class AkentiEngine

Class that provides the methods to check a user's access to resource.

Inheritance:


Public Methods

[more] AkentiEngine ()
Constructor
[more] ~AkentiEngine ()
Destructor
[more]void setDesiredActions (const set<string>& desiredActions)
Called prior to a call to checkAccess to specify what actions are to be checked for.
[more]void setRestrictedAttributes (const multimap<string, string>& restrictedAttributes)
Called prior to a call to checkAccess to specify what attributes and values are to be assumed for the user
[more]void setExternalEvaluator (const ExternalEvaluator& externalEvaluator)
Sets an externalEvaluator that will be called by the authorization module to evaluate any contraints of type SYSTEM or EXT_AUTH during subsequent calls to checkAccess
[more]bool checkAccess (const string& resource, const AkentiPrincipal& principal, CapabilityCertificate& cert, AkentiMessage& mesg)
Given an authenticated principal name which consists of an x509 distinguished name for a user, and the x509 distinguished name of the Certificate Authority which issued the user's x509 cert, and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource.
[more]bool checkAccess (const string& resource, const CertificateChain& chain, CapabilityCertificate& cert, AkentiMessage& mesg)
Given an X509 certificate chain for a user and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource.
[more]bool checkAccess (const string& resource, const AkentiPrincipal& principal, PolicyContext& context, AkentiMessage& mesg)
[more]bool checkAccess (const string& resource, const CertificateChain& chain, PolicyContext& context, AkentiMessage& mesg)
[more]static void loadResourceMap (const string& fileName)
Loads a mapfile that maps user friendly names of resources to the pathnames where the policy files for the resource are stored.
[more]bool checkPolicy (const string& resource, PolicyContext& context, AkentiMessage& mesg)
Experimental: Collects and verifies policies and ucs
[more]bool checkIssuer (const string& resource, const AkentiPrincipal& ap, AkentiMessage& mesg)
Experimental: Is this ap an issuer for resource resource


Inherited from LogInterface:

Public Methods

ovoid iLog(int level, const string& key, const string& mesg = "") const
ovoid bLog(int level, const string& key, const string& mesg = "") const
ovoid sLog(int level, const string& key, const string& mesg = "") const
ovoid fLog(int level, const string& key, const string& mesg = "") const


Documentation

Class that provides the methods to check a user's access to resource.

o AkentiEngine()
Constructor

o ~AkentiEngine()
Destructor

ovoid setDesiredActions(const set<string>& desiredActions)
Called prior to a call to checkAccess to specify what actions are to be checked for.

Parameters:
desiredActions - list of string actions that match some of the actions granted by the UseConditons for the resource
See Also:
checkAccess

ovoid setRestrictedAttributes(const multimap<string, string>& restrictedAttributes)
Called prior to a call to checkAccess to specify what attributes and values are to be assumed for the user

Parameters:
restrictedAttributes - list of string attribute/value pairs that that will be assumed for the user on subsequent calls to checkAccess
See Also:
checkAccess

ovoid setExternalEvaluator(const ExternalEvaluator& externalEvaluator)
Sets an externalEvaluator that will be called by the authorization module to evaluate any contraints of type SYSTEM or EXT_AUTH during subsequent calls to checkAccess

Parameters:
externalEvaluator - a function that can be called to evaluate UseConditions.
See Also:
AttributeInfo
ExternalEvaluator for an example of how to use an ExternalEvaluator

obool checkAccess(const string& resource, const AkentiPrincipal& principal, CapabilityCertificate& cert, AkentiMessage& mesg)
Given an authenticated principal name which consists of an x509 distinguished name for a user, and the x509 distinguished name of the Certificate Authority which issued the user's x509 cert, and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource.

If required actions have been set by a previous call to setDesiredActions, only those actions will be checked for. If a restricted set of attribute/value pairs have been set by a previous call to setDesiredAttributes, only those attributes will be checked and only the actions granted by those attributes will be returned.

Parameters:
resource - name of the resource for which access is to be checked
principal - user's DN, and DN of the CA that issued the user's cert
cert - capability certificate if user is not denied access
mesg - will have a response code and a description
Returns:
true if the user is not denied access.
See Also:
setDesiredActions
setDesiredAttributes
AkentiMessage

obool checkAccess(const string& resource, const CertificateChain& chain, CapabilityCertificate& cert, AkentiMessage& mesg)
Given an X509 certificate chain for a user and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource.

If required actions have been set by a previous call to setDesiredActions, only those actions will be checked for. If a restricted set of attribute/value pairs have been set by a previous call to setDesiredAttributes, only those attributes will be checked and only the actions granted by those attributes will be returned.

Parameters:
resource - name of the resource for which access is to be checked
principal - user's DN, and DN of the CA that issued the user's cert
cert - capability certificate if user is not denied access
mesg - will have a response code and a description
Returns:
true if the user is not denied access.
See Also:
setDesiredActions
setDesiredAttributes
AkentiMessage

obool checkAccess(const string& resource, const AkentiPrincipal& principal, PolicyContext& context, AkentiMessage& mesg)

obool checkAccess(const string& resource, const CertificateChain& chain, PolicyContext& context, AkentiMessage& mesg)

ostatic void loadResourceMap(const string& fileName)
Loads a mapfile that maps user friendly names of resources to the pathnames where the policy files for the resource are stored.

This method should be called once at startup.

The filename of the resource map is given by the optional directive ResourceMap in the Akenti Config file.

obool checkPolicy(const string& resource, PolicyContext& context, AkentiMessage& mesg)
Experimental: Collects and verifies policies and ucs

obool checkIssuer(const string& resource, const AkentiPrincipal& ap, AkentiMessage& mesg)
Experimental: Is this ap an issuer for resource resource


This class has no child classes.
Author:
Srilekha Mudumbai Abdelilah Essiari
Version:
1.1 00/05/01

Alphabetic index HTML hierarchy of classes or Java



This page was generated with the help of DOC++.