net.ponder2.policy
Class AuthPolicySearch

java.lang.Object
  extended by net.ponder2.policy.AuthPolicySearch
Direct Known Subclasses:
FlexAuthPolicySearch, StaticAuthPolicySearch

public abstract class AuthPolicySearch
extends java.lang.Object

Abstract class for implementing the Strategy Pattern. This class provides some basic method used by other classes to search for an applicable authorization policy taking into account the conflict resolution described in more detail in the Policy07 paper. The following steps are executed: - Step 0: First, it builds and stores all the possible paths in which the subject and the target are contained - Step 1: For each combination subject_path and target_path, it searches for a candidate policy that could be applied. First, it searches for the outermost (= most general) final policy. If not final policies are available then the innermost (= most specific) normal policy is searched. If for a given path combination a negative policy is found, then the search is concluded and the action is not authorized. Otherwise, the policy is stored and the search continues with the next path combination. The action is authorized if for all path combinations at least one positive policy is found. If there is no applicable policy (either because none have been specified or because the condition failed) then the general default rule is applied(ALL+, ALL-). Version 2 - 13 February 2008

Author:
russello

Field Summary
static short AUTH
           
static short NOTAUTH
           
static short POL_NOT_DEFINED
           
 
Constructor Summary
AuthPolicySearch()
           
 
Method Summary
protected static java.util.Vector<java.util.LinkedList<P2ManagedObject>> buildPath(P2ManagedObject mObj)
          Given an OID, the method constructs all the paths of that managed object up to the root domain.
protected static short evaluate(AuthPolicyHolder holder, AuthorisationPolicy policy, short pepType, P2Object subject, P2Object target, P2Object... argAttribute)
          This method is used to evaluate a given policy.
static java.lang.String printState(short state)
           
static java.lang.String printVector(java.util.Vector<AuthorisationPolicy> policyList)
           
abstract  short search(AuthPolicyHolder holder, short pepType, P2Object subject, P2Object target, java.lang.String action, char focus, P2Object[] args, P2Object result)
          This is the main method called externally for performing the search of an applicable policy.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

AUTH

public static final short AUTH
See Also:
Constant Field Values

NOTAUTH

public static final short NOTAUTH
See Also:
Constant Field Values

POL_NOT_DEFINED

public static final short POL_NOT_DEFINED
See Also:
Constant Field Values
Constructor Detail

AuthPolicySearch

public AuthPolicySearch()
Method Detail

buildPath

protected static java.util.Vector<java.util.LinkedList<P2ManagedObject>> buildPath(P2ManagedObject mObj)
Given an OID, the method constructs all the paths of that managed object up to the root domain. The paths are stored in the given vector. A path is a vector that contains the OID representation of each element in the path of the managed object.

Parameters:
mObj - the managed object
Returns:
the vector containing all the paths

evaluate

protected static short evaluate(AuthPolicyHolder holder,
                                AuthorisationPolicy policy,
                                short pepType,
                                P2Object subject,
                                P2Object target,
                                P2Object... argAttribute)
This method is used to evaluate a given policy. The method fist checks whether the given policy is active and the condition is true. If this condition fails then the policy is not applicable. Otherwise, if the policy is a type PEP1 and is not negative then the policy is stored in the holder to be used for the return part (PEP4).

Parameters:
holder - stores the policy for the return part
policy - the policy to be evaluated
pepType - the PEP that is triggering this evaluation
target - TODO
argAttribute - the attribute Map used for evaluating the condition
Returns:
a short that represents AUTH, NOT_AUTH, or NOT_DEFINED

search

public abstract short search(AuthPolicyHolder holder,
                             short pepType,
                             P2Object subject,
                             P2Object target,
                             java.lang.String action,
                             char focus,
                             P2Object[] args,
                             P2Object result)
This is the main method called externally for performing the search of an applicable policy.

Parameters:
holder - The holder vector is used to hold policy used in PEP1 and PEP2 to be used also in the respective returning part
pepType - specifies the PEP type
subject - the subject OID
target - the target OID
action - the action performed by the subject on the target
focus - whether the policy that should be found is a subject or a target policy
args - the arguments used for the evaluation of the condition
result - the standard Result used in Ponder
Returns:
AUTH or NOTAUTH

printVector

public static java.lang.String printVector(java.util.Vector<AuthorisationPolicy> policyList)

printState

public static java.lang.String printState(short state)


Copyright © 2008 Imperial College. All Rights Reserved.