class AkentiEngine |
Class that provides the methods to check a user's access to resource.
![]() | AkentiEngine () Constructor |
![]() | ~AkentiEngine () Destructor |
![]() | setDesiredActions (const set<string>& desiredActions) Called prior to a call to checkAccess to specify what actions are to be checked for. |
![]() | setRestrictedAttributes (const multimap<string, string>& restrictedAttributes) Called prior to a call to checkAccess to specify what attributes and values are to be assumed for the user |
![]() | setExternalEvaluator (const ExternalEvaluator& externalEvaluator) Sets an externalEvaluator that will be called by the authorization module to evaluate any contraints of type SYSTEM or EXT_AUTH during subsequent calls to checkAccess |
![]() | checkAccess (const string& resource, const AkentiPrincipal& principal, CapabilityCertificate& cert, AkentiMessage& mesg) Given an authenticated principal name which consists of an x509 distinguished name for a user, and the x509 distinguished name of the Certificate Authority which issued the user's x509 cert, and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource. |
![]() | checkAccess (const string& resource, const CertificateChain& chain, CapabilityCertificate& cert, AkentiMessage& mesg) Given an X509 certificate chain for a user and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource. |
![]() | checkAccess (const string& resource, const AkentiPrincipal& principal, PolicyContext& context, AkentiMessage& mesg) |
![]() | checkAccess (const string& resource, const CertificateChain& chain, PolicyContext& context, AkentiMessage& mesg) |
![]() | loadResourceMap (const string& fileName) Loads a mapfile that maps user friendly names of resources to the pathnames where the policy files for the resource are stored. |
![]() | checkPolicy (const string& resource, PolicyContext& context, AkentiMessage& mesg) Experimental: Collects and verifies policies and ucs |
![]() | checkIssuer (const string& resource, const AkentiPrincipal& ap, AkentiMessage& mesg) Experimental: Is this ap an issuer for resource resource |
Class that provides the methods to check a user's access to resource.
If required actions have been set by a previous call to setDesiredActions, only those actions will be checked for. If a restricted set of attribute/value pairs have been set by a previous call to setDesiredAttributes, only those attributes will be checked and only the actions granted by those attributes will be returned.
If required actions have been set by a previous call to setDesiredActions, only those actions will be checked for. If a restricted set of attribute/value pairs have been set by a previous call to setDesiredAttributes, only those attributes will be checked and only the actions granted by those attributes will be returned.
This method should be called once at startup.
The filename of the resource map is given by the optional directive
ResourceMap bool checkPolicy(const string& resource, PolicyContext& context, AkentiMessage& mesg)
bool checkIssuer(const string& resource, const AkentiPrincipal& ap, AkentiMessage& mesg)
Alphabetic index HTML hierarchy of classes or Java