|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.xml.sax.helpers.XMLFilterImpl nbi.xmlsec.biocase.protocol.filter.ProtocolFilter nbi.xmlsec.biocase.protocol.filter.RBACFilter
The class RBACFilter removes treeElements and attributes according to policies defined in XACML-RBAC policies from the SAX stream.
The filter acts on incoming SAX-events and delivers these (modified) events
to its defined ContentHandler. It uses the RBACPDP
, which
must be given as RBACFilterParameter
via
setFilterParameter(Object)
to grant access or not based on a given roleset, action and resource. The
latter is build up from the formatURI and the path to the current element.
When access is refused for a given element, the complete element will be
removed from the stream recursively, including all subelements and character
events. When access is refused for an element attribute, only this single
attribute will be removed.
Field Summary | |
private Stack |
deny
Stack storing the evaluated access conditions for each XML element |
(package private) static Logger |
logger
|
private Set |
signElements
Set of element paths evaluated for signing |
(package private) static int |
trackMode
Track mode for the filter stack |
Fields inherited from class nbi.xmlsec.biocase.protocol.filter.ProtocolFilter |
elementStack, filterMode, FILTERMODE_FILTER, FILTERMODE_NONE, FILTERMODE_PARSER, filterRoot, PROT_URI_13, PROT_URI_20 |
Fields inherited from class org.xml.sax.helpers.XMLFilterImpl |
|
Constructor Summary | |
RBACFilter(String protocolURI,
String filterRoot,
int filterMode)
Inits the filter instance. |
|
RBACFilter(XMLReader parent,
String protocolURI,
String filterRoot,
int filterMode)
Inits the filter instance with specified parent. |
Method Summary | |
protected nbi.xml.sax.SAXElement |
evaluateAttributes(nbi.xml.sax.SAXElement element)
Evaluates the attributes of the given element with the pdp. |
protected nbi.xml.sax.SAXElement |
evaluateElement(nbi.xml.sax.SAXElement element)
Evaluates the given element with the PDP. |
protected nbi.xml.sax.SAXElement |
filterCharacters(nbi.xml.sax.SAXElement element)
Prevents further processing of the character event, if the element was denied before. |
protected nbi.xml.sax.SAXElement |
filterElement(nbi.xml.sax.SAXElement element)
Evaluates the current element, removes it or some of its attributes before it will be followed up. |
protected RBACFilterParameter |
getParameter()
Gets the parameter of this filter. |
Set |
getSignElements()
Gets the set of element paths evaluated for signing. |
private void |
initSubFilter()
Registers subfilters for subelements. |
protected nbi.xml.sax.SAXElement |
parseElement(nbi.xml.sax.SAXElement element)
Cleans up the deny stack, when the endElement event for the element was received. |
Methods inherited from class nbi.xmlsec.biocase.protocol.filter.ProtocolFilter |
characters, checkFilterParameter, endElement, getFilterMode, getFilterParameter, getProtocolURI, isParsingComplete, parseComplete, parseInit, registerSubFilter, setFilterParameter, setProtocolURI, startElement, unregisterSubFilter |
Methods inherited from class org.xml.sax.helpers.XMLFilterImpl |
endDocument, endPrefixMapping, error, fatalError, getContentHandler, getDTDHandler, getEntityResolver, getErrorHandler, getFeature, getParent, getProperty, ignorableWhitespace, notationDecl, parse, parse, processingInstruction, resolveEntity, setContentHandler, setDocumentLocator, setDTDHandler, setEntityResolver, setErrorHandler, setFeature, setParent, setProperty, skippedEntity, startDocument, startPrefixMapping, unparsedEntityDecl, warning |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
static Logger logger
private Stack deny
private Set signElements
static final int trackMode
Constructor Detail |
public RBACFilter(String protocolURI, String filterRoot, int filterMode)
protocolURI
- protocol version URI of this filter.filterRoot
- Root element for this filter.filterMode
- filterMode of this filter
ProtocolFilter.filterMode
.public RBACFilter(XMLReader parent, String protocolURI, String filterRoot, int filterMode)
parent
- parent reader.protocolURI
- protocol version URI of this filter.filterRoot
- Root element for this filter.filterMode
- filterMode of this filter
ProtocolFilter.filterMode
.Method Detail |
private void initSubFilter()
protected nbi.xml.sax.SAXElement evaluateAttributes(nbi.xml.sax.SAXElement element)
element
- element containing the attributes to evaluate.
protected nbi.xml.sax.SAXElement evaluateElement(nbi.xml.sax.SAXElement element)
list of signable elements
and may be retrieved using getSignElements()
when parsing is complete.
protected nbi.xml.sax.SAXElement filterElement(nbi.xml.sax.SAXElement element) throws SAXException
filterElement
in class ProtocolFilter
element
- The element corresponding to the startElement event.
SAXException
- If any parsing error occurs.ProtocolFilter.filterElement(SAXElement)
protected nbi.xml.sax.SAXElement parseElement(nbi.xml.sax.SAXElement element) throws SAXException
parseElement
in class ProtocolFilter
element
- The element corresponding to the endElement event.
SAXException
- If any parsing error occurs.ProtocolFilter.parseElement(SAXElement)
protected nbi.xml.sax.SAXElement filterCharacters(nbi.xml.sax.SAXElement element) throws SAXException
filterCharacters
in class ProtocolFilter
element
- The element corresponding to the startElement event.
SAXException
- If any parsing error occurs.ProtocolFilter.filterCharacters(SAXElement)
protected RBACFilterParameter getParameter()
public Set getSignElements()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |