Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

de.fzj.unicore.uas.security
Interface IUASSecurityProperties

All Superinterfaces:
java.lang.Cloneable, de.fzj.unicore.wsrflite.security.ISecurityProperties
All Known Implementing Classes:
UASSecurityProperties
public interface IUASSecurityProperties
extends de.fzj.unicore.wsrflite.security.ISecurityProperties, java.lang.Cloneable

UNICORE 6 security properties
This interface defines a number of property keys for controlling the behaviour of the security subsystem.
Also, security properties are used for configuring security handlers. They contain a number of methods related to the various entities involved in making an outgoing Grid call, and to security level and trust delegation.

Author:
schuller
See Also:
UASSecurityProperties, TDOutHandler, DSigParseInHandler

Field Summary
static java.lang.String UAS_AUTHORISER
          Deprecated. - see AttributeSourceFactory for the new way of configuring attribute sources
static java.lang.String UAS_AUTHORISER_PROXY_SUPPORT
          set to "true" to enable proxy certificate support, i.e. proper handling of the proxy DNs (does NOT mean that proxies can be used for the SSL connection to the UNICORE/X container)
static java.lang.String UAS_CHECK_CONSIGNOR_SIGNATURE
          do we check if the consignor assertion is signed?
static java.lang.String UAS_CHECKACCESS
          do we check access on the WSRF level?
static java.lang.String UAS_CHECKACCESS_PDP
          access control PDP class name (implementing de.fzj.uas.security.XacmlPDP)
static java.lang.String UAS_CHECKACCESS_PDPCONFIG
          configuration file for the PDP
static java.lang.String UAS_GATEWAY_ALIAS
          for stricter security, define which certificate from the truststore will be used to verify gateway consignor assertions
static java.lang.String UAS_INHANDLER_NAME
          for CLIENT use: space-separated names of any extra UAS incoming security handler classes
static java.lang.String UAS_OUTHANDLER_NAME
          for CLIENT use: space separated name(s) of any extra UAS outbound security handler class(es)
static java.lang.String UAS_REQUIRE_SIGNATURES
          do we require signatures on certain messages
 
Fields inherited from interface de.fzj.unicore.wsrflite.security.ISecurityProperties
WSRF_SSL, WSRF_SSL_CLIENTAUTH, WSRF_SSL_KEYALIAS, WSRF_SSL_KEYPASS, WSRF_SSL_KEYSTORE, WSRF_SSL_KEYTYPE, WSRF_SSL_TRUSTPASS, WSRF_SSL_TRUSTSTORE, WSRF_SSL_TRUSTTYPE
 
Method Summary
 IUASSecurityProperties clone()
          make a copy of these properties
 boolean doSignMessage()
          for outgoing calls, should the message be signed?
 java.security.cert.X509Certificate[] getCertChain()
          the full X509 certificate chain of the user
 java.lang.ClassLoader getClassLoader()
          get the classloader to be used e.g. for dynamically loading security handlers
 java.util.Map<java.lang.String,java.lang.Object> getExtraSecurityTokens()
          for outgoing calls, get extra security information
 java.security.cert.X509Certificate getGatewayCertificate()
          get the certificate of the gateway, or null if this is not configured (using the UAS_GATEWAY_ALIAS property)
 java.lang.String getInHandlerClassName()
          returns the name of the security handler class for incoming messages
 java.lang.String getOutHandlerClassName()
          returns the name of the security handler class for outbound messages
 java.security.PrivateKey getPrivateKey()
          private key for signing messages
 java.lang.String getProperty(java.lang.String key)
          get a property
 java.security.cert.X509Certificate getPublicKey()
          the X509 public key identified by the specified alias
 javax.security.auth.x500.X500Principal getReceiver()
          for client calls that need to issue trust delegations, return the X500Principal of the receiver
 java.lang.String getRequestedUser()
           
 java.util.Map<java.lang.String,java.lang.String> getRequestedUserAttributes()
          Deprecated. 
 java.util.Map<java.lang.String,java.lang.String[]> getRequestedUserAttributes2()
          For outgoing calls, get extra security information
This will return a modifyable map, never null.
 java.util.List<eu.unicore.security.etd.TrustDelegation> getTrustDelegationTokens()
          for outgoing calls, get trust delegations to be passed on or extended
 boolean isTrustDelegationEnabled()
          for outgoing calls, will a trust assertion be generated?
 void setAddTrustDelegation(boolean value)
          select whether trust delegation is enabled for outgoing messages TODO rename to issueTrustDelegation(boolean value)
 void setClassLoader(java.lang.ClassLoader classLoader)
          set the classloader to be used e.g. for dynamically loading security handlers
 void setExtraSecurityTokens(java.util.Map<java.lang.String,java.lang.Object> tokens)
          set extra security tokens to be used in outgoing calls
 void setProperty(java.lang.String key, java.lang.String value)
          set a property
 void setReceiver(javax.security.auth.x500.X500Principal receiver)
          for client calls that need to issue trust delegations, set the X500Principal of the receiver
 void setRequestedUser(java.lang.String requestedUserDN)
          Sets the user under whose identity you want the request to be invoked.
 void setSignMessage(boolean what)
          select whether the outgoing message should be signed
 
Methods inherited from interface de.fzj.unicore.wsrflite.security.ISecurityProperties
getKeystore, getKeystoreAlias, getKeystorePassword, getKeystoreType, getTruststore, getTruststorePassword, getTruststoreType, isSslClientAuthenticated, isSslEnabled
 

Field Detail

UAS_AUTHORISER

static final java.lang.String UAS_AUTHORISER
Deprecated. - see AttributeSourceFactory for the new way of configuring attribute sources
attribute source (implementing de.fzj.uas.security.IAttributeSource)

See Also:
Constant Field Values

UAS_AUTHORISER_PROXY_SUPPORT

static final java.lang.String UAS_AUTHORISER_PROXY_SUPPORT
set to "true" to enable proxy certificate support, i.e. proper handling of the proxy DNs (does NOT mean that proxies can be used for the SSL connection to the UNICORE/X container)

See Also:
Constant Field Values

UAS_CHECKACCESS

static final java.lang.String UAS_CHECKACCESS
do we check access on the WSRF level?

See Also:
Constant Field Values

UAS_CHECKACCESS_PDP

static final java.lang.String UAS_CHECKACCESS_PDP
access control PDP class name (implementing de.fzj.uas.security.XacmlPDP)

See Also:
Constant Field Values

UAS_CHECKACCESS_PDPCONFIG

static final java.lang.String UAS_CHECKACCESS_PDPCONFIG
configuration file for the PDP

See Also:
Constant Field Values

UAS_OUTHANDLER_NAME

static final java.lang.String UAS_OUTHANDLER_NAME
for CLIENT use: space separated name(s) of any extra UAS outbound security handler class(es)

See Also:
Constant Field Values

UAS_INHANDLER_NAME

static final java.lang.String UAS_INHANDLER_NAME
for CLIENT use: space-separated names of any extra UAS incoming security handler classes

See Also:
Constant Field Values

UAS_CHECK_CONSIGNOR_SIGNATURE

static final java.lang.String UAS_CHECK_CONSIGNOR_SIGNATURE
do we check if the consignor assertion is signed?

See Also:
Constant Field Values

UAS_REQUIRE_SIGNATURES

static final java.lang.String UAS_REQUIRE_SIGNATURES
do we require signatures on certain messages

See Also:
Constant Field Values

UAS_GATEWAY_ALIAS

static final java.lang.String UAS_GATEWAY_ALIAS
for stricter security, define which certificate from the truststore will be used to verify gateway consignor assertions

See Also:
Constant Field Values
Method Detail

clone

IUASSecurityProperties clone()
                             throws java.lang.CloneNotSupportedException
make a copy of these properties

Specified by:
clone in interface de.fzj.unicore.wsrflite.security.ISecurityProperties
Returns:
Throws:
java.lang.CloneNotSupportedException

setProperty

void setProperty(java.lang.String key,
                 java.lang.String value)
set a property

Parameters:
key -
value -

getProperty

java.lang.String getProperty(java.lang.String key)
get a property

Parameters:
key -

getOutHandlerClassName

java.lang.String getOutHandlerClassName()
returns the name of the security handler class for outbound messages

getInHandlerClassName

java.lang.String getInHandlerClassName()
returns the name of the security handler class for incoming messages

getPublicKey

java.security.cert.X509Certificate getPublicKey()
the X509 public key identified by the specified alias

getCertChain

java.security.cert.X509Certificate[] getCertChain()
the full X509 certificate chain of the user

getPrivateKey

java.security.PrivateKey getPrivateKey()
private key for signing messages

Returns:
PrivateKey

getReceiver

javax.security.auth.x500.X500Principal getReceiver()
for client calls that need to issue trust delegations, return the X500Principal of the receiver

setReceiver

void setReceiver(javax.security.auth.x500.X500Principal receiver)
for client calls that need to issue trust delegations, set the X500Principal of the receiver

doSignMessage

boolean doSignMessage()
for outgoing calls, should the message be signed?

setSignMessage

void setSignMessage(boolean what)
select whether the outgoing message should be signed

Parameters:
what -

isTrustDelegationEnabled

boolean isTrustDelegationEnabled()
for outgoing calls, will a trust assertion be generated?

setAddTrustDelegation

void setAddTrustDelegation(boolean value)
select whether trust delegation is enabled for outgoing messages TODO rename to issueTrustDelegation(boolean value)

setRequestedUser

void setRequestedUser(java.lang.String requestedUserDN)
Sets the user under whose identity you want the request to be invoked.

Note that if you don't use this method but add trust delegations then the requested user will be implicitly set to the initial issuer (custodian) of the ETD chain. This method it therefore useful when the client doesn't send ETD tokens but has anyway rights to invoke operations on the requestedUser behalf (i.e. because of possession of a trusted agent role in the XUUDB/UVOS).

Parameters:
requested - user's DN

getRequestedUser

java.lang.String getRequestedUser()
Returns:
the identity of the requested user as set by the setRequestedUser method. Note that this method won't return the implicit user which is taken from the ETD chain if the setRequestedUser was NOT called.

getTrustDelegationTokens

java.util.List<eu.unicore.security.etd.TrustDelegation> getTrustDelegationTokens()
for outgoing calls, get trust delegations to be passed on or extended

getGatewayCertificate

java.security.cert.X509Certificate getGatewayCertificate()
get the certificate of the gateway, or null if this is not configured (using the UAS_GATEWAY_ALIAS property)

getExtraSecurityTokens

java.util.Map<java.lang.String,java.lang.Object> getExtraSecurityTokens()
for outgoing calls, get extra security information

setExtraSecurityTokens

void setExtraSecurityTokens(java.util.Map<java.lang.String,java.lang.Object> tokens)
set extra security tokens to be used in outgoing calls

Parameters:
tokens -

getRequestedUserAttributes

@Deprecated
java.util.Map<java.lang.String,java.lang.String> getRequestedUserAttributes()
Deprecated. 

For outgoing calls, get extra security information
This will return a modifyable map, never null. To add an attribute request to a client call, do
 sec.getRequestedUserAttributes().put("XLOGIN", "test");

getRequestedUserAttributes2

java.util.Map<java.lang.String,java.lang.String[]> getRequestedUserAttributes2()
For outgoing calls, get extra security information
This will return a modifyable map, never null. To add an attribute request to a client call, do
 sec.getRequestedUserAttributes().put("XLOGIN", "test");

setClassLoader

void setClassLoader(java.lang.ClassLoader classLoader)
set the classloader to be used e.g. for dynamically loading security handlers

Parameters:
classLoader - - the classloader to use

getClassLoader

java.lang.ClassLoader getClassLoader()
get the classloader to be used e.g. for dynamically loading security handlers

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2006-2010 Research Center Juelich. All Rights Reserved.