All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class semper.access.AccessControlHandle

java.lang.Object
   |
   +----semper.access.AccessControlHandle

public class AccessControlHandle
extends Object
SEMPER Access Control.

Access control handles uniquely identify a application/user pair or a module throughout the SEMPER architecture. Access control handles store a caller profile consisting of a user profile (empty for modules) and an application profile and a set of active roles for the controlling class. These datastructures are filled in when the class gets registered to the access control manager and are updated when new roles and capabilities are added during run.

The access control handle is passed from object to object and serves to authenticate the subject to the object. It allows the access control service to retrieve the roles and capabilities owned by the subject.

The handle created during the initial registration is called the master control handle. All (slave) handles created dynamically are made from the master handle.

TODO:

Version:
$Revision: 1.3 $ $Date: 1997/12/19 13:58:49 $
Author:
Mogens Rom Andersen (andersen@r3.ch)
See Also:
ClassProfile, UserProfile, registerSignedApplication, registerSignedModule

Constructor Index

 o AccessControlHandle(AccessControlHandle)
Construct a slave AccessControlHandle.

Method Index

 o addRole(Role)
Add a role to an access control handle.
 o finish()
Finish with an access control handle.
 o freeze()
Freeze an access control handle.
 o getActiveRoles()
Get active roles.
 o getClassProfile()
Get class profile.
 o getClassRole()
Returns the ClassRole for the master handle

Precondition:
None
Postcondition:
None
Todo:
Nothing
 o getInfo()
Return a short string uniquely identifying this access control handle.
 o getLoginClassRole()
Returns the LoginClassRole for the master handle

Precondition:
None
Postcondition:
None
Todo:
Nothing
 o getLoginRole()
Returns the LoginRole for the master handle

Precondition:
None
Postcondition:
None
Todo:
Nothing
 o getRole(String)
Get a role in an access control handle giving its name

Precondition:
None
Postcondition:
None
Todo:
(nothing)
 o getRoleNames()
Gives the names of all roles in an access control handle.
 o getUserProfile()
Get user profile.
 o hasRight(String)
Verify whether a capability is in the handle and valid.
 o isCertified()
Check whether the class corresponding to the access control handle is certified.
 o isFrozen()
Check if a handle is frozen

Returns true if handle is frozen.

 o isMaster()
Check if this class is the master handle

Precondition:
Master handle must be registered
Postcondition:
None
Todo:
Make it.
 o popCurrentRole()
Pop the topmost role from the current role stack.
 o pushCurrentRole(Role)
Push new role as the topmost role on the current role stack.
 o wakeup()
Wakeup a frozen access control handle.

Constructors

 o AccessControlHandle
 public AccessControlHandle(AccessControlHandle ach) throws AccessHandleException
Construct a slave AccessControlHandle.

An access control handle is constructed for an class/user or a module/random user pair, storing the set of active roles.

Precondition:
Can only be meaningfully called by AccessMan.registerSignedApplication() or AccessMan.registerSignedModule(). All three parameters should be non-null.
Postcondition:
The object returned cannot be forged except if copying the returned object, even by calling this constructor again. This is important, because access control handles must authenticate applications.
Todo:
(nothing)

Parameters:
ach - Master acces control handle fot the subject..
Returns:
access control handle
See Also:
ClassProfile, UserProfile, Role, registerSignedApplication, registerSignedModule

Methods

 o getClassProfile
 public final ClassProfile getClassProfile()
Get class profile.

 o getUserProfile
 public final UserProfile getUserProfile()
Get user profile.

 o getActiveRoles
 public final Hashtable getActiveRoles()
Get active roles.
Todo:
Guard access to active_role using access control...?

 o getInfo
 public final String getInfo()
Return a short string uniquely identifying this access control handle.

Useful for logging.

 o finish
 public void finish()
Finish with an access control handle.

This method destroys all internal references to the access control handle, so that it can be garbage collected. Also all reference made by this handle to role and capability instance are removed as well. This method should be called just before an application exits.

Precondition:
Access manager must have been initialised.
Postcondition:
(none)
Todo:
(nothing)

 o isCertified
 public final boolean isCertified()
Check whether the class corresponding to the access control handle is certified.

Precondition:
Access manager must have been initialised.
Postcondition:
(none)
Todo:
(nothing)

Returns:
true if the class profile corresponds to a certified class, false if the class should not be trusted.
 o addRole
 public void addRole(Role r)
Add a role to an access control handle.

This method add a new role to the access control handle.

Precondition:
Access manager must have been initialised.
The persistent role must have been recalled from archive OR
The role must exits as a template.
Postcondition:
A new role is included in the handle
Todo:
(nothing)

Parameters:
r - Persistent/Template Role
 o getRole
 public Role getRole(String role_name)
Get a role in an access control handle giving its name

Precondition:
None
Postcondition:
None
Todo:
(nothing)

Parameters:
role_name - The name of the role to get.
 o getRoleNames
 public Vector getRoleNames()
Gives the names of all roles in an access control handle.

Precondition:
None
Postcondition:
None
Todo:
(nothing)

Returns:
a vector containing the name of all roles in the handle.
 o freeze
 public boolean freeze()
Freeze an access control handle.

All operation on the handle are disabled or returns false until the handle is made available again using "continue".

Precondition:
None
Postcondition:
None
Todo:
Make it.

Returns:
True if freeze succeeds or already frozen, false otherwise.
See Also:
wakeup, isFrozen
 o wakeup
 public boolean wakeup()
Wakeup a frozen access control handle.

Will reverse the effect of a freeze

Precondition:
None
Postcondition:
None
Todo:
Make it.

Returns:
True if wakeup succeeds or not frozen, false otherwise.
See Also:
freeze, isFrozen
 o isFrozen
 public boolean isFrozen()
Check if a handle is frozen

Returns true if handle is frozen.

Precondition:
None
Postcondition:
None
Todo:
Make it.

Returns:
True if handle is frozen, false otherwise.
See Also:
freeze, wakeup
 o popCurrentRole
 public static Role popCurrentRole() throws RoleException
Pop the topmost role from the current role stack.

Precondition:
Access manager must have been initialised.
Postcondition:
The next role on the stack is the new current role
Todo:
Nothing

Returns:
The current role before the call
Throws: RoleException
if the current stack is empty
 o pushCurrentRole
 public static void pushCurrentRole(Role r)
Push new role as the topmost role on the current role stack.

Precondition:
Access manager must have been initialised.
Postcondition:
Unchanged, leaves current role stack intact
Todo:
Nothing

 o getLoginRole
 public Role getLoginRole()
Returns the LoginRole for the master handle

Precondition:
None
Postcondition:
None
Todo:
Nothing

 o getClassRole
 public Role getClassRole()
Returns the ClassRole for the master handle

Precondition:
None
Postcondition:
None
Todo:
Nothing

 o getLoginClassRole
 public Role getLoginClassRole()
Returns the LoginClassRole for the master handle

Precondition:
None
Postcondition:
None
Todo:
Nothing

 o isMaster
 public boolean isMaster()
Check if this class is the master handle

Precondition:
Master handle must be registered
Postcondition:
None
Todo:
Make it.

Returns:
True if this handle is master, false if not.
 o hasRight
 public final boolean hasRight(String capa_name)
Verify whether a capability is in the handle and valid. Check whether the capability belongs to any enabled role, and if so, perform additional checks for the particular type of capabilty. If these checks fails, hasRight() returns false, otherwise it returns true. If the capability belongs to one or more disabled user roles, the user is first prompted to enable one of the roles the capability belongs to. If the user does not enable any of these roles, hasRight() returns false. If the capability does not belong to any roles in the handle, it is not valid.

Parameters:
capa_name - name of capability to verify
Returns:
true if the capability is valid, false if not.
See Also:
Capability, Role

All Packages  Class Hierarchy  This Package  Previous  Next  Index