org.globus.security.authorization.providers
Class DenyOverrideAlg

java.lang.Object
  org.globus.security.authorization.providers.AbstractEngine
      org.globus.security.authorization.providers.DenyOverrideAlg

All Implemented Interfaces:

java.io.Serializable, AuthorizationEngineSpi

public class DenyOverrideAlg
extends AbstractEngine

This combining algorithm returns the first deny decision returned by the list of configuired PDPs. Steps: Invoke all configured PIPs in order. Invoke each PDP in order. If a PDP returns a deny, return decision. If all PDPs return a permit, return permit. If no PDPs provide a decision, return indeterminate. Note that entity issuing the decision for each PDP is not considered, that is the resource owner is not matched with PDP decision issuer. Resource owner is used only when an indeterminate decision is returned, with no decision from any PDPs.

See Also:

Serialized Form

Field Summary

private static I18nUtil	i18n
private static org.apache.commons.logging.Log	logger

Fields inherited from class org.globus.security.authorization.providers.AbstractEngine

BOOTSTRAP_PIP, bootstrapPips, chainConfig, nonReqEntities, PDP_INTERCEPTOR, pdps, PIP_INTERCEPTOR, pips

Constructor Summary

DenyOverrideAlg()

Method Summary

Decision

engineAuthorize(RequestEntities reqAttr, EntityAttributes resourceOwner) Thie method contains the logic for processing the PIPs and PDPs.

Methods inherited from class org.globus.security.authorization.providers.AbstractEngine

collectAttributes, engineClose, engineInitialize, getChainConfig, initializeInterceptors, initializeInterceptors, loadClass

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

i18n

private static I18nUtil i18n

logger

private static org.apache.commons.logging.Log logger

Constructor Detail

DenyOverrideAlg

public DenyOverrideAlg()

Method Detail

engineAuthorize

public Decision engineAuthorize(RequestEntities reqAttr,
                                EntityAttributes resourceOwner)
                         throws AuthorizationException

Description copied from class: AbstractEngine

Thie method contains the logic for processing the PIPs and PDPs.

Specified by:

engineAuthorize in interface AuthorizationEngineSpi

Specified by:

engineAuthorize in class AbstractEngine

Parameters:

reqAttr - Attributes about the request entities.

resourceOwner - Resource owner entity

Returns:

Decision object

Throws:

AuthorizationException