org.glite.security
Class SecurityContext

java.lang.Object
  extended by java.util.Dictionary<K,V>
      extended by java.util.Hashtable<java.lang.Object,java.lang.Object>
          extended by java.util.Properties
              extended by org.glite.security.SecurityContext
All Implemented Interfaces:
java.io.Serializable, java.lang.Cloneable, java.util.Map<java.lang.Object,java.lang.Object>, SecurityInfo

public class SecurityContext
extends java.util.Properties
implements SecurityInfo

A context class in which security-related information from the authentication and authorization process is collected.
SecurityContexts can be stored on a per-thread basis using the static method setCurrentContext(), and retrieved with getCurrentContext().
This class is for internal use. External users should make use of the SecurityInfo rendering of this class.

Author:
mulmo
See Also:
SecurityInfo, SecurityInfoContainer, Serialized Form

Field Summary
static java.lang.String AUTHZ_APPROVED_ATTRIBUTES
          Deprecated. This constant is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead. The label fo the set of authorized attributes.
static java.lang.String AUTHZ_POLICY
          Deprecated. This constant is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead. The label for the authorization policy.
static java.lang.String AUTHZ_REQUESTED_ATTRIBUTES
          Deprecated. This constant is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead. The label for the set of requested attributes.
static java.lang.String CERT_CHAIN
           
static java.lang.String CLIENT_CERT
          The label for the client identity certificate.
static java.lang.String CLIENT_DN
          The label for the client name.
static java.lang.String CLIENT_NAME
          The label for the client name.
static java.lang.String CLIENT_X500_NAME
          The label for the client name.
static java.lang.String CLIENT_X500_PRINCIPAL
          The label for the client name.
static java.lang.String ISSUER_DN
          The label for the issuer name.
static java.lang.String ISSUER_NAME
          The label for the issuer name.
static java.lang.String PEER_CAS
          The label for peer CA Principal list.
static java.lang.String REMOTE_ADDR
          The label for the ip address of the other party.
static java.lang.String SESSION_ID
          The label for the SSL session Id for this connection.
static java.lang.String UNVERIFIED_CERT_CHAIN
          The label for UnverifiedCertChain.
static java.lang.String VOMS_VALIDATOR
          Deprecated. This constant is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead. The label for the verified VOMS Validator.
 
Constructor Summary
SecurityContext()
          The constructor.
 
Method Summary
static void clearCurrentContext()
          Clears any set SecurityContext associated with the current thread.
 java.lang.String getAuthorizationPolicy()
          Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.
 java.util.List getAuthorizedAttributes()
          Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.
 java.security.cert.X509Certificate getClientCert()
           
 java.security.cert.X509Certificate[] getClientCertChain()
           
 DN getClientDN()
           
 java.lang.String getClientName()
          Deprecated. produces DN in wrong order, rather use DN methods.
 java.lang.String getClientX500Name()
          Returns the name of the authenticated client in X500 format.
 X500Principal getClientX500Principal()
          Returns the Principal of the authenticated client in X500 format.
static SecurityContext getCurrentContext()
           
 DN getIssuerDN()
           
 java.lang.String getIssuerName()
          Deprecated. produces DN in wrong order, rather use DN methods.
 java.security.Principal[] getPeerCas()
           
 java.lang.String getRemoteAddr()
          Returns the IP address of the other party.
 java.util.List getRequestedAttributes()
          Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.
 java.lang.String getSessionId()
          Returns the SSL session ID used for this connection.
 java.security.cert.X509Certificate[] getUnverifiedCertChain()
           
 org.glite.voms.VOMSValidator getVOMSValidator()
          Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.
 void setAuthorizationPolicy(java.lang.String policy)
          Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.
 void setAuthorizedAttributes(java.util.List authzdAttrs)
          Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.
 void setClientCert(java.security.cert.X509Certificate clientCert)
          This method also automatically sets the client name, the issuer name, and validity period.
 void setClientCertChain(java.security.cert.X509Certificate[] certChain)
          This method also automatically sets the client name, the issuer name, validity period.
 void setClientDN(DN clientDN)
           
 void setClientName(java.lang.String clientName)
          Deprecated. produces DN in wrong order, rather use DN methods.
 void setClientX500Name(java.lang.String clientName)
           
 void setClientX500Principal(X500Principal clientPrincipal)
           
static void setCurrentContext(SecurityContext sc)
           
 void setIssuerDN(DN issuerDN)
           
 void setIssuerName(java.lang.String issuerName)
          Deprecated. produces DN in wrong order, rather use DN methods.
 void setPeerCas(java.security.Principal[] principals)
           
 void setRemoteAddr(java.lang.String remoteAddr)
          Sets the IP address of the other party.
 void setRequestedAttributes(java.util.List requestedAttrs)
          Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.
 void setSessionId(java.lang.String sessionId)
          Sets the IP address of the other party.
 void setUnverifiedCertChain(java.security.cert.X509Certificate[] certChain)
           
 void setVOMSValidator(org.glite.voms.VOMSValidator vomsValidator)
          Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.
 java.lang.String toString()
           
 
Methods inherited from class java.util.Properties
getProperty, getProperty, list, list, load, load, loadFromXML, propertyNames, save, setProperty, store, store, storeToXML, storeToXML, stringPropertyNames
 
Methods inherited from class java.util.Hashtable
clear, clone, contains, containsKey, containsValue, elements, entrySet, equals, get, hashCode, isEmpty, keys, keySet, put, putAll, remove, size, values
 
Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

CERT_CHAIN

public static final java.lang.String CERT_CHAIN
See Also:
getClientCertChain(), Constant Field Values

AUTHZ_REQUESTED_ATTRIBUTES

public static final java.lang.String AUTHZ_REQUESTED_ATTRIBUTES
Deprecated. This constant is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead. The label for the set of requested attributes.
See Also:
getRequestedAttributes(), setRequestedAttributes(List), Constant Field Values

AUTHZ_APPROVED_ATTRIBUTES

public static final java.lang.String AUTHZ_APPROVED_ATTRIBUTES
Deprecated. This constant is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead. The label fo the set of authorized attributes.
See Also:
getAuthorizedAttributes(), setAuthorizedAttributes(List), Constant Field Values

AUTHZ_POLICY

public static final java.lang.String AUTHZ_POLICY
Deprecated. This constant is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead. The label for the authorization policy.
See Also:
getAuthorizationPolicy(), setAuthorizationPolicy(String), Constant Field Values

CLIENT_CERT

public static final java.lang.String CLIENT_CERT
The label for the client identity certificate.

See Also:
getClientCert(), setClientCert(X509Certificate), Constant Field Values

CLIENT_NAME

public static final java.lang.String CLIENT_NAME
The label for the client name.

See Also:
getClientName(), setClientName(String), Constant Field Values

CLIENT_DN

public static final java.lang.String CLIENT_DN
The label for the client name.

See Also:
getClientDN(), setClientDN(DN), Constant Field Values

CLIENT_X500_NAME

public static final java.lang.String CLIENT_X500_NAME
The label for the client name.

See Also:
getClientX500Name(), setClientX500Name(String), Constant Field Values

CLIENT_X500_PRINCIPAL

public static final java.lang.String CLIENT_X500_PRINCIPAL
The label for the client name.

See Also:
getClientX500Principal(), setClientX500Principal(X500Principal), Constant Field Values

ISSUER_NAME

public static final java.lang.String ISSUER_NAME
The label for the issuer name.

See Also:
getIssuerName(), setIssuerName(String), Constant Field Values

ISSUER_DN

public static final java.lang.String ISSUER_DN
The label for the issuer name.

See Also:
getIssuerName(), setIssuerName(String), Constant Field Values

VOMS_VALIDATOR

public static final java.lang.String VOMS_VALIDATOR
Deprecated. This constant is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead. The label for the verified VOMS Validator.
See Also:
getVOMSValidator(), setVOMSValidator(VOMSValidator), Constant Field Values

UNVERIFIED_CERT_CHAIN

public static final java.lang.String UNVERIFIED_CERT_CHAIN
The label for UnverifiedCertChain.

See Also:
getUnverifiedCertChain(), setUnverifiedCertChain(java.security.cert.X509Certificate[]), Constant Field Values

PEER_CAS

public static final java.lang.String PEER_CAS
The label for peer CA Principal list.

See Also:
getPeerCas(), setPeerCas(java.security.Principal[]), Constant Field Values

REMOTE_ADDR

public static final java.lang.String REMOTE_ADDR
The label for the ip address of the other party.

See Also:
Constant Field Values

SESSION_ID

public static final java.lang.String SESSION_ID
The label for the SSL session Id for this connection.

See Also:
Constant Field Values
Constructor Detail

SecurityContext

public SecurityContext()
The constructor.

See Also:
Properties.Properties()
Method Detail

getCurrentContext

public static SecurityContext getCurrentContext()
Returns:
SecurityContext the SecurityContext associated with the current thread.
See Also:
setCurrentContext(SecurityContext)

setCurrentContext

public static void setCurrentContext(SecurityContext sc)
Parameters:
sc - the SecurityContext associated with the current thread.
See Also:
getCurrentContext()

clearCurrentContext

public static void clearCurrentContext()
Clears any set SecurityContext associated with the current thread. This is identical to SecurityContext.setCurrentContext(null).


setAuthorizedAttributes

public void setAuthorizedAttributes(java.util.List authzdAttrs)
Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.

Parameters:
authzdAttrs - List of String (the approved authorization attributes)
See Also:
AUTHZ_APPROVED_ATTRIBUTES, getAuthorizedAttributes()

getAuthorizedAttributes

public java.util.List getAuthorizedAttributes()
Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.

Returns:
List of String (the approved authorization attributes)
See Also:
AUTHZ_APPROVED_ATTRIBUTES, setAuthorizedAttributes(List)

setRequestedAttributes

public void setRequestedAttributes(java.util.List requestedAttrs)
Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.

Parameters:
requestedAttrs - List of String (the requested authorization attributes)
See Also:
AUTHZ_REQUESTED_ATTRIBUTES, getRequestedAttributes()

getRequestedAttributes

public java.util.List getRequestedAttributes()
Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.

Returns:
List of String (the requested authorization attributes)
See Also:
AUTHZ_REQUESTED_ATTRIBUTES, setRequestedAttributes(List)

setAuthorizationPolicy

public void setAuthorizationPolicy(java.lang.String policy)
Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.

Parameters:
policy - The policy used in the authorization step
See Also:
AUTHZ_POLICY, getAuthorizationPolicy()

getAuthorizationPolicy

public java.lang.String getAuthorizationPolicy()
Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.

Returns:
String The policy used in the authorization step
See Also:
AUTHZ_POLICY, setAuthorizationPolicy(String)

setClientCert

public void setClientCert(java.security.cert.X509Certificate clientCert)
This method also automatically sets the client name, the issuer name, and validity period.

Parameters:
clientCert - The identity certificate of the authenticated client
See Also:
CLIENT_CERT, getClientCert(), setClientName(String), setIssuerName(String)

getClientCert

public java.security.cert.X509Certificate getClientCert()
Specified by:
getClientCert in interface SecurityInfo
Returns:
X509Certificate The identity certificate of the authenticated client
See Also:
CLIENT_NAME, setClientCert(X509Certificate)

setClientName

public void setClientName(java.lang.String clientName)
Deprecated. produces DN in wrong order, rather use DN methods.

Parameters:
clientName - The name of the authenticated client
See Also:
CLIENT_NAME, getClientName()

getClientName

public java.lang.String getClientName()
Deprecated. produces DN in wrong order, rather use DN methods.

Description copied from interface: SecurityInfo
Returns the name of the authenticated client. Typically, this is the Subject Distinguished Name of the client certificate.

Specified by:
getClientName in interface SecurityInfo
Returns:
String The name of the authenticated client
See Also:
CLIENT_NAME, setClientName(String)

setClientDN

public void setClientDN(DN clientDN)
Parameters:
clientDN - The name of the authenticated client
See Also:
CLIENT_DN, getClientDN()

getClientDN

public DN getClientDN()
Returns:
String The name of the authenticated client
See Also:
CLIENT_DN, setClientDN(DN)

setClientX500Name

public void setClientX500Name(java.lang.String clientName)
Parameters:
clientName - The name of the authenticated client
See Also:
CLIENT_X500_NAME, getClientX500Name()

getClientX500Name

public java.lang.String getClientX500Name()
Description copied from interface: SecurityInfo
Returns the name of the authenticated client in X500 format. Typically, this is the Subject Distinguished Name of the client certificate.

Specified by:
getClientX500Name in interface SecurityInfo
Returns:
String The name of the authenticated client
See Also:
CLIENT_X500_NAME, setClientX500Name(String)

setClientX500Principal

public void setClientX500Principal(X500Principal clientPrincipal)
Parameters:
clientPrincipal - The name of the authenticated client
See Also:
CLIENT_X500_NAME, getClientX500Name()

getClientX500Principal

public X500Principal getClientX500Principal()
Description copied from interface: SecurityInfo
Returns the Principal of the authenticated client in X500 format. Typically, this is the Subject Distinguished Name of the client certificate.

Specified by:
getClientX500Principal in interface SecurityInfo
Returns:
X500Principal The Principal of the authenticated client
See Also:
CLIENT_X500_PRINCIPAL, setClientX500Principal(X500Principal)

setIssuerName

public void setIssuerName(java.lang.String issuerName)
Deprecated. produces DN in wrong order, rather use DN methods.

Parameters:
issuerName - The name of the authenticated client
See Also:
ISSUER_NAME, getIssuerName()

getIssuerName

public java.lang.String getIssuerName()
Deprecated. produces DN in wrong order, rather use DN methods.

Description copied from interface: SecurityInfo
Returns the Issuer Distinguished Name of the client certificate.

Specified by:
getIssuerName in interface SecurityInfo
Returns:
String The issuer name
See Also:
ISSUER_NAME, setIssuerName(String)

setIssuerDN

public void setIssuerDN(DN issuerDN)
Parameters:
issuerDN - The name of the authenticated client
See Also:
ISSUER_NAME, getIssuerName()

getIssuerDN

public DN getIssuerDN()
Returns:
String The issuer name
See Also:
ISSUER_NAME, setIssuerName(String)

setClientCertChain

public void setClientCertChain(java.security.cert.X509Certificate[] certChain)
This method also automatically sets the client name, the issuer name, validity period.

Parameters:
certChain - The client's certificate chain
See Also:
CERT_CHAIN, getClientCertChain(), setClientCert(X509Certificate)

getClientCertChain

public java.security.cert.X509Certificate[] getClientCertChain()
Specified by:
getClientCertChain in interface SecurityInfo
Returns:
X509Certificate[] The client's certificate chain
See Also:
CERT_CHAIN, setClientCertChain(X509Certificate[])

setUnverifiedCertChain

public void setUnverifiedCertChain(java.security.cert.X509Certificate[] certChain)
Parameters:
certChain - The unverified certificate chain
See Also:
UNVERIFIED_CERT_CHAIN

getUnverifiedCertChain

public java.security.cert.X509Certificate[] getUnverifiedCertChain()
Returns:
X509Certificate[] The unverified certificate chain
See Also:
UNVERIFIED_CERT_CHAIN, setUnverifiedCertChain(X509Certificate[])

setPeerCas

public void setPeerCas(java.security.Principal[] principals)
Parameters:
principals - The list of accepted CAs from the peer
See Also:
PEER_CAS

getPeerCas

public java.security.Principal[] getPeerCas()
Returns:
Principal[] The list of accepted CAs from the peer
See Also:
PEER_CAS, setPeerCas(Principal[])

setRemoteAddr

public void setRemoteAddr(java.lang.String remoteAddr)
Sets the IP address of the other party.

Parameters:
remoteAddr - the IP address of the other party to save

getRemoteAddr

public java.lang.String getRemoteAddr()
Description copied from interface: SecurityInfo
Returns the IP address of the other party.

Specified by:
getRemoteAddr in interface SecurityInfo
Returns:
the IP address of the other party.

setSessionId

public void setSessionId(java.lang.String sessionId)
Sets the IP address of the other party.

Parameters:
sessionId - the IP address of the other party to save

getSessionId

public java.lang.String getSessionId()
Description copied from interface: SecurityInfo
Returns the SSL session ID used for this connection.

Specified by:
getSessionId in interface SecurityInfo
Returns:
the SSL session ID used for this connection.

setVOMSValidator

public void setVOMSValidator(org.glite.voms.VOMSValidator vomsValidator)
Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.

Parameters:
vomsValidator - the VOMS validator
See Also:
VOMS_VALIDATOR, getVOMSValidator(), VOMSValidator

getVOMSValidator

public org.glite.voms.VOMSValidator getVOMSValidator()
Deprecated. This method is deprecated and you should use the classes found in org.glite.voms from glite-security-voms-api-java instead.

Returns:
VOMSValidator a VOMS validator associated with the client NOTE: By default, a BasicVOMSTrustStore is used as the VOMS backend validator. It assumes the trusted VOMS signer certificates to be /etc/grid-security/vomsdir/*.pem. NOTE: No guarantees are made that the VOMS validator has processed the information. That is, the client must make the appropriate call to VOMSValidator.parse() or VOMSValidator.validate().
See Also:
VOMS_VALIDATOR, setVOMSValidator(VOMSValidator), VOMSValidator

toString

public java.lang.String toString()
Overrides:
toString in class java.util.Hashtable<java.lang.Object,java.lang.Object>