SecurityTokens (Core EMI Registry Server 1.1.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

eu.emi.dsr.security
Class SecurityTokens

java.lang.Object
  eu.emi.dsr.security.SecurityTokens

All Implemented Interfaces:: Serializable

public class SecurityTokens
extends Object
implements Serializable
extends Object
implements Serializable

A set of security tokens with authentication information: Unicore consignor and user are hold here. Also trust delegation tokens and digital signature status are kept here. The additional data can be stored in a context map. Some keys of objects that can be found in the context are defined here too (e.g. HTTP BASIC Auth login and password).

Author:: K. Benedyczak, Bernd Schuller
See Also:: Serialized Form

Field Summary
`static String`	`CTX_LOGIN_HTTP` Context key of the token (as found in Unicore6Tokens) with HTTP BASIC login data.
`static String`	`CTX_SCOPE_KEY` Context key of String which denotes if the request is done as normal WS request.
`static String`	`CTX_SOAP_ACTION` Context key of the SOAP action being invoked.
`static String`	`KEY` Key for storing the security tokens in the message context.
`static String`	`SCOPE_REQUEST` Standard value of SCOPE_KEY.

Constructor Summary
`SecurityTokens()`

Method Summary
`boolean`	`equals(Object otherO)` Two sets of tokes are considered equal if their effective user names, consignor certs, delegation statuses and signature status are equal.
`CertPath`	`getConsignor()` Retrieves the stored consignor as a certificate path.
`X509Certificate`	`getConsignorCertificate()` Retrieves stored consignor as X509 certificate.
`Map<String,Object>`	`getContext()` Returns a map with additional security related settings.
`SignatureStatus`	`getMessageSignatureStatus()` Returns the status of the request's signature.
`CertPath`	`getUser()` Returns user's certificates path.
`X509Certificate`	`getUserCertificate()` Returns a user's X509 certificate.
`X500Principal`	`getUserName()` Returns a user's DN.
`int`	`hashCode()`
`boolean`	`isConsignorTrusted()` Returns true if the Consignor is anyhow allowed to work on User's behalf, as set by the setConsignorTrusted method.
`boolean`	`isTrustDelegationValidated()` Returns true iff the trust delegation attached is valid and issued by the User.
`void`	`setConsignor(CertPath consignor)` Sets a consignor.
`void`	`setConsignorTrusted(boolean consignorTrusted)` Sets the key value telling if the Consignor is allowed to work on the Users behalf.
`void`	`setMessageSignatureStatus(SignatureStatus status)` Sets a status of the request's signature.
`void`	`setTrustDelegationValidated(boolean validTrustDelegation)` Sets the attached trust delegation general validation status.
`void`	`setUser(CertPath user)` Sets user identity in terms of certificates.
`void`	`setUserName(X500Principal userName)` Sets user identity in terms of DN.
`String`	`toString()`

Methods inherited from class java.lang.Object
`clone, finalize, getClass, notify, notifyAll, wait, wait, wait`

Field Detail

KEY

public static final String KEY

Key for storing the security tokens in the message context.

CTX_LOGIN_HTTP

public static final String CTX_LOGIN_HTTP

Context key of the token (as found in Unicore6Tokens) with HTTP BASIC login data. The value corresponding to this key is either null or HTTPAuthNTokens.

CTX_SOAP_ACTION

public static final String CTX_SOAP_ACTION

Context key of the SOAP action being invoked. The value corresponding to this key is either null or a String.

See Also:: Constant Field Values

CTX_SCOPE_KEY

public static final String CTX_SCOPE_KEY

Context key of String which denotes if the request is done as normal WS request.

SCOPE_REQUEST

public static final String SCOPE_REQUEST

Standard value of SCOPE_KEY.

See Also:: Constant Field Values

Constructor Detail

SecurityTokens

public SecurityTokens()

Method Detail

setConsignor

public void setConsignor(CertPath consignor)

Sets a consignor. It should be a VALIDATED identity.

Parameters:: consignor -

getConsignor

public CertPath getConsignor()

Retrieves the stored consignor as a certificate path.

Returns:

getConsignorCertificate

public X509Certificate getConsignorCertificate()

Retrieves stored consignor as X509 certificate.

Returns:

setUser

public void setUser(CertPath user)

Sets user identity in terms of certificates. It is an identity of a user on whose behalf consignor wishes to execute the request. It has not to be verified, i.e. it can be just a requested user.

Parameters:: user -

getUser

public CertPath getUser()

Returns user's certificates path. Note that it may not represent a valid user, i.e. there might be no trust delegation chain from the returned user to the actual consignor.

Returns:

setUserName

public void setUserName(X500Principal userName)

Sets user identity in terms of DN. It is identity of user on whose behalf consignor wishes to execute the request. It has not to be verified, i.e. it can be just a requested user.

Note that calling this method will clear user's certificate if it was stored before with setUser()!

Parameters:: userName -

getUserCertificate

public X509Certificate getUserCertificate()

Returns a user's X509 certificate. Note that it may not represent a valid user, i.e. there might be no trust delegation chain from the returned user to the actual consignor.

Returns:

getUserName

public X500Principal getUserName()

Returns a user's DN. Note that it may not represent a valid user, i.e. there may not be trust delegation chain from the returned user to the actual consignor.

Returns:

toString

public String toString()

Overrides:: toString in class Object

getContext

public Map<String,Object> getContext()

Returns a map with additional security related settings. This can be used by handlers to pass additional data.

getMessageSignatureStatus

public SignatureStatus getMessageSignatureStatus()

Returns the status of the request's signature.

Returns:

setMessageSignatureStatus

public void setMessageSignatureStatus(SignatureStatus status)

Sets a status of the request's signature.

Parameters:: status -

isConsignorTrusted

public boolean isConsignorTrusted()

Returns true if the Consignor is anyhow allowed to work on User's behalf, as set by the setConsignorTrusted method.

Returns:

setConsignorTrusted

public void setConsignorTrusted(boolean consignorTrusted)

Sets the key value telling if the Consignor is allowed to work on the Users behalf.

isTrustDelegationValidated

public boolean isTrustDelegationValidated()

Returns true iff the trust delegation attached is valid and issued by the User. This does not mean that the trust is delegated to the consignor, use isValidConsig

Returns:

setTrustDelegationValidated

public void setTrustDelegationValidated(boolean validTrustDelegation)

Sets the attached trust delegation general validation status.

equals

public boolean equals(Object otherO)

Two sets of tokes are considered equal if their effective user names, consignor certs, delegation statuses and signature status are equal.

Overrides:: equals in class Object

hashCode

public int hashCode()

Overrides:: hashCode in class Object