| Overview | Package | Class | Tree | Deprecated | Index | Help |
|
|
||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | ||||||||
See:
Description
| Interface Summary | |
|---|---|
| PolicyService | This interface defines a service for managing policies. |
| PolicyXMLService | Instances of this service provide
mapping between XML and Policy instances. |
| SecurityConfiguration | Defines a tagging interface for the security bundle configuration. |
| SecurityManagementService | Provides functionality for the management of authentication and authorization related data. |
| SecurityService | Provides authentication and authorization functionality
for Agent instances, including
Service. |
Provides the security service interfaces.
These services provide the base for security in the Coalevo Platform. The two mayor columns in this base are:
Operational authentication and authorization functionality is provided
by the SecurityService to
Agent instance, which are either
other services
SecurityService.authenticate(net.coalevo.foundation.model.Service)
or users
SecurityService.authenticate(net.coalevo.foundation.model.AgentIdentifier,java.lang.String).
These methods will invoke a transition to an authenticated state, which
allows to invoke functionality of other services if authorization is granted.
If authentication and authorization is no longer required,
SecurityService.invalidateAuthentication(net.coalevo.foundation.model.Agent)
will make the transition back to non-authenticated state.
AgentIdentifier aid = new AgentIdentifier("johndoe");
try {
Agent a = m_SecurityService.authenticate(aid,"password");
} catch (AuthenticationException ex) {
//handle
}
...
...
m_SecurityService.invalidateAuthentication(a);
A service that depends on the functionality provided by other services requires to authenticate on activation and should be implemented to invalidate this authentication on deactivation. To successfully authenticate, the service must have been registered and given authorizations (for example by an administrator).
Users represented by UserAgent
are supposed to be linked to some kind of session, which should take
care for a transition to a non-authenticated state through some timeout
mechanism (in case the session is abandoned).
Note that when authentication is requested for an instance that
is already in authenticated use, the same instance will be returned.
The PolicyService provides
the ways and means for other services to manage authorization policies
in form of Policy instances.
These policies basically map specific service actions to authorization
rules that specify which authorizations are required to execute the
corresponding action. Please see the related
documentation for more information.
The SecurityManagementService
provides the operational ways and means to manage the security related
data. It allows to create, update and remove agents, roles, authentications
and authorizations.
|
|
||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | ||||||||