|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--org.edg.security.authorization.repository.VOMS
Attribute repository that operates by parsing of VOMS extensions. The
extensions are retrieved from the current SecurityContext
.
Note: For this particular repository model, all identity
arguments are ignored -- instead, information is retrieved
Note: This Example configuration:
<repository type="voms"> <vomsdir> [filter] </vomsdir> <vomsdir> [filter] </vomsdir> ... <refreshperiod>[seconds]</refreshperiod> <filter default=[deny|allow]> <allow name="VO alias" /> ... <deny name="VO alias" /> ... </filter> </repository>
vomsdir
A filter defining where to look for VOMS
signature certificates. Several filters may be specified. If
none is specified, the default
/etc/grid-security/vomsdir/*.pem
is assumed.
refreshperiod
The period (in seconds) in which to rescan the
directories in search for (updated) signer certificates.
300
seconds.
0
or a negative value, the directories will be
searched upon each VOMS signature verification.
filter
Enables filtering a subset of the content in the
signer
directory. The default filtering rule can be set to
either deny
or allow
. The default is allow
allow
Adds a filtering rule to explicitly allow the
specified VOMS alias name. The name argument is regex supported.
deny
Adds a filtering rule to explicitly deny the
specified VOMS alias name. The name argument is regex supported.
AttributeRepository
,
SecurityContext
Nested Class Summary | |
class |
VOMS.AccessFilter
Utility class for the access filter |
Field Summary | |
protected org.apache.log4j.Logger |
logger
|
protected VOMS.AccessFilter |
myAccessFilter
|
protected java.util.List |
myBaseDirs
|
protected java.util.HashMap |
mySigners
|
protected boolean |
mySilent
|
protected java.util.Timer |
myTimer
|
protected static java.util.List |
theAllows
|
Constructor Summary | |
VOMS()
|
Method Summary | |
protected boolean |
approve(SecurityContext sc,
VOMSInfo v)
Verifies the signature of a VOMSInfo |
AttributeRepository |
create(AttributeRepositoryFactory factory,
org.w3c.dom.Element config)
Creates and initializes an attribute repository according to the specified configuration. |
boolean |
evalAttributeBinding(java.lang.String identity,
java.lang.String attribute)
Note: The parameter identity is ignored. |
java.util.List |
findAllAttributesFor(java.lang.String identity)
Note: The parameter identity is ignored. |
java.lang.String |
findFirstAttributeFor(java.lang.String identity)
Note: The parameter identity is ignored. |
protected java.util.List |
getSigners(java.lang.String dn)
|
protected java.util.HashMap |
loadCerts()
|
void |
terminate()
Terminate all Timer objects responsible for refreshing the content of the AttributeRepository. |
java.lang.String |
toString()
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
protected static java.util.List theAllows
protected org.apache.log4j.Logger logger
protected VOMS.AccessFilter myAccessFilter
protected java.util.List myBaseDirs
protected java.util.HashMap mySigners
protected java.util.Timer myTimer
protected boolean mySilent
Constructor Detail |
public VOMS()
Method Detail |
protected java.util.List getSigners(java.lang.String dn)
protected java.util.HashMap loadCerts()
public AttributeRepository create(AttributeRepositoryFactory factory, org.w3c.dom.Element config)
AttributeRepositoryCreator
create
in interface AttributeRepositoryCreator
factory
- The factory to which this repository belongsconfig
- The XML snippet with the required configuration
AttributeRepositoryCreator.create(AttributeRepositoryFactory, Element)
protected boolean approve(SecurityContext sc, VOMSInfo v)
public java.util.List findAllAttributesFor(java.lang.String identity)
identity
is ignored. Information
is retrieved from the SecurityContext
findAllAttributesFor
in interface AttributeRepository
identity
- The subject in question.
List
of attributes.SecurityContext
,
AttributeRepository.findAllAttributesFor(String)
public java.lang.String findFirstAttributeFor(java.lang.String identity)
identity
is ignored. Information
is retrieved from the SecurityContext
findFirstAttributeFor
in interface AttributeRepository
identity
- The subject in question.
SecurityContext
,
AttributeRepository.findFirstAttributeFor(String)
public boolean evalAttributeBinding(java.lang.String identity, java.lang.String attribute)
identity
is ignored. Information
is retrieved from the SecurityContext
evalAttributeBinding
in interface AttributeRepository
identity
- The subject in question.attribute
- The attribute asked for
SecurityContext
,
AttributeRepository.evalAttributeBinding(String, String)
public void terminate()
AttributeRepository
terminate
in interface AttributeRepository
AttributeRepository.terminate()
public java.lang.String toString()
toString
in class java.lang.Object
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |