Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.globus.gridshib.gt.authorization
Class SAMLAttributePDPImpl

java.lang.Object
  extended by org.globus.gridshib.gt.authorization.BasePDP
      extended by org.globus.gridshib.gt.authorization.SAMLAttributePDPImpl
All Implemented Interfaces:
GridShibConfigParams, PDP
public class SAMLAttributePDPImpl
extends BasePDP
implements GridShibConfigParams

A PDP implementation that backs SAMLAttributePDP.

See Also:
SAMLAttributePDP

Field Summary
 
Fields inherited from interface org.globus.gridshib.gt.authorization.GridShibConfigParams
AA_INSTANCE_KEY, ALL_CONFIG_KEYS, ATTR_FILE_KEY, AUTHZ_HOST_KEY, BLACKLIST_IP_ADDRESSES_FILE_KEY, BLACKLIST_NAME_IDS_FILE_KEY, CACHE_KEY, CONSULT_GRIDMAP_KEY, DEFAULT_GRIDMAP, ENABLE_ATTRIBUTE_AUTHZ_KEY, ENABLE_ATTRIBUTE_MAPPING_KEY, ENABLE_ATTRIBUTE_QUERY_KEY, ENABLE_BLACKLISTING_KEY, IDP_PROVIDER_ID_KEY, MAP_FILE_KEY, METADATA_PATH_KEY, RESPECT_KEY, SAML_MAP_POLICY_KEY, SHIB_PDP_POLICY_KEY, SP_PROVIDER_ID_KEY, USE_VOMS
 
Constructor Summary
SAMLAttributePDPImpl()
           
 
Method Summary
 void initialize(HashMap configs, String name)
          Loads a policy file that is used for access control decisions.
 int isPermitted(Subject peerSubject, javax.xml.rpc.handler.MessageContext context, javax.xml.namespace.QName operation)
          Note that this method never returns PDPDecision.DENY.
 
Methods inherited from class org.globus.gridshib.gt.authorization.BasePDP
isInitialized
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLAttributePDPImpl

public SAMLAttributePDPImpl()
Method Detail

initialize

public void initialize(HashMap configs,
                       String name)
                throws Exception
Loads a policy file that is used for access control decisions. If no policy file is configured, this method disables attribute-based authorization.

Specified by:
initialize in interface PDP
Overrides:
initialize in class BasePDP
Parameters:
configs - a (non-null) map of configuration parameters
name - the scope prefix associated with this PDP implementation
Throws:
IllegalArgumentException - If the configs argument is null
RuntimeException - If no policy file is configured, the path to the configured policy file is not absolute, or the policy file can not be parsed
Exception

isPermitted

public int isPermitted(Subject peerSubject,
                       javax.xml.rpc.handler.MessageContext context,
                       javax.xml.namespace.QName operation)
                throws Exception
Note that this method never returns PDPDecision.DENY.

A GridShib policy file is a dynamic resource in the following sense. Every time a policy decision is required, this method determines if the policy file was modified since it was last loaded. If the file is dirty, this method reloads the policy file before making an access control decision. If the policy file can not be reloaded (because of a syntax error, e.g.), this method logs an error message and returns PDPDecision.INDETERMINATE.

Specified by:
isPermitted in interface PDP
Parameters:
peerSubject - the authenticated subject
context - the message context
operation - the requested operation
Throws:
IllegalArgumentException - If either the peerSubject argument or the context argument is null
Exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2007-2008 University of Illinois. All Rights Reserved.