You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by vt...@apache.org on 2005/01/25 14:09:10 UTC
svn commit: r126380 - in incubator/directory/authx/trunk/core: api/src/java/org/apache/authx api/src/java/org/apache/authx/authentication api/src/java/org/apache/authx/authorization impl/src/java/org/apache/authx/authorization
Author: vtence
Date: Tue Jan 25 05:09:08 2005
New Revision: 126380
URL: http://svn.apache.org/viewcvs?view=rev&rev=126380
Log:
Documentation
Modified:
incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/AuthXException.java
incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Authenticator.java
incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Credential.java
incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/CredentialSet.java
incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Authorizer.java
incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Permission.java
incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultRule.java
Modified: incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/AuthXException.java
Url: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/AuthXException.java?view=diff&rev=126380&p1=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/AuthXException.java&r1=126379&p2=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/AuthXException.java&r2=126380
==============================================================================
--- incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/AuthXException.java (original)
+++ incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/AuthXException.java Tue Jan 25 05:09:08 2005
@@ -16,6 +16,10 @@
*/
package org.apache.authx;
+/**
+ * Superclass for all exceptions in AuthX. Not to be thrown directly, but
+ * you can use it to catch all AuthX exceptions.
+ */
public abstract class AuthXException extends RuntimeException
{
protected AuthXException()
Modified: incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Authenticator.java
Url: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Authenticator.java?view=diff&rev=126380&p1=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Authenticator.java&r1=126379&p2=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Authenticator.java&r2=126380
==============================================================================
--- incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Authenticator.java (original)
+++ incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Authenticator.java Tue Jan 25 05:09:08 2005
@@ -19,21 +19,20 @@
import javax.security.auth.Subject;
/**
- * <i><strong>Warning:</strong> This is experimental. Don't know yet if authenticator
- * may use a single realm or several realms to perform authentication. In the case of several realms,
- * each realm will probably support a unique authentication method and the argument to <code>authenticate</code>
- * will change to a grouping of credential collections.</i>
+ * An <code>Authenticator</code> is responsible for validating a subject
+ * identity. The result of authentication is a <code>Subject</code> object
+ * that represents the subject and carries its identity as well as other
+ * security-related attributes that may be used to render
+ * authorization decisions.
*
* @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
*/
public interface Authenticator
{
/**
- * Returns a populated Subject with the principals which represent the
- * identity of the user as well as any other principal for which permissions may be associated.
- * <p/>
- * If the configured realm implementation has <code>GroupSupport</code> then this
- * authenticator may choose to add a principal for each group the user is a member of.
+ * Returns a populated <code>Subject</code> with the principals which
+ * represent the identity of the user as well as any other principal
+ * for which permissions may be associated.
*
* @param credentials A collection of credential objects provided as proof of identity
* @return a Subject populated with appropriate principals or null if authentication fails
Modified: incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Credential.java
Url: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Credential.java?view=diff&rev=126380&p1=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Credential.java&r1=126379&p2=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Credential.java&r2=126380
==============================================================================
--- incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Credential.java (original)
+++ incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/Credential.java Tue Jan 25 05:09:08 2005
@@ -16,6 +16,13 @@
*/
package org.apache.authx.authentication;
+/**
+ * A <code>Credential</code> is a of unit of proof of identity,
+ * such as a username or a password.
+ * <p>
+ * A {@link CredentialSet} groups together related <code>Credential</code>s
+ * for subject authentication purposes.
+ */
public interface Credential
{
Object getValue();
Modified: incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/CredentialSet.java
Url: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/CredentialSet.java?view=diff&rev=126380&p1=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/CredentialSet.java&r1=126379&p2=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/CredentialSet.java&r2=126380
==============================================================================
--- incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/CredentialSet.java (original)
+++ incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authentication/CredentialSet.java Tue Jan 25 05:09:08 2005
@@ -23,7 +23,11 @@
import java.util.Set;
/**
- * Declared final so we make sure no imposter implementation is possible.
+ * A <code>CredentialSet</code> is a grouping of related {@link Credential}
+ * objects that provides a proof of identity. It serves both identification and
+ * authentication purposes.
+ * <p>
+ * This class is declared final to make sure no imposter implementation can exist.
*
* @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
*/
@@ -94,6 +98,15 @@
return subSet;
}
+ /**
+ * Returns the only credential in this set that matches
+ * the given type.
+ *
+ * @param c the class of credential to be returned.
+ * @return the sole credential of this type in the set
+ * @throws IllegalArgumentException if none or more than one
+ * credential of the given type exists in the set
+ */
public Object getUniqueCredential( Class c )
{
CredentialSet creds = getCredentials( c );
Modified: incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Authorizer.java
Url: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Authorizer.java?view=diff&rev=126380&p1=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Authorizer.java&r1=126379&p2=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Authorizer.java&r2=126380
==============================================================================
--- incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Authorizer.java (original)
+++ incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Authorizer.java Tue Jan 25 05:09:08 2005
@@ -18,7 +18,35 @@
import javax.security.auth.Subject;
+/**
+ * An <code>Authorizer</code> is a security
+ * policy decision point. It is responsible for
+ * responding to an authorization request
+ * by rendering an authorization decision.
+ * <p>
+ * At this stage, no authorization request
+ * abstraction exist yet, but that may change
+ * soon. For the time being, an authorization request
+ * is composed of a requested <code>Permission</code>
+ * on behalf of a given subject.
+ * <p>
+ * No abstraction of authorization
+ * decision exist either and a boolean representation
+ * is used. That should change as well to support
+ * a richer authorization model that associates positive
+ * decisions to sets of obligations to which the client
+ * must compell.
+ */
public interface Authorizer
{
+ /**
+ * Renders an authorization decision in response
+ * to the given authorization request.
+ *
+ * @param s The subject requesting a permission
+ * @param p The targeted permission
+ * @return true if case of a positive decision,
+ * false otherwise
+ */
boolean authorize( Subject s, Permission p );
}
Modified: incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Permission.java
Url: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Permission.java?view=diff&rev=126380&p1=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Permission.java&r1=126379&p2=incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Permission.java&r2=126380
==============================================================================
--- incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Permission.java (original)
+++ incubator/directory/authx/trunk/core/api/src/java/org/apache/authx/authorization/Permission.java Tue Jan 25 05:09:08 2005
@@ -17,6 +17,12 @@
package org.apache.authx.authorization;
/**
+ * A <code>Permission</code> represents a resource and a set of actions
+ * to perform on this resource.
+ * <p>
+ * The <code>Permission</code> interface is a simplier abstraction of the
+ * standard java permission concept.
+ *
* @author <a href="mailto:directory-dev@incubator.apache.org">Apache Directory Project</a>
*/
public interface Permission
Modified: incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java
Url: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java?view=diff&rev=126380&p1=incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java&r1=126379&p2=incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java&r2=126380
==============================================================================
--- incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java (original)
+++ incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultAuthorizer.java Tue Jan 25 05:09:08 2005
@@ -22,9 +22,6 @@
import java.util.HashMap;
import java.util.Map;
-/**
- * Warning: to be renamed to DefaultAuthorizer when moved out of sandbox
- */
public class DefaultAuthorizer implements Authorizer
{
private final Map m_decisions;
Modified: incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultRule.java
Url: http://svn.apache.org/viewcvs/incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultRule.java?view=diff&rev=126380&p1=incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultRule.java&r1=126379&p2=incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultRule.java&r2=126380
==============================================================================
--- incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultRule.java (original)
+++ incubator/directory/authx/trunk/core/impl/src/java/org/apache/authx/authorization/DefaultRule.java Tue Jan 25 05:09:08 2005
@@ -17,14 +17,12 @@
package org.apache.authx.authorization;
import org.apache.authx.authorization.effect.Effects;
-import org.apache.authx.authorization.predicate.Predicates;
-import org.apache.authx.authorization.predicate.AndPredicate;
import org.apache.authx.authorization.predicate.OrPredicate;
+import org.apache.authx.authorization.predicate.Predicates;
import javax.security.auth.Subject;
/**
- * TODO: consider adding predicates into an And operation instead of replacing
* @author <a href="mailto:vtence@apache.org">Vincent Tence</a>
*/
public class DefaultRule implements Rule