Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

no.feide.moria.authorization
Class AuthorizationManager

java.lang.Object
  extended by no.feide.moria.authorization.AuthorizationManager

public final class AuthorizationManager
extends java.lang.Object

The AuthorizationManager class is used to parse and store authorization data. The authorization data source is XML which is passed as a properties object through the setConfig method. The config data must contain information about every web service allowed to access Moria, and which attributes, operations and subsystems the service can access.

When a new set of data arrives, the authorization manager parses it and replaces the old dataset if the parsing was successful. The authorization manager can then be used to answer authorization questions, most likely from the Moria controller.

When the controller receives a request, it asks the authorization manager if the web service is authorized to perform the request. Every request includes the service principal.

Version:
$Revision: 1.35 $
Author:
Lars Preben S. Arnesen <lars.preben.arnesen@conduct.no>

Field Summary
private  boolean activated
          True if the authorization manager is ready to be used.
private  java.util.HashMap authzClients
          List of client authorization objects.
private  java.util.HashSet cachableAttributes
          List of attributes that is allowed to be cached.
private  no.feide.moria.log.MessageLogger messageLogger
          For logging of error messages that cannot be sent to the calling layer.
 
Constructor Summary
AuthorizationManager()
           
 
Method Summary
 boolean allowAccessTo(java.lang.String servicePrincipal, java.lang.String[] requestedAttributes)
          Validates a request for access to attributes for a given client/service.
 boolean allowOperations(java.lang.String servicePrincipal, java.lang.String[] requestedOperations)
          Validates a request for access to operations for a given client/service.
 boolean allowSSOForAttributes(java.lang.String servicePrincipal, java.lang.String[] requestedAttributes)
          Validates a request for access to SSO for a given client/service.
 boolean allowUserorg(java.lang.String servicePrincipal, java.lang.String userorg)
          Checks if the organization is allowed to use the service.
 java.util.HashSet getAttributes(java.lang.String servicePrincipal)
          Returns the configured attributes for a given service.
private  AuthorizationClient getAuthzClient(java.lang.String servicePrincipal)
          Returns a client object for a given identifier.
 java.util.HashSet getCachableAttributes()
          Returns the set of SSO attributes names (the attributes that can be cached).
private static java.lang.String getChildContent(org.jdom.Element element, java.lang.String childName)
          Retrieves the content of an XML element.
 java.lang.String[] getNonSSOAttributeNames(java.lang.String servicePrincipal)
          Get the list of attribute names not allowed for use in an SSO context for a given service.
 java.util.HashSet getOperations(java.lang.String servicePrincipal)
          Returns the configured operations for a given service.
 java.util.HashSet getOrgsAllowed(java.lang.String servicePrincipal)
          Returns the organizations that can use this service.
 int getSecLevel(java.lang.String servicePrincipal, java.lang.String[] requestedAttributes)
          Returns the security level for a set of attributes for a given service.
 java.util.HashMap getServiceProperties(java.lang.String servicePrincipal)
          Returns the service properties for a given service.
 java.util.HashSet getSubsystems(java.lang.String servicePrincipal)
          Returns the configured subsystems for a given service.
(package private) static AuthorizationAttribute parseAttributeElem(org.jdom.Element element)
          Parses an XML element and creates an AuthorizationAttribute object in return.
(package private) static java.util.HashMap parseAttributesElem(org.jdom.Element element)
          Parses the content of an Attributes element.
(package private) static java.lang.String parseChildElem(org.jdom.Element element)
          Parses 'operation' and 'organization' elements and returns the name attribute.
(package private) static AuthorizationClient parseClientElem(org.jdom.Element element)
          Creates an AuthorizationClient object based on the supplied XML element.
(package private) static java.util.HashSet parseListElem(org.jdom.Element element)
          Parses the content of an Attributes element.
(package private) static java.util.HashMap parseRootElem(org.jdom.Element element)
          Parses a configuration root element with client elements.
(package private)  void setAuthzClients(java.util.HashMap newClients)
          Swaps the old client database with the supplied HashMap.
 void setConfig(java.util.Properties properties)
          Sets the configuration data for this manager.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

messageLogger

private final no.feide.moria.log.MessageLogger messageLogger
For logging of error messages that cannot be sent to the calling layer.

authzClients

private java.util.HashMap authzClients
List of client authorization objects. Must be synchronized.

cachableAttributes

private java.util.HashSet cachableAttributes
List of attributes that is allowed to be cached.

activated

private boolean activated
True if the authorization manager is ready to be used.

Constructor Detail

AuthorizationManager

public AuthorizationManager()
Method Detail

parseAttributeElem

static AuthorizationAttribute parseAttributeElem(org.jdom.Element element)
                                          throws IllegalConfigException
Parses an XML element and creates an AuthorizationAttribute object in return. Throws an IllegalConfigException if there is something wrong with the element or its attributes.

Parameters:
element - The XML element to parse.
Returns:
AuthorizationAttribute with same attributes as the supplied element.
Throws:
IllegalConfigException - If the element's sso attribute is not true or false.
java.lang.IllegalArgumentException - If the AuthorizationAttribute constructor throws an exception.

parseAttributesElem

static java.util.HashMap parseAttributesElem(org.jdom.Element element)
                                      throws IllegalConfigException
Parses the content of an Attributes element. The element can contain 0 or more Attribute elements which will be transformed into AuthorizationAttributes and returned in a HashMap with attribute name as key.

Parameters:
element - The DOM element that contains Attribute child elements.
Returns:
HashMap with AuthorizationAttributes as value and attribute name as key.
Throws:
IllegalConfigException - If element is not of type Attributes.
java.lang.IllegalArgumentException - If element is null.

parseChildElem

static java.lang.String parseChildElem(org.jdom.Element element)
                                throws IllegalConfigException
Parses 'operation' and 'organization' elements and returns the name attribute.

Parameters:
element - The operation element.
Returns:
String containing the name attribute of the element.
Throws:
IllegalConfigException - If the element is not of type Operation, Subsystem or Organization OR element's name attribute is not set.
java.lang.IllegalArgumentException - If element is null or an empty string.

parseListElem

static java.util.HashSet parseListElem(org.jdom.Element element)
                                throws IllegalConfigException
Parses the content of an Attributes element. The element can contain 0 or more Attribute elements which will be transformed into AuthorizationAttributes and returned in a HashMap with attribute name as key.

Parameters:
element - The DOM element that contains Attribute child elements.
Returns:
HashMap with AuthorizationAttributes as value and attribute name as key.
Throws:
IllegalConfigException - If element is not of type Operations, Affiliation, Subsystems or OrgsAllowed.
java.lang.IllegalArgumentException - If element is null.

parseClientElem

static AuthorizationClient parseClientElem(org.jdom.Element element)
                                    throws IllegalConfigException
Creates an AuthorizationClient object based on the supplied XML element.

Parameters:
element - The XML element representing the client service.
Returns:
A new object representing the client service.
Throws:
IllegalConfigException - If the name attribute is not set for the given element, or if any of the following tags are missing:
  • DisplayName
  • URL
  • Language
  • Home
  • Attributes
  • Operations
  • Affiliation
  • OrgsAllowed
java.lang.IllegalArgumentException - If element is null.

parseRootElem

static java.util.HashMap parseRootElem(org.jdom.Element element)
                                throws IllegalConfigException
Parses a configuration root element with client elements.

Parameters:
element - The root element.
Returns:
A HashMap containing AuthorizationClient objects.
Throws:
IllegalConfigException - If the element is not of type ClientAuthorizationConfig.
java.lang.IllegalArgumentException - If element is null.
See Also:
AuthorizationClient

getChildContent

private static java.lang.String getChildContent(org.jdom.Element element,
                                                java.lang.String childName)
                                         throws IllegalConfigException
Retrieves the content of an XML element.

Parameters:
element - Parent element.
childName - Name of the child node.
Returns:
The content of the child element.
Throws:
IllegalConfigException - If the content of the child element is null.

getAuthzClient

private AuthorizationClient getAuthzClient(java.lang.String servicePrincipal)
Returns a client object for a given identifier.

Parameters:
servicePrincipal - The client object identifier.
Returns:
The client object for the identifier.
Throws:
NoConfigException - If the authorization manager is not activated.
java.lang.IllegalArgumentException - If servicePrincipal is null or an empty string.

allowAccessTo

public boolean allowAccessTo(java.lang.String servicePrincipal,
                             java.lang.String[] requestedAttributes)
                      throws UnknownServicePrincipalException
Validates a request for access to attributes for a given client/service.

Parameters:
servicePrincipal - The identifier of the client.
requestedAttributes - The list of requested attributes.
Returns:
true if the service is allowed access, false if not or the client does not exist.
Throws:
UnknownServicePrincipalException - If the service principal does not exist.

allowSSOForAttributes

public boolean allowSSOForAttributes(java.lang.String servicePrincipal,
                                     java.lang.String[] requestedAttributes)
                              throws UnknownServicePrincipalException
Validates a request for access to SSO for a given client/service.

Parameters:
servicePrincipal - The identifier of the client.
requestedAttributes - The list of requested attributes.
Returns:
true if the service is allowed access, false if not or the client does not exist.
Throws:
UnknownServicePrincipalException - If the service principal does not exist.

allowOperations

public boolean allowOperations(java.lang.String servicePrincipal,
                               java.lang.String[] requestedOperations)
                        throws UnknownServicePrincipalException
Validates a request for access to operations for a given client/service.

Parameters:
servicePrincipal - The identifier of the client.
requestedOperations - The list of requested operations.
Returns:
true if the service is allowed access, false if not or the client does not exist.
Throws:
UnknownServicePrincipalException - If the servicePrincipal does not exist.

allowUserorg

public boolean allowUserorg(java.lang.String servicePrincipal,
                            java.lang.String userorg)
                     throws UnknownServicePrincipalException
Checks if the organization is allowed to use the service.

Parameters:
servicePrincipal - The identifier of the client.
userorg - The user's organization.
Returns:
true if the organization is allowed to use the service, false if the client does not exists, or if the organization is not allowed to use the service.
Throws:
UnknownServicePrincipalException - If the servicePrincipal does not exist.

setAuthzClients

void setAuthzClients(java.util.HashMap newClients)
Swaps the old client database with the supplied HashMap.

Parameters:
newClients - The new client database.
Throws:
java.lang.IllegalArgumentException - If newClients is null.

setConfig

public void setConfig(java.util.Properties properties)
Sets the configuration data for this manager.

Parameters:
properties - The properties containing the authorization database.
Throws:
java.lang.IllegalArgumentException - If properties is null.

getServiceProperties

public java.util.HashMap getServiceProperties(java.lang.String servicePrincipal)
                                       throws UnknownServicePrincipalException
Returns the service properties for a given service.

Parameters:
servicePrincipal - The principal of the service.
Returns:
A hashmap with properties for a given service.
Throws:
UnknownServicePrincipalException - If the service principal does not exist.
java.lang.IllegalArgumentException - If servicePrincipal is null or an empty string.
See Also:
AuthorizationClient.getProperties()

getSecLevel

public int getSecLevel(java.lang.String servicePrincipal,
                       java.lang.String[] requestedAttributes)
                throws UnknownServicePrincipalException,
                       UnknownAttributeException
Returns the security level for a set of attributes for a given service.

Parameters:
servicePrincipal - The service principal of the requested service.
requestedAttributes - The requested attributes.
Returns:
Security level - an integer >= 0.
Throws:
UnknownServicePrincipalException - If the service principal does not exist.
UnknownAttributeException - If one or more of the requested attributes does not exist.
java.lang.IllegalArgumentException - If servicePrincipal is null or an empty string, or if requestedAttributes is null.
See Also:
AuthorizationClient.getSecLevel(java.lang.String[])

getAttributes

public java.util.HashSet getAttributes(java.lang.String servicePrincipal)
                                throws UnknownServicePrincipalException
Returns the configured attributes for a given service.

Parameters:
servicePrincipal - The principal of the requested service.
Returns:
A string array with the attribute names that is configured for the service.
Throws:
UnknownServicePrincipalException - If the servicePrincipal does not exist.
java.lang.IllegalArgumentException - If servicePrincipal is null or an empty string.
See Also:
AuthorizationClient.getAttributes()

getOrgsAllowed

public java.util.HashSet getOrgsAllowed(java.lang.String servicePrincipal)
                                 throws UnknownServicePrincipalException
Returns the organizations that can use this service.

Parameters:
servicePrincipal - The principal of the requested service.
Returns:
A string array with the names of the allowed organizations for the service.
Throws:
UnknownServicePrincipalException - If the servicePrincipal does not exist.
java.lang.IllegalArgumentException - If servicePrincipal is null or an empty string.
See Also:
AuthorizationClient.getOrgsAllowed()

getSubsystems

public java.util.HashSet getSubsystems(java.lang.String servicePrincipal)
                                throws UnknownServicePrincipalException
Returns the configured subsystems for a given service.

Parameters:
servicePrincipal - The principal of the requested service,
Returns:
A string array with the subsystem names that is configured for the service.
Throws:
UnknownServicePrincipalException - If the servicePrincipal does not exist.
java.lang.IllegalArgumentException - If servicePrincipal is null or an empty string.
See Also:
AuthorizationClient.getSubsystems()

getOperations

public java.util.HashSet getOperations(java.lang.String servicePrincipal)
                                throws UnknownServicePrincipalException
Returns the configured operations for a given service.

Parameters:
servicePrincipal - The principal of the requested service.
Returns:
A string array with the operation names that is configured for the service.
Throws:
UnknownServicePrincipalException - If the servicePrincipal does not exist.
java.lang.IllegalArgumentException - If servicePrincipal is null or an empty string.
See Also:
AuthorizationClient.getOperations()

getCachableAttributes

public java.util.HashSet getCachableAttributes()
Returns the set of SSO attributes names (the attributes that can be cached).

Returns:
A set of attributes that can be cached.

getNonSSOAttributeNames

public java.lang.String[] getNonSSOAttributeNames(java.lang.String servicePrincipal)
                                           throws UnknownServicePrincipalException,
                                                  java.lang.IllegalArgumentException
Get the list of attribute names not allowed for use in an SSO context for a given service.

Parameters:
servicePrincipal - The service principal. Must be a non-empty string.
Returns:
An array of attribute names. May be an empty array, but never null.
Throws:
UnknownServicePrincipalException - If the servicePrincipal is unknown.
java.lang.IllegalArgumentException - If servicePrincipal is null or an empty string.
Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2001-2006 UNINETT FAS. All Rights Reserved.