org.globus.ogsa.impl.security
Class SecurityManager

java.lang.Object
  extended byorg.globus.ogsa.impl.security.SecurityManager

public class SecurityManager
extends java.lang.Object

Common security API exposed to the service developers.


Constructor Summary
SecurityManager()
           
 
Method Summary
 void addAuthorizedUser(ServiceProperties props, org.ietf.jgss.GSSCredential cred)
          Internal API - subject to change: Adds the identity that the credential represents as an authorized user to access the service.
 void addAuthorizedUser(ServiceProperties props, java.lang.String userId)
          Internal API - subject to change: Adds the specified user identity as an authorized user to access the service.
 java.lang.String getCaller()
          Returns the identity of the current caller.
 java.security.Principal getCallerPrincipal()
          Returns the identity of the current caller.
static SecurityManager getManager()
          Returns an instance of the security manager.
 javax.security.auth.Subject getServiceSubject(ServiceProperties props)
          Returns service subject.
 javax.security.auth.Subject getSubject(ServiceProperties props)
          Returns service subject if set.
 javax.security.auth.Subject getSystemSubject()
          Returns the system subject (containing the container credentials).
 javax.security.auth.Subject setServiceOwnerFromContext(ServiceProperties props)
          Sets the service object with the current invocation subject.
 javax.security.auth.Subject setServiceOwnerFromContext(ServiceProperties props, GridContext context)
          Sets the service object with the current invocation subject.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecurityManager

public SecurityManager()
Method Detail

getManager

public static SecurityManager getManager()
Returns an instance of the security manager.

Returns:
an instance of the security manager.

getSystemSubject

public javax.security.auth.Subject getSystemSubject()
                                             throws SecurityException
Returns the system subject (containing the container credentials).

Returns:
the system subject.
Throws:
SecurityException - if failed to obtain container credentials.

getServiceSubject

public javax.security.auth.Subject getServiceSubject(ServiceProperties props)
Returns service subject. Might return null if the service subject is not set.

Parameters:
props - the service to get the subject of.
Returns:
the service subject.

getSubject

public javax.security.auth.Subject getSubject(ServiceProperties props)
                                       throws SecurityException
Returns service subject if set. Otherwise, system subject is returned.

Parameters:
props - the service to get the subject of.
Returns:
the service subject if set, system subject otherwise.
Throws:
SecurityException - if failed to obtain credentials.

getCaller

public java.lang.String getCaller()
Returns the identity of the current caller. Might return null if client did not authenticate.

Returns:
the identity of the caller. Might be null.

getCallerPrincipal

public java.security.Principal getCallerPrincipal()
Returns the identity of the current caller. Might return null if client did not authenticate.

Returns:
the identity of the caller. Might be null.

setServiceOwnerFromContext

public javax.security.auth.Subject setServiceOwnerFromContext(ServiceProperties props)
                                                       throws SecurityException
Sets the service object with the current invocation subject. The invocation subject must contain some private credentials. All GlobusPrincipals in invocation subject are added as authorized users to access the service.

Parameters:
props - the service to set the subject on.
Returns:
the new service subject object
Throws:
SecurityException - if the operation fails.

setServiceOwnerFromContext

public javax.security.auth.Subject setServiceOwnerFromContext(ServiceProperties props,
                                                              GridContext context)
                                                       throws SecurityException
Sets the service object with the current invocation subject. The invocation subject must contain some private credentials. All GlobusPrincipals in invocation subject are added as authorized users to access the service.

Parameters:
props - the service to set the subject on.
context - the grid context.
Throws:
SecurityException - if the operation fails.

addAuthorizedUser

public void addAuthorizedUser(ServiceProperties props,
                              org.ietf.jgss.GSSCredential cred)
                       throws SecurityException
Internal API - subject to change: Adds the identity that the credential represents as an authorized user to access the service.

Parameters:
props - the service to update the authorization list for.
cred - the credential to get the identity from.
Throws:
SecurityException

addAuthorizedUser

public void addAuthorizedUser(ServiceProperties props,
                              java.lang.String userId)
                       throws SecurityException
Internal API - subject to change: Adds the specified user identity as an authorized user to access the service.

Parameters:
props - the service to update the authorization list for.
userId - the user identity to add to the authorization list of the service.
Throws:
SecurityException


Copyright ? 1999 University of Chicago and The University of Southern California. All Rights Reserved.