org.knopflerfish.service.um.useradmin

Interface ContextualAuthorization

All Superinterfaces:

Authorization

public interface ContextualAuthorization
extends Authorization

This subclass to Authorization adds authentication context to the authorization information. The authentication context is information about how the user was authenticated. When checking the set of roles that the user is authorized as (Authorization getRoles or hasRole), evaluation of Conditions can compare the value of context parameters with the corresponding values in their filter expressions.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CONTEXT_AUTH_DATE Context parameter for authentication date, the parameter string is "auth_date".
static java.lang.String	CONTEXT_AUTH_DAY Context parameter for authentication day of week, the parameter string is "auth_day".
static java.lang.String	CONTEXT_AUTH_LEVEL Context parameter for authentication level, the parameter string is "auth_lvl".
static java.lang.String	CONTEXT_AUTH_TIME Context parameter for authentication time, the parameter string is "auth_time".
static java.lang.String	CONTEXT_CONF_LEVEL Context parameter for confidentiality level, the parameter string is "conf_lvl".
static java.lang.String	CONTEXT_DATE Context parameter for current date, the parameter string is "date".
static java.lang.String	CONTEXT_DAY Context parameter for current day of week, the parameter string is "day".
static java.lang.String	CONTEXT_INTEGR_LEVEL Context parameter for integrity level, the parameter string is "integr_lvl".
static java.lang.String	CONTEXT_TIME Context parameter for current time, the parameter string is "time".

Method Summary

Methods

Modifier and Type	Method and Description
java.util.Dictionary	getContext() Returns the authentication context for this authorization object.
void	setIPAMContext(java.lang.String authMethod, java.lang.String inputPath) Set context parameter using IPAM.

Methods inherited from interface org.osgi.service.useradmin.Authorization

getName, getRoles, hasRole

Field Detail

CONTEXT_AUTH_DATE

static final java.lang.String CONTEXT_AUTH_DATE

Context parameter for authentication date, the parameter string is "auth_date". A value should be on the format yyyy-MM-dd. This format makes it possible for example to create a filter expression that evaluates to true when the authentication date is between a start and end date. For example: (&(auth_date>=2001-06-01)(auth_date<=2001-07-01))

See Also:

Constant Field Values

CONTEXT_AUTH_TIME

static final java.lang.String CONTEXT_AUTH_TIME

Context parameter for authentication time, the parameter string is "auth_time". A value should be on the format HH:mm:ss, that is 24-hour with minutes and seconds.

See Also:

Constant Field Values

CONTEXT_AUTH_DAY

static final java.lang.String CONTEXT_AUTH_DAY

Context parameter for authentication day of week, the parameter string is "auth_day". A value should be one of the days of the week, in the environment's current locale.

See Also:

Constant Field Values

CONTEXT_DATE

static final java.lang.String CONTEXT_DATE

Context parameter for current date, the parameter string is "date". A value should be on the format yyyy-MM-dd.

See Also:

Constant Field Values

CONTEXT_TIME

static final java.lang.String CONTEXT_TIME

Context parameter for current time, the parameter string is "time". A value should be on the format HH:mm:ss, that is 24-hour with minutes and seconds.

See Also:

Constant Field Values

CONTEXT_DAY

static final java.lang.String CONTEXT_DAY

Context parameter for current day of week, the parameter string is "day". A value should be one of the days of the week, in the environment's current locale.

See Also:

Constant Field Values

CONTEXT_AUTH_LEVEL

static final java.lang.String CONTEXT_AUTH_LEVEL

Context parameter for authentication level, the parameter string is "auth_lvl". Authentication level is a quality measurement of the authentication method that was used. For example, authentication with a PIN code should probably have a lower auth_lvl than authentication with a finger print. The value is an integer between 0 (lowest) and 3 (highest). For example: (auth_lvl>=2).

See Also:

Constant Field Values

CONTEXT_CONF_LEVEL

static final java.lang.String CONTEXT_CONF_LEVEL

Context parameter for confidentiality level, the parameter string is "conf_lvl". Confidentiality level is a quality measurement of the input path when the user was authenticated. How difficult is it for some other party to eavesdrop? For example, a session using HTTPS should have a higher conf_lvl than an ordinary http session. The value is an integer between 0 (lowest) and 3 (highest).

See Also:

Constant Field Values

CONTEXT_INTEGR_LEVEL

static final java.lang.String CONTEXT_INTEGR_LEVEL

Context parameter for integrity level, the parameter string is "integr_lvl". Integrity level is a quality measurement of the input path when the user was authenticated. Can data be trusted not to be falsified? For example, a connection from a terminal in the local home network should perhaps result in a higher integr_lvl than a connection from a public terminal on the internet. The value is an integer between 0 (lowest) and 3 (highest).

See Also:

Constant Field Values

Method Detail

getContext

java.util.Dictionary getContext()

Returns the authentication context for this authorization object. The returned Dictionary can be modified to update the context.

Returns:

the context

setIPAMContext

void setIPAMContext(java.lang.String authMethod,
                  java.lang.String inputPath)

Set context parameter using IPAM. The supplied authentication method and input path strings are translated to a set of context parameters.

Parameters:

authMethod - authentication method

inputPath - input path

See Also:

IPAMValuationService