|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Virtual Organisation Membership Service Trusted Admin Interface.
This interface is to be used by frontends to VOMS that wish to use the edg-voms-admin service as a backend, but are unable to delegate their clients' credentials to the edg-voms-admin service.
The access control through this interface is done in two levels: first, we check that the frontend (the credential in the SSL context) is a registered frontend. Then we check that the remote client given by the frontend has the necessary privilege to perform the requested operation. Access is denied if either of these checks fails.
This interface is disabled by default. Note that enabling and actively using this interface is a potential security problem, as clients with trusted access can masquarade as any other client. Trusted clients override the normal authentication mechanisms.
Method Summary | |
void |
addACLEntry(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String container,
ACLEntry aclEntry)
Adds a new entry to the existing ACL. |
void |
addDefaultACLEntry(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
ACLEntry aclEntry)
Manipulates the default ACL, which is applied on every group created in this one. |
void |
addMember(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
java.lang.String username,
java.lang.String userca)
Adds a new member to the group. |
void |
assignCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability,
java.lang.String username,
java.lang.String userca)
Assigns a new capability to the user. |
void |
assignRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
java.lang.String rolename,
java.lang.String username,
java.lang.String userca)
Assigns a new role to the user. |
void |
createCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability)
Creates a new capability. |
void |
createGroup(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String parentname,
java.lang.String groupname)
Creates a new group inside an existing group. |
void |
createRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String rolename)
Creates a new role. |
void |
createUser(java.lang.String delegatedDN,
java.lang.String delegatedCA,
User user)
Creates a new user in the VOMS database. |
void |
deleteCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability)
Deletes a capability. |
void |
deleteGroup(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Deletes a group. |
void |
deleteRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String rolename)
Deletes a role. |
void |
deleteUser(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Removes a user from the VOMS database. |
void |
dismissCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability,
java.lang.String username,
java.lang.String userca)
Dismisses a capability of a user. |
void |
dismissRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String parentname,
java.lang.String rolename,
java.lang.String username,
java.lang.String userca)
Dismisses a role of a user. |
ACLEntry[] |
getACL(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String container)
Returns the whole ACL associated with a container. |
ACLEntry[] |
getDefaultACL(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Manipulates the default ACL, which is applied on every group created in this one. |
java.lang.String[] |
getGroupPath(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Returns the absolute "path" down to this group. |
int |
getMajorVersionNumber()
Returns the major version number. |
int |
getMinorVersionNumber()
Returns the minor version number. |
int |
getPatchVersionNumber()
Returns the patch version number. |
User |
getUser(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Returns information about a user in the VOMS database. |
java.lang.String |
getVOName(java.lang.String delegatedDN,
java.lang.String delegatedCA)
Return the name of this VO. |
java.lang.String[] |
listCapabilities(java.lang.String delegatedDN,
java.lang.String delegatedCA)
Lists capabilities. |
java.lang.String[] |
listCapabilities(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Lists capabilities of a user. |
java.lang.String[] |
listCAs(java.lang.String delegatedDN,
java.lang.String delegatedCA)
Lists certificate authorities. |
java.lang.String[] |
listGroups(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Lists groups of a user. |
User[] |
listMembers(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Lists members of a group. |
java.lang.String[] |
listRoles(java.lang.String delegatedDN,
java.lang.String delegatedCA)
Lists roles. |
QualifiedRole[] |
listRoles(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String username,
java.lang.String userca)
Lists roles of a user. |
java.lang.String[] |
listSubGroups(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname)
Lists immediate sub-groups of a group. |
User[] |
listUsersWithCapability(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String capability)
Lists assigned users of a capability. |
User[] |
listUsersWithRole(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
java.lang.String rolename)
Lists assigned users of a role associated with a group. |
void |
removeACLEntry(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String container,
ACLEntry aclEntry)
Removes an existing entry from the ACL. |
void |
removeDefaultACLEntry(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
ACLEntry aclEntry)
Manipulates the default ACL, which is applied on every group created in this one. |
void |
removeMember(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
java.lang.String username,
java.lang.String userca)
Removes a member of a group. |
void |
setACL(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String container,
ACLEntry[] acl)
Replaces the existing ACL on this container. |
void |
setDefaultACL(java.lang.String delegatedDN,
java.lang.String delegatedCA,
java.lang.String groupname,
ACLEntry[] aclEntry)
Manipulates the default ACL, which is applied on every group created in this one. |
void |
setUser(java.lang.String delegatedDN,
java.lang.String delegatedCA,
User user)
Updates auxiliary information about a user in the VOMS database. |
Method Detail |
public User getUser(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
Permission: LIST on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- the name of the user to look upuserca
- the certificate authority of the user
java.rmi.RemoteException
public void setUser(java.lang.String delegatedDN, java.lang.String delegatedCA, User user) throws java.rmi.RemoteException
Permission: ADD on the VO group.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.user
- the user to update
java.rmi.RemoteException
public void createUser(java.lang.String delegatedDN, java.lang.String delegatedCA, User user) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.user
- the user to be added
java.rmi.RemoteException
public void deleteUser(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- the user's DNuserca
- the user's CA
java.rmi.RemoteException
removeMember(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
public void createGroup(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String parentname, java.lang.String groupname) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.parentname
- the parent group's namegroupname
- the group's name
java.rmi.RemoteException
public void deleteGroup(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's name
java.rmi.RemoteException
public void createRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String rolename) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.rolename
- the role to be added
java.rmi.RemoteException
public void deleteRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String rolename) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.rolename
- the role to be deleted
java.rmi.RemoteException
public void createCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- the capability to be created
java.rmi.RemoteException
public void deleteCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- the capability to be deleted
java.rmi.RemoteException
public void addMember(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's nameusername
- the user's DNuserca
- the user's CA
java.rmi.RemoteException
public void removeMember(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's nameusername
- the user's DNuserca
- the user's CA
java.rmi.RemoteException
deleteUser(java.lang.String, java.lang.String, java.lang.String, java.lang.String)
public void assignRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, java.lang.String rolename, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the name of the group associated with this assignmentrolename
- the role's nameusername
- the name of the user to adduserca
- the CA of the user to add
java.rmi.RemoteException
public void dismissRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String parentname, java.lang.String rolename, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.parentname
- the parent group's namerolename
- the role's nameusername
- the user's DNuserca
- the user's CA
java.rmi.RemoteException
public void assignCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- the capability's nameusername
- the user's DNuserca
- the user's CA
java.rmi.RemoteException
public void dismissCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- the capability's nameusername
- the user's DNuserca
- the user's CA
java.rmi.RemoteException
public User[] listMembers(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's name (null is the VO group)
java.rmi.RemoteException
public User[] listUsersWithRole(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, java.lang.String rolename) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's namerolename
- the role's name
java.rmi.RemoteException
public User[] listUsersWithCapability(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String capability) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.capability
- the capability's name
java.rmi.RemoteException
public java.lang.String getVOName(java.lang.String delegatedDN, java.lang.String delegatedCA) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.
java.rmi.RemoteException
public java.lang.String[] getGroupPath(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's name (null is the VO group)
java.rmi.RemoteException
public java.lang.String[] listSubGroups(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's name (null is the VO group)
java.rmi.RemoteException
public java.lang.String[] listGroups(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- the user's DNuserca
- the user's CA
java.rmi.RemoteException
public java.lang.String[] listRoles(java.lang.String delegatedDN, java.lang.String delegatedCA) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.
java.rmi.RemoteException
public QualifiedRole[] listRoles(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- the user's DNuserca
- the user's CA
java.rmi.RemoteException
public java.lang.String[] listCapabilities(java.lang.String delegatedDN, java.lang.String delegatedCA) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.
java.rmi.RemoteException
public java.lang.String[] listCapabilities(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String username, java.lang.String userca) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.username
- the user's DNuserca
- the user's CA
java.rmi.RemoteException
public java.lang.String[] listCAs(java.lang.String delegatedDN, java.lang.String delegatedCA) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.
java.rmi.RemoteException
public ACLEntry[] getACL(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String container) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.container
- the container's name (null is the VO group)
java.rmi.RemoteException
public void setACL(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String container, ACLEntry[] acl) throws java.rmi.RemoteException
pre: exists id[container] setACL ACL on the container.
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.container
- the container's nameacl
- access control list
java.rmi.RemoteException
public void addACLEntry(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String container, ACLEntry aclEntry) throws java.rmi.RemoteException
pre: exists id[container] op is valid exists id[principal] (aclid[container], principal, op) !\in acl post: insert into acl (aclid[container], principal, op, allow, ...);
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.container
- the container's nameaclEntry
- access control list entry
java.rmi.RemoteException
public void removeACLEntry(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String container, ACLEntry aclEntry) throws java.rmi.RemoteException
pre: exists id[container] exists id[principal] exists acl[aclid[id[container]], id[principal], op] post: delete from acl where aclid = aclid[id[container]] and principal = id[principal] and operation = op;
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.container
- the container's nameaclEntry
- access control list entry
java.rmi.RemoteException
public ACLEntry[] getDefaultACL(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's name
java.rmi.RemoteException
getACL(java.lang.String, java.lang.String, java.lang.String)
public void setDefaultACL(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, ACLEntry[] aclEntry) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's nameaclEntry
- access control list entry
java.rmi.RemoteException
setDefaultACL(java.lang.String, java.lang.String, java.lang.String, org.edg.security.voms.service.ACLEntry[])
public void addDefaultACLEntry(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, ACLEntry aclEntry) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's nameaclEntry
- access control list entry
java.rmi.RemoteException
addDefaultACLEntry(java.lang.String, java.lang.String, java.lang.String, org.edg.security.voms.service.ACLEntry)
public void removeDefaultACLEntry(java.lang.String delegatedDN, java.lang.String delegatedCA, java.lang.String groupname, ACLEntry aclEntry) throws java.rmi.RemoteException
delegatedDN
- The DN of the delegated client.delegatedCA
- The CA of the delegated client.groupname
- the group's nameaclEntry
- access control list entry
java.rmi.RemoteException
removeDefaultACLEntry(java.lang.String, java.lang.String, java.lang.String, org.edg.security.voms.service.ACLEntry)
public int getMajorVersionNumber() throws java.rmi.RemoteException
java.rmi.RemoteException
public int getMinorVersionNumber() throws java.rmi.RemoteException
java.rmi.RemoteException
public int getPatchVersionNumber() throws java.rmi.RemoteException
java.rmi.RemoteException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |