|
![]() |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.openpermis.policy.bean.basic.BasicPart
org.openpermis.policy.bean.basic.BasicPartBean
org.openpermis.policy.bean.basic.BasicPolicy
public class BasicPolicy
Basic implementation of a policy.
Field Summary | |
---|---|
private org.joda.time.DateTimeZone |
dateTimeZone
|
private static org.slf4j.Logger |
LOGGER
|
private RoleAssignmentRuleBeanCollection |
roleAssignmentRules
|
private RoleHierarchyBeanCollection |
roleHierarchies
|
private static long |
serialVersionUID
|
private TargetAccessRuleBeanCollection |
targetAccessRules
|
Constructor Summary | |
---|---|
protected |
BasicPolicy(SerialNumber serialNumber)
Creates a policy with the specified rules. |
Method Summary | ||
---|---|---|
private
|
addPartToMap(Map<SerialNumber,PartBean> map,
Class<M> type,
PartBean part)
|
|
protected void |
appendPartDetails(StringBuilder sb)
Appends the details of this extended part for the string representation of this part. |
|
private boolean |
areRoleAssignmentRulesValid(PartProblemReporter reporter)
Check if there is at least one role assignment rule and all is correct. |
|
private boolean |
areRoleHierarchiesValid(PartProblemReporter reporter)
Check if there is at least one role-hierarchy, check if their name are unique, |
|
private boolean |
areTargetAccessRulesValid(PartProblemReporter reporter)
Check if there is at least one target access rule and that the containment hierarchy of the role hierarchy is consistent. |
|
private void |
assertNotNull(String type,
Object value)
Asserts that a value is not null . |
|
private void |
assertParameters(Subject subject,
URI resourceUri,
String actionName,
List<?> arguments,
TimeStamp timeStamp)
Checks the access decision parameters. |
|
protected boolean |
comparablePart(BasicPart part)
Check if the part specified is comparable to this part. |
|
protected boolean |
equalPart(BasicPart part)
Compares another part to this part. |
|
PartBean |
findBySerialNumber(SerialNumber partSerialNumber)
Returns the part bean corresponding to the specified serial number. The basic implementation returns this bean if its serial number matches the one passed in or null if not. |
|
private AccessDecision |
getAccessDecision(List<AuthorizedRoles> authorizedRoleSets,
Set<Role> verifiedRoles)
Determines the access decision according to the list of authorized roles and verified roles. |
|
AccessDecision |
getAccessDecision(Subject subject,
URI resourceUri,
String actionName,
List<?> arguments,
TimeStamp timeStamp)
Decides whether a subject may be given access to a target and what obligations need to be fulfilled. |
|
org.joda.time.DateTimeZone |
getDateTimeZone()
Returns the time zone of this policy. |
|
private Set<Role> |
getEligibleRoles(List<AuthorizedRoles> authorizedRoles)
Find all roles that are eligible according the the authorized roles specified. |
|
List<RoleAssignmentRuleBean> |
getParentRoleAssignmentRules(DomainBean searchPart)
Returns the PartBean's containing the given part. |
|
List<RoleHierarchyBean> |
getParentRoleHierarchies(Role role)
Returns the PartBean's containing the given part. |
|
List<TargetAccessRuleBean> |
getParentTargetAccessRules(ObligationBean searchPart)
Returns the PartBean's containing the given part. |
|
List<TargetAccessRuleBean> |
getParentTargetAccessRules(Role searchRule)
Returns the PartBean's containing the given part. |
|
List<TargetAccessRuleBean> |
getParentTargetAccessRules(TargetBean searchPart)
Returns the PartBean's containing the given part. |
|
List<TargetBean> |
getParentTargets(ActionBean searchPart)
Returns the PartBean's containing the given part. |
|
List<TargetBean> |
getParentTargets(DomainBean searchPart)
Returns the PartBean's containing the given part. |
|
|
getPartsList(Class<M> type)
Returns all parts of given type, unique by serial number. |
|
private
|
getPartsMap(Class<M> type)
Returns all parts of given type, unique by serial number. |
|
List<DomainBean> |
getResourceDomains()
Returns all resource domains. |
|
RoleAssignmentRuleBeanCollection |
getRoleAssignmentRules()
Returns the role assignment rule collection of this policy. |
|
RoleHierarchyBeanCollection |
getRoleHierarchies()
Returns the role hierarchy collection of this policy. |
|
List<Role> |
getRoleRefList()
Returns all rolerefs. |
|
protected String |
getSimpleClassName()
Returns the simple implementation class name of this class. |
|
List<DomainBean> |
getSubjectDomains()
Returns all subject domains. |
|
TargetAccessRuleBeanCollection |
getTargetAccessRules()
Returns the target access rule collection of this policy. |
|
private Set<Role> |
getVerifiedRoles(Subject subject,
TimeStamp timeStamp,
Set<Role> eligibleRoles)
Retrieve all verified roles of a subject that are a subset of the eligible roles. |
|
boolean |
isPartValid(PartProblemReporter reporter)
Checks if the extended state of this part is valid. |
|
protected int |
partHashCode()
Returns the hash code of the extended part state. |
|
void |
setDateTimeZone(org.joda.time.DateTimeZone dateTimeZone)
Sets the time zone of this policy. |
|
void |
setRoleAssignmentRules(RoleAssignmentRuleBeanCollection roleAssignmentRules)
Sets the role assignment rule collection of this policy. |
|
void |
setRoleHierarchies(RoleHierarchyBeanCollection roleHierarchies)
Sets the role hierarchy collection of this policy. |
|
void |
setTargetAccessRules(TargetAccessRuleBeanCollection targetAccessRules)
Sets the target access rule collection of this policy. |
Methods inherited from class org.openpermis.policy.bean.basic.BasicPartBean |
---|
addPropertyChangeListener, equalSerialNumber, firePropertyChange, getPartBeanType, getSerialNumber, getSerialNumberString, notifyIdentityChange, notifyNameChange, removePropertyChangeListener, toShortString |
Methods inherited from class org.openpermis.policy.bean.basic.BasicPart |
---|
appendDetails, equals, getIdentity, getName, hashCode, hasPartIdentity, hasPartName, isChildCollectionValid, isChildNotNull, isChildNullOrValid, isChildValid, isIdentityValid, isNameValid, isValid, reportProblem, setIdentity, setName, toString |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Methods inherited from interface org.openpermis.policy.Part |
---|
equals, hashCode, isValid, toString |
Methods inherited from interface org.openpermis.policy.bean.PartBean |
---|
addPropertyChangeListener, equalSerialNumber, getPartBeanType, getSerialNumber, removePropertyChangeListener, toShortString |
Methods inherited from interface org.openpermis.policy.Part |
---|
equals, hashCode, isValid, toString |
Field Detail |
---|
private static final long serialVersionUID
-8888013228359169599L
private static final org.slf4j.Logger LOGGER
private org.joda.time.DateTimeZone dateTimeZone
private RoleAssignmentRuleBeanCollection roleAssignmentRules
private TargetAccessRuleBeanCollection targetAccessRules
private RoleHierarchyBeanCollection roleHierarchies
Constructor Detail |
---|
protected BasicPolicy(SerialNumber serialNumber)
Method Detail |
---|
private boolean areRoleAssignmentRulesValid(PartProblemReporter reporter)
reporter
- the reporter to use.
true
if the role assignment rules are valid.private boolean areTargetAccessRulesValid(PartProblemReporter reporter)
reporter
- the reporter to use.
true
if the target access rules are valid.private boolean areRoleHierarchiesValid(PartProblemReporter reporter)
reporter
- the reporter to use.
true
if the role hierarchies are valid.private <M extends PartBean> void addPartToMap(Map<SerialNumber,PartBean> map, Class<M> type, PartBean part)
private <M extends PartBean> Map<SerialNumber,PartBean> getPartsMap(Class<M> type)
private Set<Role> getEligibleRoles(List<AuthorizedRoles> authorizedRoles)
Includes all super roles of the authorized roles passed in.
authorizedRoles
- the list of authorized roles.
null
.private Set<Role> getVerifiedRoles(Subject subject, TimeStamp timeStamp, Set<Role> eligibleRoles)
Includes all inherited sub roles of the verified roles.
subject
- the subject for which to retrieve the verified roles.timeStamp
- the timestamp of verification.eligibleRoles
- the set of eligible roles.
null
.private final void assertNotNull(String type, Object value)
null
.
type
- descriptive type of the value to check.value
- the value to check.
IllegalArgumentException
- in case the value is null
.private void assertParameters(Subject subject, URI resourceUri, String actionName, List<?> arguments, TimeStamp timeStamp)
subject
- a Subject
to identify the user requesting access and to provide
the roles assigned to her.resourceUri
- a URI
to identify the resource that the subject wants to access.actionName
- the name of the action that the subject wants to perform on the resource.arguments
- an optional list of arguments for the action
that the subject wants to perform on the resource.timeStamp
- the time at which the action is executed.
IllegalArgumentException
- in case there is an invalid parameter.public AccessDecision getAccessDecision(Subject subject, URI resourceUri, String actionName, List<?> arguments, TimeStamp timeStamp)
PolicyDecisionPoint
getAccessDecision
in interface Policy
getAccessDecision
in interface PolicyDecisionPoint
subject
- a Subject
to identify the user requesting access and to provide
the roles assigned to her.resourceUri
- a URI
to identify the resource that the subject wants to access.actionName
- the name of the action that the subject wants to perform on the resource.arguments
- an optional list of arguments for the action
that the subject wants to perform on the resource.timeStamp
- the time at which the action is executed.
AccessDecision
containing the PDP's decision and the
obligations associated with the decision.private AccessDecision getAccessDecision(List<AuthorizedRoles> authorizedRoleSets, Set<Role> verifiedRoles)
If there is at least one authorized role set that matches the verified roles then a positive access decision is returned. The access decision includes the obligations of all authorized role sets that match.
authorizedRoleSets
- the authorized role sets for which to determine the decision.verifiedRoles
- the verified roles to match.
public org.joda.time.DateTimeZone getDateTimeZone()
PolicyBean
getDateTimeZone
in interface PolicyBean
public void setDateTimeZone(org.joda.time.DateTimeZone dateTimeZone)
PolicyBean
setDateTimeZone
in interface PolicyBean
dateTimeZone
- a DateTimeZone
.public RoleAssignmentRuleBeanCollection getRoleAssignmentRules()
PolicyBean
getRoleAssignmentRules
in interface PolicyBean
public void setRoleAssignmentRules(RoleAssignmentRuleBeanCollection roleAssignmentRules)
PolicyBean
setRoleAssignmentRules
in interface PolicyBean
roleAssignmentRules
- the new role assignment rule collection of this policy.public TargetAccessRuleBeanCollection getTargetAccessRules()
PolicyBean
getTargetAccessRules
in interface PolicyBean
public void setTargetAccessRules(TargetAccessRuleBeanCollection targetAccessRules)
PolicyBean
setTargetAccessRules
in interface PolicyBean
targetAccessRules
- the new target access rule collection of this policy.public RoleHierarchyBeanCollection getRoleHierarchies()
PolicyBean
getRoleHierarchies
in interface PolicyBean
public void setRoleHierarchies(RoleHierarchyBeanCollection roleHierarchies)
PolicyBean
setRoleHierarchies
in interface PolicyBean
roleHierarchies
- the new role hierarchy collection of this policy.public <M extends PartBean> List<M> getPartsList(Class<M> type)
getPartsList
in interface PolicyBean
public List<Role> getRoleRefList()
getRoleRefList
in interface PolicyBean
public List<TargetAccessRuleBean> getParentTargetAccessRules(TargetBean searchPart)
getParentTargetAccessRules
in interface PolicyBean
public List<TargetAccessRuleBean> getParentTargetAccessRules(ObligationBean searchPart)
getParentTargetAccessRules
in interface PolicyBean
public List<TargetAccessRuleBean> getParentTargetAccessRules(Role searchRule)
getParentTargetAccessRules
in interface PolicyBean
searchRule
- the role for which to return the rules that contain it.
public List<RoleHierarchyBean> getParentRoleHierarchies(Role role)
public List<TargetBean> getParentTargets(ActionBean searchPart)
getParentTargets
in interface PolicyBean
public List<TargetBean> getParentTargets(DomainBean searchPart)
getParentTargets
in interface PolicyBean
public List<DomainBean> getResourceDomains()
getResourceDomains
in interface PolicyBean
public List<DomainBean> getSubjectDomains()
getSubjectDomains
in interface PolicyBean
public List<RoleAssignmentRuleBean> getParentRoleAssignmentRules(DomainBean searchPart)
getParentRoleAssignmentRules
in interface PolicyBean
public boolean isPartValid(PartProblemReporter reporter)
BasicPart
isPartValid
in class BasicPart
reporter
- the problem reporter to use, may be null
.BasicPart
,
Part.isValid(PartProblemReporter)
,
BasicPart.reportProblem(org.openpermis.policy.PartProblemReporter, org.openpermis.policy.PartProblemReporter.ProblemMessage, java.lang.Object...)
protected boolean comparablePart(BasicPart part)
BasicPart
comparablePart
in class BasicPart
part
- the part to check.
true
if the part supplied is comparable to this part.BasicPart
protected boolean equalPart(BasicPart part)
BasicPart
equalPart
in class BasicPart
part
- the part to compare to this part.
true
if the part supplied is considered equivalent to this part.BasicUtilities.equalObjects(Object, Object)
,
BasicPart
protected int partHashCode()
BasicPart
partHashCode
in class BasicPart
BasicPart
,
BasicUtilities.multiHashCode(int...)
protected String getSimpleClassName()
BasicPart
If your implementation represents an interface implementation return the interface
simple class name here. In short: return the instance you are checking against in
BasicPart.comparablePart(BasicPart)
.
getSimpleClassName
in class BasicPart
protected void appendPartDetails(StringBuilder sb)
BasicPart
appendPartDetails
in class BasicPart
sb
- the string builder to add the details to.BasicPart
,
BasicPart.appendDetails(StringBuilder, String, Object)
public PartBean findBySerialNumber(SerialNumber partSerialNumber)
BasicPartBean
If the part bean contains other part beans, it searches its child beans recursively.
The basic implementation returns this bean if its serial number matches
the one passed in or null
if not. Subclasses that contain other
parts must traverse their children.
findBySerialNumber
in interface PartBean
findBySerialNumber
in class BasicPartBean
partSerialNumber
- the SerialNumber
of the part bean to return.
PartBean
or null
if no
matching part bean is found.
|
![]() |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
PERMIS Role Based Access Control 0.4.0 (Build 15)
2009/05/20 08:14:59
Copyright (c) 2002-2007 Ergon Informatik AG