Back to index

nordugrid-arc-nox  1.1.0~rc6
Classes | Public Member Functions | Static Public Member Functions | Protected Member Functions | Static Protected Attributes | Private Types | Private Attributes
ArcSec::ArcAuthZ Class Reference

Tests message against list of PDPs. More...

#include <ArcAuthZ.h>

Inheritance diagram for ArcSec::ArcAuthZ:
Inheritance graph
[legend]
Collaboration diagram for ArcSec::ArcAuthZ:
Collaboration graph
[legend]

List of all members.

Classes

class  PDPDesc

Public Member Functions

 ArcAuthZ (Arc::Config *cfg, Arc::ChainContext *ctx)
virtual ~ArcAuthZ (void)
virtual bool Handle (Arc::Message *msg) const
 Get authorization decision.

Static Public Member Functions

static Pluginget_sechandler (Arc::PluginArgument *arg)

Protected Member Functions

bool MakePDPs (Arc::XMLNode cfg)
 Create PDP according to conf info.

Static Protected Attributes

static Arc::Logger logger

Private Types

typedef std::list< PDPDescpdp_container_t

Private Attributes

Arc::PluginsFactorypdp_factory
 Link to Factory responsible for loading and creation of PDP objects.
pdp_container_t pdps_
 One Handler can include few PDP.

Detailed Description

Tests message against list of PDPs.

This class implements SecHandler interface. It's Handle() method runs provided Message instance against all PDPs specified in configuration. If any of PDPs returns positive result Handle() return true, otherwise false. This class is the main entry for configuring authorization, and could include different PDP configured inside.

Definition at line 23 of file ArcAuthZ.h.


Member Typedef Documentation

typedef std::list<PDPDesc> ArcSec::ArcAuthZ::pdp_container_t [private]

Definition at line 37 of file ArcAuthZ.h.


Constructor & Destructor Documentation

Definition at line 28 of file ArcAuthZ.cpp.

                                               :SecHandler(cfg){
  pdp_factory = (PluginsFactory*)(*ctx);
  if(pdp_factory) {
    for(int n = 0;;++n) {
      XMLNode p = (*cfg)["Plugins"][n];
      if(!p) break;
      std::string name = (*cfg)["Plugins"][n]["Name"];
      if(name.empty()) continue; // Nameless plugin?
      pdp_factory->load(name,PDPPluginKind);
    };
  };
  if(!MakePDPs(*cfg)) {
    for(pdp_container_t::iterator p = pdps_.begin();p!=pdps_.end();) {
      if(p->pdp) delete p->pdp;
      p = pdps_.erase(p);
    };
    logger.msg(ERROR, "ArcAuthZ: failed to initiate all PDPs - this instance will be non-functional"); 
  };
}

Here is the call graph for this function:

Here is the caller graph for this function:

ArcSec::ArcAuthZ::~ArcAuthZ ( void  ) [virtual]

Definition at line 48 of file ArcAuthZ.cpp.

                    {
  for(pdp_container_t::iterator p = pdps_.begin();p!=pdps_.end();) {
    if(p->pdp) delete p->pdp;
    p = pdps_.erase(p);
  };
}

Member Function Documentation

Definition at line 11 of file ArcAuthZ.cpp.

                                                                {
  ArcSec::SecHandlerPluginArgument* shcarg =
            arg?dynamic_cast<ArcSec::SecHandlerPluginArgument*>(arg):NULL;
  if(!shcarg) return NULL;
  return new ArcSec::ArcAuthZ((Arc::Config*)(*shcarg),(Arc::ChainContext*)(*shcarg));
}

Here is the call graph for this function:

bool ArcSec::ArcAuthZ::Handle ( Arc::Message msg) const [virtual]

Get authorization decision.

Implements ArcSec::SecHandler.

Definition at line 83 of file ArcAuthZ.cpp.

                                           {
  pdp_container_t::const_iterator it;
  bool r = false;
  for(it=pdps_.begin();it!=pdps_.end();it++){
    r = it->pdp->isPermitted(msg);
    if((r == true) && (it->action == PDPDesc::breakOnAllow)) break;
    if((r == false) && (it->action == PDPDesc::breakOnDeny)) break;
    if(it->action == PDPDesc::breakAlways) break;
  }
  return r;
}
bool ArcSec::ArcAuthZ::MakePDPs ( Arc::XMLNode  cfg) [protected]

Create PDP according to conf info.

Producing PDPs.

Creating the PDP plugins

Definition at line 56 of file ArcAuthZ.cpp.

                                   {
  XMLNode cn;
  cn=cfg["PDP"]; //need some polishing

  for(;cn;++cn) {
    if(!cn) break;
    Arc::Config cfg_(cn);
    std::string name = cn.Attribute("name");
    if(name.empty()) {
      logger.msg(ERROR, "PDP: missing name attribute"); 
      return false; 
    };
    std::string id = cn.Attribute("id");
    logger.msg(VERBOSE, "PDP: %s (%s)", name, id);
    PDP* pdp = NULL;
    PDPPluginArgument arg(&cfg_);
    pdp = pdp_factory->GetInstance<PDP>(PDPPluginKind,name,&arg);
    if(!pdp) { 
      logger.msg(ERROR, "PDP: %s (%s) can not be loaded", name, id); 
      return false; 
    };
    pdps_.push_back(PDPDesc(cn.Attribute("action"),id,pdp));
  } 
  return true;
}

Here is the call graph for this function:

Here is the caller graph for this function:


Member Data Documentation

Arc::Logger ArcSec::SecHandler::logger [static, protected, inherited]

Reimplemented in ArcSec::DelegationSH.

Definition at line 31 of file SecHandler.h.

Link to Factory responsible for loading and creation of PDP objects.

Definition at line 40 of file ArcAuthZ.h.

One Handler can include few PDP.

Definition at line 42 of file ArcAuthZ.h.


The documentation for this class was generated from the following files: