nbi.xmlsec.xacml.profile.rbac
Class RoleEnablementAuthority

java.lang.Object
  extended bynbi.xmlsec.xacml.profile.rbac.RoleEnablementAuthority

public class RoleEnablementAuthority
extends Object

This class realises the functionality of the RoleEnablementAuthority as described in the XACML RBAC profile v2.0. The class acts like an PDP, which works on RoleAssignmentPolicies only. The main method of this class is getRoles(String, X509Certificate), which evaluates all roles for a given entity authenticated by its X.509 certificate. The configuration is done within the XML-tag RoleEnablementAuthority. It mainly consist configuring the underlying PolicyManager.

Since:
Version:
$Revision: 1.14 $
Author:
Lutz Suhrbier

Field Summary
(package private)  Configuration config
          Configuration instance of this class.
(package private) static Logger logger
           
(package private)  PDP pdp
          The PDP instance.
(package private)  PolicyManager polMgr
          PolicyManager instance
 
Constructor Summary
RoleEnablementAuthority(Configuration config)
          Creates a RoleEnablementAuthority based on its configuration.
 
Method Summary
 RequestCtx createEnableRoleRequest(String domain, String subject, String role)
          Creates an enableRole-Request to evaluate the PDP, if the subject has the given role enabled.
 RequestCtx createEnableRoleRequest(String domain, X509Certificate subject, String role)
          Creates an enableRole-Request to evaluate the PDP, if the subject has the given role enabled.
 Set getRoles(String domain, X509Certificate subjectCert)
          Evaluates all roles for a given X.509-certificate.
protected  void reset()
          Resets the REA reinitialising the PolicyManager instance, reloading the assigned policies needed to create a new PDP instance.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

static Logger logger

config

Configuration config
Configuration instance of this class.


polMgr

PolicyManager polMgr
PolicyManager instance


pdp

PDP pdp
The PDP instance.

Constructor Detail

RoleEnablementAuthority

public RoleEnablementAuthority(Configuration config)
                        throws ClassNotFoundException,
                               NoSuchMethodException,
                               InvocationTargetException,
                               InstantiationException,
                               IllegalAccessException
Creates a RoleEnablementAuthority based on its configuration.

Parameters:
config - The configuration.
Throws:
ClassNotFoundException
NoSuchMethodException
InvocationTargetException
InstantiationException
IllegalAccessException
Method Detail

reset

protected void reset()
              throws IllegalArgumentException,
                     SecurityException,
                     ClassNotFoundException,
                     InstantiationException,
                     IllegalAccessException,
                     InvocationTargetException,
                     NoSuchMethodException
Resets the REA reinitialising the PolicyManager instance, reloading the assigned policies needed to create a new PDP instance.

Throws:
IllegalArgumentException
SecurityException
ClassNotFoundException
InstantiationException
IllegalAccessException
InvocationTargetException
NoSuchMethodException

getRoles

public Set getRoles(String domain,
                    X509Certificate subjectCert)
             throws ParsingException,
                    URISyntaxException,
                    ClassNotFoundException,
                    InstantiationException,
                    IllegalAccessException,
                    InvocationTargetException,
                    NoSuchMethodException,
                    InvocationTargetException,
                    NoSuchMethodException
Evaluates all roles for a given X.509-certificate.

Parameters:
domain - The domain to be evaluated.
subjectCert - The certificate.
Returns:
A set of RoleAssignmentPolicyIdentifiers containing the evaluated roles for the subject.
Throws:
ParsingException
URISyntaxException
ClassNotFoundException
InstantiationException
IllegalAccessException
InvocationTargetException
NoSuchMethodException
InvocationTargetException
NoSuchMethodException

createEnableRoleRequest

public RequestCtx createEnableRoleRequest(String domain,
                                          X509Certificate subject,
                                          String role)
                                   throws URISyntaxException
Creates an enableRole-Request to evaluate the PDP, if the subject has the given role enabled.

Parameters:
domain - The domain.
subject - The subject.
role - The role label.
Returns:
The enableRole request.
Throws:
URISyntaxException

createEnableRoleRequest

public RequestCtx createEnableRoleRequest(String domain,
                                          String subject,
                                          String role)
                                   throws URISyntaxException
Creates an enableRole-Request to evaluate the PDP, if the subject has the given role enabled. The subject is expected to be a X500Name-String.

Parameters:
domain - The domain.
subject - The subject as X500Name String..
role - The role label.
Returns:
The enableRole request.
Throws:
URISyntaxException


Copyright © 2006 Lutz Suhrbier, Freie Universität Berlin. All Rights Reserved.