Class that provides the methods to check a user's access to resource
![]() | AkentiEngine () Constructor |
![]() | ~AkentiEngine () Destructor |
![]() | setDesiredActions (const set Called prior to a call to checkAccess to specify what actions are to be checked for |
![]() | setRestrictedAttributes (const multimap Called prior to a call to checkAccess to specify what attributes and values are to be assumed for the user |
![]() | setExternalEvaluator (const ExternalEvaluator& externalEvaluator) Sets an externalEvaluator that will be called by the authorization module to evaluate any contraints of type SYSTEM or EXT_AUTH during subsequent calls to checkAccess |
![]() | checkAccess (const string& resource, const AkentiPrincipal& principal, CapabilityCertificate& cert, AkentiMessage& mesg) Given an authenticated principal name which consists of an x509 distinguished name for a user, and the x509 distinguished name of the Certificate Authority which issued the user's x509 cert, and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource |
![]() | checkAccess (const string& resource, const CertificateChain& chain, CapabilityCertificate& cert, AkentiMessage& mesg) Given an X509 certificate chain for a user and the name of the resource, returns a capability certificate which can contain unconditional and conditional actions that the user has with respect to the resource |
![]() | checkAccess (const string& resource, const AkentiPrincipal& principal, PolicyContext& context, AkentiMessage& mesg) |
![]() | checkAccess (const string& resource, const CertificateChain& chain, PolicyContext& context, AkentiMessage& mesg) |
![]() | loadResourceMap (const string& fileName) Loads a mapfile that maps user friendly names of resources to the pathnames where the policy files for the resource are stored |
![]() | checkPolicy (const string& resource, PolicyContext& context, AkentiMessage& mesg) Experimental: Collects and verifies policies and ucs |
![]() | checkIssuer (const string& resource, const AkentiPrincipal& ap, AkentiMessage& mesg) Experimental: Is this ap an issuer for resource resource |
Class that provides the methods to check a user's access to resource.
If required actions have been set by a previous call to
setDesiredActions, only those actions will be checked for. If
a restricted set of attribute/value pairs have been set by a previous
call to setDesiredAttributes, only those attributes will be checked
and only the actions granted by those attributes will be returned.
If required actions have been set by a previous call to
setDesiredActions, only those actions will be checked for. If
a restricted set of attribute/value pairs have been set by a previous
call to setDesiredAttributes, only those attributes will be checked
and only the actions granted by those attributes will be returned.
The filename of the resource map is given by the optional directive
ResourceMap
~AkentiEngine()
void setDesiredActions(const set
void setRestrictedAttributes(const multimap
void setExternalEvaluator(const ExternalEvaluator& externalEvaluator)
ExternalEvaluator for an example of how to use an ExternalEvaluator bool checkAccess(const string& resource, const AkentiPrincipal& principal, CapabilityCertificate& cert, AkentiMessage& mesg)
principal - user's DN, and DN of the CA that issued the user's cert
cert - capability certificate if user is not denied access
mesg - will have a response code and a description
setDesiredAttributes
AkentiMessage bool checkAccess(const string& resource, const CertificateChain& chain, CapabilityCertificate& cert, AkentiMessage& mesg)
principal - user's DN, and DN of the CA that issued the user's cert
cert - capability certificate if user is not denied access
mesg - will have a response code and a description
setDesiredAttributes
AkentiMessage bool checkAccess(const string& resource, const AkentiPrincipal& principal, PolicyContext& context, AkentiMessage& mesg)
bool checkAccess(const string& resource, const CertificateChain& chain, PolicyContext& context, AkentiMessage& mesg)
static void loadResourceMap(const string& fileName)
bool checkPolicy(const string& resource, PolicyContext& context, AkentiMessage& mesg)
bool checkIssuer(const string& resource, const AkentiPrincipal& ap, AkentiMessage& mesg)
alphabetic index hierarchy of classes
this page has been generated automatically by doc++
(c)opyright by Malte Zöckler, Roland Wunderling
contact: doc++@zib.de