Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.globus.gridshib.gt.authorization
Class ShibbolethPDPUtil

java.lang.Object
  extended by org.globus.gridshib.gt.authorization.ShibbolethPDPUtil

public class ShibbolethPDPUtil
extends Object

Contains static methods for common Shib PDP tasks

Constructor Summary
ShibbolethPDPUtil()
           
 
Method Summary
static boolean attributeSetsMatch(Vector samlAttributes, org.globus.gridshib.gt.authorization.attributes.SAMLAttribute[] attributes)
           
static boolean attributeSetsMatch(Vector samlAttributes, Vector peerAttributes)
           
static String[] getUsernameMappings(org.globus.gridshib.gt.authorization.attributes.policy.AttributeMapping[] mappings, Iterator peerAttributes)
           
static boolean isAttributePermitted(org.globus.gridshib.gt.authorization.attributes.SAMLAttribute[] attributes, ShibbolethPDPPolicy policy)
          Checks the configured attributes against the given attributes.
static boolean isAttributePermitted(Subject peerSubject, ShibbolethPDPPolicy policy)
          Checks the configured attributes against the subject's issued attributes (i.e., those attributes stored in the subject's security context).
static org.globus.gridshib.gt.authorization.attributes.AttributeInformation queryCachedAttributeInformation(String peerIdentity, String scope)
          Checks for any previously obtained attribute information about the subject.
static boolean setCachedAttributeInformation(String peerIdentity, String scope, org.globus.gridshib.gt.authorization.attributes.AttributeInformation info)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ShibbolethPDPUtil

public ShibbolethPDPUtil()
Method Detail

isAttributePermitted

public static boolean isAttributePermitted(Subject peerSubject,
                                           ShibbolethPDPPolicy policy)
Checks the configured attributes against the subject's issued attributes (i.e., those attributes stored in the subject's security context).

Parameters:
peerSubject - a subject that has a security context
policy - configured attribute-based policy
Returns:
true if at least one attribute configured in policy is also in the subject's security context

isAttributePermitted

public static boolean isAttributePermitted(org.globus.gridshib.gt.authorization.attributes.SAMLAttribute[] attributes,
                                           ShibbolethPDPPolicy policy)
Checks the configured attributes against the given attributes.

Parameters:
attributes - a provided array of attributes to check against
policy - configured attribute-based policy
Returns:
true if at least one attribute configured in policy is also in the given array of attributes

queryCachedAttributeInformation

public static org.globus.gridshib.gt.authorization.attributes.AttributeInformation queryCachedAttributeInformation(String peerIdentity,
                                                                                                                   String scope)
Checks for any previously obtained attribute information about the subject. If re-implemented, should stay encapsulated beginning here.

Parameters:
peerIdentity - caller This is intended to be the string generated from AuthUtil.getIdentity(peer), but can be any unique string.
scope - intended to be the pdp chain scope, but could be used in other ways
Returns:
If any problem or nothing found, returns null

setCachedAttributeInformation

public static boolean setCachedAttributeInformation(String peerIdentity,
                                                    String scope,
                                                    org.globus.gridshib.gt.authorization.attributes.AttributeInformation info)
Parameters:
peerIdentity - caller This is intended to be the string generated from AuthUtil.getIdentity(peer), but can be any unique string.
scope - intended to be the pdp chain scope, but could be used in other ways
info - attrs
Returns:
true/false if succeeded or not

attributeSetsMatch

public static boolean attributeSetsMatch(Vector samlAttributes,
                                         Vector peerAttributes)

attributeSetsMatch

public static boolean attributeSetsMatch(Vector samlAttributes,
                                         org.globus.gridshib.gt.authorization.attributes.SAMLAttribute[] attributes)

getUsernameMappings

public static String[] getUsernameMappings(org.globus.gridshib.gt.authorization.attributes.policy.AttributeMapping[] mappings,
                                           Iterator peerAttributes)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2007-2008 University of Illinois. All Rights Reserved.