|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.exist.security.xacml.ExistPDP
This class is responsible for creating the XACML Policy Decision Point (PDP) for a database instance. The PDP is the entity that accepts access requests and makes a decision whether the access is allowed. The PDP returns a decision to the requesting entity (called a Policy Enforcement Point, or PEP). This decision is either Permit, Deny, Indeterminate, or Not Applicable. Not Applicable occurs if no policy could be found that applied to the request. Indeterminate occurs if there was an error processing the request or the request was invalid.
This class also provides convenience methods for most uses. The main method
is evaluate
, which will throw a
PermissionDeniedException
unless the decision was Permit and no
Obligations were required. An Obligation is a conditional access decision.
If the PEP cannot perform the Obligation, then it cannot accept the decision.
RequestHelper
provides methods for creating a
RequestCtx
, which is then passed to the PDP
either
indirectly by calling evaluate
or directly by calling
getPDP().evaluate()
. The first method can probably be used in
most cases, while the second one allows more flexibility in handling the
response.
XACMLConstants
,
ExistPolicyModule
,
RequestHelper
Constructor Summary | |
ExistPDP(BrokerPool pool)
|
Method Summary | |
void |
close()
Performs any necessary cleanup operations. |
void |
evaluate(com.sun.xacml.ctx.RequestCtx request)
The method that will be used most of the time. |
BrokerPool |
getBrokerPool()
Obtains the BrokerPool with which this instance
is associated. |
com.sun.xacml.PDP |
getPDP()
For use when evaluate is not flexible enough. |
com.sun.xacml.PDPConfig |
getPDPConfig()
Returns the PDPConfig used to initialize the
underlying PDP . |
RequestHelper |
getRequestHelper()
Gets a RequestHelper |
XACMLUtil |
getUtil()
Obtains the XACML utility instance for this database instance. |
void |
handleResponse(com.sun.xacml.ctx.ResponseCtx response)
This method handles a ResponseCtx generated by a
PDP request by doing nothing if the ResponseCtx
includes Result s that have no Obligation s
and only have the decision Permit . |
void |
handleResult(com.sun.xacml.ctx.Result result)
This method handles a single Result generated by a
PDP request by doing nothing if the Result
has no Obligation s and only has the decision
Permit . |
void |
initializePolicyCollection()
|
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public ExistPDP(BrokerPool pool)
pool
- A BrokerPool
used to obtain an instance
of a DBBroker in order to read policies from the database.Method Detail |
public void initializePolicyCollection()
public com.sun.xacml.PDPConfig getPDPConfig()
PDPConfig
used to initialize the
underlying PDP
.
PDPConfig
public BrokerPool getBrokerPool()
BrokerPool
with which this instance
is associated.
BrokerPool
public XACMLUtil getUtil()
public void close()
public void evaluate(com.sun.xacml.ctx.RequestCtx request) throws PermissionDeniedException
PDP
by
permitting the request only if the ResponseCtx
includes Result
s that have no Obligation
s
and only have the decision Permit
. Other cases
result in a PermissionDeniedException
. The other cases
include when an applicable policy cannot be found and when an error
occurs.
request
- the access request
PermissionDeniedException
- if the request is not allowedpublic void handleResponse(com.sun.xacml.ctx.ResponseCtx response) throws PermissionDeniedException
ResponseCtx
generated by a
PDP
request by doing nothing if the ResponseCtx
includes Result
s that have no Obligation
s
and only have the decision Permit
. Other cases
result in a PermissionDeniedException
. The other cases
include the Deny, Indeterminate, and Not Applicable decisions.
response
- the PDP
response to an access request
PermissionDeniedException
- if the response does not have a decsion
of Permit or it has any Obligation
s.public void handleResult(com.sun.xacml.ctx.Result result) throws PermissionDeniedException
Result
generated by a
PDP
request by doing nothing if the Result
has no Obligation
s and only has the decision
Permit
. Other cases result in a
PermissionDeniedException
. The other cases include a
decision of Deny, Indeterminate, or Not Applicable.
result
- a Result
in a ResponseCtx
generated by a PDP
in response to an access request
PermissionDeniedException
- if the result does not have a decsion
of Permit or it has any Obligation
s.public com.sun.xacml.PDP getPDP()
evaluate
is not flexible enough. That is,
use this method when you want direct access to the PDP
.
This allows you to use an EvaluationCtx
instead of a
RequestCtx
and direct access to the ResponseCtx to allow
for handling of Obligation
s or decisions other than Permit.
The basic usage is then:
ResponseCtx response = getPDP().evaluate(RequestCtx ctx)
or
ResponseCtx response = getPDP().evaluate(EvaluationCtx ctx)
The response should then be checked for Obligation
s and
the PDP
's decision.
PDP
wrapped by this classpublic RequestHelper getRequestHelper()
RequestHelper
RequestHelper
for this database instance
|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |