public abstract class SecurityContextDelegate extends Object implements TavernaSecurityContext
Modifier | Constructor and Description |
---|---|
protected |
SecurityContextDelegate(RemoteRunDelegate run,
UsernamePrincipal owner,
SecurityContextFactory factory)
Initialise the context delegate.
|
Modifier and Type | Method and Description |
---|---|
void |
addCredential(Credential toAdd)
Add a credential to the owned set or replaces the old version with the
new one.
|
abstract void |
addCredentialToKeystore(Credential c)
Adds a credential to the current keystore.
|
protected void |
addKeypairToKeystore(String alias,
Credential c)
Adds a credential to the current keystore.
|
void |
addTrusted(Trust toAdd)
Add an identity to the trusted set.
|
protected void |
conveyExtraSecuritySettings(RemoteSecurityContext remoteSecurityContext)
Hook that allows additional information to be conveyed to the remote run.
|
void |
conveySecurity()
Builds and transfers a keystore with suitable credentials to the back-end
workflow execution engine.
|
void |
deleteCredential(Credential toDelete)
Remove a credential from the owned set.
|
void |
deleteTrusted(Trust toDelete)
Remove an identity from the trusted set.
|
protected void |
flushToDB()
Cause the current state to be flushed to the database.
|
protected char[] |
generateNewPassword() |
Credential[] |
getCredentials() |
SecurityContextFactory |
getFactory() |
UsernamePrincipal |
getOwner() |
Set<String> |
getPermittedDestroyers()
Describe the names of the users (as extracted from their
Principal objects) that may destroy the run or manipulate its
lifetime. |
Set<String> |
getPermittedReaders()
Describe the names of the users (as extracted from their
Principal objects) that may read from the run (including its
files). |
Set<String> |
getPermittedUpdaters()
Describe the names of the users (as extracted from their
Principal objects) that may update the run (including writing to
files). |
protected String |
getPrincipalName(X500Principal principal)
Get the human-readable name of a principal.
|
Trust[] |
getTrusted() |
void |
initializeSecurityFromContext(org.springframework.security.core.context.SecurityContext securityContext)
Establish the security context from how the owning workflow run was
created.
|
void |
initializeSecurityFromRESTContext(javax.ws.rs.core.HttpHeaders context)
Establish the security context from how the owning workflow run was
created.
|
void |
initializeSecurityFromSOAPContext(MessageContext context)
Establish the security context from how the owning workflow run was
created.
|
void |
setPermittedDestroyers(Set<String> destroyers)
Sets the collection of names of users (as extracted from their
Principal objects) that may destroy the run or manipulate its
lifetime. |
void |
setPermittedReaders(Set<String> readers)
Sets the collection of names of users (as extracted from their
Principal objects) that may read from the run (including its
files). |
void |
setPermittedUpdaters(Set<String> updaters)
Sets the collection of names of users (as extracted from their
Principal objects) that may update the run (including writing to
its files). |
abstract void |
validateCredential(Credential c)
Tests if the credential is valid.
|
void |
validateTrusted(Trust t)
Tests if the trusted identity descriptor is valid.
|
protected SecurityContextDelegate(RemoteRunDelegate run, UsernamePrincipal owner, SecurityContextFactory factory)
run
- What workflow run is this for?owner
- Who owns the workflow run?factory
- What class built this object?public SecurityContextFactory getFactory()
getFactory
in interface TavernaSecurityContext
public UsernamePrincipal getOwner()
getOwner
in interface TavernaSecurityContext
public Credential[] getCredentials()
getCredentials
in interface TavernaSecurityContext
protected final String getPrincipalName(X500Principal principal)
principal
- The principal being decoded.protected final void flushToDB()
public void addCredential(Credential toAdd)
TavernaSecurityContext
addCredential
in interface TavernaSecurityContext
toAdd
- The credential to add.public void deleteCredential(Credential toDelete)
TavernaSecurityContext
deleteCredential
in interface TavernaSecurityContext
toDelete
- The credential to remove.public Trust[] getTrusted()
getTrusted
in interface TavernaSecurityContext
public void addTrusted(Trust toAdd)
TavernaSecurityContext
addTrusted
in interface TavernaSecurityContext
toAdd
- The identity to add.public void deleteTrusted(Trust toDelete)
TavernaSecurityContext
deleteTrusted
in interface TavernaSecurityContext
toDelete
- The identity to remove.public abstract void validateCredential(Credential c) throws InvalidCredentialException
TavernaSecurityContext
Credential
object.validateCredential
in interface TavernaSecurityContext
c
- The credential object to validate.InvalidCredentialException
- If it is invalid.public void validateTrusted(Trust t) throws InvalidCredentialException
TavernaSecurityContext
validateTrusted
in interface TavernaSecurityContext
t
- The trusted identity descriptor to check.InvalidCredentialException
- If it is invalid.public void initializeSecurityFromContext(org.springframework.security.core.context.SecurityContext securityContext) throws Exception
TavernaSecurityContext
initializeSecurityFromContext
in interface TavernaSecurityContext
securityContext
- The security context associated with the request that caused
the workflow to be created.Exception
- If anything goes wrong.public void initializeSecurityFromSOAPContext(MessageContext context)
TavernaSecurityContext
initializeSecurityFromSOAPContext
in interface TavernaSecurityContext
context
- The full information about the request that caused the
workflow to be created.public void initializeSecurityFromRESTContext(javax.ws.rs.core.HttpHeaders context)
TavernaSecurityContext
initializeSecurityFromRESTContext
in interface TavernaSecurityContext
context
- The full information about the request that caused the
workflow to be created.public final void conveySecurity() throws GeneralSecurityException, IOException, ImplementationException
conveySecurity
in interface TavernaSecurityContext
GeneralSecurityException
- If the manipulation of the keystore, keys or certificates
fails.IOException
- If there are problems building the data (should not happen).RemoteException
- If the conveyancing fails.ImplementationException
- If the local worker has problems with creating the realized
security context.protected void conveyExtraSecuritySettings(RemoteSecurityContext remoteSecurityContext) throws IOException
remoteSecurityContext
- The remote resource that information would be passed to.IOException
- If anything goes wrong with the communication.protected final char[] generateNewPassword()
protected final void addKeypairToKeystore(String alias, Credential c) throws KeyStoreException
alias
- The alias to create within the keystore.c
- The key-pair.KeyStoreException
public abstract void addCredentialToKeystore(Credential c) throws KeyStoreException
c
- The credential to add.KeyStoreException
public Set<String> getPermittedDestroyers()
TavernaSecurityContext
Principal
objects) that may destroy the run or manipulate its
lifetime.getPermittedDestroyers
in interface TavernaSecurityContext
public void setPermittedDestroyers(Set<String> destroyers)
TavernaSecurityContext
Principal
objects) that may destroy the run or manipulate its
lifetime.setPermittedDestroyers
in interface TavernaSecurityContext
destroyers
- The names of the users who may use destroy operations.public Set<String> getPermittedUpdaters()
TavernaSecurityContext
Principal
objects) that may update the run (including writing to
files).getPermittedUpdaters
in interface TavernaSecurityContext
public void setPermittedUpdaters(Set<String> updaters)
TavernaSecurityContext
Principal
objects) that may update the run (including writing to
its files).setPermittedUpdaters
in interface TavernaSecurityContext
updaters
- The names of the users who may use update operations.public Set<String> getPermittedReaders()
TavernaSecurityContext
Principal
objects) that may read from the run (including its
files).getPermittedReaders
in interface TavernaSecurityContext
public void setPermittedReaders(Set<String> readers)
TavernaSecurityContext
Principal
objects) that may read from the run (including its
files).setPermittedReaders
in interface TavernaSecurityContext
readers
- The names of the users who may use read operations.Copyright © 2015–2018 The Apache Software Foundation. All rights reserved.