xsul.dsig.saml.authorization
Class CapabilityAuthorizer

java.lang.Object
  extended byxsul.dsig.saml.authorization.CapabilityAuthorizer

public class CapabilityAuthorizer
extends java.lang.Object


Method Summary
 java.lang.String getProvider()
           
 java.lang.String getServiceIdentifier()
           
 void isAuthorized(Capability cap, java.lang.Object[] members)
          Method isAuthorized verifies the authorization information against the authorization policy, including the identifier, users, and authz actions/decisions.
 void isAuthorized(java.security.Principal principal, Capability cap, XmlElement soapEnv)
           
 void isAuthorized(java.lang.String envelope)
          Deprecated.  
 void isAuthorized(java.lang.String principal, Capability cap, XmlElement soapEnv)
          Method isAuthorized internally supports both capability-based or ACL-based authorization.
static CapabilityAuthorizer newInstance(java.lang.String _service_uri)
           
static CapabilityAuthorizer newInstance(java.lang.String _service_uri, java.lang.String _owner)
           
 void setProvider(java.lang.String provider)
           
 void setServiceIdentifier(java.lang.String service_identifier)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

newInstance

public static CapabilityAuthorizer newInstance(java.lang.String _service_uri,
                                               java.lang.String _owner)
                                        throws CapabilityException
Throws:
CapabilityException

newInstance

public static CapabilityAuthorizer newInstance(java.lang.String _service_uri)
                                        throws CapabilityException
Throws:
CapabilityException

setProvider

public void setProvider(java.lang.String provider)

getProvider

public java.lang.String getProvider()

setServiceIdentifier

public void setServiceIdentifier(java.lang.String service_identifier)

getServiceIdentifier

public java.lang.String getServiceIdentifier()

isAuthorized

public void isAuthorized(java.lang.String principal,
                         Capability cap,
                         XmlElement soapEnv)
                  throws CapabilityException
Method isAuthorized internally supports both capability-based or ACL-based authorization. If capability is null here, we switch to ACL.

Parameters:
principal - a String
cap - a Capability
soapEnv - a XmlElement of the whole soap message
Throws:
CapabilityException

isAuthorized

public void isAuthorized(java.security.Principal principal,
                         Capability cap,
                         XmlElement soapEnv)
                  throws CapabilityException
Throws:
CapabilityException

isAuthorized

public void isAuthorized(Capability cap,
                         java.lang.Object[] members)
                  throws CapabilityException
Method isAuthorized verifies the authorization information against the authorization policy, including the identifier, users, and authz actions/decisions. It is agnostic of SOAP. For the time being, because we are adopting SAML as the policy language, it is bound to SAML; but it could be generalized and overloaded if necessary in the future. Perhaps the current one should be extended as SAMLCapAuthorizer.

Parameters:
cap - a Capability
Throws:
CapabilityException

isAuthorized

public void isAuthorized(java.lang.String envelope)
                  throws java.lang.Exception
Deprecated.  

Method isAuthorized. see isAuthorized(XmlElement envelope)

Throws:
java.lang.Exception


IU Extreme! Lab (http://www.extreme.indiana.edu)