PolicyDisclosure

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

kaos.policy.query
Interface PolicyDisclosure

All Superinterfaces:: AuthorizationPolicyDisclosure, ObligationPolicyDisclosure

All Known Subinterfaces:: DirectoryService, EnforcerManagerService, Guard

All Known Implementing Classes:: GridDirectoryServicePolicyCert, KAoSDirectoryService, KAoSGridGuard, KAoSGuard, TunnelClient

public interface PolicyDisclosure
extends AuthorizationPolicyDisclosure, ObligationPolicyDisclosure
extends AuthorizationPolicyDisclosure, ObligationPolicyDisclosure

This interface defines methods to select obligation actions for the given trigger condition ActionInstanceDescription.

Method Summary
`void`	`checkDeepPermission(java.security.Permission perm, java.lang.Object context)` The method checks if the given action is permitted according to the current set of policies.
`java.util.Vector`	`findPolicyDecision(java.security.Permission perm, java.lang.Object context)` The method checks if the given action is permitted according to the current set of policies, or if the given action is a trigger for some obligation policy.
`java.lang.Integer`	`getPolicyUpdateCount()` Returns count of the number of times the policy has been updated.

Methods inherited from interface kaos.policy.query.AuthorizationPolicyDisclosure
`checkPermission, getAllowableValuesForActionProperties, getAllowableValuesForActionProperties, getAllowableValuesForActionProperty, getPoliciesForActionType`

Methods inherited from interface kaos.policy.query.ObligationPolicyDisclosure
`getObligationsForTriggerCondition`

Method Detail

getPolicyUpdateCount

java.lang.Integer getPolicyUpdateCount()
                                       throws ServiceFailure

Returns count of the number of times the policy has been updated. This function is important when a policy disclosure client needs to cache results for performance reasons. The traditional case occurs when the caller is asking permission for access and will cache the result if the mediation succeeds. The logic would look something like this - getPolicyUpdateCount - check if permission is permitted based on the cache using the policy update count - if the permission is cached return success - otherwise call checkPermission - if checkPermission succeeeds - get PolicyUpdateCount - if the policy update count before the call is the same as it is after the call, cache the fact that access is allowed. - return success - otherwise return exception

Throws:: ServiceFailure

checkDeepPermission

void checkDeepPermission(java.security.Permission perm,
                         java.lang.Object context)
                         throws java.lang.NullPointerException,
                                ServiceFailure,
                                KAoSSecurityException

The method checks if the given action is permitted according to the current set of policies. However, if the given action is not permitted by a policy, instead of stopping there, it goes on to find all those policies that forbid the given action, and then returns a vector that contains their ids inside the kaos security exception that is finally thrown.

Parameters:: perm - Permission to be checked by the Guard in order to allow/disallow an action.; context - An Object describing the context of the action.
Throws:: java.lang.NullPointerException - if the Permission argument is null.; KAoSSecurityException - containing the ids of forbidding policies, if any.; ServiceFailure

findPolicyDecision

java.util.Vector findPolicyDecision(java.security.Permission perm,
                                    java.lang.Object context)
                                    throws ObligationViolationException,
                                           KAoSSecurityException,
                                           java.lang.NullPointerException,
                                           ServiceFailure

The method checks if the given action is permitted according to the current set of policies, or if the given action is a trigger for some obligation policy. If the action is not permitted, the method throws an exception, but if the action is a trigger, the method returns a vector containing all those obligation policies for whom the action is a trigger.

Parameters:: perm - Permission to be checked by the Guard in order to allow/disallow an action; or the trigger to be checked for obligation policies.; context - An Object describing the context of the action.
Throws:: KAoSSecurityException - if the action is not allowed.; java.lang.NullPointerException - if the Permission argument is null.; ObligationViolationException; ServiceFailure