Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

de.fzj.unicore.uas.security
Interface IAttributeSource

All Known Implementing Classes:
AttributeSourcesChain, SecurityManager.NullAuthoriser
public interface IAttributeSource

IAttributeSource provides the interface for UNICORE/X to retrieve authorisation information (attributes) for a particular request from an attribute provider, based on information such as Client DN, certificate, etc, contained in an instance of SecurityTokens.
Lifecycle IAttributeSource implementations are created and initialised by the AttributeSourceFactory, which will create the instance using Class.forName(), set additional parameters, and finally call the init() method. The IAuthoriser will be created only once, and will be kept alive during the lifetime of the server.
Parameter injection When creating an IAttributeSource instance, UNICORE/X will set parameters according to the properties defined in the main configuration file (usually uas.config), provided there is a public setter method. For example, if the class has a field setHost(String host), it will be automatically invoked by UNICORE/X if the configuration has a property
uas.security.attributes.NAME1.Host
Currently parameters can be of type String, boolean, or numerical, for details see AttributeSourceFactory

Author:
schuller, golbi

Field Summary
static java.lang.String ATTRIBUTE_ADD_DEFAULT_GROUPS
          Add OS default groups.
static java.lang.String ATTRIBUTE_GROUP
          UNIX primary group attribute key.
static java.lang.String ATTRIBUTE_QUEUES
          BSS queue attribute key.
static java.lang.String ATTRIBUTE_ROLE
          UNICORE role attribute key.
static java.lang.String ATTRIBUTE_SUPPLEMENTARY_GROUPS
          UNIX supplementary groups attribute key.
static java.lang.String ATTRIBUTE_XLOGIN
          UNIX login attribute key.
static java.lang.String ROLE_ADMIN
          role attribute value: admin
static java.lang.String ROLE_ANONYMOUS
          role attribute value: anonymous
static java.lang.String ROLE_TRUSTED_AGENT
          role attribute value: trusted agent as asserted by a SAML trust delegation assertion
static java.lang.String SAML_ATTRIBUTE_REQUEST_NAMEFORMAT
          SAML attribute name for transporting attribute requests from client to server
 
Method Summary
 java.util.Map<java.lang.String,java.lang.String[]> getAttributes(eu.unicore.security.xfireutil.SecurityTokens tokens, java.util.Map<java.lang.String,java.lang.String[]> otherAuthoriserInfo)
          Retrieves a map of attributes based on the supplied SecurityTokens.
 java.lang.String getName()
          This method should return name of this attribute source, which was passed to the init() method.
 java.lang.String getStatusDescription()
          Get a user-friendly description of the attribute source's status.
 void init(java.lang.String name)
          initialise the source
 

Field Detail

ATTRIBUTE_ROLE

static final java.lang.String ATTRIBUTE_ROLE
UNICORE role attribute key. Only one may be selected.

See Also:
Constant Field Values

ATTRIBUTE_XLOGIN

static final java.lang.String ATTRIBUTE_XLOGIN
UNIX login attribute key. Only one may be selected.

See Also:
Constant Field Values

ATTRIBUTE_GROUP

static final java.lang.String ATTRIBUTE_GROUP
UNIX primary group attribute key. Only one may be selected.

See Also:
Constant Field Values

ATTRIBUTE_SUPPLEMENTARY_GROUPS

static final java.lang.String ATTRIBUTE_SUPPLEMENTARY_GROUPS
UNIX supplementary groups attribute key.

See Also:
Constant Field Values

ATTRIBUTE_ADD_DEFAULT_GROUPS

static final java.lang.String ATTRIBUTE_ADD_DEFAULT_GROUPS
Add OS default groups.

See Also:
Constant Field Values

ATTRIBUTE_QUEUES

static final java.lang.String ATTRIBUTE_QUEUES
BSS queue attribute key.

See Also:
Constant Field Values

ROLE_TRUSTED_AGENT

static final java.lang.String ROLE_TRUSTED_AGENT
role attribute value: trusted agent as asserted by a SAML trust delegation assertion

See Also:
Constant Field Values

ROLE_ANONYMOUS

static final java.lang.String ROLE_ANONYMOUS
role attribute value: anonymous

See Also:
Constant Field Values

ROLE_ADMIN

static final java.lang.String ROLE_ADMIN
role attribute value: admin

See Also:
Constant Field Values

SAML_ATTRIBUTE_REQUEST_NAMEFORMAT

static final java.lang.String SAML_ATTRIBUTE_REQUEST_NAMEFORMAT
SAML attribute name for transporting attribute requests from client to server

See Also:
Constant Field Values
Method Detail

init

void init(java.lang.String name)
          throws java.lang.Exception
initialise the source

Throws:
java.lang.Exception

getAttributes

java.util.Map<java.lang.String,java.lang.String[]> getAttributes(eu.unicore.security.xfireutil.SecurityTokens tokens,
                                                                 java.util.Map<java.lang.String,java.lang.String[]> otherAuthoriserInfo)
                                                                 throws java.io.IOException
Retrieves a map of attributes based on the supplied SecurityTokens.
Since authorisers can be chained, it might be sometimes useful to see attributes returned by authorisers that have run previously. This information is supplied in the "otherAuthoriserInfo" map.
Attribute sources must not make any authorisation decisions. Thus, no exceptions must be thrown if no attributes are found. Only IOExceptions should be thrown in case of technical problems contacting the actual attribute provider. This is to allow upstream code (i.e. the UNICORE/X server) to log the error, or to take any other action (like notify an administrator). If no attributes are found, an empty map or null

Parameters:
tokens - - security tokens for this request
otherAuthoriserInfo - - attributes returned by other authorisers, which may be null
Returns:
authorisation attributes, i.e. a mapping of attribute names to lists of values
Throws:
java.io.IOException - in case of technical problems

getStatusDescription

java.lang.String getStatusDescription()
Get a user-friendly description of the attribute source's status.
This is used for informing the administrator of any problems with configuration, connection problems, etc. UNICORE/X will print a log entry describing the status immediately after startup.
This method should not block for too long, since the server startup would be stalled in this case. For example, you may use the TimeoutRunner class to avoid blocking.

Returns:
a String describing this attribute source's status.

getName

java.lang.String getName()
This method should return name of this attribute source, which was passed to the init() method.

Returns:
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2006-2010 Research Center Juelich. All Rights Reserved.