permissubject.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.pba.rbac; 

import java.security.Principal;
import java.util.Vector;

import issrg.pba.Subject;
import issrg.pba.Credentials;
import issrg.pba.CredentialsService;

/**
 * The Permis implementation of a subject. It knows the holder and its
 * credentials, it contains additional service for checking the credentials
 * validity. It knows what policy it is applicable to, and works for one
 * PermisRBAC object only.
 *
 * @author A Otenko
 * @author E Ball
 * @author D W Chadwick
 * @version 0.2
 */

public class PermisSubject implements Subject {
  private Principal SubjectName;
  private CredentialsService additionalService;
  private Credentials Creds; 
  protected String PolicyOID;
  protected issrg.pba.PBAAPI owner;

  protected PermisSubject(){}

  /**
   * This constructor builds a subject from a distinguished name and the
   * credentials the holder possesses.
   *
   * @param owner is the reference to the PBA API implementation that has
   *      created this object; so the owner could ensure it uses the
   *      subject for the right policy
   * @param DN the distinguished name of the subject
   * @param service is the run-time restriction on use of the credential set
   *      contained within this Subject
   * @param policyOID The OID of the policy controlling the subject
   * @param creds the Credential of the subject
   */
  protected PermisSubject(issrg.pba.PBAAPI owner, Principal DN, CredentialsService service,
                          String PolicyOID, issrg.pba.Credentials creds){
    this.owner = owner;

    SubjectName=DN;
    additionalService=service;
    this.PolicyOID = PolicyOID;
    Creds = creds;
  }


  /**
   * This method returns the Credentials (roles for the Permis project) of the
   * subject.
   *
   * @return the Credential of the subject
   */
  public Credentials exportCreds(){
    return  Creds;
  }  
 

  /**
   * This method returns the distinguished name of the subject.
   *
   * @return the Principal, representing the name of the holder
   */
  public Principal getHolder(){
    return SubjectName;
  }

  /**
   * This method returns the distinguished name of the subject as a string.
   *
   * @return the String representation of the holder name
   */
  public String getName(){
    return getHolder().getName();
  }

  /**
   * This method returns the object providing additional service on the set of
   * credentials.
   *
   * @return the CredentialService instance; can be null, if no additional
   *    services were attached to the credentials
   */
  public CredentialsService getService(){
    return additionalService;
  }

  /**
   * This method returns the owner of the Subject object.
   */
  public issrg.pba.PBAAPI getOwner(){
    return owner;
  }
}