[Unicore-cvs-commits] SF.net SVN: unicore: [2237] unicorex/uas-core/trunk/src/main/java/de/fzj/ uni

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Revision: 2237
          http://unicore.svn.sourceforge.net/unicore/?rev=2237&view=rev
Author:   bschuller
Date:     2008-01-28 07:19:45 -0800 (Mon, 28 Jan 2008)

Log Message:
-----------
allow XACML policies refer to the consignor of the current request

Modified Paths:
--------------
    unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/ETDTrustDelegationInHandler.java
    unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/SecurityManager.java
    unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/SecurityTokens.java
    unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/util/RequestBuilder.java

Modified: unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/ETDTrustDelegationInHandler.java
===================================================================

--- unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/ETDTrustDelegationInHandler.java	2008-01-28 14:38:37 UTC (rev 2236)
+++ unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/ETDTrustDelegationInHandler.java	2008-01-28 15:19:45 UTC (rev 2237)
@@ -170,6 +170,7 @@
 		//ok now check if TD is valid and store a flag for later policy check
 		boolean validTD = checkDelegation(securityTokens, tdTokens);
 		securityTokens.setValidTrustDelegation(validTD);
+		logger.finer("Trust delegation valid: "+validTD);
 		
 	}
 

Modified: unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/SecurityManager.java
===================================================================
--- unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/SecurityManager.java	2008-01-28 14:38:37 UTC (rev 2236)
+++ unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/SecurityManager.java	2008-01-28 15:19:45 UTC (rev 2237)
@@ -250,6 +250,13 @@
 				//no security info at all -> can't authorise
 				throw new AuthorisationException("Can't authorise: no user cert available, no trust delegation found, no consignor cert.");
 			}
+			
+			//store consignor in client
+			if(tokens.getConsignorCertificate()!=null){
+				String consignor=tokens.getConsignorCertificate().getSubjectX500Principal().getName();
+				client.getAttributes().put(SecurityTokens.ATTRIBUTE_CONSIGNOR,consignor);
+			}
+			
 			if(!isServer(client)){
 				Map<String,String> map=authorise(tokens);
 				client.setAttributes(map);

Modified: unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/SecurityTokens.java
===================================================================
--- unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/SecurityTokens.java	2008-01-28 14:38:37 UTC (rev 2236)
+++ unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/SecurityTokens.java	2008-01-28 15:19:45 UTC (rev 2237)
@@ -106,6 +106,11 @@
 	public static final String ATTRIBUTE_PROJECT="project";
 	
 	/**
+	 * "consignor" attribute
+	 */
+	public static final String ATTRIBUTE_CONSIGNOR="consignor";
+	
+	/**
 	 * SOAP action being invoked
 	 */
 	public static final String SOAP_ACTION="REQUEST.soapAction";

Modified: unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/util/RequestBuilder.java
===================================================================
--- unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/util/RequestBuilder.java	2008-01-28 14:38:37 UTC (rev 2236)
+++ unicorex/uas-core/trunk/src/main/java/de/fzj/unicore/uas/security/util/RequestBuilder.java	2008-01-28 15:19:45 UTC (rev 2237)
@@ -47,6 +47,7 @@
 import com.sun.xacml.ctx.RequestCtx;
 import com.sun.xacml.ctx.Subject;
 
+import de.fzj.unicore.uas.security.SecurityTokens;
 import de.fzj.unicore.xnjs.aaa.Client;
 
 /**
@@ -99,6 +100,14 @@
 				null, null,
 				new StringAttribute(c.getRole().getName())));
 		
+		//... and the consignor DN
+		String consignor=c.getAttributes().get(SecurityTokens.ATTRIBUTE_CONSIGNOR);
+		if(consignor!=null){
+			attributes.add(new Attribute(new URI("consignor"),
+				null, null,
+				new StringAttribute(consignor)));
+		}
+		
 		// bundle the attributes in a Subject with the default category
 		subjects.add(new Subject(attributes));
 		
@@ -146,10 +155,7 @@
 					null, null,
 					new X500NameAttribute(new X500Principal(res.owner))));
 		}
-		else{
 			
-		}
-			
 		
 		
 		


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




[Unicore-cvs-commits] SF.net SVN: unicore: [2237] unicorex/uas-core/trunk/src/main/java/de/fzj/ uni

UNiform Interface to COmputing and data REsources

[Unicore-cvs-commits] SF.net SVN: unicore: [2237] unicorex/uas-core/trunk/src/main/java/de/fzj/ unicore/uas/security