Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

de.fzj.unicore.uas.security
Class UASSecurityProperties

java.lang.Object
  extended by de.fzj.unicore.wsrflite.security.DefaultSecurityProperties
      extended by de.fzj.unicore.uas.security.UASSecurityProperties
All Implemented Interfaces:
IUASSecurityProperties, de.fzj.unicore.wsrflite.security.ISecurityProperties, java.lang.Cloneable
public class UASSecurityProperties
extends de.fzj.unicore.wsrflite.security.DefaultSecurityProperties
implements IUASSecurityProperties, java.lang.Cloneable

security properties

Author:
schuller

Field Summary
 
Fields inherited from interface de.fzj.unicore.uas.security.IUASSecurityProperties
UAS_AUTHORISER, UAS_AUTHORISER_PROXY_SUPPORT, UAS_CHECK_CONSIGNOR_SIGNATURE, UAS_CHECKACCESS, UAS_CHECKACCESS_PDP, UAS_CHECKACCESS_PDPCONFIG, UAS_GATEWAY_ALIAS, UAS_INHANDLER_NAME, UAS_OUTHANDLER_NAME, UAS_REQUIRE_SIGNATURES
 
Fields inherited from interface de.fzj.unicore.wsrflite.security.ISecurityProperties
WSRF_SSL, WSRF_SSL_CLIENTAUTH, WSRF_SSL_KEYALIAS, WSRF_SSL_KEYPASS, WSRF_SSL_KEYSTORE, WSRF_SSL_KEYTYPE, WSRF_SSL_TRUSTPASS, WSRF_SSL_TRUSTSTORE, WSRF_SSL_TRUSTTYPE
 
Constructor Summary
UASSecurityProperties()
          for property lookup, this uses a hierarchy of property sources:
- supplied input stream (or file name)
- UAS properties
- WSRFLite kernel properties
UASSecurityProperties(java.io.InputStream is)
           
UASSecurityProperties(java.lang.String propertiesFileName)
           
 
Method Summary
 IUASSecurityProperties clone()
          make a copy of these properties
protected  java.lang.String doGetProperty(java.lang.String key)
          return named property.
 boolean doSignMessage()
          for outgoing calls, should the message be signed?
 java.security.cert.X509Certificate[] getCertChain()
          the full X509 certificate chain of the user
 java.lang.ClassLoader getClassLoader()
          get the classloader to be used e.g. for dynamically loading security handlers
 java.util.Map<java.lang.String,java.lang.Object> getExtraSecurityTokens()
          for outgoing calls, get extra security information
 java.security.cert.X509Certificate getGatewayCertificate()
          get the certificate of the gateway, or null if this is not configured (using the IUASSecurityProperties.UAS_GATEWAY_ALIAS property)
 java.lang.String getInHandlerClassName()
          returns the name of the security handler class for incoming messages
 java.lang.String getOutHandlerClassName()
          returns the name of the security handler class for outbound messages
 java.security.PrivateKey getPrivateKey()
          returns the private key entry identified by getKeystoreAlias() from the keystore
 java.lang.String getProperty(java.lang.String key)
          get a property
 java.security.cert.X509Certificate getPublicKey()
          the X509 public key identified by the specified alias
 javax.security.auth.x500.X500Principal getReceiver()
          for client calls that need to issue trust delegations, return the X500Principal of the receiver
 java.lang.String getRequestedUser()
           
 java.util.Map<java.lang.String,java.lang.String> getRequestedUserAttributes()
          Deprecated. use getRequestedUserAttributes2
 java.util.Map<java.lang.String,java.lang.String[]> getRequestedUserAttributes2()
          For outgoing calls, get extra security information
This will return a modifyable map, never null.
 java.util.List<eu.unicore.security.etd.TrustDelegation> getTrustDelegationTokens()
          for outgoing calls, get trust delegations to be passed on or extended
 boolean isSslClientAuthenticated()
          returns true if SSL mode is enabled.
 boolean isSslEnabled()
          returns true if SSL mode is enabled.
 boolean isTrustDelegationEnabled()
          for outgoing calls, will a trust assertion be generated?
 void setAddTrustDelegation(boolean addTrustDelegation)
          select whether trust delegation is enabled for outgoing messages TODO rename to issueTrustDelegation(boolean value)
 void setClassLoader(java.lang.ClassLoader classLoader)
          set the classloader to be used e.g. for dynamically loading security handlers
 void setExtraSecurityTokens(java.util.Map<java.lang.String,java.lang.Object> extraSecurityTokens)
          set extra security tokens to be used in outgoing calls
 void setProperty(java.lang.String key, java.lang.String value)
          set a property
 void setReceiver(javax.security.auth.x500.X500Principal receiver)
          for client calls that need to issue trust delegations, set the X500Principal of the receiver
 void setRequestedUser(java.lang.String requestedUserDN)
          Sets the user under whose identity you want the request to be invoked.
 void setSignMessage(boolean signMessage)
          select whether the outgoing message should be signed
 void setTrustDelegationTokens(java.util.List<eu.unicore.security.etd.TrustDelegation> tdTokens)
           
 java.lang.String toString()
           
 
Methods inherited from class de.fzj.unicore.wsrflite.security.DefaultSecurityProperties
getKeystore, getKeystoreAlias, getKeystorePassword, getKeystoreType, getTruststore, getTruststorePassword, getTruststoreType
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface de.fzj.unicore.wsrflite.security.ISecurityProperties
getKeystore, getKeystoreAlias, getKeystorePassword, getKeystoreType, getTruststore, getTruststorePassword, getTruststoreType
 

Constructor Detail

UASSecurityProperties

public UASSecurityProperties()
for property lookup, this uses a hierarchy of property sources:
- supplied input stream (or file name)
- UAS properties
- WSRFLite kernel properties

UASSecurityProperties

public UASSecurityProperties(java.io.InputStream is)

UASSecurityProperties

public UASSecurityProperties(java.lang.String propertiesFileName)
                      throws java.io.IOException
Throws:
java.io.IOException
Method Detail

clone

public IUASSecurityProperties clone()
                             throws java.lang.CloneNotSupportedException
Description copied from interface: IUASSecurityProperties
make a copy of these properties

Specified by:
clone in interface IUASSecurityProperties
Specified by:
clone in interface de.fzj.unicore.wsrflite.security.ISecurityProperties
Overrides:
clone in class de.fzj.unicore.wsrflite.security.DefaultSecurityProperties
Throws:
java.lang.CloneNotSupportedException

getInHandlerClassName

public java.lang.String getInHandlerClassName()
Description copied from interface: IUASSecurityProperties
returns the name of the security handler class for incoming messages

Specified by:
getInHandlerClassName in interface IUASSecurityProperties

getOutHandlerClassName

public java.lang.String getOutHandlerClassName()
Description copied from interface: IUASSecurityProperties
returns the name of the security handler class for outbound messages

Specified by:
getOutHandlerClassName in interface IUASSecurityProperties

doGetProperty

protected java.lang.String doGetProperty(java.lang.String key)
return named property. Lookup order: - own properties - UAS.getProperty() - Kernel.getKernel().getProperty()

Overrides:
doGetProperty in class de.fzj.unicore.wsrflite.security.DefaultSecurityProperties

getProperty

public java.lang.String getProperty(java.lang.String key)
Description copied from interface: IUASSecurityProperties
get a property

Specified by:
getProperty in interface IUASSecurityProperties

setProperty

public void setProperty(java.lang.String key,
                        java.lang.String value)
set a property

Specified by:
setProperty in interface IUASSecurityProperties
Parameters:
key -
value -

isSslEnabled

public boolean isSslEnabled()
returns true if SSL mode is enabled.
SSL can be enabled by setting a property "unicore.wsrflite.ssl" to "true" in the wsrflite.xml file or by defining a system property

Specified by:
isSslEnabled in interface de.fzj.unicore.wsrflite.security.ISecurityProperties
Overrides:
isSslEnabled in class de.fzj.unicore.wsrflite.security.DefaultSecurityProperties
Returns:

isSslClientAuthenticated

public boolean isSslClientAuthenticated()
returns true if SSL mode is enabled.
SSL can be enabled by setting a property "unicore.wsrflite.ssl.clientauth" to "true" in the service.xml file or by defining a system property

Specified by:
isSslClientAuthenticated in interface de.fzj.unicore.wsrflite.security.ISecurityProperties
Overrides:
isSslClientAuthenticated in class de.fzj.unicore.wsrflite.security.DefaultSecurityProperties
Returns:

getPublicKey

public java.security.cert.X509Certificate getPublicKey()
Description copied from interface: IUASSecurityProperties
the X509 public key identified by the specified alias

Specified by:
getPublicKey in interface IUASSecurityProperties

getCertChain

public java.security.cert.X509Certificate[] getCertChain()
Description copied from interface: IUASSecurityProperties
the full X509 certificate chain of the user

Specified by:
getCertChain in interface IUASSecurityProperties

setReceiver

public void setReceiver(javax.security.auth.x500.X500Principal receiver)
Description copied from interface: IUASSecurityProperties
for client calls that need to issue trust delegations, set the X500Principal of the receiver

Specified by:
setReceiver in interface IUASSecurityProperties

getReceiver

public javax.security.auth.x500.X500Principal getReceiver()
Description copied from interface: IUASSecurityProperties
for client calls that need to issue trust delegations, return the X500Principal of the receiver

Specified by:
getReceiver in interface IUASSecurityProperties

getPrivateKey

public java.security.PrivateKey getPrivateKey()
returns the private key entry identified by getKeystoreAlias() from the keystore

Specified by:
getPrivateKey in interface IUASSecurityProperties
Returns:
PrivateKey

toString

public java.lang.String toString()
Overrides:
toString in class de.fzj.unicore.wsrflite.security.DefaultSecurityProperties

isTrustDelegationEnabled

public boolean isTrustDelegationEnabled()
Description copied from interface: IUASSecurityProperties
for outgoing calls, will a trust assertion be generated?

Specified by:
isTrustDelegationEnabled in interface IUASSecurityProperties

setAddTrustDelegation

public void setAddTrustDelegation(boolean addTrustDelegation)
Description copied from interface: IUASSecurityProperties
select whether trust delegation is enabled for outgoing messages TODO rename to issueTrustDelegation(boolean value)

Specified by:
setAddTrustDelegation in interface IUASSecurityProperties

doSignMessage

public boolean doSignMessage()
Description copied from interface: IUASSecurityProperties
for outgoing calls, should the message be signed?

Specified by:
doSignMessage in interface IUASSecurityProperties

setSignMessage

public void setSignMessage(boolean signMessage)
Description copied from interface: IUASSecurityProperties
select whether the outgoing message should be signed

Specified by:
setSignMessage in interface IUASSecurityProperties

setTrustDelegationTokens

public void setTrustDelegationTokens(java.util.List<eu.unicore.security.etd.TrustDelegation> tdTokens)

getTrustDelegationTokens

public java.util.List<eu.unicore.security.etd.TrustDelegation> getTrustDelegationTokens()
Description copied from interface: IUASSecurityProperties
for outgoing calls, get trust delegations to be passed on or extended

Specified by:
getTrustDelegationTokens in interface IUASSecurityProperties

getGatewayCertificate

public java.security.cert.X509Certificate getGatewayCertificate()
Description copied from interface: IUASSecurityProperties
get the certificate of the gateway, or null if this is not configured (using the IUASSecurityProperties.UAS_GATEWAY_ALIAS property)

Specified by:
getGatewayCertificate in interface IUASSecurityProperties

getExtraSecurityTokens

public java.util.Map<java.lang.String,java.lang.Object> getExtraSecurityTokens()
Description copied from interface: IUASSecurityProperties
for outgoing calls, get extra security information

Specified by:
getExtraSecurityTokens in interface IUASSecurityProperties

setExtraSecurityTokens

public void setExtraSecurityTokens(java.util.Map<java.lang.String,java.lang.Object> extraSecurityTokens)
Description copied from interface: IUASSecurityProperties
set extra security tokens to be used in outgoing calls

Specified by:
setExtraSecurityTokens in interface IUASSecurityProperties

setRequestedUser

public void setRequestedUser(java.lang.String requestedUserDN)
Description copied from interface: IUASSecurityProperties
Sets the user under whose identity you want the request to be invoked.

Note that if you don't use this method but add trust delegations then the requested user will be implicitly set to the initial issuer (custodian) of the ETD chain. This method it therefore useful when the client doesn't send ETD tokens but has anyway rights to invoke operations on the requestedUser behalf (i.e. because of possession of a trusted agent role in the XUUDB/UVOS).

Specified by:
setRequestedUser in interface IUASSecurityProperties

getRequestedUser

public java.lang.String getRequestedUser()
Specified by:
getRequestedUser in interface IUASSecurityProperties
Returns:
the identity of the requested user as set by the setRequestedUser method. Note that this method won't return the implicit user which is taken from the ETD chain if the setRequestedUser was NOT called.

getRequestedUserAttributes2

public java.util.Map<java.lang.String,java.lang.String[]> getRequestedUserAttributes2()
Description copied from interface: IUASSecurityProperties
For outgoing calls, get extra security information
This will return a modifyable map, never null. To add an attribute request to a client call, do
 sec.getRequestedUserAttributes().put("XLOGIN", "test");

Specified by:
getRequestedUserAttributes2 in interface IUASSecurityProperties

getRequestedUserAttributes

@Deprecated
public java.util.Map<java.lang.String,java.lang.String> getRequestedUserAttributes()
Deprecated. use getRequestedUserAttributes2

Description copied from interface: IUASSecurityProperties
For outgoing calls, get extra security information
This will return a modifyable map, never null. To add an attribute request to a client call, do
 sec.getRequestedUserAttributes().put("XLOGIN", "test");

Specified by:
getRequestedUserAttributes in interface IUASSecurityProperties

getClassLoader

public java.lang.ClassLoader getClassLoader()
Description copied from interface: IUASSecurityProperties
get the classloader to be used e.g. for dynamically loading security handlers

Specified by:
getClassLoader in interface IUASSecurityProperties

setClassLoader

public void setClassLoader(java.lang.ClassLoader classLoader)
Description copied from interface: IUASSecurityProperties
set the classloader to be used e.g. for dynamically loading security handlers

Specified by:
setClassLoader in interface IUASSecurityProperties
Parameters:
classLoader - - the classloader to use
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2006-2010 Research Center Juelich. All Rights Reserved.