Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Static Public Member Functions | Static Public Attributes | Protected Attributes | Static Protected Attributes | Private Attributes
ArcSec::GACLPDP Class Reference

#include <GACLPDP.h>

Inheritance diagram for ArcSec::GACLPDP:
Inheritance graph
Collaboration diagram for ArcSec::GACLPDP:
Collaboration graph

List of all members.

Public Member Functions

 GACLPDP (Arc::Config *cfg)
virtual ~GACLPDP ()
virtual bool isPermitted (Arc::Message *msg) const
void SetId (std::string &id)
std::string GetId ()

Static Public Member Functions

static Arc::Pluginget_gacl_pdp (Arc::PluginArgument *arg)

Static Public Attributes

static Arc::SecAttrFormat GACL

Protected Attributes

std::string id_

Static Protected Attributes

static Arc::Logger logger

Private Attributes

std::list< std::string > select_attrs
std::list< std::string > reject_attrs
std::list< std::string > policy_locations
Arc::XMLNodeContainer policy_docs

Detailed Description

Definition at line 19 of file GACLPDP.h.

Constructor & Destructor Documentation

Definition at line 72 of file GACLPDP.cpp.

                           :PDP(cfg) {
  XMLNode pdp_node(*cfg);

  XMLNode filter = (*cfg)["Filter"];
  if((bool)filter) {
    XMLNode select_attr = filter["Select"];
    XMLNode reject_attr = filter["Reject"];
    for(;(bool)select_attr;++select_attr) select_attrs.push_back((std::string)select_attr);
    for(;(bool)reject_attr;++reject_attr) reject_attrs.push_back((std::string)reject_attr);
  XMLNode policy_store = (*cfg)["PolicyStore"];
  XMLNode policy_location = policy_store["Location"];
  for(;(bool)policy_location;++policy_location) policy_locations.push_back((std::string)policy_location);
  XMLNode policy_doc = policy_store["Policy"];
  for(;(bool)policy_doc;++policy_doc) policy_docs.AddNew(policy_doc);

Here is the call graph for this function:

Definition at line 174 of file GACLPDP.cpp.


Member Function Documentation

Definition at line 43 of file GACLPDP.cpp.

    PDPPluginArgument* pdparg =
    if(!pdparg) return NULL;
    return new GACLPDP((Config*)(*pdparg));
std::string ArcSec::PDP::GetId ( ) [inline, inherited]

Definition at line 88 of file PDP.h.

{ return id_; };
bool ArcSec::GACLPDP::isPermitted ( Arc::Message msg) const [virtual]

Implements ArcSec::PDP.

Definition at line 89 of file GACLPDP.cpp.

  Evaluator* eval = NULL;

  std::string ctxid = "arcsec.gaclpdp";
  try {
    Arc::MessageContextElement* mctx = (*(msg->Context()))[ctxid];
    if(mctx) {
      GACLPDPContext* pdpctx = dynamic_cast<GACLPDPContext*>(mctx);
      if(pdpctx) {
  } catch(std::exception& e) { };
  if(!eval) {
    GACLPDPContext* pdpctx = new GACLPDPContext();
    if(pdpctx) {
      if(eval) {
        for(std::list<std::string>::const_iterator it = policy_locations.begin(); it!= policy_locations.end(); it++) {
        for(int n = 0;n<policy_docs.Size();++n) {
        msg->Context()->Add(ctxid, pdpctx);
      } else {
        delete pdpctx;
    if(!eval) logger.msg(ERROR, "Can not dynamically produce Evaluator");
  if(!eval) {
    logger.msg(ERROR,"Evaluator for GACLPDP was not loaded"); 
    return false;

  MessageAuth* mauth = msg->Auth()->Filter(select_attrs,reject_attrs);
  MessageAuth* cauth = msg->AuthContext()->Filter(select_attrs,reject_attrs);
  if((!mauth) && (!cauth)) {
    logger.msg(ERROR,"Missing security object in message");
    return false;
  NS ns;
  XMLNode requestxml(ns,"");
  if(mauth) {
    if(!mauth->Export(GACL,requestxml)) {
      delete mauth;
      logger.msg(ERROR,"Failed to convert security information to ARC request");
      return false;
    delete mauth;
  if(cauth) {
    if(!cauth->Export(GACL,requestxml)) {
      delete mauth;
      logger.msg(ERROR,"Failed to convert security information to ARC request");
      return false;
    delete cauth;
  if(DEBUG >= logger.getThreshold()) {
    std::string s;
    logger.msg(DEBUG,"GACL Auth. request: %s",s);
  if(requestxml.Size() <= 0) {
    logger.msg(ERROR,"No requested security information was collected");
    return false;

  //Call the evaluation functionality inside Evaluator
  Response *resp = eval->evaluate(requestxml);
  if(!resp) return false;
  ResponseList rlist = resp->getResponseItems();
  int size = rlist.size();

  // Current implementation of GACL Evaluator returns only one item
  // and only PERMIT/DENY results.
  if(rlist.size() <= 0) { delete resp; return false; };
  ResponseItem* item = rlist[0];
  if(item->res != DECISION_PERMIT) { delete resp; return false; };
  delete resp;
  return true;

Here is the call graph for this function:

void ArcSec::PDP::SetId ( std::string &  id) [inline, inherited]

Definition at line 87 of file PDP.h.

{ id_ = id; };

Member Data Documentation

Definition at line 21 of file GACLPDP.h.

std::string ArcSec::PDP::id_ [protected, inherited]

Definition at line 88 of file PDP.h.

Arc::Logger ArcSec::GACLPDP::logger [static, protected]

Reimplemented from ArcSec::PDP.

Definition at line 32 of file GACLPDP.h.

Definition at line 30 of file GACLPDP.h.

std::list<std::string> ArcSec::GACLPDP::policy_locations [private]

Definition at line 29 of file GACLPDP.h.

std::list<std::string> ArcSec::GACLPDP::reject_attrs [private]

Definition at line 28 of file GACLPDP.h.

std::list<std::string> ArcSec::GACLPDP::select_attrs [private]

Definition at line 27 of file GACLPDP.h.

The documentation for this class was generated from the following files: