Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.dtolabs.rundeck.core.authorization
Class BaseAclsAuthorization

java.lang.Object
  extended by com.dtolabs.rundeck.core.authorization.BaseAclsAuthorization
All Implemented Interfaces:
Authorization, LegacyAuthorization
Direct Known Subclasses:
JndiAuthorization
public abstract class BaseAclsAuthorization
extends java.lang.Object
implements Authorization, LegacyAuthorization

BaseAclsAuthorization is a legacy class and is being preserved until it can be depreciated.

Constructor Summary
BaseAclsAuthorization(Framework framework, java.io.File aclBasedir)
          Default constructor
 
Method Summary
 boolean authorizeScript(java.lang.String user, java.lang.String project, java.lang.String adhocScript)
          script authorization
abstract  java.lang.String[] determineUserRoles(java.lang.String user)
           
 Decision evaluate(java.util.Map<java.lang.String,java.lang.String> resource, javax.security.auth.Subject subject, java.lang.String action, java.util.Set<Attribute> environment)
          Evaluate the authorization request and return if this request is valid.
 java.util.Set<Decision> evaluate(java.util.Set<java.util.Map<java.lang.String,java.lang.String>> resources, javax.security.auth.Subject subject, java.util.Set<java.lang.String> action, java.util.Set<Attribute> environment)
          Make a multiple resource determination.
 java.io.File getAclBasedir()
           
 java.lang.String[] getMatchedRoles()
          getMatchedRoles, returns list of matched roles as a String array
 java.lang.String listMatchedRoles()
          listMatchedRoles, returns list of matched roles as a whitespace seperated String
static java.util.List<java.lang.String> listRoles(java.io.File aclBasedir)
          Return a list of roles declare in the undelrying policy files.
 java.lang.String toString()
          return a string representation of this object
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

BaseAclsAuthorization

public BaseAclsAuthorization(Framework framework,
                             java.io.File aclBasedir)
                      throws java.io.IOException,
                             PoliciesParseException
Default constructor

Parameters:
aclBasedir -
Throws:
java.io.IOException
PoliciesParseException
Method Detail

listRoles

public static java.util.List<java.lang.String> listRoles(java.io.File aclBasedir)
                                                  throws java.io.IOException
Return a list of roles declare in the undelrying policy files. Note: I understand why this is here, but it is ugly, I don't like it and it needs to be removed. (NSC).

Parameters:
aclBasedir - Typically $RDECK_BASE/etc
Returns:
roles A list of roles present in the *.aclpolicy files.
Throws:
java.io.IOException

getMatchedRoles

public java.lang.String[] getMatchedRoles()
getMatchedRoles, returns list of matched roles as a String array

Specified by:
getMatchedRoles in interface LegacyAuthorization
Returns:
String[]

listMatchedRoles

public java.lang.String listMatchedRoles()
listMatchedRoles, returns list of matched roles as a whitespace seperated String

Specified by:
listMatchedRoles in interface LegacyAuthorization
Returns:
String

authorizeScript

public boolean authorizeScript(java.lang.String user,
                               java.lang.String project,
                               java.lang.String adhocScript)
                        throws AuthorizationException
script authorization

Specified by:
authorizeScript in interface LegacyAuthorization
Parameters:
user - user name
project - project name
adhocScript - script to execute
Returns:
Throws:
AuthorizationException

determineUserRoles

public abstract java.lang.String[] determineUserRoles(java.lang.String user)

toString

public java.lang.String toString()
return a string representation of this object

Overrides:
toString in class java.lang.Object
Returns:
String

getAclBasedir

public java.io.File getAclBasedir()

evaluate

public Decision evaluate(java.util.Map<java.lang.String,java.lang.String> resource,
                         javax.security.auth.Subject subject,
                         java.lang.String action,
                         java.util.Set<Attribute> environment)
Description copied from interface: Authorization
Evaluate the authorization request and return if this request is valid. Make a single resource determination. The method is loosely based on the XACML model for structuring requests and response. These can be prefixed with a fully qualified namespace and ':'. If anything goes wrong in evaluating the request, the result will be false. No exception will be thrown.

Specified by:
evaluate in interface Authorization
Parameters:
resource - The properties that identify the resource.
subject - The properties that represent the subject.
action - A set of actions that are being requested on the resource.
environment - A set of environment properties (hostname, time of day, etc.)
Returns:
decision Return true if the subject's action on the object given the environment is authorized.

evaluate

public java.util.Set<Decision> evaluate(java.util.Set<java.util.Map<java.lang.String,java.lang.String>> resources,
                                        javax.security.auth.Subject subject,
                                        java.util.Set<java.lang.String> action,
                                        java.util.Set<Attribute> environment)
Description copied from interface: Authorization
Make a multiple resource determination.

Specified by:
evaluate in interface Authorization
Returns:
decisions
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD