kaos.policy.query
Interface AuthorizationPolicyDisclosure

All Known Subinterfaces:
DirectoryService, EnforcerManagerService, Guard, PolicyChecking, PolicyDisclosure
All Known Implementing Classes:
GridDirectoryServicePolicyCert, KAoSDirectoryService, KAoSGridGuard, KAoSGuard, PolicyCheckingImpl, TunnelClient

public interface AuthorizationPolicyDisclosure


Method Summary
 void checkPermission(java.security.Permission perm, java.lang.Object context)
          The method check if the given action is permitted according to the current set of policies
 java.util.Vector getAllowableValuesForActionProperties(ActionInstanceDescription actionDesc)
          In this case, there are NO properties specified.
 java.util.Vector getAllowableValuesForActionProperties(java.util.Vector propertyNames, ActionInstanceDescription actionDesc, boolean tight)
          This function is used when the agent/enforcer has only partial information about an action and would like to determine what range of properties can be allowed by the policy set.
 java.util.Set getAllowableValuesForActionProperty(java.lang.String origPropertyName, ActionInstanceDescription origActionDesc, java.util.Set allTargetValues, boolean tight)
          This function is used when the enforcer has only partial information about an action and needs to determine what range of a property can be allowed by the policy.
 java.util.List getPoliciesForActionType(java.lang.String actionType)
          Get policies for the specified action type.
 

Method Detail

checkPermission

void checkPermission(java.security.Permission perm,
                     java.lang.Object context)
                     throws KAoSSecurityException,
                            java.lang.NullPointerException,
                            ServiceFailure
The method check if the given action is permitted according to the current set of policies

Parameters:
perm - Permission to be checked by the Guard in order to allow/disallow an action.
context - An Object describing the context of the action.
Throws:
KAoSSecurityException - if the action is not allowed.
java.lang.NullPointerException - if the Permission argument is null.
ServiceFailure

getPoliciesForActionType

java.util.List getPoliciesForActionType(java.lang.String actionType)
                                        throws ServiceFailure
Get policies for the specified action type.

Parameters:
actionType - String specifying the action type for the requested policies.
Returns:
List Contains policies defined for the specified action.
Throws:
ServiceFailure

getAllowableValuesForActionProperties

java.util.Vector getAllowableValuesForActionProperties(java.util.Vector propertyNames,
                                                       ActionInstanceDescription actionDesc,
                                                       boolean tight)
                                                       throws ServiceFailure
This function is used when the agent/enforcer has only partial information about an action and would like to determine what range of properties can be allowed by the policy set. The agent/enforcer partially fills an ActionInstanceDescription object and sends it to the method, which finds those policies that are applicable to this action and contain the given property. The method will then select only those values for the given properties that will not conflict with higher priority policies containing the given properties.

Parameters:
propertyName - Vector containing the properties for which values are to be found.
actionDesc - ActionInstanceDescription object which will be used to find applicable policies.
tight - boolean, if set to 'true', will result in returning only these values for the missing specified property which would satisfy some policy if used alone.
Returns:
Vector The Vector containing multiple ActionInstanceDescription objects which contain the allowed values for those properties.
Throws:
ServiceFailure

getAllowableValuesForActionProperties

java.util.Vector getAllowableValuesForActionProperties(ActionInstanceDescription actionDesc)
                                                       throws ServiceFailure
In this case, there are NO properties specified. The function uses the given, partially filled, ActionInstanceDescription object to find those policies that are applicable to this action, and then it selects all the properties from those policies which are not originally contained in the provided ActionInstanceDescription object. It then chooses only those values for the given properties which do not conflict with their higher priority selves, and returns all those properties in the ActionInstanceDescription object.

Parameters:
actionDesc - ActionInstanceDescription object which will be used to find applicable policies.
Returns:
Vector The Vector containing multiple ActionInstanceDescription objects which contain the allowed values for those properties.
Throws:
ServiceFailure

getAllowableValuesForActionProperty

java.util.Set getAllowableValuesForActionProperty(java.lang.String origPropertyName,
                                                  ActionInstanceDescription origActionDesc,
                                                  java.util.Set allTargetValues,
                                                  boolean tight)
                                                  throws ServiceFailure
This function is used when the enforcer has only partial information about an action and needs to determine what range of a property can be allowed by the policy. The enforcer partially fills an ActionInstanceDescription object and sends it to the PolicyDisclosure object to find those policies that are applicable to this action and contain the given property. PolicyDisclosure will then select only those values for the given property that will not conflict with higher priority policies containing the given property. This is a complex function and needs to be understood in the context of how it is used - this is getting written elsewhere and will be included here at a later time.

Parameters:
propertyName - String specifying the property for which values are to be found.
actionDesc - ActionInstanceDescription object which will be used to find applicable policies.
allTargetValues - Set of possible property values - now it is a fake argument, which should really be calculated by the directory service and passed to the entity disclosing the policy (PolicyDisclosure).
tight - boolean, if set to 'true', will result in returning only these values for the missing specified property which would satisfy some policy if used alone.
Returns:
Set The Set containing allowed values for the given property, or null, if a thread waiting to complete execution of this method has been interrupted. The interrupted status will be propagated.
Throws:
ServiceFailure