permisauthzimpl.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.globus.impl; 

import issrg.globus.PermisAuthz.*;
import issrg.globus.*;
import org.globus.ogsa.impl.ogsi.GridServiceImpl;
import org.globus.ogsa.GridContext;
import org.globus.ogsa.GridServiceException;

public class PermisAuthzImpl extends GridServiceImpl implements issrg.globus.PermisAuthz.PermisAuthzPortType, issrg.pba.rbac.SignatureVerifier {
	protected SamlADF adf=null; // that's who will make decisions for us


	public PermisAuthzImpl(){}

	public void postCreate(GridContext gc) throws GridServiceException{
		try{
			super.postCreate(gc);
		// read in the configuration parameters from the server-config.wsdd

				// retrieve variables with the same names, as
				// samlAdf.cfg would have;
				// we will not support locally stored ACs/PKCs - only LDAP-based store
				// only one LDAP so far
			String soa = (String)getProperty(SamlADF.SOA_STRING);
			String ldapURL = (String)getProperty(SamlADF.LDAP_URL_STRING);
			String oid = (String)getProperty(SamlADF.OID_STRING);
			String rootCA = (String)getProperty(SamlADF.ROOT_CA_STRING); // .pkc filename

			if (soa==null || ldapURL==null || oid==null){
				throw new GridServiceException("Incomplete set of parameters has been provided: "+
						SamlADF.SOA_STRING+"="+soa+"; "+
						SamlADF.LDAP_URL_STRING+"="+ldapURL+"; "+
						SamlADF.OID_STRING+"="+oid);
			}

			if (rootCA==null){
				//...log4j message that no signature verification will be used
			}

				// build SamlADF with a given PBA API; construct PBA API using a static method in SamlADF.
			adf=new SamlADF(SamlADF.getPBAAPI(oid, soa, ldapURL, rootCA, this));
		}catch (Exception e){
			throw new GridServiceException("Failed to start PermisAuthz service.", e);
		}
	}

	/**
	* This method will process a SAML request and return a SAML response.
	*/
	public String processSAMLRequest(String req) throws java.rmi.RemoteException {
		try{
			return adf.process(req);
		}catch (Exception e){
			throw new java.rmi.RemoteException("Failed to process request: "+req, e);
		}
	}

	/**
	* This method provides default signature verification - always returns true.
	*/
	public boolean checkSignature(byte[] Value, byte[] Signature,
                                String algorithmID, java.security.Principal Signer){
		return true;
	}

}