authtokenrepository.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.pba.repository;
import issrg.pba.ParsedToken;
/**
 *This interface specifies the way Authorisation Tokens 
 * should be retrieved. The implementations should return 
 *  tokens that can be parsed from which the credentials 
 *  can then be extracted.
 *
 * @author A Otenko
 * @version 1.0
 */

public interface AuthTokenRepository {

  /**
   * This method retrieves Authorisation Tokens (as directory attributes) 
   *  for a given entry from the  repository. The TokenLocator (name 
   *  of the holder and some alternative name) is the locator of the Token. 
   * Note that the returned authorisation tokens may be valid or invalid 
   * according to the PERMIS policy, and may be authentic or not authentic (
   * as determined later by the signature verification). 
   *
   * @param subject is the TokenLocator of the holder of the authorisation token
   *
   * @return a collection of authorisation tokens (as directory attributes) 
   *    associated with the subject and held in its entry in the repository, 
   *    or null if no tokens were contained within the entry. Note that 
   *    implementations should throw an exception if a subject entry 
   *    does not exist in the repository.
   *
   * @throws PbaException in case of any error while retrieving the tokens
   */
  public javax.naming.directory.Attribute getAuthTokens(issrg.utils.repository.TokenLocator subject) throws issrg.pba.PbaException;
  
  /**
   * This method returns the all the related tokens in a parsed form. 
   * Implementation of this function may be able to retrieve related tokens
   * from a repository, and parse the retrieved tokens.
   *
   * <p>Effectively, this method should be the same as calling getAuthTokens,
   * then parsing them with a preconfigured AuthTokenParser, ignoring the 
   * malformed Authorization Tokens.
   *
   * @param subject is the TokenLocator of the holder of the authorisation token
   *
   * @return an array of parsed tokens. It is never null, but some entries in 
   *   the
   *   array may be null. Empty array may be retruned meaning that no tokens 
   *   are available.
   */
  public ParsedToken[] getParsedAuthTokens(issrg.utils.repository.TokenLocator subject) throws issrg.pba.PbaException;
}