BasicMappingAuthZService (Privilege Project 1.0.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.opensciencegrid.authz.service
Class BasicMappingAuthZService

java.lang.Object
  org.opensciencegrid.authz.service.SAMLAuthZServiceBase
      org.opensciencegrid.authz.service.BasicMappingAuthZService

All Implemented Interfaces:: java.rmi.Remote, SAMLRequestPortType

public class BasicMappingAuthZService
extends SAMLAuthZServiceBase

Implements the SAML AuthZ service as a simple mapping service. Receives a SAML authorization requests and queries a GRID Identity Mapping Service to decide how to perform the GRID identity to local identity mapping.

Author:: Markus Lorch, Gabriele Carcassi

Nested Class Summary

Nested classes inherited from class org.opensciencegrid.authz.service.SAMLAuthZServiceBase

SAMLAuthZServiceBase.AuthzDecision, SAMLAuthZServiceBase.FQAN

Field Summary
`protected java.lang.String`	`serviceIdentity` the identity/name/dn of this service

Constructor Summary
`BasicMappingAuthZService(GRIDIdentityMappingService mapService)` Creates a SAML AuthZ service from a GRID Identity Mapping Service.

Method Summary

protected SAMLAuthZServiceBase.AuthzDecision authorize(org.opensaml.SAMLSubject subject, java.lang.String resource, java.util.Iterator actions, java.util.Iterator evidence)
the main method, it implements the abstract authorize method with the logic necessary to make an identity mapping decision and interfaces with the identity mapping service the function interprets the responses from the mappingservice mapCredentials function as follows: mapCredentials returns LocalId object = permit mapCredentials returns null = deny mapCredentials throws exception = indeterminate if any of the other functions fail the result will also be indeterminate or, an exception will be thrown provides an AuthzDecision object which contains a decision, permitted actions, obligations and the issuer name (the name of this service)

Methods inherited from class org.opensciencegrid.authz.service.SAMLAuthZServiceBase

findFQANinSubjectEvidence, getFQAN, locatePermissibleActions, SAMLRequest

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

serviceIdentity

protected java.lang.String serviceIdentity

the identity/name/dn of this service

Constructor Detail

BasicMappingAuthZService

public BasicMappingAuthZService(GRIDIdentityMappingService mapService)

Creates a SAML AuthZ service from a GRID Identity Mapping Service.

Method Detail

authorize

protected SAMLAuthZServiceBase.AuthzDecision authorize(org.opensaml.SAMLSubject subject,
                                                       java.lang.String resource,
                                                       java.util.Iterator actions,
                                                       java.util.Iterator evidence)
                                                throws org.opensaml.SAMLException

the main method, it implements the abstract authorize method with the logic necessary to make an identity mapping decision and interfaces with the identity mapping service the function interprets the responses from the mappingservice mapCredentials function as follows: mapCredentials returns LocalId object = permit mapCredentials returns null = deny mapCredentials throws exception = indeterminate if any of the other functions fail the result will also be indeterminate or, an exception will be thrown provides an AuthzDecision object which contains a decision, permitted actions, obligations and the issuer name (the name of this service)

Specified by:: authorize in class SAMLAuthZServiceBase

Throws:: org.opensaml.SAMLException