com.ibm.sec.authz.jaccplus.internal
Class AbstractJACCPermissionTransformer

java.lang.Object
  extended by com.ibm.sec.authz.jaccplus.internal.AbstractPermissionTransformer
      extended by com.ibm.sec.authz.jaccplus.internal.AbstractJACCPermissionTransformer
All Implemented Interfaces:
IPermissionTransformer
Direct Known Subclasses:
EJBMethodPermissionConverter, EJBRoleRefPermissionConverter, WebResourcePermissionConverter, WebRoleRefPermissionConverter, WebUserDataPermissionConverter

public abstract class AbstractJACCPermissionTransformer
extends AbstractPermissionTransformer

Abstract class used as the base class for transformer objects that convert JACC Permission types into XACML format.


Field Summary
protected  com.ibm.sec.authz.xacml.config.XACMLPolicyFactory _policyFactory
           
protected static java.lang.String ATTR_ACTION_ID
           
protected static java.lang.String ATTR_ACTION_TRANSPORT
           
protected static java.lang.String ATTR_RESOURCE_ID
           
protected static java.lang.String ATTR_RESOURCE_TYPE
           
protected static java.lang.String ATTR_SUBJECT_ID
           
protected static java.lang.String ATTR_SUBJECT_ROLE
           
protected static java.net.URI VALUE_HAS_ROLE
           
protected static java.lang.String WILDCARD_REGEX_PATTERN
          Our regex substitution for the '*' wildcard
 
Constructor Summary
AbstractJACCPermissionTransformer(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory)
           
 
Method Summary
protected  com.ibm.sec.authz.xacml.policy.Action[] createActionsForHTTPActions(java.lang.String actionString)
          Create a list of XACML Action elements for all the HTTP actions in the passed string.
protected  com.ibm.sec.authz.xacml.policy.Condition createCondition(java.lang.String[] excludedUrlPatterns, java.lang.String[] excludedActions)
          Create an XACML Condition element representing the URL pattern matching semantics for the given URL pattern.
protected  com.ibm.sec.authz.xacml.policy.ResourceMatch createResourceTypeMatch(java.lang.String resourceType)
          Create an XACML ResourceMatch element for the given JACC resource type.
protected  com.ibm.sec.authz.xacml.policy.ResourceMatch createURLPatternMatch(java.lang.String urlPattern)
          Create a ResourceMatch that checks for the given URL pattern.
 boolean supportsEntitlements()
          Entitlements are not supported by the JACC permission classes
 
Methods inherited from class com.ibm.sec.authz.jaccplus.internal.AbstractPermissionTransformer
getAttributeValues, getSingleAttributeValue
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface com.ibm.sec.authz.jaccplus.internal.IPermissionTransformer
addPermissionToRequest, convertPermissionToRule, createPermission, getConstantValue, getVocabulary
 

Field Detail

ATTR_SUBJECT_ID

protected static final java.lang.String ATTR_SUBJECT_ID
See Also:
Constant Field Values

ATTR_RESOURCE_TYPE

protected static final java.lang.String ATTR_RESOURCE_TYPE
See Also:
Constant Field Values

ATTR_RESOURCE_ID

protected static final java.lang.String ATTR_RESOURCE_ID
See Also:
Constant Field Values

ATTR_ACTION_ID

protected static final java.lang.String ATTR_ACTION_ID
See Also:
Constant Field Values

ATTR_SUBJECT_ROLE

protected static final java.lang.String ATTR_SUBJECT_ROLE
See Also:
Constant Field Values

ATTR_ACTION_TRANSPORT

protected static final java.lang.String ATTR_ACTION_TRANSPORT
See Also:
Constant Field Values

VALUE_HAS_ROLE

protected static final java.net.URI VALUE_HAS_ROLE

WILDCARD_REGEX_PATTERN

protected static final java.lang.String WILDCARD_REGEX_PATTERN
Our regex substitution for the '*' wildcard

See Also:
Constant Field Values

_policyFactory

protected com.ibm.sec.authz.xacml.config.XACMLPolicyFactory _policyFactory
Constructor Detail

AbstractJACCPermissionTransformer

public AbstractJACCPermissionTransformer(com.ibm.sec.authz.xacml.config.XACMLPolicyFactory factory)
Method Detail

createResourceTypeMatch

protected com.ibm.sec.authz.xacml.policy.ResourceMatch createResourceTypeMatch(java.lang.String resourceType)
                                                                        throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
Create an XACML ResourceMatch element for the given JACC resource type.

Parameters:
resourceType -
Returns:
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

createCondition

protected com.ibm.sec.authz.xacml.policy.Condition createCondition(java.lang.String[] excludedUrlPatterns,
                                                                   java.lang.String[] excludedActions)
                                                            throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
Create an XACML Condition element representing the URL pattern matching semantics for the given URL pattern.

Parameters:
excludedUrlPatterns -
excludedActions -
Returns:
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

createURLPatternMatch

protected com.ibm.sec.authz.xacml.policy.ResourceMatch createURLPatternMatch(java.lang.String urlPattern)
                                                                      throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
Create a ResourceMatch that checks for the given URL pattern.

Parameters:
urlPattern -
Returns:
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

createActionsForHTTPActions

protected com.ibm.sec.authz.xacml.policy.Action[] createActionsForHTTPActions(java.lang.String actionString)
                                                                       throws com.ibm.sec.authz.xacml.config.XACMLConfigurationException
Create a list of XACML Action elements for all the HTTP actions in the passed string. The HTTP actions are to be separated by a comma, as per the JACC specification.

Parameters:
actionString -
Returns:
Throws:
com.ibm.sec.authz.xacml.config.XACMLConfigurationException

supportsEntitlements

public boolean supportsEntitlements()
Entitlements are not supported by the JACC permission classes

Returns:
True if entitlement conversions are supported


Copyright © 2009 IBM Corp. All Rights Reserved.