org.opensciencegrid.authz.service
Class BasicMappingAuthZService
java.lang.Object
org.opensciencegrid.authz.service.SAMLAuthZServiceBase
org.opensciencegrid.authz.service.BasicMappingAuthZService
- All Implemented Interfaces:
- java.rmi.Remote, SAMLRequestPortType
- public class BasicMappingAuthZService
- extends SAMLAuthZServiceBase
Implements the SAML AuthZ service as a simple mapping service.
Receives a SAML authorization requests and queries a GRID Identity
Mapping Service to decide how to perform the GRID identity to local
identity mapping.
- Author:
- Markus Lorch, Gabriele Carcassi
Field Summary |
protected java.lang.String |
serviceIdentity
the identity/name/dn of this service |
Method Summary |
protected SAMLAuthZServiceBase.AuthzDecision |
authorize(org.opensaml.SAMLSubject subject,
java.lang.String resource,
java.util.Iterator actions,
java.util.Iterator evidence)
the main method, it implements the abstract authorize method with
the logic necessary to make an identity mapping decision and interfaces
with the identity mapping service
the function interprets the responses from the mappingservice mapCredentials
function as follows:
mapCredentials returns LocalId object = permit
mapCredentials returns null = deny
mapCredentials throws exception = indeterminate
if any of the other functions fail the result will also be indeterminate or,
an exception will be thrown
provides an AuthzDecision object which contains a decision, permitted actions,
obligations and the issuer name (the name of this service) |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
serviceIdentity
protected java.lang.String serviceIdentity
- the identity/name/dn of this service
BasicMappingAuthZService
public BasicMappingAuthZService(GRIDIdentityMappingService mapService)
- Creates a SAML AuthZ service from a GRID Identity Mapping Service.
authorize
protected SAMLAuthZServiceBase.AuthzDecision authorize(org.opensaml.SAMLSubject subject,
java.lang.String resource,
java.util.Iterator actions,
java.util.Iterator evidence)
throws org.opensaml.SAMLException
- the main method, it implements the abstract authorize method with
the logic necessary to make an identity mapping decision and interfaces
with the identity mapping service
the function interprets the responses from the mappingservice mapCredentials
function as follows:
mapCredentials returns LocalId object = permit
mapCredentials returns null = deny
mapCredentials throws exception = indeterminate
if any of the other functions fail the result will also be indeterminate or,
an exception will be thrown
provides an AuthzDecision object which contains a decision, permitted actions,
obligations and the issuer name (the name of this service)
- Specified by:
authorize
in class SAMLAuthZServiceBase
- Throws:
org.opensaml.SAMLException
Copyright © 2004-2005 BNL siteAAA. All Rights Reserved.