Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.globus.gridshib.gt.authorization
Class GS4GT.PullPDPImpl

java.lang.Object
  extended by org.globus.gridshib.gt.authorization.BasePDP
      extended by org.globus.gridshib.gt.authorization.GS4GT.PullPDPImpl
All Implemented Interfaces:
GridShibConfigParams, PDP
Enclosing class:
GS4GT
public static class GS4GT.PullPDPImpl
extends BasePDP
implements GridShibConfigParams

Combined interceptor for GridShib attribute pull.

See Also:
BasePDP, GridShibConfigParams

Field Summary
 
Fields inherited from interface org.globus.gridshib.gt.authorization.GridShibConfigParams
AA_INSTANCE_KEY, ALL_CONFIG_KEYS, ATTR_FILE_KEY, AUTHZ_HOST_KEY, BLACKLIST_IP_ADDRESSES_FILE_KEY, BLACKLIST_NAME_IDS_FILE_KEY, CACHE_KEY, CONSULT_GRIDMAP_KEY, DEFAULT_GRIDMAP, ENABLE_ATTRIBUTE_AUTHZ_KEY, ENABLE_ATTRIBUTE_MAPPING_KEY, ENABLE_ATTRIBUTE_QUERY_KEY, ENABLE_BLACKLISTING_KEY, IDP_PROVIDER_ID_KEY, MAP_FILE_KEY, METADATA_PATH_KEY, RESPECT_KEY, SAML_MAP_POLICY_KEY, SHIB_PDP_POLICY_KEY, SP_PROVIDER_ID_KEY, USE_VOMS
 
Constructor Summary
GS4GT.PullPDPImpl()
           
 
Method Summary
 void initialize(HashMap configs, String name)
          If a subclass overrides this method (which is almost always the case), it MUST call this method at the end of a successful initialization.
 int isPermitted(Subject peerSubject, javax.xml.rpc.handler.MessageContext context, javax.xml.namespace.QName operation)
          This PDP implementation orchestrates the following specific workflow: For each SAML identity in the security context, do the following: Invoke SAMLQueryPIPImpl Invoke AttributeAcceptancePIPImpl Invoke SAMLBlacklistPDPImpl If DENY, return DENY; otherwise, continue iterating Invoke SAMLAttributePDPImpl If PERMIT, break; otherwise, continue iterating Invoke SAMLMapPIPImpl Return SAMLAttributePDPImpl decision GS4GT.PullPDPImpl returns whatever SAMLAttributePDPImpl returned on the last iteration through the loop.
 
Methods inherited from class org.globus.gridshib.gt.authorization.BasePDP
isInitialized
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

GS4GT.PullPDPImpl

public GS4GT.PullPDPImpl()
Method Detail

initialize

public void initialize(HashMap configs,
                       String name)
                throws Exception
Description copied from class: BasePDP
If a subclass overrides this method (which is almost always the case), it MUST call this method at the end of a successful initialization.

Specified by:
initialize in interface PDP
Overrides:
initialize in class BasePDP
Throws:
Exception

isPermitted

public int isPermitted(Subject peerSubject,
                       javax.xml.rpc.handler.MessageContext context,
                       javax.xml.namespace.QName operation)
                throws Exception
This PDP implementation orchestrates the following specific workflow:
  1. For each SAML identity in the security context, do the following:
    • Invoke SAMLQueryPIPImpl
    • Invoke AttributeAcceptancePIPImpl
    • Invoke SAMLBlacklistPDPImpl
      • If DENY, return DENY; otherwise, continue iterating
    • Invoke SAMLAttributePDPImpl
      • If PERMIT, break; otherwise, continue iterating
  2. Invoke SAMLMapPIPImpl
  3. Return SAMLAttributePDPImpl decision
GS4GT.PullPDPImpl returns whatever SAMLAttributePDPImpl returned on the last iteration through the loop. If there are no SAML identities in the security context (in which case the loop is not executed), this PDP returns INDETERMINATE.

Specified by:
isPermitted in interface PDP
Throws:
Exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2007-2008 University of Illinois. All Rights Reserved.