gov.bnl.gums.userGroup
Class VOMSUserGroup

java.lang.Object
  gov.bnl.gums.userGroup.UserGroup
      gov.bnl.gums.userGroup.VOMSUserGroup

public class VOMSUserGroup
extends UserGroup

A group of users residing on a VOMS vo database. This class is able to import a list of users from a VOMS server. It will store to a local medium through the UserGroupDB interface. It also manages the caching from the local database.

The authentication is done through the proxy, or a certificate/key/password combination. The parameters are to be set externally as system properties. The proxy can be set through "gridProxyFile" property. Other properties are "sslCertfile", "sslKey", "sslKeyPasswd" and "sslCAFiles". More documentation can be found in the documentation of the edg trustmanager

Author:

Gabriele Carcassi, Jay Packard

Field Summary

Fields inherited from class gov.bnl.gums.userGroup.UserGroup

accessIndex, accessTypes

Constructor Summary

VOMSUserGroup()

VOMSUserGroup(Configuration configuration)

VOMSUserGroup(Configuration configuration, java.lang.String name)

Method Summary

UserGroup	clone(Configuration configuration) Create a clone of itself
java.lang.String	getMatchFQAN() The scheme according to which the FQAN will be matched.
static java.util.List	getMatchFQANTypes()
java.util.List	getMemberList() Returns the list of user identities that are part of the group.
java.lang.String	getRemainderUrl()
java.lang.String	getRole() Changes the role.
java.lang.String	getType() Getter for property type.
static java.lang.String	getTypeStatic()
java.lang.String	getUrl()
java.lang.String	getVoGroup() Returns the VO group.
org.edg.security.voms.service.admin.VOMSAdmin	getVOMSAdmin()
java.lang.String	getVomsServer() Get name of VomsServer
boolean	isAcceptProxyWithoutFQAN() True if non-VOMS will be accepted.
boolean	isIgnoreFQAN() Convenience function for "ignore".equals(getmatchFQAN())
boolean	isInGroup(GridUser user) Determines whether the given user identity is part of the group.
void	setAcceptProxyWithoutFQAN(boolean acceptProxyWithoutFQAN) Changes the way non-VOMS proxies are handled.
void	setMatchFQAN(java.lang.String matchFQAN) Changes the scheme according to which the FQAN will be matched.
void	setRemainderUrl(java.lang.String remainderUrl)
void	setRole(java.lang.String role) Changes the role.
void	setVoGroup(java.lang.String voGroup) Changes the VO group.
void	setVomsServer(java.lang.String vomsServer) Set name of VOMS Server
java.lang.String	toString()
java.lang.String	toString(java.lang.String bgColor) Get string representation of this object for displaying in the diagnostic summary web page
java.lang.String	toXML() Create a clone of itself
void	updateMembers() Updates the local list of the users from the source of the group.

Methods inherited from class gov.bnl.gums.userGroup.UserGroup

getAccess, getConfiguration, getDescription, getName, hasReadAllAccess, hasReadSelfAccess, hasWriteAccess, setAccess, setConfiguration, setDescription, setName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

VOMSUserGroup

public VOMSUserGroup()

VOMSUserGroup

public VOMSUserGroup(Configuration configuration)

VOMSUserGroup

public VOMSUserGroup(Configuration configuration,
                     java.lang.String name)

Method Detail

getTypeStatic

public static java.lang.String getTypeStatic()

getMatchFQANTypes

public static java.util.List getMatchFQANTypes()

clone

public UserGroup clone(Configuration configuration)

Description copied from class: UserGroup

Create a clone of itself

Specified by:

clone in class UserGroup

Returns:

getMatchFQAN

public java.lang.String getMatchFQAN()

The scheme according to which the FQAN will be matched.

Possible values are:

• exact (default) - role, group, and vo have to match.
• vorole - role and vo have to match.
• role - rolehas to match.
• group, vogroup - group and vo have to match.
• vo - vo has to match.
• ignore - no matching.

Returns:

matching type as String.

getMemberList

public java.util.List getMemberList()

Description copied from class: UserGroup

Returns the list of user identities that are part of the group.

Some UserGroups, however, could be defined by a rule that doesn't allow listing. For example, a group could be 'all the users with a DOEGrids certificate'. Though one could argue whether or not is a good idea to have such a group, one can implement one and throw an UnsupportedOperationException. This will make it impossible for GUMS to create a grid-mapfile, but would still allow direct user to account mapping through a call-out.

Specified by:

getMemberList in class UserGroup

Returns:

a List of GridUser objects representing the user certificate DN.

getRemainderUrl

public java.lang.String getRemainderUrl()

getType

public java.lang.String getType()

Description copied from class: UserGroup

Getter for property type.

Overrides:

getType in class UserGroup

Returns:

type as string

getUrl

public java.lang.String getUrl()

getVomsServer

public java.lang.String getVomsServer()

Get name of VomsServer

Returns:

getVoGroup

public java.lang.String getVoGroup()

Returns the VO group.

Returns:

The group in the VOMS (i.e. /atlas/usatlas)

getVOMSAdmin

public org.edg.security.voms.service.admin.VOMSAdmin getVOMSAdmin()

getRole

public java.lang.String getRole()

Changes the role.

Returns:

The role name in the VOMS server (i.e. myrole), or "" for no role

isAcceptProxyWithoutFQAN

public boolean isAcceptProxyWithoutFQAN()

True if non-VOMS will be accepted. If true, all non-VOMS proxies with a matchin DN will be matched. VOMS proxies won't be affected by the use of this property.

Returns:

True if group will accept non-VOMS proxies

isIgnoreFQAN

public boolean isIgnoreFQAN()

Convenience function for "ignore".equals(getmatchFQAN())

Returns:

False if FQAN is used during the match

isInGroup

public boolean isInGroup(GridUser user)

Description copied from class: UserGroup

Determines whether the given user identity is part of the group.

Specified by:

isInGroup in class UserGroup

Returns:

true if it's in the group

setAcceptProxyWithoutFQAN

public void setAcceptProxyWithoutFQAN(boolean acceptProxyWithoutFQAN)

Changes the way non-VOMS proxies are handled.

Parameters:

acceptProxyWithoutFQAN - True if group will accept non-VOMS proxies

setMatchFQAN

public void setMatchFQAN(java.lang.String matchFQAN)

Changes the scheme according to which the FQAN will be matched. See getMatchFQAN for more details.

Parameters:

matchFQAN - One of the following: "exact, "vorole, "role", "vogroup", "vo", "ignore". (also "group" for backwards compat.)

setRemainderUrl

public void setRemainderUrl(java.lang.String remainderUrl)

setVomsServer

public void setVomsServer(java.lang.String vomsServer)

Set name of VOMS Server

Parameters:

vo -

setVoGroup

public void setVoGroup(java.lang.String voGroup)

Changes the VO group.

Parameters:

voGroup - The group in the VOMS (i.e. /atlas/usatlas)

setRole

public void setRole(java.lang.String role)

Changes the role.

Parameters:

role - The role in the VOMS (i.e.production)

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

toString

public java.lang.String toString(java.lang.String bgColor)

Description copied from class: UserGroup

Get string representation of this object for displaying in the diagnostic summary web page

Specified by:

toString in class UserGroup

Parameters:

bgColor - back ground color

Returns:

toXML

public java.lang.String toXML()

Description copied from class: UserGroup

Create a clone of itself

Specified by:

toXML in class UserGroup

Returns:

updateMembers

public void updateMembers()

Description copied from class: UserGroup

Updates the local list of the users from the source of the group.

Most user groups will get the information from a separate database accessible via WAN. For that reason, the user group will maintain a local cache with the list of members, which can be updated through this method.

Specified by:

updateMembers in class UserGroup