com.ibm.sec.authz.jaccplus.config.internal
Class PolicyConfigurationUtils

java.lang.Object
  extended by com.ibm.sec.authz.jaccplus.config.internal.PolicyConfigurationUtils

public class PolicyConfigurationUtils
extends java.lang.Object

A utility class containing routines for creating and manipulating policy fragments.


Method Summary
static void addAllAuthenticatedUsersToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory, com.ibm.sec.authz.xacml.policy.Target target)
          This method is used to add a Subject to the Target that allows access by all authenticated users.
static void addGroupToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory, java.lang.String groupId, com.ibm.sec.authz.xacml.policy.Target target)
          This method is used to add a SubjectMatch for the group with the specified name to the given Target.
static void addGroupToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory, java.lang.String groupId, com.ibm.sec.authz.xacml.policy.Target target, boolean autoEscape)
          This method is used to add a SubjectMatch for the group with the specified name to the given Target.
static void addSubjectToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory, java.lang.String subjectId, com.ibm.sec.authz.xacml.policy.Target target)
          This method is used to add a SubjectMatch for the subject with the specified name to the given Target.
static void addSubjectToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory, java.lang.String subjectId, com.ibm.sec.authz.xacml.policy.Target target, boolean autoEscape)
          This method is used to add a SubjectMatch for the subject with the specified name to the given Target.
static com.ibm.sec.authz.xacml.policy.Target createEmptyRoleTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory, java.lang.String roleName)
          This method is used to create a new, blank Target for the role specified.
static com.ibm.sec.authz.xacml.policy.AttributeValue createSubjectAttributeValue(java.lang.String potentialDN)
          This method is used to create an AttributeValue of the correct type, given a string that potentially be a DN.
static com.ibm.sec.authz.xacml.policy.AttributeValue createSubjectAttributeValue(java.lang.String potentialDN, boolean autoEscape)
          This method is used to create an AttributeValue of the correct type, given a string that potentially be a DN.
static java.lang.String escapeForX500Name(java.lang.String inputDN)
          performs backslash escaping on an incoming string
static java.lang.String unescapeForX500Name(java.lang.String inputDN)
          performs backslash unescaping on an incoming string
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

createEmptyRoleTarget

public static com.ibm.sec.authz.xacml.policy.Target createEmptyRoleTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory,
                                                                          java.lang.String roleName)
                                                                   throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
This method is used to create a new, blank Target for the role specified. The Target has one Subject, with a SubjectMatch that checks for the RBAC role attribute matching the specified role name.

Parameters:
factory - The XACML policy instance.
roleName - The String name of the role for which the target is being created.
Returns:
the created Target for the specified role.
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

addSubjectToTarget

public static void addSubjectToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory,
                                      java.lang.String subjectId,
                                      com.ibm.sec.authz.xacml.policy.Target target)
                               throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
This method is used to add a SubjectMatch for the subject with the specified name to the given Target.

Parameters:
factory - The XACML policy instance.
subjectId - The String name of the subject to be added.
target - The Target to which the subject is to be added.
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

addSubjectToTarget

public static void addSubjectToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory,
                                      java.lang.String subjectId,
                                      com.ibm.sec.authz.xacml.policy.Target target,
                                      boolean autoEscape)
                               throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
This method is used to add a SubjectMatch for the subject with the specified name to the given Target.

Parameters:
factory - The XACML policy instance.
subjectId - The String name of the subject to be added.
target - The Target to which the subject is to be added.
autoEscape - flag to specify whether backslash chars need to be auto escaped
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

addGroupToTarget

public static void addGroupToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory,
                                    java.lang.String groupId,
                                    com.ibm.sec.authz.xacml.policy.Target target)
                             throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
This method is used to add a SubjectMatch for the group with the specified name to the given Target.

Parameters:
factory - The XACML policy instance.
groupId - The String name of the group to be added.
target - The Target to which the group is to be added.
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

addGroupToTarget

public static void addGroupToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory,
                                    java.lang.String groupId,
                                    com.ibm.sec.authz.xacml.policy.Target target,
                                    boolean autoEscape)
                             throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
This method is used to add a SubjectMatch for the group with the specified name to the given Target.

Parameters:
factory - The XACML policy instance.
groupId - The String name of the group to be added.
target - The Target to which the group is to be added.
autoEscape - flag to specify whether backslash chars need to be auto escaped
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

addAllAuthenticatedUsersToTarget

public static void addAllAuthenticatedUsersToTarget(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory,
                                                    com.ibm.sec.authz.xacml.policy.Target target)
                                             throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
This method is used to add a Subject to the Target that allows access by all authenticated users. "All authenticated" is determined by the presence of ANY value of subject-id, as determined by the regex ".*"

Parameters:
factory - The XACML policy instance.
target - The Target to which all authenticated users are to be added.
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

createSubjectAttributeValue

public static com.ibm.sec.authz.xacml.policy.AttributeValue createSubjectAttributeValue(java.lang.String potentialDN)
This method is used to create an AttributeValue of the correct type, given a string that potentially be a DN.

Parameters:
potentialDN - The String name of the potential DN to be created.
Returns:
the created attribute value of the DN.

createSubjectAttributeValue

public static com.ibm.sec.authz.xacml.policy.AttributeValue createSubjectAttributeValue(java.lang.String potentialDN,
                                                                                        boolean autoEscape)
This method is used to create an AttributeValue of the correct type, given a string that potentially be a DN.

Parameters:
potentialDN - The String name of the potential DN to be created.
autoEscape - flag to specify whether backslash chars need to be auto escaped
Returns:
the created attribute value of the DN.

escapeForX500Name

public static final java.lang.String escapeForX500Name(java.lang.String inputDN)
performs backslash escaping on an incoming string

Parameters:
inputDN - *
Returns:
unescapedDN

unescapeForX500Name

public static final java.lang.String unescapeForX500Name(java.lang.String inputDN)
performs backslash unescaping on an incoming string

Parameters:
inputDN - *
Returns:
unescapedDN


Copyright © 2009 IBM Corp. All Rights Reserved.