com.heirloomcomputing.ecc

Interface IRAC

public interface IRAC

IRAC - the interface to the Resource Access Control features within Elastic Transaction Platform, Elastic Batch Platform. ETP and EBP instantiate the configured RAC module (EBP config parameter ebp.rac.class) and invoke the methods within this interface as necessary.

Use RACFactory class and getRAC(String type) method to return an object reference to the class that implements this RAC Interface. The default type, "RAC", is the resource access control using OpenLDAP described in EBP documentation.

IRAC - Resource Access Control Interface methods:

• Setup - setup RAC using EBP or ETP config settings
• TearDown - shutdown RAC
• IsRACon - check if we're running under RAC
• Authenticate - authenticate a user / password
• Authorize - attempt to authorize a user for a resource
• GetGroupsForUser - return the group list for the authenticated user

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	RESOURCERIGHT_ALL
static java.lang.String	RESOURCERIGHT_ALTER
static java.lang.String	RESOURCERIGHT_CANCEL
static java.lang.String	RESOURCERIGHT_CHECKPOINT
static java.lang.String	RESOURCERIGHT_EXECUTE
static java.lang.String	RESOURCERIGHT_PURGE
static java.lang.String	RESOURCERIGHT_READ access rights
static java.lang.String	RESOURCERIGHT_RESTART
static java.lang.String	RESOURCERIGHT_SUBMIT
static java.lang.String	RESOURCERIGHT_UPDATE
static java.lang.String	RESOURCERIGHT_VIEW
static int	RESOURCETYPE_DATASET indexes into the resourceTypes array indicating the attribute name used to store that resource type
static int	RESOURCETYPE_JOBCLASS
static int	RESOURCETYPE_PROGRAM
static int	RESOURCETYPE_SYSOUTCLASS
static int	RESOURCETYPE_TRANSACTION

Method Summary

Modifier and Type	Method and Description
java.lang.String	Attribute(java.lang.String username, java.lang.String attributename) Attribute -- Return the attribute value associated with attributeName from the directory entry of the given user
java.util.List<java.lang.String>	Authenticate(java.lang.String username, java.lang.String password) Authenticate - Return a list of Roles if the username and password are authenticated against this Resource Access Control module
boolean	Authorize(java.lang.String username, java.util.List<java.lang.String> grouplist, int type, java.lang.String resource, java.lang.String access) Authorize -- Return true if the user is authorized to access a resource
java.util.List<java.lang.String>	GetGroupsForUser(java.lang.String username) GetGroupsForUser - get groups (roles) based on a perviously authenticated username.
boolean	IsRACon() IsRACon -- returns whether resource access control is in effect for this EBP or ETP, which is determined by whether the Setup succeeded or not
boolean	Setup(java.util.Properties global) Setup() -- setup the resource access control module using the configuration parameters specific to that module.
void	TearDown() TearDown() -- close RAC

Field Detail

RESOURCETYPE_DATASET

static final int RESOURCETYPE_DATASET

indexes into the resourceTypes array indicating the attribute name used to store that resource type

See Also:

Constant Field Values

RESOURCETYPE_JOBCLASS

static final int RESOURCETYPE_JOBCLASS

See Also:

Constant Field Values

RESOURCETYPE_SYSOUTCLASS

static final int RESOURCETYPE_SYSOUTCLASS

See Also:

Constant Field Values

RESOURCETYPE_TRANSACTION

static final int RESOURCETYPE_TRANSACTION

See Also:

Constant Field Values

RESOURCETYPE_PROGRAM

static final int RESOURCETYPE_PROGRAM

See Also:

Constant Field Values

RESOURCERIGHT_READ

static final java.lang.String RESOURCERIGHT_READ

access rights

See Also:

Constant Field Values

RESOURCERIGHT_UPDATE

static final java.lang.String RESOURCERIGHT_UPDATE

See Also:

Constant Field Values

RESOURCERIGHT_ALTER

static final java.lang.String RESOURCERIGHT_ALTER

See Also:

Constant Field Values

RESOURCERIGHT_SUBMIT

static final java.lang.String RESOURCERIGHT_SUBMIT

See Also:

Constant Field Values

RESOURCERIGHT_CANCEL

static final java.lang.String RESOURCERIGHT_CANCEL

See Also:

Constant Field Values

RESOURCERIGHT_RESTART

static final java.lang.String RESOURCERIGHT_RESTART

See Also:

Constant Field Values

RESOURCERIGHT_CHECKPOINT

static final java.lang.String RESOURCERIGHT_CHECKPOINT

See Also:

Constant Field Values

RESOURCERIGHT_VIEW

static final java.lang.String RESOURCERIGHT_VIEW

See Also:

Constant Field Values

RESOURCERIGHT_PURGE

static final java.lang.String RESOURCERIGHT_PURGE

See Also:

Constant Field Values

RESOURCERIGHT_EXECUTE

static final java.lang.String RESOURCERIGHT_EXECUTE

See Also:

Constant Field Values

RESOURCERIGHT_ALL

static final java.lang.String RESOURCERIGHT_ALL

See Also:

Constant Field Values

Method Detail

Setup

boolean Setup(java.util.Properties global)

Setup() -- setup the resource access control module using the configuration parameters specific to that module.

Parameters:

global - the global set of Resource Access Control properties as defined by the RAC module. EBP calls Setup() with all "ebp.rac.*" properties, ETP calls Setup() with the Security Context deployment settings. Properties are specific to the module.

The default RAC module uses LDAP to authenticate and authorize and its configuration properties, described in EBP documentation, are used to connect and search the LDAP server.

Returns:

true if RAC was setup correctly and ready to use, false if config flags indicate that RAC is not required, properties parameter is null, or main or alternate LDAP server could not be contacted (or other comm error based on this RAC implementation).

TearDown

void TearDown()

TearDown() -- close RAC

IsRACon

boolean IsRACon()

IsRACon -- returns whether resource access control is in effect for this EBP or ETP, which is determined by whether the Setup succeeded or not

Returns:

true if RAC is setup

GetGroupsForUser

java.util.List<java.lang.String> GetGroupsForUser(java.lang.String username)

GetGroupsForUser - get groups (roles) based on a perviously authenticated username. note that based on user cache size, a previously validated user may not return any roles

Parameters:

username - - the user name

Returns:

the List of roles or null if the user is not cached

Authenticate

java.util.List<java.lang.String> Authenticate(java.lang.String username,
                                              java.lang.String password)

Authenticate - Return a list of Roles if the username and password are authenticated against this Resource Access Control module

Parameters:

username - Username to look up

password - Password or other credentials to use in authenticating this username

Returns:

a list of Roles the username has (which could be empty, even for authenticated users) or null if the user/password could not be verified

Authorize

boolean Authorize(java.lang.String username,
                  java.util.List<java.lang.String> grouplist,
                  int type,
                  java.lang.String resource,
                  java.lang.String access)

Authorize -- Return true if the user is authorized to access a resource

Parameters:

username - the username requesting access to this resource

grouplist - the list of groups to check against

type - of resource (e.g., 0:dataset, 1:jobclass, 2:outputclass)

resource - the resource name (e.g., HCI00.MYDATA.DAT, Z, C)

access - the access requested (e.g., read, write, submit, view)

Returns:

true if the user is authorized to access the resource or RAC is off

Attribute

java.lang.String Attribute(java.lang.String username,
                           java.lang.String attributename)

Attribute -- Return the attribute value associated with attributeName from the directory entry of the given user

Parameters:

username - the username requesting access to this attribute

attributename - the requested directory entry to look up

Returns:

the attribute value associated with the attributename or null if RAC is off or the attribute name is not assigned for user and groups