SimpleSecurityAuthority (CSP for Java (JCSP) 1.1-rc1 API Specification (inc. Network))

Overview

Package

Class

Tree

Deprecated

Index

Help

CSP for Java
(JCSP) 1.1-rc1

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jcsp.net.security
Class SimpleSecurityAuthority

java.lang.Object
  org.jcsp.net.security.SimpleSecurityAuthority

All Implemented Interfaces:: Serializable, SecurityAuthority, SecurityService, Service, ServiceUserObject

public class SimpleSecurityAuthority
extends Object
implements SecurityService
extends Object
implements SecurityService

Provides a basic security authority based on unique names. No passwords are used - a user is identified by a name which is guarded by a minimal protection scheme. This class is supplied as an example of implementing a security authority and not a robust implementation suitable for long term use.

Author:: Quickstone Technologies Limited
See Also:: Serialized Form

Constructor Summary
`SimpleSecurityAuthority()` Creates a new simple authority.

Method Summary
`Challenge`	`createChallenge()` Creates a new challenge packet containing a timestamp and some random data.
`Response`	`createResponse(Challenge c)` Creates a response to the challenge based on the currently logged in user.
`UserID`	`createUserID(String username)` Creates and returns a user ID valid for this authority that represents the given user name.
`UserToken`	`createUserToken(UserID user)` Creates and returns an authentication token valid for this authority that represents the given user name.
`void`	`denyUserAccess(UserID u)` Removes a user from the set of permitted users.
`ServiceUserObject`	`getUserObject()` Returns the authority interface for this service.
`boolean`	`init(ServiceSettings s)` Initializes the service, setting a current user and the list of permitted users from the XML configuration file.
`boolean`	`isRunning()` Returns true iff the service is running.
`void`	`logoffUser()` Clears the currently logged on user.
`void`	`logonUser(UserToken u)` Sets the currently logged on user.
`void`	`permitUserAccess(UserID u)` Adds a user to the set of permitted users.
`boolean`	`start()` Sets the service running.
`boolean`	`stop()` Stops the service.
`String`	`toString()` Returns a string description of this authority.
`boolean`	`validateResponse(Challenge c, Response r)` Checks if the generated response corresponds to one expected from a permitted user.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Constructor Detail

SimpleSecurityAuthority

public SimpleSecurityAuthority()

Creates a new simple authority. The current username will be found from the preferences if available under the "user" variable. The system property "org.jcsp.net.security.user" will be checked first and take preference. If no user is found the name "default_user" is assumed.

Method Detail

createChallenge

public Challenge createChallenge()

Creates a new challenge packet containing a timestamp and some random data. The response must be returned within around 1 minute for the response to be considered valid so don't keep it too long.

Specified by:: createChallenge in interface SecurityAuthority

Returns:: the new challenge packet.

validateResponse

public boolean validateResponse(Challenge c,
                                Response r)

Checks if the generated response corresponds to one expected from a permitted user. The response must have come within a minute of the challenge being generated.

Specified by:: validateResponse in interface SecurityAuthority

Parameters:: c - the challenge returned by createChallenge.; r - the response generated by the other authority.
Returns:: true if the response is permitted.

createResponse

public Response createResponse(Challenge c)

Creates a response to the challenge based on the currently logged in user.

Specified by:: createResponse in interface SecurityAuthority

Parameters:: c - the challenge to respond to.
Returns:: the response.

logonUser

public void logonUser(UserToken u)
               throws AccessDeniedException

Sets the currently logged on user. If there is already a user logged in, they are logged off.

Specified by:: logonUser in interface SecurityAuthority

Parameters:: u - the user's token.
Throws:: AccessDeniedException - if the user token is not valid for this authority.

logoffUser

public void logoffUser()

Clears the currently logged on user. After this call the createResponse method will fail until another user is logged in.

Specified by:: logoffUser in interface SecurityAuthority

permitUserAccess

public void permitUserAccess(UserID u)
                      throws AccessDeniedException

Adds a user to the set of permitted users.

Specified by:: permitUserAccess in interface SecurityAuthority

Parameters:: u - the user ID to add.
Throws:: AccessDeniedException - if the ID was not allocated by this authority.

denyUserAccess

public void denyUserAccess(UserID u)
                    throws AccessDeniedException

Removes a user from the set of permitted users.

Specified by:: denyUserAccess in interface SecurityAuthority

Parameters:: u - the user ID to remove.
Throws:: AccessDeniedException - if the ID was not allocated by this authority.

start

public boolean start()

Sets the service running.

Specified by:: start in interface Service

Returns:: true - this service can always start.

stop

public boolean stop()

Stops the service.

Specified by:: stop in interface Service

Returns:: true - this service can always stop.

isRunning

public boolean isRunning()

Returns true iff the service is running.

Specified by:: isRunning in interface Service

Returns:: true iff the service is currently running.

init

public boolean init(ServiceSettings s)

Initializes the service, setting a current user and the list of permitted users from the XML configuration file. For example:

        <SERVICE ...>
           <SETTING name="logonUser" value="foo@bar.com"/>
           <SETTING name="permitUser0" value="a"/>
           <SETTING name="permitUser1" value="b"/>
        </SETTING>

This sets the current user to be "foo@bar.com" but will allow responses from users "a" and "b".

Specified by:: init in interface Service

Parameters:: s - The settings used by the service.
Returns:: true iff the service has been initialized.

getUserObject

public ServiceUserObject getUserObject()

Returns the authority interface for this service. A seperate user object is returned to avoid giving away the service control interface also.

Specified by:: getUserObject in interface Service

Returns:: a ServiceUserObject.

createUserID

public UserID createUserID(String username)

Creates and returns a user ID valid for this authority that represents the given user name.

Parameters:: username - the unique user name.
Returns:: the user ID.

createUserToken

public UserToken createUserToken(UserID user)
                          throws AccessDeniedException

Creates and returns an authentication token valid for this authority that represents the given user name. Note that no additional credentials are supplied because this authority does not support passwords or anything more secure (hence the word 'Simple' in its name :).

Parameters:: user - the user ID to authenticate.
Returns:: the authentication token.
Throws:: AccessDeniedException - if the user ID is not valid for this authority.

toString

public String toString()

Returns a string description of this authority.

Overrides:: toString in class Object