org.glite.security
Class SecurityContext
java.lang.Object
java.util.Dictionary<K,V>
java.util.Hashtable<java.lang.Object,java.lang.Object>
java.util.Properties
org.glite.security.SecurityContext
- All Implemented Interfaces:
- java.io.Serializable, java.lang.Cloneable, java.util.Map<java.lang.Object,java.lang.Object>, SecurityInfo
public class SecurityContext
- extends java.util.Properties
- implements SecurityInfo
A context class in which security-related information from the authentication
and authorization process is collected.
SecurityContexts can be stored on a per-thread basis using the static method
setCurrentContext()
, and retrieved with
getCurrentContext()
.
This class is for internal use. External users should make use of the
SecurityInfo rendering of this class.
- Author:
- mulmo
- See Also:
SecurityInfo
,
SecurityInfoContainer
,
Serialized Form
Field Summary |
static java.lang.String |
AUTHZ_APPROVED_ATTRIBUTES
Deprecated. This constant is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. The label fo the set of authorized attributes. |
static java.lang.String |
AUTHZ_POLICY
Deprecated. This constant is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. The label for the authorization policy. |
static java.lang.String |
AUTHZ_REQUESTED_ATTRIBUTES
Deprecated. This constant is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. The label for the set of requested attributes. |
static java.lang.String |
CERT_CHAIN
|
static java.lang.String |
CLIENT_CERT
The label for the client identity certificate. |
static java.lang.String |
CLIENT_DN
The label for the client name. |
static java.lang.String |
CLIENT_NAME
The label for the client name. |
static java.lang.String |
CLIENT_X500_NAME
The label for the client name. |
static java.lang.String |
CLIENT_X500_PRINCIPAL
The label for the client name. |
static java.lang.String |
ISSUER_DN
The label for the issuer name. |
static java.lang.String |
ISSUER_NAME
The label for the issuer name. |
static java.lang.String |
PEER_CAS
The label for peer CA Principal list. |
static java.lang.String |
REMOTE_ADDR
The label for the ip address of the other party. |
static java.lang.String |
SESSION_ID
The label for the SSL session Id for this connection. |
static java.lang.String |
UNVERIFIED_CERT_CHAIN
The label for UnverifiedCertChain. |
static java.lang.String |
VOMS_VALIDATOR
Deprecated. This constant is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. The label for the verified VOMS Validator. |
Method Summary |
static void |
clearCurrentContext()
Clears any set SecurityContext associated with the current thread. |
java.lang.String |
getAuthorizationPolicy()
Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. |
java.util.List |
getAuthorizedAttributes()
Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. |
java.security.cert.X509Certificate |
getClientCert()
|
java.security.cert.X509Certificate[] |
getClientCertChain()
|
DN |
getClientDN()
|
java.lang.String |
getClientName()
Deprecated. produces DN in wrong order, rather use DN methods. |
java.lang.String |
getClientX500Name()
Returns the name of the authenticated client in X500 format. |
X500Principal |
getClientX500Principal()
Returns the Principal of the authenticated client in X500 format. |
static SecurityContext |
getCurrentContext()
|
DN |
getIssuerDN()
|
java.lang.String |
getIssuerName()
Deprecated. produces DN in wrong order, rather use DN methods. |
java.security.Principal[] |
getPeerCas()
|
java.lang.String |
getRemoteAddr()
Returns the IP address of the other party. |
java.util.List |
getRequestedAttributes()
Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. |
java.lang.String |
getSessionId()
Returns the SSL session ID used for this connection. |
java.security.cert.X509Certificate[] |
getUnverifiedCertChain()
|
org.glite.voms.VOMSValidator |
getVOMSValidator()
Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. |
void |
setAuthorizationPolicy(java.lang.String policy)
Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. |
void |
setAuthorizedAttributes(java.util.List authzdAttrs)
Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. |
void |
setClientCert(java.security.cert.X509Certificate clientCert)
This method also automatically sets the client name, the issuer name, and
validity period. |
void |
setClientCertChain(java.security.cert.X509Certificate[] certChain)
This method also automatically sets the client name, the issuer name,
validity period. |
void |
setClientDN(DN clientDN)
|
void |
setClientName(java.lang.String clientName)
Deprecated. produces DN in wrong order, rather use DN methods. |
void |
setClientX500Name(java.lang.String clientName)
|
void |
setClientX500Principal(X500Principal clientPrincipal)
|
static void |
setCurrentContext(SecurityContext sc)
|
void |
setIssuerDN(DN issuerDN)
|
void |
setIssuerName(java.lang.String issuerName)
Deprecated. produces DN in wrong order, rather use DN methods. |
void |
setPeerCas(java.security.Principal[] principals)
|
void |
setRemoteAddr(java.lang.String remoteAddr)
Sets the IP address of the other party. |
void |
setRequestedAttributes(java.util.List requestedAttrs)
Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. |
void |
setSessionId(java.lang.String sessionId)
Sets the IP address of the other party. |
void |
setUnverifiedCertChain(java.security.cert.X509Certificate[] certChain)
|
void |
setVOMSValidator(org.glite.voms.VOMSValidator vomsValidator)
Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. |
java.lang.String |
toString()
|
Methods inherited from class java.util.Properties |
getProperty, getProperty, list, list, load, load, loadFromXML, propertyNames, save, setProperty, store, store, storeToXML, storeToXML, stringPropertyNames |
Methods inherited from class java.util.Hashtable |
clear, clone, contains, containsKey, containsValue, elements, entrySet, equals, get, hashCode, isEmpty, keys, keySet, put, putAll, remove, size, values |
Methods inherited from class java.lang.Object |
getClass, notify, notifyAll, wait, wait, wait |
CERT_CHAIN
public static final java.lang.String CERT_CHAIN
- See Also:
getClientCertChain()
,
Constant Field Values
AUTHZ_REQUESTED_ATTRIBUTES
public static final java.lang.String AUTHZ_REQUESTED_ATTRIBUTES
- Deprecated. This constant is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. The label for the set of requested attributes.
- See Also:
getRequestedAttributes()
,
setRequestedAttributes(List)
,
Constant Field Values
AUTHZ_APPROVED_ATTRIBUTES
public static final java.lang.String AUTHZ_APPROVED_ATTRIBUTES
- Deprecated. This constant is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. The label fo the set of authorized attributes.
- See Also:
getAuthorizedAttributes()
,
setAuthorizedAttributes(List)
,
Constant Field Values
AUTHZ_POLICY
public static final java.lang.String AUTHZ_POLICY
- Deprecated. This constant is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. The label for the authorization policy.
- See Also:
getAuthorizationPolicy()
,
setAuthorizationPolicy(String)
,
Constant Field Values
CLIENT_CERT
public static final java.lang.String CLIENT_CERT
- The label for the client identity certificate.
- See Also:
getClientCert()
,
setClientCert(X509Certificate)
,
Constant Field Values
CLIENT_NAME
public static final java.lang.String CLIENT_NAME
- The label for the client name.
- See Also:
getClientName()
,
setClientName(String)
,
Constant Field Values
CLIENT_DN
public static final java.lang.String CLIENT_DN
- The label for the client name.
- See Also:
getClientDN()
,
setClientDN(DN)
,
Constant Field Values
CLIENT_X500_NAME
public static final java.lang.String CLIENT_X500_NAME
- The label for the client name.
- See Also:
getClientX500Name()
,
setClientX500Name(String)
,
Constant Field Values
CLIENT_X500_PRINCIPAL
public static final java.lang.String CLIENT_X500_PRINCIPAL
- The label for the client name.
- See Also:
getClientX500Principal()
,
setClientX500Principal(X500Principal)
,
Constant Field Values
ISSUER_NAME
public static final java.lang.String ISSUER_NAME
- The label for the issuer name.
- See Also:
getIssuerName()
,
setIssuerName(String)
,
Constant Field Values
ISSUER_DN
public static final java.lang.String ISSUER_DN
- The label for the issuer name.
- See Also:
getIssuerName()
,
setIssuerName(String)
,
Constant Field Values
VOMS_VALIDATOR
public static final java.lang.String VOMS_VALIDATOR
- Deprecated. This constant is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead. The label for the verified VOMS Validator.
- See Also:
getVOMSValidator()
,
setVOMSValidator(VOMSValidator)
,
Constant Field Values
UNVERIFIED_CERT_CHAIN
public static final java.lang.String UNVERIFIED_CERT_CHAIN
- The label for UnverifiedCertChain.
- See Also:
getUnverifiedCertChain()
,
setUnverifiedCertChain(java.security.cert.X509Certificate[])
,
Constant Field Values
PEER_CAS
public static final java.lang.String PEER_CAS
- The label for peer CA Principal list.
- See Also:
getPeerCas()
,
setPeerCas(java.security.Principal[])
,
Constant Field Values
REMOTE_ADDR
public static final java.lang.String REMOTE_ADDR
- The label for the ip address of the other party.
- See Also:
- Constant Field Values
SESSION_ID
public static final java.lang.String SESSION_ID
- The label for the SSL session Id for this connection.
- See Also:
- Constant Field Values
SecurityContext
public SecurityContext()
- The constructor.
- See Also:
Properties.Properties()
getCurrentContext
public static SecurityContext getCurrentContext()
- Returns:
- SecurityContext the SecurityContext associated with the current
thread.
- See Also:
setCurrentContext(SecurityContext)
setCurrentContext
public static void setCurrentContext(SecurityContext sc)
- Parameters:
sc
- the SecurityContext associated with the current thread.- See Also:
getCurrentContext()
clearCurrentContext
public static void clearCurrentContext()
- Clears any set SecurityContext associated with the current thread. This
is identical to
SecurityContext.setCurrentContext(null)
.
setAuthorizedAttributes
public void setAuthorizedAttributes(java.util.List authzdAttrs)
- Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead.
- Parameters:
authzdAttrs
- List of String (the approved authorization attributes)- See Also:
AUTHZ_APPROVED_ATTRIBUTES
,
getAuthorizedAttributes()
getAuthorizedAttributes
public java.util.List getAuthorizedAttributes()
- Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead.
- Returns:
- List of String (the approved authorization attributes)
- See Also:
AUTHZ_APPROVED_ATTRIBUTES
,
setAuthorizedAttributes(List)
setRequestedAttributes
public void setRequestedAttributes(java.util.List requestedAttrs)
- Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead.
- Parameters:
requestedAttrs
- List of String (the requested authorization
attributes)- See Also:
AUTHZ_REQUESTED_ATTRIBUTES
,
getRequestedAttributes()
getRequestedAttributes
public java.util.List getRequestedAttributes()
- Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead.
- Returns:
- List of String (the requested authorization attributes)
- See Also:
AUTHZ_REQUESTED_ATTRIBUTES
,
setRequestedAttributes(List)
setAuthorizationPolicy
public void setAuthorizationPolicy(java.lang.String policy)
- Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead.
- Parameters:
policy
- The policy used in the authorization step- See Also:
AUTHZ_POLICY
,
getAuthorizationPolicy()
getAuthorizationPolicy
public java.lang.String getAuthorizationPolicy()
- Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead.
- Returns:
- String The policy used in the authorization step
- See Also:
AUTHZ_POLICY
,
setAuthorizationPolicy(String)
setClientCert
public void setClientCert(java.security.cert.X509Certificate clientCert)
- This method also automatically sets the client name, the issuer name, and
validity period.
- Parameters:
clientCert
- The identity certificate of the authenticated client- See Also:
CLIENT_CERT
,
getClientCert()
,
setClientName(String)
,
setIssuerName(String)
getClientCert
public java.security.cert.X509Certificate getClientCert()
- Specified by:
getClientCert
in interface SecurityInfo
- Returns:
- X509Certificate The identity certificate of the authenticated
client
- See Also:
CLIENT_NAME
,
setClientCert(X509Certificate)
setClientName
public void setClientName(java.lang.String clientName)
- Deprecated. produces DN in wrong order, rather use DN methods.
- Parameters:
clientName
- The name of the authenticated client- See Also:
CLIENT_NAME
,
getClientName()
getClientName
public java.lang.String getClientName()
- Deprecated. produces DN in wrong order, rather use DN methods.
- Description copied from interface:
SecurityInfo
- Returns the name of the authenticated client. Typically, this
is the Subject Distinguished Name of the client certificate.
- Specified by:
getClientName
in interface SecurityInfo
- Returns:
- String The name of the authenticated client
- See Also:
CLIENT_NAME
,
setClientName(String)
setClientDN
public void setClientDN(DN clientDN)
- Parameters:
clientDN
- The name of the authenticated client- See Also:
CLIENT_DN
,
getClientDN()
getClientDN
public DN getClientDN()
- Returns:
- String The name of the authenticated client
- See Also:
CLIENT_DN
,
setClientDN(DN)
setClientX500Name
public void setClientX500Name(java.lang.String clientName)
- Parameters:
clientName
- The name of the authenticated client- See Also:
CLIENT_X500_NAME
,
getClientX500Name()
getClientX500Name
public java.lang.String getClientX500Name()
- Description copied from interface:
SecurityInfo
- Returns the name of the authenticated client in X500 format. Typically, this
is the Subject Distinguished Name of the client certificate.
- Specified by:
getClientX500Name
in interface SecurityInfo
- Returns:
- String The name of the authenticated client
- See Also:
CLIENT_X500_NAME
,
setClientX500Name(String)
setClientX500Principal
public void setClientX500Principal(X500Principal clientPrincipal)
- Parameters:
clientPrincipal
- The name of the authenticated client- See Also:
CLIENT_X500_NAME
,
getClientX500Name()
getClientX500Principal
public X500Principal getClientX500Principal()
- Description copied from interface:
SecurityInfo
- Returns the Principal of the authenticated client in X500 format. Typically, this
is the Subject Distinguished Name of the client certificate.
- Specified by:
getClientX500Principal
in interface SecurityInfo
- Returns:
- X500Principal The Principal of the authenticated client
- See Also:
CLIENT_X500_PRINCIPAL
,
setClientX500Principal(X500Principal)
setIssuerName
public void setIssuerName(java.lang.String issuerName)
- Deprecated. produces DN in wrong order, rather use DN methods.
- Parameters:
issuerName
- The name of the authenticated client- See Also:
ISSUER_NAME
,
getIssuerName()
getIssuerName
public java.lang.String getIssuerName()
- Deprecated. produces DN in wrong order, rather use DN methods.
- Description copied from interface:
SecurityInfo
- Returns the Issuer Distinguished Name of the client certificate.
- Specified by:
getIssuerName
in interface SecurityInfo
- Returns:
- String The issuer name
- See Also:
ISSUER_NAME
,
setIssuerName(String)
setIssuerDN
public void setIssuerDN(DN issuerDN)
- Parameters:
issuerDN
- The name of the authenticated client- See Also:
ISSUER_NAME
,
getIssuerName()
getIssuerDN
public DN getIssuerDN()
- Returns:
- String The issuer name
- See Also:
ISSUER_NAME
,
setIssuerName(String)
setClientCertChain
public void setClientCertChain(java.security.cert.X509Certificate[] certChain)
- This method also automatically sets the client name, the issuer name,
validity period.
- Parameters:
certChain
- The client's certificate chain- See Also:
CERT_CHAIN
,
getClientCertChain()
,
setClientCert(X509Certificate)
getClientCertChain
public java.security.cert.X509Certificate[] getClientCertChain()
- Specified by:
getClientCertChain
in interface SecurityInfo
- Returns:
- X509Certificate[] The client's certificate chain
- See Also:
CERT_CHAIN
,
setClientCertChain(X509Certificate[])
setUnverifiedCertChain
public void setUnverifiedCertChain(java.security.cert.X509Certificate[] certChain)
- Parameters:
certChain
- The unverified certificate chain- See Also:
UNVERIFIED_CERT_CHAIN
getUnverifiedCertChain
public java.security.cert.X509Certificate[] getUnverifiedCertChain()
- Returns:
- X509Certificate[] The unverified certificate chain
- See Also:
UNVERIFIED_CERT_CHAIN
,
setUnverifiedCertChain(X509Certificate[])
setPeerCas
public void setPeerCas(java.security.Principal[] principals)
- Parameters:
principals
- The list of accepted CAs from the peer- See Also:
PEER_CAS
getPeerCas
public java.security.Principal[] getPeerCas()
- Returns:
- Principal[] The list of accepted CAs from the peer
- See Also:
PEER_CAS
,
setPeerCas(Principal[])
setRemoteAddr
public void setRemoteAddr(java.lang.String remoteAddr)
- Sets the IP address of the other party.
- Parameters:
remoteAddr
- the IP address of the other party to save
getRemoteAddr
public java.lang.String getRemoteAddr()
- Description copied from interface:
SecurityInfo
- Returns the IP address of the other party.
- Specified by:
getRemoteAddr
in interface SecurityInfo
- Returns:
- the IP address of the other party.
setSessionId
public void setSessionId(java.lang.String sessionId)
- Sets the IP address of the other party.
- Parameters:
sessionId
- the IP address of the other party to save
getSessionId
public java.lang.String getSessionId()
- Description copied from interface:
SecurityInfo
- Returns the SSL session ID used for this connection.
- Specified by:
getSessionId
in interface SecurityInfo
- Returns:
- the SSL session ID used for this connection.
setVOMSValidator
public void setVOMSValidator(org.glite.voms.VOMSValidator vomsValidator)
- Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead.
- Parameters:
vomsValidator
- the VOMS validator- See Also:
VOMS_VALIDATOR
,
getVOMSValidator()
,
VOMSValidator
getVOMSValidator
public org.glite.voms.VOMSValidator getVOMSValidator()
- Deprecated. This method is deprecated and you should use the classes
found in org.glite.voms from glite-security-voms-api-java
instead.
- Returns:
- VOMSValidator a VOMS validator associated with the client
NOTE: By default, a
BasicVOMSTrustStore
is
used as the VOMS backend validator. It assumes the trusted VOMS
signer certificates to be
/etc/grid-security/vomsdir/*.pem.
NOTE: No guarantees are made that the VOMS validator has
processed the information. That is, the client must make the
appropriate call to VOMSValidator.parse()
or
VOMSValidator.validate()
. - See Also:
VOMS_VALIDATOR
,
setVOMSValidator(VOMSValidator)
,
VOMSValidator
toString
public java.lang.String toString()
- Overrides:
toString
in class java.util.Hashtable<java.lang.Object,java.lang.Object>