UpdateableFileAuthorizer (OGSA-DAI -- (c) International Business Machines Corporation, 2002-2006, The University of Edinburgh, 2002-2006)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

uk.org.ogsadai.examples.authorization
Class UpdateableFileAuthorizer

java.lang.Object
  |
  +--uk.org.ogsadai.examples.authorization.SimpleFileAuthorizer
        |
        +--uk.org.ogsadai.examples.authorization.UpdateableFileAuthorizer

All Implemented Interfaces:: AccessAuthorizer

public class UpdateableFileAuthorizer
extends SimpleFileAuthorizer

A simple access authorizer which can be updated by adding or removing users in the access control lists.

Author:: The OGSA-DAI Team.

Field Summary

private java.lang.String configPath


Fields inherited from class uk.org.ogsadai.examples.authorization.SimpleFileAuthorizer

activityAuthorization, resourceAuthorization

Constructor Summary

UpdateableFileAuthorizer(java.lang.String config)
          Constructor.

Method Summary

boolean authorizeActivity(java.lang.String resourceID, Activity activity, SecurityContext context)
          Authorizes access to an activity based on an access control list.

boolean authorizeResource(java.lang.String resourceID, SecurityContext context)
          Authorizes access to a resource based on an access control list.

void grantActivityAccessToUser(java.lang.String activityName, java.lang.String resourceID, java.lang.String userDN)
          Adds a new user to an activity access control list and rewrites the configuration file.

void grantResourceAccessToUser(java.lang.String resourceID, java.lang.String userDN)
          Adds a new user to the access control list for the given resource and rewrites the configuration file.

boolean removeUserFromActivityAccess(java.lang.String activityName, java.lang.String resourceID, java.lang.String userDN)
          Removes the given user from the activity access list and rewrites the configuration file.

boolean removeUserFromResourceAccess(java.lang.String resourceID, java.lang.String userDN)
          Removes the given user from the resource access list and rewrites the configuration file.

private void writeConfiguration()
          Rewrites the configuration file.

private void writeUsers(java.lang.StringBuffer xml, java.util.Map map, java.lang.String element, java.lang.String attr)
          Writes the distinguished names of authorized users wrapped in the given element.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

configPath

private final java.lang.String configPath

Constructor Detail

UpdateableFileAuthorizer

public UpdateableFileAuthorizer(java.lang.String config)
                         throws java.lang.Exception

Constructor. Reads the configuration file and populates the access control lists.
Parameters:: config - path of the configuration file
Throws:: java.lang.Exception - if a problem occurs

Method Detail

authorizeResource

public boolean authorizeResource(java.lang.String resourceID,
                                 SecurityContext context)

Description copied from class: SimpleFileAuthorizer

Authorizes access to a resource based on an access control list.

Specified by:: authorizeResource in interface AccessAuthorizer
Overrides:: authorizeResource in class SimpleFileAuthorizer

Parameters:: resourceID - resource to be accessed; context - security context of the request
Returns:: boolean indicating whether the resource can be accessed within the given security context.

authorizeActivity

public boolean authorizeActivity(java.lang.String resourceID,
                                 Activity activity,
                                 SecurityContext context)

Description copied from class: SimpleFileAuthorizer

Authorizes access to an activity based on an access control list. The resourceID is ignored.

Specified by:: authorizeActivity in interface AccessAuthorizer
Overrides:: authorizeActivity in class SimpleFileAuthorizer

Parameters:: resourceID - resource identifier; activity - activity object to be accessed; context - context of the request
Returns:: boolean value indicating whether access has been granted or denied.

grantResourceAccessToUser

public void grantResourceAccessToUser(java.lang.String resourceID,
                                      java.lang.String userDN)
                               throws java.lang.Exception

Adds a new user to the access control list for the given resource and rewrites the configuration file.

Parameters:: resourceID - resource identifier; userDN - distinguished name of the user
Throws:: java.lang.Exception - if an error occurred writing the configuration file

grantActivityAccessToUser

public void grantActivityAccessToUser(java.lang.String activityName,
                                      java.lang.String resourceID,
                                      java.lang.String userDN)
                               throws java.lang.Exception

Adds a new user to an activity access control list and rewrites the configuration file.

Parameters:: activityName - name of the activity; resourceID - resource identifier; userDN - distinguished name of the user to be added
Throws:: java.lang.Exception - if an error occurred writing the configuration file

removeUserFromResourceAccess

public boolean removeUserFromResourceAccess(java.lang.String resourceID,
                                            java.lang.String userDN)
                                     throws java.lang.Exception

Removes the given user from the resource access list and rewrites the configuration file.

Parameters:: resourceID - resouce identifier; userDN - distinguished name of the user to be removed
Returns:: true if the user name was contained in the access control list
Throws:: java.lang.Exception - if a problem occurs when writing the configuration file

removeUserFromActivityAccess

public boolean removeUserFromActivityAccess(java.lang.String activityName,
                                            java.lang.String resourceID,
                                            java.lang.String userDN)
                                     throws java.lang.Exception

Removes the given user from the activity access list and rewrites the configuration file.

Parameters:: activityName - name of the activity; resourceID - resource identifier; userDN - distinguished name of the user to be removed
Returns:: true if the user name was contained in the access control list
Throws:: java.lang.Exception - if a problem occurs when writing the configuration file

writeConfiguration

private void writeConfiguration()
                         throws java.lang.Exception

Rewrites the configuration file.

Throws:: java.lang.Exception - if an error occurred writing the configuration file

writeUsers

private void writeUsers(java.lang.StringBuffer xml,
                        java.util.Map map,
                        java.lang.String element,
                        java.lang.String attr)

Writes the distinguished names of authorized users wrapped in the given element.

Parameters:: xml - buffer to write to; map - Mapping of a resource/activity name to the set of authorized users; element - name of the element; attr - attribute name