org.apache.qpid.server.security.access.config
Class RuleSet

java.lang.Object
  extended by org.apache.qpid.server.security.access.config.RuleSet

public class RuleSet
extends Object

Models the rule configuration for the access control plugin. The access control rule definitions are loaded from an external configuration file, passed in as the target to the load(ConfigurationFile) method. The file specified


Field Summary
static String AUTONUMBER
           
static List<String> CONFIG_PROPERTIES
           
static String CONTROLLED
           
static String DEFAULT_ALLOW
           
static String DEFAULT_DENY
           
static String EXPAND
           
static String TRANSITIVE
           
static String VALIDATE
           
 
Constructor Summary
RuleSet()
           
 
Method Summary
 boolean addGroup(String group, List<String> constituents)
           
 void addRule(Integer number, String identity, org.apache.qpid.server.security.access.Permission permission, Action action)
           
 org.apache.qpid.server.security.Result check(String identity, org.apache.qpid.server.security.access.Operation operation, org.apache.qpid.server.security.access.ObjectType objectType, org.apache.qpid.server.security.access.ObjectProperties properties)
          Check the authorisation granted to a particular identity for an operation on an object type with specific properties.
protected  boolean checkName(String name)
          Return true if the name is well-formed (contains legal characters).
 void clear()
          Clear the contents, invluding groups, rules and configuration.
 void configure(Map<String,Boolean> properties)
          Configure properties for the plugin instance.
 void configure(String key, Boolean value)
          Configure a single property for the plugin instance.
 void disableRule(int ruleNumber)
           
 void enableRule(int ruleNumber)
           
 org.apache.qpid.server.security.Result getDefault()
          Default deny.
 int getRuleCount()
           
 List<Rule> getRules(String identity, org.apache.qpid.server.security.access.Operation operation, org.apache.qpid.server.security.access.ObjectType objectType)
          Filtered rules list based on an identity and operation.
 void grant(Integer number, String identity, org.apache.qpid.server.security.access.Permission permission, org.apache.qpid.server.security.access.Operation operation)
           
 void grant(Integer number, String identity, org.apache.qpid.server.security.access.Permission permission, org.apache.qpid.server.security.access.Operation operation, org.apache.qpid.server.security.access.ObjectType object, org.apache.qpid.server.security.access.ObjectProperties properties)
           
protected  boolean isSet(String key)
          Check if a configuration property is set.
 boolean isValidNumber(Integer number)
           
protected  boolean isvalidUserName(String name)
          Returns true if a username has the name[@domain][/realm] format
 boolean ruleExists(String identity, Action action)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_ALLOW

public static final String DEFAULT_ALLOW
See Also:
Constant Field Values

DEFAULT_DENY

public static final String DEFAULT_DENY
See Also:
Constant Field Values

TRANSITIVE

public static final String TRANSITIVE
See Also:
Constant Field Values

EXPAND

public static final String EXPAND
See Also:
Constant Field Values

AUTONUMBER

public static final String AUTONUMBER
See Also:
Constant Field Values

CONTROLLED

public static final String CONTROLLED
See Also:
Constant Field Values

VALIDATE

public static final String VALIDATE
See Also:
Constant Field Values

CONFIG_PROPERTIES

public static final List<String> CONFIG_PROPERTIES
Constructor Detail

RuleSet

public RuleSet()
Method Detail

clear

public void clear()
Clear the contents, invluding groups, rules and configuration.


getRuleCount

public int getRuleCount()

getRules

public List<Rule> getRules(String identity,
                           org.apache.qpid.server.security.access.Operation operation,
                           org.apache.qpid.server.security.access.ObjectType objectType)
Filtered rules list based on an identity and operation. Allows only enabled rules with identity equal to all, the same, or a group with identity as a member, and operation is either all or the same operation.


isValidNumber

public boolean isValidNumber(Integer number)

grant

public void grant(Integer number,
                  String identity,
                  org.apache.qpid.server.security.access.Permission permission,
                  org.apache.qpid.server.security.access.Operation operation)

grant

public void grant(Integer number,
                  String identity,
                  org.apache.qpid.server.security.access.Permission permission,
                  org.apache.qpid.server.security.access.Operation operation,
                  org.apache.qpid.server.security.access.ObjectType object,
                  org.apache.qpid.server.security.access.ObjectProperties properties)

ruleExists

public boolean ruleExists(String identity,
                          Action action)

addRule

public void addRule(Integer number,
                    String identity,
                    org.apache.qpid.server.security.access.Permission permission,
                    Action action)

enableRule

public void enableRule(int ruleNumber)

disableRule

public void disableRule(int ruleNumber)

addGroup

public boolean addGroup(String group,
                        List<String> constituents)

checkName

protected boolean checkName(String name)
Return true if the name is well-formed (contains legal characters).


isvalidUserName

protected boolean isvalidUserName(String name)
Returns true if a username has the name[@domain][/realm] format


check

public org.apache.qpid.server.security.Result check(String identity,
                                                    org.apache.qpid.server.security.access.Operation operation,
                                                    org.apache.qpid.server.security.access.ObjectType objectType,
                                                    org.apache.qpid.server.security.access.ObjectProperties properties)
Check the authorisation granted to a particular identity for an operation on an object type with specific properties. Looks up the entire ruleset, whcih may be cached, for the user and operation and goes through the rules in order to find the first one that matches. Either defers if there are no rules, returns the result of the first match found, or denies access if there are no matching rules. Normally, it would be expected to have a default deny or allow rule at the end of an access configuration however.


getDefault

public org.apache.qpid.server.security.Result getDefault()
Default deny.


isSet

protected boolean isSet(String key)
Check if a configuration property is set.


configure

public void configure(Map<String,Boolean> properties)
Configure properties for the plugin instance.

Parameters:
properties -

configure

public void configure(String key,
                      Boolean value)
Configure a single property for the plugin instance.

Parameters:
key -
value -


Licensed to the Apache Software Foundation