nbi.xmlsec.xacml.profile.rbac
Class RBACPDP

java.lang.Object
  extended bynbi.xmlsec.xacml.profile.rbac.RBACPDP

public class RBACPDP
extends Object

This class implements an PDP acting on XACML policies defined according to the RBAC XACML Profile v.2.0. All needed parameter are read from the configuration. The configuration is done within the XML-tag PDP. It mainly consist configuring the underlying PolicyManager. The evaluation is realised using the method evaluate(Set,String,String).

Since:
Version:
$Revision: 1.23 $
Author:
Lutz Suhrbier

Field Summary
(package private)  Configuration config
          Configuration of this class
(package private) static Logger logger
           
(package private)  PDP pdp
          The PDP instance.
(package private)  PolicyManager polMgr
          PolicyManager of this RBACPDP
(package private)  HashMap results
          A Hashmap to store results and fasten the evaluation process when request are equaling.
 
Constructor Summary
RBACPDP()
          Default constructor.
RBACPDP(Configuration config)
          This creates an instance based on the given configuration
 
Method Summary
 Set createAction(String action)
          Creates the action part of a request context on a given reource String.
 RequestCtx createRequest(RoleAssignmentPolicyIdentifier roleId, String resource, String action)
          Create a request from a RoleAssignmentPolicyIdentifier, a resource string and an action string.
 Set createResource(String resource)
          Creates the resource part of a request context on a given reource String.
 Set createSubject(RoleAssignmentPolicyIdentifier roleId)
          Creates the subject part of a request context on a given RoleAssignmentPolicyIdentifier.
 Result evaluate(RequestCtx request)
          Evaluates a request
 boolean evaluate(Set roleIds, String resource, String action)
          Evaluates the request based on a set of roles, a resource and an action defined according the XACML RBAC profile v2.0.
 RequestCtx modifyRequest(RequestCtx request, RoleAssignmentPolicyIdentifier roleId, String resource, String action)
          Modifies a given request context based on the given parameeters.
protected  void reset()
          Resets the RBACPDP reinitialising the PolicyManager instance, reloading the assigned policies needed to create a new PDP instance.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

static Logger logger

config

Configuration config
Configuration of this class


polMgr

PolicyManager polMgr
PolicyManager of this RBACPDP


pdp

PDP pdp
The PDP instance.


results

HashMap results
A Hashmap to store results and fasten the evaluation process when request are equaling.

Constructor Detail

RBACPDP

public RBACPDP()
        throws Exception
Default constructor. This creates a RBACPDP with a PDP based on the configuration defined by the runtime property com.sun.xcaml.PDPConfigFile.


RBACPDP

public RBACPDP(Configuration config)
        throws ClassNotFoundException,
               NoSuchMethodException,
               InvocationTargetException,
               InstantiationException,
               IllegalAccessException
This creates an instance based on the given configuration

Throws:
IllegalAccessException
InstantiationException
InvocationTargetException
NoSuchMethodException
ClassNotFoundException
Method Detail

reset

protected void reset()
              throws IllegalArgumentException,
                     SecurityException,
                     ClassNotFoundException,
                     InstantiationException,
                     IllegalAccessException,
                     InvocationTargetException,
                     NoSuchMethodException
Resets the RBACPDP reinitialising the PolicyManager instance, reloading the assigned policies needed to create a new PDP instance.

Throws:
IllegalArgumentException
SecurityException
ClassNotFoundException
InstantiationException
IllegalAccessException
InvocationTargetException
NoSuchMethodException

evaluate

public Result evaluate(RequestCtx request)
Evaluates a request

Parameters:
request - The request context to evaluated
Returns:
The evaluation result.

evaluate

public boolean evaluate(Set roleIds,
                        String resource,
                        String action)
Evaluates the request based on a set of roles, a resource and an action defined according the XACML RBAC profile v2.0. The method evaluates all roles sequentially, and returns true if any of the evaluation results equals to permit.

Parameters:
roleIds - Set of RoleAssignmentPolicyIdentifiers.
resource - The resource as String.
action - The action as String.
Returns:
true, if at least one the evaluation result equals to permit, false otherwise.

modifyRequest

public RequestCtx modifyRequest(RequestCtx request,
                                RoleAssignmentPolicyIdentifier roleId,
                                String resource,
                                String action)
                         throws URISyntaxException
Modifies a given request context based on the given parameeters.

Parameters:
request - The request to modify
roleId - if not null, then the suject changes to the new roleId.
resource - if not null, then the resource changes to the new resource.
action - if not null, then the action changes to the new action.
Returns:
The modified request context.
Throws:
URISyntaxException

createSubject

public Set createSubject(RoleAssignmentPolicyIdentifier roleId)
                  throws URISyntaxException
Creates the subject part of a request context on a given RoleAssignmentPolicyIdentifier.

Parameters:
roleId - The RoleAssignmentPolicyIdentifier
Returns:
The subject with the new identifier(may be empty on error).
Throws:
URISyntaxException

createResource

public Set createResource(String resource)
                   throws URISyntaxException
Creates the resource part of a request context on a given reource String.

Parameters:
resource - The resource string.
Returns:
The resource with the new resource string(may be empty on error).
Throws:
URISyntaxException

createAction

public Set createAction(String action)
                 throws URISyntaxException
Creates the action part of a request context on a given reource String.

Parameters:
action - The action string.
Returns:
The action with the new action string(may be empty on error).
Throws:
URISyntaxException

createRequest

public RequestCtx createRequest(RoleAssignmentPolicyIdentifier roleId,
                                String resource,
                                String action)
                         throws URISyntaxException
Create a request from a RoleAssignmentPolicyIdentifier, a resource string and an action string.

Parameters:
roleId - RoleAssignmentPolicyIdentifier.
resource - resource string.
action - action string.
Returns:
The request context.
Throws:
URISyntaxException


Copyright © 2006 Lutz Suhrbier, Freie Universität Berlin. All Rights Reserved.