eu.emi.dsr.aip
Class FileAttributeSource

java.lang.Object
  eu.emi.dsr.aip.FileAttributeSource

All Implemented Interfaces:

IAttributeSource

public class FileAttributeSource
extends Object
implements IAttributeSource

Retrieves client's attributes from a file. File format is quite simple:

 
   
     
       nobody
       somebody
     
     user
   
 
 

You can add arbitrary number of attributes and attribute values.

Configuration of this source consist of two entries:

• file - the path of the described above file with attributes
• matching - strict|regexp In strict mode canonical representation of the key is compared with the canonical representation of the argument. In regexp mode then key is considered a regular expression and argument is matched with it.

Evaluation is simplistic: the first entry matching the client is used (important when you use wildcards).

The attributes file is automatically refreshed after any change, before subsequent read. If the syntax is wrong then loud message is logged and old version is used.

Some attribute names are special: xlogin, role, group, supplementaryGroups, addOsGroups, queue. Attributes with those names (case insensitive) are handled as those special UNICORE attributes (e.g. xlogin is used to provide available local OS user names for the client).

All other attributes are treated as XACML authorization attributes of String type and are passed to the PDP. Such attributes must have at least one value to be processed.

Author:

golbi

Field Summary

static String	SPECIAL_ADD_OS_GIDS
static String	SPECIAL_GROUP
static String	SPECIAL_QUEUE
static String	SPECIAL_ROLE
static String	SPECIAL_SUP_GROUPS
static String	SPECIAL_XLOGIN

Fields inherited from interface eu.emi.dsr.security.IAttributeSource

ATTRIBUTE_ADD_DEFAULT_GROUPS, ATTRIBUTE_GROUP, ATTRIBUTE_ROLE, ATTRIBUTE_SUPPLEMENTARY_GROUPS, ATTRIBUTE_VOS, ROLE_ADMIN, ROLE_ANONYMOUS

Constructor Summary

FileAttributeSource()

Method Summary

String[]	getAcceptedVOs() This method returns the list of VOs that this attribute source supports.
SubjectAttributesHolder	getAttributes(SecurityTokens tokens, SubjectAttributesHolder otherAuthoriserInfo) Retrieves a map of attributes based on the supplied SecurityTokens. Since authorisers can be chained, it might be sometimes useful to see attributes returned by authorisers that have run previously.
String	getName() This method should return name of this attribute source, which was passed to the init() method.
String	getStatusDescription() Get a user-friendly description of the attribute source's status. This is used for informing the administrator of any problems with configuration, connection problems, etc.
void	init(String name) initialise the source
void	setFile(String uudbFile)
void	setMatching(String val)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SPECIAL_XLOGIN

public static final String SPECIAL_XLOGIN

See Also:

Constant Field Values

SPECIAL_ROLE

public static final String SPECIAL_ROLE

See Also:

Constant Field Values

SPECIAL_GROUP

public static final String SPECIAL_GROUP

See Also:

Constant Field Values

SPECIAL_SUP_GROUPS

public static final String SPECIAL_SUP_GROUPS

See Also:

Constant Field Values

SPECIAL_ADD_OS_GIDS

public static final String SPECIAL_ADD_OS_GIDS

See Also:

Constant Field Values

SPECIAL_QUEUE

public static final String SPECIAL_QUEUE

See Also:

Constant Field Values

Constructor Detail

FileAttributeSource

public FileAttributeSource()

Method Detail

init

public void init(String name)
          throws Exception

Description copied from interface: IAttributeSource

initialise the source

Specified by:

init in interface IAttributeSource

Throws:

Exception

getAttributes

public SubjectAttributesHolder getAttributes(SecurityTokens tokens,
                                             SubjectAttributesHolder otherAuthoriserInfo)
                                      throws IOException

Description copied from interface: IAttributeSource

Retrieves a map of attributes based on the supplied SecurityTokens.
Since authorisers can be chained, it might be sometimes useful to see attributes returned by authorisers that have run previously. This information is supplied in the "otherAuthoriserInfo" map.
Attribute sources must not make any authorisation decisions. Thus, no exceptions must be thrown if no attributes are found. Only IOExceptions should be thrown in case of technical problems contacting the actual attribute provider. This is to allow upstream code (i.e. the UNICORE/X server) to log the error, or to take any other action (like notify an administrator). If no attributes are found, an empty map or null must be returned.

Specified by:

getAttributes in interface IAttributeSource

Parameters:

tokens - - security tokens for this request

otherAuthoriserInfo - - attributes returned by other authorisers, which may be null

Returns:

subject's attributes

Throws:

IOException - in case of technical problems

getStatusDescription

public String getStatusDescription()

Description copied from interface: IAttributeSource

Get a user-friendly description of the attribute source's status.
This is used for informing the administrator of any problems with configuration, connection problems, etc. UNICORE/X will print a log entry describing the status immediately after startup.
This method should not block for too long, since the server startup would be stalled in this case. For example, you may use the TimeoutRunner class to avoid blocking.

Specified by:

getStatusDescription in interface IAttributeSource

Returns:

a String describing this attribute source's status.

getName

public String getName()

Description copied from interface: IAttributeSource

This method should return name of this attribute source, which was passed to the init() method.

Specified by:

getName in interface IAttributeSource

Returns:

setFile

public void setFile(String uudbFile)

setMatching

public void setMatching(String val)

getAcceptedVOs

public String[] getAcceptedVOs()

Description copied from interface: IAttributeSource

This method returns the list of VOs that this attribute source supports. If the attribute source is not aware of virtual organisations (like XUUDB) then empty list is returned, meaning that it is possible that VO-less users might be accepted by this attribute source.

Specified by:

getAcceptedVOs in interface IAttributeSource

Returns: