net.ponder2.policy
Class AuthorisationPolicy

java.lang.Object
  extended by net.ponder2.policy.Policy
      extended by net.ponder2.policy.AuthorisationPolicy
All Implemented Interfaces:
ManagedObject

public class AuthorisationPolicy
extends Policy
implements ManagedObject

This is an Authorisation Policy. See http://ponder2.net/cgi-bin/moin.cgi/BasicScenario for more information on using authorisation policies.

Version:
$Id:$
Author:
Kevin Twidle

Field Summary
 
Fields inherited from class net.ponder2.policy.Policy
defaultDomain
 
Constructor Summary
AuthorisationPolicy(P2Object subject, java.lang.String action, P2Object target, java.lang.String focus)
          Creates a new authorisation policy between subject and target managed objects.
 
Method Summary
protected  void attach(P2Object aManagedObject)
          attaches this policy to aManagedObject.
protected  boolean checkCondition(P2Object subject, P2Object target, java.lang.String conditionType, P2Object... argAttribute)
           
 boolean checkRequestCondition(P2Object subject, P2Object target, P2Object... argAttribute)
           
 boolean checkReturnCondition(P2Object subject, P2Object target, P2Object... argAttribute)
           
protected  P2Object operation_in_condition(P2Block aBlock)
          sets the condition of the policy for the request part of an action.
protected  P2Object operation_out_condition(P2Block aBlock)
          sets the condition of the policy for the reply part of an action.
protected  void operation_set_final()
          Sets the policy as a final one.
protected  void operation_set_inneg()
          sets the policy as a negative authorisation for the request
protected  void operation_set_outneg()
          sets the policy as a negative authorisation for the reply
 java.lang.String toString()
           
 
Methods inherited from class net.ponder2.policy.Policy
getDefaultDomain, isActive, isAttached, operation_active, setActive, setAttached
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

AuthorisationPolicy

public AuthorisationPolicy(P2Object subject,
                           java.lang.String action,
                           P2Object target,
                           java.lang.String focus)
Creates a new authorisation policy between subject and target managed objects. The authorisation policy applies to the given action and the given focus. The action is essentially the PonderTalk keywords to be checked.
e.g. a domain could be monitored with the action "at:put"" Note that the ':' is necessary for keyword actions.
The focus is 's' for subject authorisation at PEP1 or PEP4, 't' for target authorisation at PEP2 or PEP3.

Parameters:
subject - the subject domain or managed object
action - the PonderTalk action to be regulated
target - the target domain or managed object
focus - the focus 't' or 's' for target or subject authorisation
Method Detail

attach

protected void attach(P2Object aManagedObject)
Description copied from class: Policy
attaches this policy to aManagedObject. This policy may be attached to more than one managed object. This command forms part of the proximity event bus.

Specified by:
attach in class Policy
Parameters:
aManagedObject - the managed object that the policy should be attached to

operation_set_final

protected void operation_set_final()
Sets the policy as a final one. Checking stops at this point and this policy determines whether access will be granted


operation_set_inneg

protected void operation_set_inneg()
sets the policy as a negative authorisation for the request


operation_set_outneg

protected void operation_set_outneg()
sets the policy as a negative authorisation for the reply


operation_in_condition

protected P2Object operation_in_condition(P2Block aBlock)
sets the condition of the policy for the request part of an action. The arguments to the block are the values given to the action being performed. e.g. with action:
 "at:put:"
 
the condition block might be
 [ :at :put | at == "accounts" ]
 
the argument names do not matter, you could also have
 [ :name | name == "accounts" ]
 
You can also use the global variables p_subject and p_target in the block's PonderTalk, they refer to the source and target objects associated with the action in question.
Answers aBlock.

Parameters:
aBlock - the condition for this policy
Returns:
the block given as an argument

operation_out_condition

protected P2Object operation_out_condition(P2Block aBlock)
sets the condition of the policy for the reply part of an action. The argument to the block is the value of the return from the action being performed. e.g. with action:
 "at:"
 
the reply condition block might be
 [ :name | name == "accounts" ]
 
You can also use the global variables p_subject and p_target in the block's PonderTalk, they refer to the source and target objects associated with the action in question.
Answers aBlock.

Parameters:
aBlock - the condition for this policy
Returns:
the block given as an argument

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

checkRequestCondition

public boolean checkRequestCondition(P2Object subject,
                                     P2Object target,
                                     P2Object... argAttribute)

checkReturnCondition

public boolean checkReturnCondition(P2Object subject,
                                    P2Object target,
                                    P2Object... argAttribute)

checkCondition

protected boolean checkCondition(P2Object subject,
                                 P2Object target,
                                 java.lang.String conditionType,
                                 P2Object... argAttribute)
                          throws Ponder2Exception
Throws:
Ponder2Exception


Copyright © 2008 Imperial College. All Rights Reserved.