Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.teragrid.ncsa.gridshib.security.x509
Class GatewayCredential

java.lang.Object
  extended by org.globus.gridshib.security.x509.GlobusSAMLCredential
      extended by org.teragrid.ncsa.gridshib.security.x509.GatewayCredential

public class GatewayCredential
extends GlobusSAMLCredential

A GatewayCredential is a proxy credential with a SAML assertion bound to a non-critical certificate extension. A GatewayCredential is a special type of GlobusSAMLCredential having a mail attribute and other distinguishing characteristics.

Since:
0.3.0

Field Summary
protected static org.apache.commons.logging.Log logger
           
static String MAIL
          The MAIL constant is the formal name of the attribute that holds the user's e-mail address.
 
Fields inherited from class org.globus.gridshib.security.x509.GlobusSAMLCredential
HOLDER_OF_KEY, SENDER_VOUCHES
 
Constructor Summary
GatewayCredential(String username)
          Creates a gateway credential instance.
 
Method Summary
 boolean addEmailAddress(String emailAddress)
          Formulates the given e-mail address as a single-valued SAML attribute and adds this attribute to this GatewayCredential instance.
 boolean addEmailAddresses(String[] emailAddresses)
          Formulates the given e-mail addresses as a multi-valued SAML attribute and adds this attribute to this GatewayCredential instance.
 SelfIssuedAssertion getSAMLToken(boolean forceNewToken)
          Checks for required attributes before self-issuing a SAML token.
 
Methods inherited from class org.globus.gridshib.security.x509.GlobusSAMLCredential
addAttribute, getAttributes, getCredential, getDefaultX509Lifetime, getFormat, getFormattedName, getNameQualifier, getSAMLExtension, getSAMLExtension, getSAMLToken, getTemplate, getUsername, isHolderOfKey, isSenderVouches, issue, issue, setAttributes, setAuthnContext, setCredential, setDefaultConfigFile, setDefaultCredential, setFormat, setNameQualifier, setSAMLLifetime, setSSOResponseFile, setX509Lifetime, setXMLFile
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected static org.apache.commons.logging.Log logger

MAIL

public static final String MAIL
The MAIL constant is the formal name of the attribute that holds the user's e-mail address. This attribute name is based on an OID defined by the eduPerson specification and the MACE-Dir Attribute Profile for SAML 1.x.

The legacy name of this attribute is 

urn:mace:dir:attribute-def:mail
Hence, this attribute has the following "friendly name": 
FriendlyName="mail"
.

See Also:
Constant Field Values
Constructor Detail

GatewayCredential

public GatewayCredential(String username)
                  throws GlobusSAMLException
Creates a gateway credential instance.

Parameters:
username - the name of the authenticated user, usually the portal login name
Throws:
GlobusSAMLException - if unable to create the credential
Method Detail

addEmailAddress

public boolean addEmailAddress(String emailAddress)
Formulates the given e-mail address as a single-valued SAML attribute and adds this attribute to this GatewayCredential instance.

Parameters:
emailAddress - a (non-null) e-mail address
Returns:
true if and only if the SAML attribute is actually added
Throws:
IllegalArgumentException - if the given e-mail address is null

addEmailAddresses

public boolean addEmailAddresses(String[] emailAddresses)
Formulates the given e-mail addresses as a multi-valued SAML attribute and adds this attribute to this GatewayCredential instance. If only one e-mail address is provided, this method calls addEmailAddress(String) instead.

Parameters:
emailAddresses - a (non-null and nonempty) array of e-mail addresses
Returns:
true if and only if the SAML attribute is actually added
Throws:
IllegalArgumentException - if the given array of e-mail addresses is null or empty
Since:
0.4.1

getSAMLToken

public SelfIssuedAssertion getSAMLToken(boolean forceNewToken)
                                 throws GlobusSAMLException
Checks for required attributes before self-issuing a SAML token.

Overrides:
getSAMLToken in class GlobusSAMLCredential
Parameters:
forceNewToken - if true, returns a fresh token regardless of the cache state
Returns:
a self-issued assertion, that is, an assertion whose issuer is the proxy issuer
Throws:
GlobusSAMLException - if unable to get the SAML token
Since:
0.3.2
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2007-2008 University of Illinois. All Rights Reserved.