org.openpermis.audit
Class AuditPolicyDecisionPoint

java.lang.Object
  extended by org.openpermis.audit.AuditPolicyDecisionPoint
All Implemented Interfaces:
PolicyDecisionPoint

public class AuditPolicyDecisionPoint
extends Object
implements PolicyDecisionPoint

Policy decision point delegate that supports VetoableAccessDecisionListeners.

The audit policy decision point wraps an existing PolicyDecisionPoint and adds auditing functionality.

Since:
0.3.0

Field Summary
private  PolicyDecisionPoint delegate
          The actual PDP to delegate access decisions to.
private  List<VetoableAccessDecisionListener> listeners
          List of access decision listeners.
 
Constructor Summary
AuditPolicyDecisionPoint(PolicyDecisionPoint delegate, List<VetoableAccessDecisionListener> listeners)
          Creates a new policy decision point with audit support.
 
Method Summary
 AccessDecision getAccessDecision(Subject subject, URI resource, String actionName, List<?> arguments, TimeStamp timeStamp)
          Decides whether a subject may be given access to a target and what obligations need to be fulfilled.
private  void notifyAccessDecisionFailure(AccessDecisionRequest request, PolicyDecisionException exception)
          Notifies all listeners of an access decision failure.
private  void notifyVetoableAccessDecision(AccessDecisionRequest request, AccessDecision decision)
          Notifies all listeners of a vetoable access decision.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

delegate

private final PolicyDecisionPoint delegate
The actual PDP to delegate access decisions to.

Since:
0.3.0

listeners

private final List<VetoableAccessDecisionListener> listeners
List of access decision listeners.

Since:
0.3.0
Constructor Detail

AuditPolicyDecisionPoint

public AuditPolicyDecisionPoint(PolicyDecisionPoint delegate,
                                List<VetoableAccessDecisionListener> listeners)
Creates a new policy decision point with audit support.

Parameters:
delegate - the actual PDP to delegate access decision to, must not be null.
listeners - a list of listeners to notify when a decision is calculated.
Since:
0.3.0
Method Detail

notifyAccessDecisionFailure

private void notifyAccessDecisionFailure(AccessDecisionRequest request,
                                         PolicyDecisionException exception)
Notifies all listeners of an access decision failure.

Parameters:
request - the request.
exception - the failure.
Since:
0.3.0

notifyVetoableAccessDecision

private void notifyVetoableAccessDecision(AccessDecisionRequest request,
                                          AccessDecision decision)
                                   throws AccessDecisionVetoException
Notifies all listeners of a vetoable access decision.

Parameters:
request - the request.
decision - the decision.
Throws:
AccessDecisionVetoException - in case of a veto.
Since:
0.3.0

getAccessDecision

public AccessDecision getAccessDecision(Subject subject,
                                        URI resource,
                                        String actionName,
                                        List<?> arguments,
                                        TimeStamp timeStamp)
                                 throws PolicyDecisionException
Description copied from interface: PolicyDecisionPoint
Decides whether a subject may be given access to a target and what obligations need to be fulfilled.

Specified by:
getAccessDecision in interface PolicyDecisionPoint
Parameters:
subject - a Subject to identify the user requesting access and to provide the roles assigned to her.
resource - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
timeStamp - the time at which the action is executed.
Returns:
an AccessDecision containing the PDP's decision and the obligations associated with the decision.
Throws:
PolicyDecisionException - if the PDP fails to make an access decision.
Since:
0.3.0


PERMIS Role Based Access Control 0.4.0 (Build 15)
2009/05/20 08:14:59
Copyright (c) 2002-2007 Ergon Informatik AG