org.globus.security.authorization.providers
Class FirstApplicableAlg
java.lang.Object
org.globus.security.authorization.providers.AbstractEngine
org.globus.security.authorization.providers.FirstApplicableAlg
- All Implemented Interfaces:
- java.io.Serializable, AuthorizationEngineSpi
public class FirstApplicableAlg
- extends AbstractEngine
This combining algorithm returns the first permit or return decision returned
by the list of configuired PDPs. Steps:
Invoke all configured PIPs in order. Invoke each PDP in order. If a PDP
returns a permit or deny, return decision. If no PDPs provide a decision,
return indeterminate.
Note that entity issuing the decision for each PDP is not considered, that is
the resource owner is not matched with PDP decision issuer. Resource owner
is used only when an indeterminate decision is returned, with no decision
from any PDPs.
- See Also:
- Serialized Form
|
Field Summary |
private static I18nUtil |
i18n
|
private static org.apache.commons.logging.Log |
logger
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
i18n
private static I18nUtil i18n
logger
private static org.apache.commons.logging.Log logger
FirstApplicableAlg
public FirstApplicableAlg()
engineAuthorize
public Decision engineAuthorize(RequestEntities reqAttr,
EntityAttributes resourceOwner)
throws AuthorizationException
- Description copied from class:
AbstractEngine
- Thie method contains the logic for processing the PIPs and PDPs.
- Specified by:
engineAuthorize in interface AuthorizationEngineSpi- Specified by:
engineAuthorize in class AbstractEngine
- Parameters:
reqAttr - Attributes about the request entities.resourceOwner - Resource owner entity
- Returns:
- Decision object
- Throws:
AuthorizationException