Commit 8392f0d8 authored by Rodrigo Carneiro Henrique's avatar Rodrigo Carneiro Henrique
Browse files

[OPENBUS-91]: Criar um mecanismo para delegação de entidades.


git-svn-id: https://subversion.tecgraf.puc-rio.br/engdist/openbus/trunk@84765 ae0415b3-e90b-0410-900d-d0be9363c56b
parent f78a67e0
......@@ -26,7 +26,8 @@ typedef Identifier CredentialObserverIdentifier;
*/
struct Credential {
CredentialIdentifier identifier; /**< \brief Identificador único. */
string entityName; /**< \brief Nome da entidade. */
string owner; /**< \brief Nome da entidade dona. */
string delegate; /**< \brief Nome da entidade delegada (opcional). */
};
/**
......
......@@ -42,9 +42,10 @@ oop.class(_M, IComponent)
--@name invalidCredential
--
--@field identifier O identificador da credencial que, neste caso, vazio.
--@field entityName O nome da entidade dona da credencial que, neste caso, vazio.
--@field owner O nome da entidade dona da credencial que, neste caso, vazio.
--@field delegate O nome da entidade delegada que, neste caso, vazio.
---
invalidCredential = {identifier = "", entityName = ""}
invalidCredential = {identifier = "", owner = "", delegate = ""}
invalidLease = -1
deltaT = 30 -- lease fixo (por enquanto) em segundos
......@@ -87,7 +88,7 @@ function startup(self)
for _, entry in pairs(entriesDB) do
entry.lease.lastUpdate = os.time()
self.entries[entry.credential.identifier] = entry -- Deveria fazer cpia?
if entry.component and entry.credential.entityName == "RegistryService" then
if entry.component and entry.credential.owner == "RegistryService" then
self.registryService = {
credential = entry.credential,
component = entry.component,
......@@ -107,7 +108,7 @@ function startup(self)
local now = os.time()
if (os.difftime (now, lastUpdate) > duration ) then
if secondChance then
Log:warn(credential.entityName .. " lease expirado: LOGOUT.")
Log:warn(credential.owner.. " lease expirado: LOGOUT.")
self:logout(credential) -- you may clear existing fields.
else
entry.lease.secondChance = true
......@@ -166,7 +167,7 @@ function loginByCertificate(self, name, answer)
Log:error(errorMessage)
return false, self.invalidCredential, self.invalidLease
end
local entry = self:addEntry(name)
local entry = self:addEntry(name, true)
return true, entry.credential, entry.lease.duration
end
......@@ -219,9 +220,9 @@ end
--@see openbus.common.LeaseProvider#renewLease
---
function renewLease(self, credential)
Log:lease(credential.entityName .. " renovando lease.")
Log:lease(credential.owner.. " renovando lease.")
if not self:isValid(credential) then
Log:warn(credential.entityName .. " credencial invlida.")
Log:warn(credential.owner.. " credencial invlida.")
return false, self.invalidLease
end
local now = os.time()
......@@ -248,7 +249,7 @@ function logout(self, credential)
end
self:removeEntry(entry)
if self.registryService then
if credential.entityName == "RegistryService" and
if credential.owner == "RegistryService" and
credential.identifier == self.registryService.credential.identifier then
self.registryService = nil
end
......@@ -271,6 +272,9 @@ function isValid(self, credential)
if entry.credential.identifier ~= credential.identifier then
return false
end
if entry.credential.delegate ~= "" and not entry.certified then
return false
end
return true
end
......@@ -296,7 +300,7 @@ end
---
function setRegistryService(self, registryServiceComponent)
local credential = self.serverInterceptor:getCredential()
if credential.entityName == "RegistryService" then
if credential.owner == "RegistryService" then
self.registryService = {
credential = credential,
component = registryServiceComponent,
......@@ -408,15 +412,17 @@ end
--
--@return A credencial.
---
function addEntry(self, name)
function addEntry(self, name, certified)
local credential = {
identifier = self:generateCredentialIdentifier(),
entityName = name
owner = name,
delegate = "",
}
local duration = self.deltaT
local lease = { lastUpdate = os.time(), duration = duration }
local entry = {
credential = credential,
certified = certified,
lease = lease,
observers = {},
observedBy = {}
......
......@@ -23,7 +23,7 @@ Suite = {
end
local idlfile = IDLPATH_DIR.."/access_control_service.idl"
oil.verbose:level(0)
oil.verbose:level(5)
orb:loadidlfile(idlfile)
self.user = "tester"
......@@ -62,7 +62,7 @@ Suite = {
testLogout = function(self)
local _, credential = self.accessControlService:loginByPassword(self.user, self.password)
self.credentialManager:setValue(credential)
Check.assertFalse(self.accessControlService:logout({identifier = "", entityName = "abcd", }))
Check.assertFalse(self.accessControlService:logout({identifier = "", owner = "abcd", delegate = "", }))
Check.assertTrue(self.accessControlService:logout(credential))
self.credentialManager:invalidate(credential)
Check.assertError(self.accessControlService.logout,self.accessControlService,credential)
......@@ -115,7 +115,7 @@ Suite = {
testIsValid = function(self)
Check.assertTrue(self.accessControlService:isValid(self.credential))
Check.assertFalse(self.accessControlService:isValid({entityName=self.user, identifier = "123"}))
Check.assertFalse(self.accessControlService:isValid({identifier = "123", owner = self.user, delegate = "",}))
self.accessControlService:logout(self.credential)
-- neste caso o proprio interceptador do servio rejeita o request
......
......@@ -9,7 +9,7 @@ import scs.core.ComponentId;
/**
* Representa objetos inválidos, usados para indicar erros, de alguns tipos
* definidos na IDL.
*
*
* @author Tecgraf/PUC-Rio
*/
public final class InvalidTypes {
......@@ -21,5 +21,5 @@ public final class InvalidTypes {
/**
* Representa uma credencial inválida.
*/
public static final Credential CREDENTIAL = new Credential("", "");
public static final Credential CREDENTIAL = new Credential("", "", "");
}
......@@ -19,7 +19,7 @@ import org.omg.PortableInterceptor.ServerRequestInterceptor;
/**
* Implementa um interceptador "servidor", para obteno de informaes no
* contexto de uma requisio.
*
*
* @author Tecgraf/PUC-Rio
*/
class ServerInterceptor extends InterceptorImpl implements
......@@ -31,7 +31,7 @@ class ServerInterceptor extends InterceptorImpl implements
/**
* Constri o interceptador.
*
*
* @param codec codificador/decodificador
* @param credentialSlot O slot para transporte da credencial.
*/
......@@ -56,7 +56,7 @@ class ServerInterceptor extends InterceptorImpl implements
Credential credential = CredentialHelper.extract(this.getCodec()
.decode_value(value, CredentialHelper.type()));
Log.INTERCEPTORS.fine("CREDENCIAL: " + credential.identifier + ","
+ credential.entityName);
+ credential.owner);
AccessControlServiceWrapper acs = Registry.getInstance().getACS();
/* Verifica se a credencial vlida */
......
......@@ -81,7 +81,7 @@ function receiverequest(self, request)
Log:interceptor "TEM CREDENCIAL!"
local decoder = orb:newdecoder(context.context_data)
credential = decoder:get(self.credentialType)
Log:interceptor("CREDENCIAL: "..credential.identifier..","..credential.entityName)
Log:interceptor("CREDENCIAL: "..credential.identifier..","..credential.owner)
break
end
end
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment