net.ponder2.policy
Class AuthPolicySearch
java.lang.Object
net.ponder2.policy.AuthPolicySearch
- Direct Known Subclasses:
- FlexAuthPolicySearch, StaticAuthPolicySearch
public abstract class AuthPolicySearch
- extends java.lang.Object
Abstract class for implementing the Strategy Pattern.
This class provides some basic method used by other classes to search for an applicable
authorization policy taking into account the conflict resolution
described in more detail in the Policy07 paper.
The following steps are executed:
- Step 0: First, it builds and stores all the possible paths in which the subject
and the target are contained
- Step 1: For each combination subject_path and target_path, it searches for
a candidate policy that could be applied. First, it searches for the
outermost (= most general) final policy.
If not final policies are available then the innermost (= most specific)
normal policy is searched.
If for a given path combination a negative policy is found,
then the search is concluded and the action is not authorized.
Otherwise, the policy is stored and the search continues with
the next path combination. The action is authorized if for all path
combinations at least one positive policy is found.
If there is no applicable policy (either because none have been
specified or because the condition failed) then the general default
rule is applied(ALL+, ALL-).
Version 2 - 13 February 2008
- Author:
- russello
Method Summary |
protected static java.util.Vector<java.util.LinkedList<P2ManagedObject>> |
buildPath(P2ManagedObject mObj)
Given an OID, the method constructs all the paths of that managed object
up to the root domain. |
protected static short |
evaluate(AuthPolicyHolder holder,
AuthorisationPolicy policy,
short pepType,
P2Object subject,
P2Object target,
P2Object... argAttribute)
This method is used to evaluate a given policy. |
static java.lang.String |
printState(short state)
|
static java.lang.String |
printVector(java.util.Vector<AuthorisationPolicy> policyList)
|
abstract short |
search(AuthPolicyHolder holder,
short pepType,
P2Object subject,
P2Object target,
java.lang.String action,
char focus,
P2Object[] args,
P2Object result)
This is the main method called externally for performing
the search of an applicable policy. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AUTH
public static final short AUTH
- See Also:
- Constant Field Values
NOTAUTH
public static final short NOTAUTH
- See Also:
- Constant Field Values
POL_NOT_DEFINED
public static final short POL_NOT_DEFINED
- See Also:
- Constant Field Values
AuthPolicySearch
public AuthPolicySearch()
buildPath
protected static java.util.Vector<java.util.LinkedList<P2ManagedObject>> buildPath(P2ManagedObject mObj)
- Given an OID, the method constructs all the paths of that managed object
up to the root domain. The paths are stored in the given vector. A path
is a vector that contains the OID representation of each element in the
path of the managed object.
- Parameters:
mObj
- the managed object
- Returns:
- the vector containing all the paths
evaluate
protected static short evaluate(AuthPolicyHolder holder,
AuthorisationPolicy policy,
short pepType,
P2Object subject,
P2Object target,
P2Object... argAttribute)
- This method is used to evaluate a given policy.
The method fist checks whether the given policy is active and the condition is true.
If this condition fails then the policy is not applicable.
Otherwise, if the policy is a type PEP1 and is not negative then the policy is
stored in the holder to be used for the return part (PEP4).
- Parameters:
holder
- stores the policy for the return partpolicy
- the policy to be evaluatedpepType
- the PEP that is triggering this evaluationtarget
- TODOargAttribute
- the attribute Map used for evaluating the condition
- Returns:
- a short that represents AUTH, NOT_AUTH, or NOT_DEFINED
search
public abstract short search(AuthPolicyHolder holder,
short pepType,
P2Object subject,
P2Object target,
java.lang.String action,
char focus,
P2Object[] args,
P2Object result)
- This is the main method called externally for performing
the search of an applicable policy.
- Parameters:
holder
- The holder vector is used to hold policy used in PEP1 and PEP2 to
be used also in the respective returning partpepType
- specifies the PEP typesubject
- the subject OIDtarget
- the target OIDaction
- the action performed by the subject on the targetfocus
- whether the policy that should be found is a subject or a target policyargs
- the arguments used for the evaluation of the conditionresult
- the standard Result used in Ponder
- Returns:
- AUTH or NOTAUTH
printVector
public static java.lang.String printVector(java.util.Vector<AuthorisationPolicy> policyList)
printState
public static java.lang.String printState(short state)
Copyright © 2008 Imperial College. All Rights Reserved.