org.openliberty.arisid
Class ArisIdService

java.lang.Object
  org.openliberty.arisid.ArisIdService

public class ArisIdService
extends java.lang.Object

The IGF Attribute Services API (aka CARML-API) is a set of library functions combined with providers (e.g. Higgins IdAS) which may be used to retrieve Identity Subjects (DigitalSubject) that contain collections of attributes from the Attribute Service. The API can be initialized by consuming a CARML file or by explicit use of setters or getters on a Interaction object in the case of a bean representation of a CARML interaction. The ArisIdService supports the use of Subject objects defined by authentication and policy systems (JAAS, webgates, or other Application Server security components) and allows applications to obtain more information about subjects. The ArisIdService API also allows applications to modify identity attributes as well as retrieve them. By using the API, developers are now longer concerned about how or should information is stored, instead, it is handled by a set of services and policies that can be configured at application run time, rather than being restricted to a specific and non-flexible "silo" at development time. The attribute service abstracts the nature of specific systems and protocols so that the developer can have a consistent model for representing data from these systems and have a simple interface for obtaining and updating identity-related data. The attribute service also provides identity-related policy and consent enforcement ensuring confidentiality and security of personal information. Each ArisIdService object is associated with a single CARML declaration and a single Attribute Services Stack Provider (IAttrSvcStack).

Method Summary

void	close() Method to close the attribute service.
CarmlDoc	getCarmlDoc() Returns the applications CarmlDoc object.
IInteraction	getInteraction(java.lang.String name)
static java.util.Set<IPrincipalIdentifier>	getPrincipalIdentifierFromSubject(javax.security.auth.Subject user) Utility to parse a java.security.Subject object for the presence of IPrincipalIdentifiers.
SchemaManager	getSchemaManager() Returns the schema object for managing and accessing CARML declarations.
void	initialize() Initializes the attribute service and freezes the CARML declaration.
boolean	isInitialized() If the ArisIdService instance was created without pre-declaring a CARML document, then the service will not be initialized until initialize() is called.
org.w3c.dom.Document	toCarmlDocument()
java.lang.String	toCarmlString()
void	toFile(java.lang.String filename)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getPrincipalIdentifierFromSubject

public static java.util.Set<IPrincipalIdentifier> getPrincipalIdentifierFromSubject(javax.security.auth.Subject user)

Utility to parse a java.security.Subject object for the presence of IPrincipalIdentifiers. Typically if a Subject has been authenticated by IGF Attribute Services stack, then the IPrincipalIdentifier should be set.

Parameters:

user - The user Subject to be parsed for Principal Identifier information

Returns:

a set of IPrincipalIdentifier objects. There should usually only be one!

getSchemaManager

public SchemaManager getSchemaManager()

Returns the schema object for managing and accessing CARML declarations.

Returns:

A SchemaManager object contained the defined CARML schema

getCarmlDoc

public CarmlDoc getCarmlDoc()

Returns the applications CarmlDoc object. To obtain an externally referenced CarmlDoc object, use the getExternalCarmlDoc(URI) method.

Returns:

A CarmlDoc object representing the Application's CARML declaration.

getInteraction

public IInteraction getInteraction(java.lang.String name)

Parameters:

name - The name of the interaction to return.

Returns:

The interaction instance as defined in the CarmlDoc object.

toCarmlString

public java.lang.String toCarmlString()
                               throws IGFException

Throws:

IGFException

toCarmlDocument

public org.w3c.dom.Document toCarmlDocument()

toFile

public void toFile(java.lang.String filename)
            throws IGFException

Throws:

IGFException

initialize

public void initialize()
                throws AttrSvcInitializedException,
                       AuthenticationException,
                       NoSuchContextException,
                       NoSuchSubjectException,
                       SubjectNotUniqueException,
                       IGFException

Initializes the attribute service and freezes the CARML declaration. The intention is for the client code to call the createXXXXInteraction methods to define the interactions and then call initializeDynamic to complete the initialization process. Note: this method will invoke IAttrSvcStack.register(Subject, ArisIdService) to register the ArisIdService with the stack provider.

Throws:

AttrSvcInitializedException - if ArisIdService has already been initialized.

IGFException

SubjectNotUniqueException - if the Application Subject credential could not be uniquely mapped.

NoSuchSubjectException - if the Application Subject credential could not be found.

NoSuchContextException - if the Application Subject could not be mapped to an authoritative context.

AuthenticationException - if the Application Subject was not successfully authenticated.

close

public void close()
           throws AttrSvcInitializedException,
                  IGFException

Method to close the attribute service. This will invoke the shutdown method of the IAttrSvcStack provider.

Throws:

AttrSvcInitializedException - thrown if the service was never initialized.

IGFException - thrown if there was a problem within the provider during shutdown.

isInitialized

public boolean isInitialized()

If the ArisIdService instance was created without pre-declaring a CARML document, then the service will not be initialized until initialize() is called.

Returns:

the state of initialization of the ArisIdService.