Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opensciencegrid.authz.client
Class SAMLAuthZClientBase

java.lang.Object
  extended byorg.opensciencegrid.authz.client.SAMLAuthZClientBase
Direct Known Subclasses:
GRIDIdentityMappingServiceClient
public class SAMLAuthZClientBase
extends java.lang.Object

Constructor Summary
SAMLAuthZClientBase()
           
 
Method Summary
 java.util.ArrayList createFQANEvidenceFromGSS(java.lang.String gssContext)
          Create an ArrayList with a single SAML Attribute Statement embedded in a single SAML Assertion.
 java.util.ArrayList createFQANEvidenceFromString(org.opensaml.SAMLSubject samlSubject, java.lang.String fqanIssuer, java.lang.String fqan)
          Create an ArrayList with a single SAML Attribute Statement (bound to the specified SAMLSubject) embedded in a single SAML Assertion.
 java.util.ArrayList createMappingActions()
          Create an ArrayList with the OSG Mapping Action as the single SAMLAction element
 org.opensaml.SAMLSubject getSAMLSubjectFromGSS(java.lang.String gssContext)
          create a SAML Subject based on the subject name of the peer certificate (issuing EEC in case of proxy) subjecta as extracted from the supplied gss context (not implemented) Subject will include certificate path as confirmation method (not implemented)
 org.opensaml.SAMLSubject getSAMLSubjectFromString(java.lang.String subjectName)
          create a SAML Subject from a DN String
 LocalId processAuthzStmt(org.opensaml.SAMLAuthorizationDecisionStatement stmt, java.lang.String resource, java.util.ArrayList actions, org.opensaml.SAMLSubject samlSubject)
          Specialized method to process a received authorization decision statement that holds obligations with local user ID qualifications If the response is valid, action permitted and obligations present then it will return a LocaldQualifiers object with the attributes conveyed via obligations set.
 org.opensaml.SAMLAuthorizationDecisionStatement queryAuthZService(org.opensaml.SAMLSubject samlSubject, java.util.ArrayList samlEvidence, java.util.ArrayList samlActions, java.lang.String requestedServiceName, java.net.URL contact)
          General method to create and submit a SAMLAuthorizationDecisionQuery to an Authorization Service.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLAuthZClientBase

public SAMLAuthZClientBase()
Method Detail

getSAMLSubjectFromString

public org.opensaml.SAMLSubject getSAMLSubjectFromString(java.lang.String subjectName)
                                                  throws org.opensaml.SAMLException
create a SAML Subject from a DN String

Throws:
org.opensaml.SAMLException

getSAMLSubjectFromGSS

public org.opensaml.SAMLSubject getSAMLSubjectFromGSS(java.lang.String gssContext)
                                               throws org.opensaml.SAMLException
create a SAML Subject based on the subject name of the peer certificate (issuing EEC in case of proxy) subjecta as extracted from the supplied gss context (not implemented) Subject will include certificate path as confirmation method (not implemented)

Throws:
org.opensaml.SAMLException

createMappingActions

public java.util.ArrayList createMappingActions()
                                         throws org.opensaml.SAMLException
Create an ArrayList with the OSG Mapping Action as the single SAMLAction element

Throws:
org.opensaml.SAMLException

createFQANEvidenceFromString

public java.util.ArrayList createFQANEvidenceFromString(org.opensaml.SAMLSubject samlSubject,
                                                        java.lang.String fqanIssuer,
                                                        java.lang.String fqan)
                                                 throws org.opensaml.SAMLException,
                                                        java.lang.CloneNotSupportedException
Create an ArrayList with a single SAML Attribute Statement (bound to the specified SAMLSubject) embedded in a single SAML Assertion. The attribute statement will hold a single VOMS FQAN attribute.

Throws:
org.opensaml.SAMLException
java.lang.CloneNotSupportedException

createFQANEvidenceFromGSS

public java.util.ArrayList createFQANEvidenceFromGSS(java.lang.String gssContext)
Create an ArrayList with a single SAML Attribute Statement embedded in a single SAML Assertion. The attribute statement will hold a single VOMS FQAN attribute. The FQAN information is extracted from the GSS context. (NOT IMPLEMENTED)

queryAuthZService

public org.opensaml.SAMLAuthorizationDecisionStatement queryAuthZService(org.opensaml.SAMLSubject samlSubject,
                                                                         java.util.ArrayList samlEvidence,
                                                                         java.util.ArrayList samlActions,
                                                                         java.lang.String requestedServiceName,
                                                                         java.net.URL contact)
                                                                  throws org.opensaml.SAMLException,
                                                                         javax.xml.rpc.ServiceException,
                                                                         java.rmi.RemoteException,
                                                                         java.lang.Exception
General method to create and submit a SAMLAuthorizationDecisionQuery to an Authorization Service. Supports standard as well as obligated authorization decision responses. Will return the AuthorizationDecisionStatement object (may be SAMLAuthorizationDecisionStatement or ObligatedAuthorizationDecisionStatement) returns null or throws exception if no valid response/statement was received

Throws:
org.opensaml.SAMLException
javax.xml.rpc.ServiceException
java.rmi.RemoteException
java.lang.Exception

processAuthzStmt

public LocalId processAuthzStmt(org.opensaml.SAMLAuthorizationDecisionStatement stmt,
                                java.lang.String resource,
                                java.util.ArrayList actions,
                                org.opensaml.SAMLSubject samlSubject)
Specialized method to process a received authorization decision statement that holds obligations with local user ID qualifications If the response is valid, action permitted and obligations present then it will return a LocaldQualifiers object with the attributes conveyed via obligations set. If the decision is permit but no obligations present or only partially present then the LocalID object will have some elements be null. If decision is deny, unknown obligations present or the response is invalid for other reasons then the "null" will be returned. Supported obligations are: - UserIdObligation with single local user name as string attribute - GroupIdObligation with single local primary group name as string attribute - SupplementalGroupIdsObligation with space delimited list of local group names as string attribute - RootPathObligation with root path as string attribute - RelativeHomePathObligation with home path relative to root path as string attribute

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2005 BNL siteAAA. All Rights Reserved.