com.sun.ebxml.registry.security.authorization
Class AuthorizationServiceImpl

java.lang.Object
  |
  +--com.sun.ebxml.registry.security.authorization.AuthorizationServiceImpl

public class AuthorizationServiceImpl
extends java.lang.Object

AuthorizationService implementation for the ebxml Registry.

Author:
Farrukh S. Najmi

Field Summary
static java.lang.String ACTION_APPROVE
          The approve action from V3 spec.
static java.lang.String ACTION_ATTRIBUTE_ID
          The action-id action attribute from V3 spec.
static java.lang.String ACTION_CREATE
          The create action from V3 spec.
static java.lang.String ACTION_DELETE
          The delete action from V3 spec.
static java.lang.String ACTION_DEPRECATE
          The deprecate action from V3 spec.
static java.lang.String ACTION_READ
          The read action from V3 spec.
static java.lang.String ACTION_REFERENCE
          The reference action from V3 spec.
static java.lang.String ACTION_UNDEPRECATE
          The undeprecate action from V3 spec.
static java.lang.String ACTION_UPDATE
          The update action from V3 spec.
static int ADD_SLOTS_REQUEST
           
static int ADHOC_QUERY_REQUEST
           
static int APPROVE_OBJECTS_REQUEST
           
static java.lang.String CANONICAL_ID_NODE_REGISTRY_ADMINISTRATOR
           
static java.lang.String CANONICAL_ID_NODE_SUBJECT_GROUP
           
static java.lang.String CANONICAL_ID_NODE_SUBJECT_ROLE
           
static int DEPRECATE_OBJECTS_REQUEST
           
static java.lang.String FUNCTION_NS
          The standard namespace where all the ebRIM spec-defined functions live
static int GET_CONTENT_REQUEST
           
static java.lang.String PROP_REGISTRY_REQUEST
           
static int REMOVE_OBJECTS_REQUEST
           
static int REMOVE_SLOTS_REQUEST
           
static java.lang.String RESOURCE_ATTRIBUTE_OWNER
          The owner resource attribute from V3 spec.
static java.lang.String RESOURCE_ATTRIBUTE_REQUEST
          The user subject attribute specific to ebxmlrr (not from V3 spec).
static java.lang.String SUBJECT_ATTRIBUTE_GROUPS
          The role subject attribute from V3 spec.
static java.lang.String SUBJECT_ATTRIBUTE_ID
          The subject-id subject attribute from XACML 1.0 spec.
static java.lang.String SUBJECT_ATTRIBUTE_ROLES
          The role subject attribute from V3 spec.
static java.lang.String SUBJECT_ATTRIBUTE_USER
          The user subject attribute specific to ebxmlrr (not from V3 spec).
static int SUBMIT_OBJECTS_REQUEST
           
static int UPDATE_OBJECTS_REQUEST
           
 
Constructor Summary
protected AuthorizationServiceImpl()
          Class Constructor.
 
Method Summary
 void checkAuthorization(org.oasis.ebxml.registry.bindings.rim.User user, java.util.ArrayList ids, int requestType)
          Check whether the user is authorised to make requests on the RegistryObjects
 void checkAuthorization(org.oasis.ebxml.registry.bindings.rim.User user, java.lang.Object registryRequest)
          Check if user is authorized to perform specified request.
 void checkAuthorizationV2(org.oasis.ebxml.registry.bindings.rim.User user, java.lang.Object registryRequest)
          Check if user is authorized to perform specified request using V2 specification.
 void checkAuthorizationV3(org.oasis.ebxml.registry.bindings.rim.User user, java.lang.Object registryRequest)
          Check if user is authorized to perform specified request using V3 specification.
static AuthorizationServiceImpl getInstance()
          Gets the singleton instance as defined by Singleton pattern.
 boolean isRegistryAdministrator(org.oasis.ebxml.registry.bindings.rim.User user)
           
static void main(java.lang.String[] args)
          Minimal unit test code.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SUBMIT_OBJECTS_REQUEST

public static final int SUBMIT_OBJECTS_REQUEST
See Also:
Constant Field Values

UPDATE_OBJECTS_REQUEST

public static final int UPDATE_OBJECTS_REQUEST
See Also:
Constant Field Values

REMOVE_OBJECTS_REQUEST

public static final int REMOVE_OBJECTS_REQUEST
See Also:
Constant Field Values

APPROVE_OBJECTS_REQUEST

public static final int APPROVE_OBJECTS_REQUEST
See Also:
Constant Field Values

DEPRECATE_OBJECTS_REQUEST

public static final int DEPRECATE_OBJECTS_REQUEST
See Also:
Constant Field Values

ADD_SLOTS_REQUEST

public static final int ADD_SLOTS_REQUEST
See Also:
Constant Field Values

REMOVE_SLOTS_REQUEST

public static final int REMOVE_SLOTS_REQUEST
See Also:
Constant Field Values

ADHOC_QUERY_REQUEST

public static final int ADHOC_QUERY_REQUEST
See Also:
Constant Field Values

GET_CONTENT_REQUEST

public static final int GET_CONTENT_REQUEST
See Also:
Constant Field Values

ACTION_ATTRIBUTE_ID

public static final java.lang.String ACTION_ATTRIBUTE_ID
The action-id action attribute from V3 spec.

See Also:
Constant Field Values

RESOURCE_ATTRIBUTE_OWNER

public static final java.lang.String RESOURCE_ATTRIBUTE_OWNER
The owner resource attribute from V3 spec.

See Also:
Constant Field Values

RESOURCE_ATTRIBUTE_REQUEST

public static final java.lang.String RESOURCE_ATTRIBUTE_REQUEST
The user subject attribute specific to ebxmlrr (not from V3 spec).

See Also:
Constant Field Values

SUBJECT_ATTRIBUTE_ID

public static final java.lang.String SUBJECT_ATTRIBUTE_ID
The subject-id subject attribute from XACML 1.0 spec. Should be in XACML impl??

See Also:
Constant Field Values

SUBJECT_ATTRIBUTE_ROLES

public static final java.lang.String SUBJECT_ATTRIBUTE_ROLES
The role subject attribute from V3 spec.

See Also:
Constant Field Values

SUBJECT_ATTRIBUTE_GROUPS

public static final java.lang.String SUBJECT_ATTRIBUTE_GROUPS
The role subject attribute from V3 spec.

See Also:
Constant Field Values

SUBJECT_ATTRIBUTE_USER

public static final java.lang.String SUBJECT_ATTRIBUTE_USER
The user subject attribute specific to ebxmlrr (not from V3 spec).

See Also:
Constant Field Values

ACTION_CREATE

public static final java.lang.String ACTION_CREATE
The create action from V3 spec.

See Also:
Constant Field Values

ACTION_READ

public static final java.lang.String ACTION_READ
The read action from V3 spec.

See Also:
Constant Field Values

ACTION_UPDATE

public static final java.lang.String ACTION_UPDATE
The update action from V3 spec.

See Also:
Constant Field Values

ACTION_DELETE

public static final java.lang.String ACTION_DELETE
The delete action from V3 spec.

See Also:
Constant Field Values

ACTION_APPROVE

public static final java.lang.String ACTION_APPROVE
The approve action from V3 spec.

See Also:
Constant Field Values

ACTION_DEPRECATE

public static final java.lang.String ACTION_DEPRECATE
The deprecate action from V3 spec.

See Also:
Constant Field Values

ACTION_UNDEPRECATE

public static final java.lang.String ACTION_UNDEPRECATE
The undeprecate action from V3 spec.

See Also:
Constant Field Values

ACTION_REFERENCE

public static final java.lang.String ACTION_REFERENCE
The reference action from V3 spec.

See Also:
Constant Field Values

CANONICAL_ID_NODE_REGISTRY_ADMINISTRATOR

public static final java.lang.String CANONICAL_ID_NODE_REGISTRY_ADMINISTRATOR
See Also:
Constant Field Values

CANONICAL_ID_NODE_SUBJECT_ROLE

public static final java.lang.String CANONICAL_ID_NODE_SUBJECT_ROLE
See Also:
Constant Field Values

CANONICAL_ID_NODE_SUBJECT_GROUP

public static final java.lang.String CANONICAL_ID_NODE_SUBJECT_GROUP
See Also:
Constant Field Values

PROP_REGISTRY_REQUEST

public static final java.lang.String PROP_REGISTRY_REQUEST
See Also:
Constant Field Values

FUNCTION_NS

public static final java.lang.String FUNCTION_NS
The standard namespace where all the ebRIM spec-defined functions live

See Also:
Constant Field Values
Constructor Detail

AuthorizationServiceImpl

protected AuthorizationServiceImpl()
Class Constructor. Protected and only used by getInstance()

Method Detail

getInstance

public static AuthorizationServiceImpl getInstance()
Gets the singleton instance as defined by Singleton pattern.

Returns:
the singleton instance

checkAuthorization

public void checkAuthorization(org.oasis.ebxml.registry.bindings.rim.User user,
                               java.util.ArrayList ids,
                               int requestType)
                        throws RegistryException
Check whether the user is authorised to make requests on the RegistryObjects

Throws:
UnauthorizedRequestException - if the user is not authorized to make the requests on the objects
RegistryException

checkAuthorizationV3

public void checkAuthorizationV3(org.oasis.ebxml.registry.bindings.rim.User user,
                                 java.lang.Object registryRequest)
                          throws RegistryException
Check if user is authorized to perform specified request using V3 specification. Check if the specified User (requestor) is authorized to make this request or not. The initial subject lists contains the object in the request is a resource. The primary action is determined by the type of request. In addition AdhocQueryRequest: process query as normal and then filter out objects that should not be visible to the client. GetContentRequest: throw ObjectNotFoundException if object client should not be able to see object. (document in V3 spec??) ApproveObjectRequest: check if subject is authorized for the approve action Deprecate/UndeprecateRequest: check if subject is authorized for the deprecate/undeprecate action RemoveObjectRequest: check if subject is authorized for the delete action SubmitObjectsRequest/UpdateObjectsRequest: check if subject authorized for the create action Check any referenced objects and see if their policies allows reference action Do we need any new Attribute types by Extending AttributeValue (have string URI etc.)?? Do we need any new functions??

Throws:
UnauthorizedRequestException - if the user is not authorized to make the requests on the objects
RegistryException

checkAuthorization

public void checkAuthorization(org.oasis.ebxml.registry.bindings.rim.User user,
                               java.lang.Object registryRequest)
                        throws RegistryException
Check if user is authorized to perform specified request.

RegistryException

checkAuthorizationV2

public void checkAuthorizationV2(org.oasis.ebxml.registry.bindings.rim.User user,
                                 java.lang.Object registryRequest)
                          throws RegistryException
Check if user is authorized to perform specified request using V2 specification.

RegistryException

isRegistryAdministrator

public boolean isRegistryAdministrator(org.oasis.ebxml.registry.bindings.rim.User user)
                                throws RegistryException
RegistryException

main

public static void main(java.lang.String[] args)
Minimal unit test code. WIll be replaced with junit test later.



Copyright © 2001-2003 OASIS. All Rights Reserved.