org.openpermis.examples.ejb.server
Class AuthorizedHelloEjbService

java.lang.Object
  extended by org.openpermis.examples.ejb.server.AuthorizedHelloEjbService
All Implemented Interfaces:
HelloEjbServiceRemote

public class AuthorizedHelloEjbService
extends Object
implements HelloEjbServiceRemote

An EJB implementation of the HelloWorld service.

Access to a basic HelloWorld service is controlled with help of a policy decision point (PDP). It serves as a policy enforcement point for the HelloWorld application.

Since:
0.3.0

Field Summary
protected static String ACTION_NAME
           
private  org.openpermis.AuthorizationService authorizationService
          The injected authorization service.
private  HelloEjbServiceRemote delegate
          The actual service implementation to which we forward authorized requests.
private static PrintStream LOG
          Print stream to log messages to.
protected static URI TARGET_RESOURCE_URI
           
 
Constructor Summary
AuthorizedHelloEjbService()
          Creates a hello world EJB which uses a default PDP and HelloWorld service.
AuthorizedHelloEjbService(org.openpermis.AuthorizationService authorizationService, HelloEjbServiceRemote delegate)
          Creates an authorized HelloWorld service that uses the specified authorization service context for retrieving roles and making access decisions.
 
Method Summary
protected  void assertInitialized()
          Asserts that the service has been correctly initialized.
private static HelloEjbServiceRemote createHelloWorldService()
          Creates a basic hello world service for this EJB.
private static org.openpermis.AuthorizationService createPolicyDecisionPoint()
          Creates a authorization for the hello world EJB.
private static org.openpermis.PolicyDecisionPoint createPolicyDecisionPoint(org.openpermis.cert.verify.CertificateVerifier certificateVerifier)
          Creates a PolicyDecisionPoint from an attribute certificate located on the classpath.
private static org.openpermis.subject.SubjectFinder createSubjectFinder(org.openpermis.cert.verify.CertificateVerifier certificateVerifier)
          Creates a subject finder with subjects read from the classpath.
 String getHelloMessage(String name)
          Returns a welcome message for the specified person.
private static X509Certificate readSoaCertificate()
          Reads the SoA certificate from the classpath.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LOG

private static final PrintStream LOG
Print stream to log messages to.

Since:
0.9.0

TARGET_RESOURCE_URI

protected static final URI TARGET_RESOURCE_URI
Since:
0.3.0

ACTION_NAME

protected static final String ACTION_NAME
Constant Field Value:
"collectLetters"
Since:
0.3.0

authorizationService

private final org.openpermis.AuthorizationService authorizationService
The injected authorization service.

Since:
0.3.0

delegate

private final HelloEjbServiceRemote delegate
The actual service implementation to which we forward authorized requests.

Since:
0.3.0
Constructor Detail

AuthorizedHelloEjbService

public AuthorizedHelloEjbService()
Creates a hello world EJB which uses a default PDP and HelloWorld service.

See Also:
createPolicyDecisionPoint(), createHelloWorldService()
Since:
0.3.0

AuthorizedHelloEjbService

public AuthorizedHelloEjbService(org.openpermis.AuthorizationService authorizationService,
                                 HelloEjbServiceRemote delegate)
Creates an authorized HelloWorld service that uses the specified authorization service context for retrieving roles and making access decisions.

Parameters:
authorizationService - a AuthorizationService.
delegate - the real service implementation to which authorized requests are forwarded.
Since:
0.3.0
Method Detail

readSoaCertificate

private static final X509Certificate readSoaCertificate()
Reads the SoA certificate from the classpath.

A policy decision point needs a trusted public key of the source of authority (SoA) to validate the attribute certificates (AC), including policies and roles. Future implementations will allow a advanced public key infrastructure (PKI).

Returns:
the SoA certificate or null if it could not be read.
Since:
0.3.0

createPolicyDecisionPoint

private static final org.openpermis.PolicyDecisionPoint createPolicyDecisionPoint(org.openpermis.cert.verify.CertificateVerifier certificateVerifier)
Creates a PolicyDecisionPoint from an attribute certificate located on the classpath.

Parameters:
certificateVerifier - the certificate verifier used to verify the attribute certificate containing the policy.
Returns:
the PolicyDecisionPoint requested or null if it could not be created.
Since:
0.3.0

createSubjectFinder

private static final org.openpermis.subject.SubjectFinder createSubjectFinder(org.openpermis.cert.verify.CertificateVerifier certificateVerifier)
Creates a subject finder with subjects read from the classpath.

Parameters:
certificateVerifier - The certificate verifier used to verify attribute certificates used in the subject finder.
Returns:
the subject finder.
Since:
0.3.0

createPolicyDecisionPoint

private static final org.openpermis.AuthorizationService createPolicyDecisionPoint()
Creates a authorization for the hello world EJB.

Returns:
the authorization service to use.
Since:
0.3.0

createHelloWorldService

private static final HelloEjbServiceRemote createHelloWorldService()
Creates a basic hello world service for this EJB.

Returns:
the actual hello world service to delegate to.
Since:
0.3.0

assertInitialized

protected void assertInitialized()
                          throws HelloEjbException
Asserts that the service has been correctly initialized.

Throws:
HelloEjbException - if the service is not correctly initialized.
Since:
0.3.0

getHelloMessage

public String getHelloMessage(String name)
                       throws HelloEjbException
Description copied from interface: HelloEjbServiceRemote
Returns a welcome message for the specified person.

Specified by:
getHelloMessage in interface HelloEjbServiceRemote
Parameters:
name - the name of the person to greet.
Returns:
a suitable welcome message.
Throws:
HelloEjbException - if the service fails to determine a suitable welcome message.
Since:
0.1.0


OpenPermis Role Based Access Control 0.9.0 (Build 16)
2009/08/13 07:18:17
Copyright (c) 2002-2007 Ergon Informatik AG