org.globus.wsrf.impl.security.authorization
Class ResourcePropertiesPDP
java.lang.Object
org.globus.wsrf.impl.security.authorization.ResourcePropertiesPDP
- All Implemented Interfaces:
- java.io.Serializable, org.globus.security.authorization.Interceptor, org.globus.security.authorization.PDP, org.globus.security.authorization.PDPInterceptor
public class ResourcePropertiesPDP
- extends java.lang.Object
- implements org.globus.security.authorization.PDPInterceptor
The PDP enforces a parameter based authorization policy on
GetResourceProperty, GetMultipleResourceProperties and
SetResourceProperties. QueryResourceProperties is not protected by
this PDP and to prevent malicious access of RPs through that
method, access to that method must be protected using other
schemes. GetMultipleResourceProperies access is allowed only if
policy allows user access to all the RPs.
It works in tandem with ParameterPIP, which
is used to extract the parameters for these methods.The
ParameterPIP needs to be configured with the following :
servicePath getMultipleResourceProperties
{http://docs.oasis-open.org/wsrf/rp-2.xsd}getMultipleResourceProperties
servicePath
getResourceProperty
{http://docs.oasis-open.org/wsrf/rp-2.xsd}getResourceProperty
servicePath
setResourceProperties
{http://docs.oasis-open.org/wsrf/rp-2.xsd}SetResourceProperties
The servicePath needs to be replaced with the service endpoint
that required resource property access to be authorized based on
parameters.
The authorization polocy for this PDP is configured as a file
using property get-rp-pdp-config for GetResourceProperty and
GetMultipleResourceProperties methods and property
set-rp-pdp-config for SetResourceProperties method. The
configuration files should have the following format DN of
user=list of QNames separated by semicolon.. The DN should have
all equal to signs(=) and speace esacped with back slash. For
example:
/C\=US/O\=Globus\ Alliance/OU\=User/CN\=101497d3dcd.3dcd5aef={http://www.globus.org/tests/security}booleanVal;{http://www.globus.org/tests/security}intVal1
- See Also:
- Serialized Form
|
Method Summary |
private org.globus.security.authorization.Decision |
authorize(org.globus.security.authorization.EntityAttributes reqEntity,
org.globus.security.authorization.EntityAttributes resourceEntity,
org.globus.security.authorization.EntityAttributes actionEntity,
org.globus.security.authorization.EntityAttributes envEntity)
|
org.globus.security.authorization.Decision |
canAccess(org.globus.security.authorization.RequestEntities requestEntities,
org.globus.security.authorization.NonRequestEntities nonRequestEntities)
|
org.globus.security.authorization.Decision |
canAdminister(org.globus.security.authorization.RequestEntities requestEntities,
org.globus.security.authorization.NonRequestEntities nonRequestEntities)
|
void |
close()
|
private java.io.File |
getFile(javax.xml.rpc.handler.MessageContext ctx,
java.lang.String fileName)
|
java.lang.String[] |
getPolicyNames()
|
void |
initialize(java.lang.String chainName,
java.lang.String prefix,
org.globus.security.authorization.ChainConfig config_)
|
private org.globus.security.authorization.Decision |
isPermitted(javax.security.auth.Subject peer,
java.util.Vector parameters,
java.lang.String operation,
org.globus.security.authorization.EntityAttributes issuer,
org.globus.security.authorization.EntityAttributes req)
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
i18n
private static org.globus.util.I18n i18n
GET_RP_CONFIG_FILE
public static final java.lang.String GET_RP_CONFIG_FILE
- See Also:
- Constant Field Values
SET_RP_CONFIG_FILE
public static final java.lang.String SET_RP_CONFIG_FILE
- See Also:
- Constant Field Values
logger
private static org.apache.commons.logging.Log logger
getRPAccessConfig
private ResourcePropertiesPDP.AccessConfiguration getRPAccessConfig
setRPAccessConfig
private ResourcePropertiesPDP.AccessConfiguration setRPAccessConfig
getRPFilename
private java.lang.String getRPFilename
setRPFilename
private java.lang.String setRPFilename
config
private org.globus.security.authorization.ChainConfig config
ResourcePropertiesPDP
public ResourcePropertiesPDP()
initialize
public void initialize(java.lang.String chainName,
java.lang.String prefix,
org.globus.security.authorization.ChainConfig config_)
throws org.globus.security.authorization.InitializeException
- Specified by:
initialize in interface org.globus.security.authorization.Interceptor
- Throws:
org.globus.security.authorization.InitializeException
getPolicyNames
public java.lang.String[] getPolicyNames()
canAccess
public org.globus.security.authorization.Decision canAccess(org.globus.security.authorization.RequestEntities requestEntities,
org.globus.security.authorization.NonRequestEntities nonRequestEntities)
throws org.globus.security.authorization.AuthorizationException
- Specified by:
canAccess in interface org.globus.security.authorization.PDP
- Throws:
org.globus.security.authorization.AuthorizationException
canAdminister
public org.globus.security.authorization.Decision canAdminister(org.globus.security.authorization.RequestEntities requestEntities,
org.globus.security.authorization.NonRequestEntities nonRequestEntities)
throws org.globus.security.authorization.AuthorizationException
- Specified by:
canAdminister in interface org.globus.security.authorization.PDP
- Throws:
org.globus.security.authorization.AuthorizationException
authorize
private org.globus.security.authorization.Decision authorize(org.globus.security.authorization.EntityAttributes reqEntity,
org.globus.security.authorization.EntityAttributes resourceEntity,
org.globus.security.authorization.EntityAttributes actionEntity,
org.globus.security.authorization.EntityAttributes envEntity)
throws org.globus.security.authorization.AuthorizationException
- Throws:
org.globus.security.authorization.AuthorizationException
isPermitted
private org.globus.security.authorization.Decision isPermitted(javax.security.auth.Subject peer,
java.util.Vector parameters,
java.lang.String operation,
org.globus.security.authorization.EntityAttributes issuer,
org.globus.security.authorization.EntityAttributes req)
close
public void close()
throws org.globus.security.authorization.CloseException
- Specified by:
close in interface org.globus.security.authorization.Interceptor
- Throws:
org.globus.security.authorization.CloseException
getFile
private java.io.File getFile(javax.xml.rpc.handler.MessageContext ctx,
java.lang.String fileName)