getTrustedAccountServices()
          Get the list of trusted account services for this service.
 String getTrustedManagementType(org.apache.axis.message.addressing.EndpointReferenceType billingInfo)
          Set type of trusted service.
 void removeTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
          Remove a trusted account service.
 void setAdditionalFederation(org.apache.axis.message.addressing.EndpointReferenceType[] endpointReferenceTypes, String[] methods)
          This method sets a list of possible federations and methods under those federations.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

FREE_SERVICE

@Deprecated
public static final String FREE_SERVICE
Deprecated. 
See Also:
Constant Field Values

MANAGEMENT_SERVICES_GROUP

public static final String MANAGEMENT_SERVICES_GROUP
The group of management services (SLA services) that are allowed to call e.g. getMessages()

See Also:
Constant Field Values

MANAGEMENT_ROLE

public static final String MANAGEMENT_ROLE
The PBAC role a service must have to be able to manage this service: i.e. call getMessages() etc.

See Also:
Constant Field Values

MANAGEMENT_TYPE

public static QName MANAGEMENT_TYPE

MANAGEMENT_TYPE_FREE

public static String MANAGEMENT_TYPE_FREE

MANAGEMENT_TYPE_ACCOUNT_SERVICE

public static String MANAGEMENT_TYPE_ACCOUNT_SERVICE

MANAGEMENT_TYPE_SLA_SERVICE

public static String MANAGEMENT_TYPE_SLA_SERVICE
Constructor Detail

TrustedManagementServices

public TrustedManagementServices(Class owningService,
                                 Transport transport,
                                 ProxyFactory proxyFactory)
Method Detail

setAdditionalFederation

public void setAdditionalFederation(org.apache.axis.message.addressing.EndpointReferenceType[] endpointReferenceTypes,
                                    String[] methods)
                             throws RemoteException
This method sets a list of possible federations and methods under those federations. The user must supply a resource (SLA/Trade Account) from one of the listed services in oorder to use the method

Parameters:
endpointReferenceTypes - - the list of federation services
methods - - the list of methods under the federation
Throws:
RemoteException - - if one of the services cannot be added to the list

getAdditionalFederations

public List<org.apache.axis.message.addressing.EndpointReferenceType> getAdditionalFederations()
Gets the Additional Federation List

Returns:
List a list of EndpointReferenceType.

getAdditionalFederationMethods

public List<String> getAdditionalFederationMethods()
Gets the Methods in the additional federation list

Returns:
List a list of methods controlled by the additional federation list.

getTrustedAccountServices

public org.apache.axis.message.addressing.EndpointReferenceType[] getTrustedAccountServices()
Get the list of trusted account services for this service.

Returns:
an array of EPRs for the services

getAdditionalFederations

public org.apache.axis.message.addressing.EndpointReferenceType[] getAdditionalFederations(String method)
Gets a list of EndpointReferenceTypes in the additional federation list for a method

Parameters:
method - the method to get a list of federations
Returns:
the list of federations that the method is under

getBillingConversation

public Conversation getBillingConversation(ArrayList<Element> billingHeaders,
                                           SubjectDescription user)
                                    throws RemoteException
Gets a proxy to the managing conversation the service needs, or null if the service is free.

Parameters:
billingHeaders - the list of header element the user supplied to the service
user - the SubjectDescription of the calling user, will be checked against the managing service to make sure they are a valid user.
Throws:
RemoteException - if the checking of the user fails

getBillingInfo

public Conversation getBillingInfo(Element billingHeader,
                                   SubjectDescription user)
                            throws RemoteException
If there is a billing information header in the SOAP request, return it. Checks that the EPR refers to a management service we trust, and that the user is permitted to use it. The type of the management service is fetched from the list of trusted services, and added as a MANAGEMENT_TYPE meta-data element to the returned EPR.

Parameters:
billingHeader - header from AdditionalContextHelper.getSingleHeader(java.util.ArrayList, javax.xml.namespace.QName)(ConversationID.BILLING_INFO), or null
user - the signer of the SOAP message
method - the method being invoked
Returns:
the EPR of the account or SLA to use, or null if the service should be free
Throws:
GridFailureException - if we don't trust the service
GridFailureException - if the user doesn't have access to the resource
GridFailureException - if the service isn't free, but no billing header was present
GridFailureException - if the service is free, and a billing header was present
RemoteException - if checking the user's access to the resource failed

checkFederations

public void checkFederations(ArrayList<Element> headers,
                             SubjectDescription subject,
                             String method)
                      throws RemoteException
Checks the user supplied header, and the users credentials are sufficient enough to use the method according to the policy in the Additional Federation List

Parameters:
headers - the user supplied headers to the service
subject - the users credentials who is calling the service
method - the method being checked
Throws:
RemoteException - if we could not check the federation context
RemoteException - if the user supplied no context but some context is needed

getTrustedManagementType

public String getTrustedManagementType(org.apache.axis.message.addressing.EndpointReferenceType billingInfo)
                                throws GridFailureException
Set type of trusted service. Looks up the service given in billingInfo in the trusted services list and adds the correct type to the metadata (MANAGEMENT_TYPE).

Does NOT check that the client is permitted to use this EPR, only that we trust the service to tell us whether they are.

Passing null is permitted iff the service has been configured as 'free'.

Parameters:
billingInfo - the ERP suggested by the client, or null if none
Returns:
a value for the MANAGEMENT_TYPE meta-data element
Throws:
GridFailureException - if the service is not on the trusted list

checkAccountServiceTrusted

public void checkAccountServiceTrusted(URL accountEndpoint)
                                throws GridFailureException
Ensure that 'serviceEndpoint' is a trusted account service endpoint for this service. Note: this does not check the actual account itself.

Parameters:
accountEndpoint - the account service's endpoint
Throws:
GridFailureException - if the endpoint isn't on the list

addTrustedAccountService

public void addTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
                              throws RemoteException
Add a trusted account service.

Parameters:
account - the EPR of the service (only the address is used)
Throws:
RemoteException

removeTrustedAccountService

public void removeTrustedAccountService(org.apache.axis.message.addressing.EndpointReferenceType account)
Remove a trusted account service.

Parameters:
account - the EPR of the service (only the address is used)

getPolicy

public org.apache.neethi.Policy getPolicy()

getAdditionalFederationPolicy

public org.apache.neethi.Policy getAdditionalFederationPolicy(String method)
Gets the Policy for a method. Used by uk.ac.soton.itinnovation.grid.service.utils.trustedaccounts.TrustedManagementPolicy to add the Policy to the WSDL

Parameters:
method - - the method to check
Returns:
a Policy representing the additional federations for a method
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2001-2008 University of Southampton IT Innovation Centre. All Rights Reserved.