|
|||||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
See:
Description
Class Summary | |
SecurityPolicy | |
SecurityPolicyToken | |
SecurityProcessorContext | |
WSSPolicyProcessor |
This parser shows how to use the generic Policy implementation to read, process, and decide on policies. The generic Policy implementation provides the framework to read, normalize, merge, and intersect policies. The generic implementation follows the specifications laid down in the document Web Services Policy Framework.
The Parser for Web Services Security Policy Language uses the generic policy implementation to read, normalize, and merge Web Service Sercurity policy files. The parser then parses and processes the specific Web Services Security Policy assertions. The document Web Services Security Policy Language defines the specific Web Service Security Policy assertions. This is an example and the parser provides a skeleton for further development. Currently the processing methods of all assertions returntrue
, that is every assertion
is accepted.
WSSpolicyProcessorFull
. At first it populates the top level
token with all security policy tokens/assertions known at the top level. All
tokens/assertions are pre-initialized in the SecurityPolicy
class file. We always
use copies of the pre-initialized token structures. During setup the parser initializes
the top level tokens with the objects that contain the processing methods for the
tokens.
There are two types of security policy tokens: simple tokens and complex tokens.
Simple tokens stand for themself and do not contains subtokens or assertions. Simple
tokens switch on properties of define a specific behaviour. Complex token contain other
tokens and assertions. At the top level we only have complex tokens (refer to the
setup
method).
When the parser finds a security policy assertion (PrimitiveAssertion
) it starts
a policy transaction (startPolicyTransaction
). The start policy transaction
checks if the current token contains this assertion as a child assertin. If the parser finds the
assertion it sets up the parser context and calls the assertion's processing function. The
processing functions use the following naming pattern: use the token's name and prepend
this name with the string do. For example: the processing method of the X509Token
has the name doX509Token
. Each processing function of a complex token
initializes its child tokens on the first call of the processing function (lazy initialization).
If all children of an assertion/token are processed the policy transaction is either committed or aborted
depending on the outcome of the processing of the child tokens. During commit transaction
the information gathered during the processing of the child tokens can be check, validated,
and mixed with other data. These functions are not implemented in this example. If a transaction
has to be aborted you can perform some cleanup.
All policies are parsed recursively. If a policy containes alternatives the first alternative
that matches or can be processed is chosen.
|
|||||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |