org.iaccess.TNProtocol
Class iAccessDispatcher

java.lang.Object
  extended by java.lang.Thread
      extended by org.iaccess.TNProtocol.iAccessDispatcher
All Implemented Interfaces:
java.lang.Runnable

public class iAccessDispatcher
extends java.lang.Thread

Manages all negotiation processes on a hight level. It dispatches them according to a session information. It only forwards requests in a proper way. It extends the abstract class java.lang.Thread, threfore always starts in a new thread. Once the iAccessDispatcher is run, it awaits for service requests or credential requests. The class TNProtocol.TRequest defines the type/structure of an incoming request. For each received request a new object of TNProtocol.iAccessNegotiation class is created and run (always started) in a new thread. For each service request a new object of the TSessionInfo class is generated.

This class supports multiple sessions going concurrently.

More details are given to each of the functions in the class.

See Also:
TRequest, iAccessNegotiation, TSessionInfo, JBOSS, CertificateManager

Nested Class Summary
 
Nested classes/interfaces inherited from class java.lang.Thread
java.lang.Thread.State, java.lang.Thread.UncaughtExceptionHandler
 
Field Summary
static int inCredentials
           
static long InteractionCounter
          Indicates the number of received requests.
static java.util.logging.Logger logger
           
static int outCredentials
           
static java.io.OutputStream OutPutStream
          Specifies the output stream which gives the description of all events occured during the negotiation processes.
static java.util.Hashtable pendingRequestList
          Stores information on received service requests by iAccess agents.
 TRequest Request
          Specifies the current processing request or the last processed request.
static java.util.Hashtable SessionInfoTable
          Keeps the links to the SessionInfo for all active sessions going concurrently.
static long UnexpectedErrorSleepTime
           
 
Fields inherited from class java.lang.Thread
MAX_PRIORITY, MIN_PRIORITY, NORM_PRIORITY
 
Constructor Summary
iAccessDispatcher(java.lang.String ConfigFilePath, java.lang.String LogFilePath, java.io.OutputStream OutPutStream)
          Creates and starts a new instance of the iAccessDispatcher.
 
Method Summary
 java.util.Vector getAccessDecisionInOKKAMMode(TRequest serverRequest)
          The main function by an internal/local PEP server to initiate an access decision (negotiation) process.
 boolean getAccessDecisionInServerMode(TRequest serverRequest)
          Initiates a server side negotiations of pending service requests received by client iAccess agents.
 void receiveRequest(TRequest Request, javax.net.ssl.SSLSocket SocketWaitingResult)
          Notifies iAccessDispatcher about newly received requests and initiates iAccessDispatcher processing.
 void run()
          Runs iAccessDispatcher in a new thread.
 java.lang.String startNewSessionClient(java.lang.String ServiceName, java.lang.String ServiceAction, long SessionTimeLimit, long TimeExtemsion, java.net.InetAddress ServerInetAddress, int ServerPort)
          Processes a new service request which has to be sent to an opponent's trust negotiation agent.
 void stopServer()
          Sends stopWorking massage to iAccessDispatcher.
 
Methods inherited from class java.lang.Thread
activeCount, checkAccess, countStackFrames, currentThread, destroy, dumpStack, enumerate, getAllStackTraces, getContextClassLoader, getDefaultUncaughtExceptionHandler, getId, getName, getPriority, getStackTrace, getState, getThreadGroup, getUncaughtExceptionHandler, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setDefaultUncaughtExceptionHandler, setName, setPriority, setUncaughtExceptionHandler, sleep, sleep, start, stop, stop, suspend, toString, yield
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

inCredentials

public static int inCredentials

outCredentials

public static int outCredentials

Request

public TRequest Request
Specifies the current processing request or the last processed request.


SessionInfoTable

public static java.util.Hashtable SessionInfoTable
Keeps the links to the SessionInfo for all active sessions going concurrently.


OutPutStream

public static java.io.OutputStream OutPutStream
Specifies the output stream which gives the description of all events occured during the negotiation processes. Actually, this information is forwarded to the application which has created the instance of iAccessDispatcher. If you don't need some additional comments put null here.


UnexpectedErrorSleepTime

public static long UnexpectedErrorSleepTime

InteractionCounter

public static long InteractionCounter
Indicates the number of received requests. It allows to distinguish requests within one session.


logger

public static java.util.logging.Logger logger

pendingRequestList

public static java.util.Hashtable pendingRequestList
Stores information on received service requests by iAccess agents. This data is used later by the function getAccessDecisionInServerMode() to complete pending negotiations.

Constructor Detail

iAccessDispatcher

public iAccessDispatcher(java.lang.String ConfigFilePath,
                         java.lang.String LogFilePath,
                         java.io.OutputStream OutPutStream)
Creates and starts a new instance of the iAccessDispatcher. Class java.util.Thread is inherited by iAccessDispatcher, i.e. iAccessDispatcher always runs in a new thread.

Parameters:
ConfigFilePath - specifies full path to the SessionConfig.xml file. Set to null if SessionConfig Info has been already loaded.
LogFilePath - specifies full path to the logger file. If is null DefaultiAccessTNProtocol.log file will be created in the current working directory.
OutPutStream - specifies the output stream which returns the description of all events occured during the negotiation processes to the calling entity.
Method Detail

startNewSessionClient

public java.lang.String startNewSessionClient(java.lang.String ServiceName,
                                              java.lang.String ServiceAction,
                                              long SessionTimeLimit,
                                              long TimeExtemsion,
                                              java.net.InetAddress ServerInetAddress,
                                              int ServerPort)
Processes a new service request which has to be sent to an opponent's trust negotiation agent. This is a synchronous method. It calls TNProtocol.JBOSS.sendRequest(...) method to send request to the opponent's agent and awaits for a result. For each request a new object of TSessionInfo is generated.

See Also:
JBOSS, UserInterface

receiveRequest

public void receiveRequest(TRequest Request,
                           javax.net.ssl.SSLSocket SocketWaitingResult)
Notifies iAccessDispatcher about newly received requests and initiates iAccessDispatcher processing. This method is called by a lower level server, as from the JBOSS class in our case.

Parameters:
Request - the received request description.
SocketWaitingResult - specifies the address of the request.
See Also:
JBOSS

run

public void run()
Runs iAccessDispatcher in a new thread.

Specified by:
run in interface java.lang.Runnable
Overrides:
run in class java.lang.Thread

stopServer

public void stopServer()
Sends stopWorking massage to iAccessDispatcher.


getAccessDecisionInServerMode

public boolean getAccessDecisionInServerMode(TRequest serverRequest)
Initiates a server side negotiations of pending service requests received by client iAccess agents. The main function by an internal/local PEP server to ask for an access decision. The function returns a boolean value if the service request is granted or not. If you need a SAML decision statement then you should add inside a call to a SAML AuthzDecisionStatement.

This method is supposed to be invoked by a PEP internal to the iAccess agent platform. To use the method you should turn on the respective field in the main configuration file (IACCESS_ROOT/config.xml).

Parameters:
serverRequest - a service request generated by a PEP. You should specify only SessionID and IsService=true fields. The other parameters are already stored by yhte iAccess agent, if a such a request has arrived.
Returns:
grant/deny of a negotiation process.

getAccessDecisionInOKKAMMode

public java.util.Vector getAccessDecisionInOKKAMMode(TRequest serverRequest)
The main function by an internal/local PEP server to initiate an access decision (negotiation) process. The function returns a set of active credentials negotiated upon with an opponent. The only important fields in the input to this function are the SessionID and IsService=true fields. To use the method you should turn on the respective field in the main configuration file (IACCESS_ROOT/config.xml).

This function has been added in response to iAccess integration within a project EU-FP7-OKKAM. Importantly here is not a decision of grant/deny but a set of credentials agreed with an opponent. Thus, given an OKKAM query (database) result one can select all objects of the query result that opponent's active credentials satisfy (what abjects are visible to a client of the query), regardless of the final negotiation decision.

Parameters:
serverRequest - a service request generated by a PEP. You should specify only SessionID and IsService=true fields. The other parameters are already stored by yhte iAccess agent, if a such a request has arrived.
Returns:
the set of presented credentias by an opponent out of the negotiation for the service request. (Vector of strings, logic format credentials)