Real Time Information Director User Documentation
RTID Security and Auditing
Hewlett-Packard Company 7 529618 - 002
CompoundPolicy allows multiple policies to be applied to the same transaction; if the
criteria of any policy named in the compound policy class are satisfied, the agent is
allowed access to the requested data. For example, the compound policy
SelfOrPersonalPhysician grants access if the agent is either the patient or the patient’s
physician. SelfOrPersonalPhysician is a subclass of CompoundPolicy and calls the super
class with the string "SelfService PersonalPhysician.” This call causes two concrete
policy classes to be instantiated:
• SelfService grants access if the consumer ID and the agent ID specified in the
document header have the same value.
• PersonalPhysician subclasses PersonalAgent and passes the agent relationship
name "Physician" to the super class. The superclass grants access if the
ConsumerAgentRelationships table contains a record that associates the agent to
the consumer with the specified relationship. In this case, the relationship is
“Physician,” so access is granted if the agent is the consumer’s physician.
Like a document definition, a concrete policy class is invoked only by its name and must
therefore have a default constructor declared in it.
Note that the SelfService policy does not require access to the database--it needs only to
compare elements of the document header. Most policies, however, do need access to the
database. Such a policy must implement the template method constructContext, which is
called once by each document handler that makes use of the policy. The document
handler passes an SQLConnection to the constructContext method so the policy can
create its own prepared statements. However, the connection and prepared statements do
not belong to the policy as metadata (which is instantiated only once), but to the
document handler (which will probably be instantiated several times). Therefore the
policy must clone itself and return its clone as the result of the constructContext method.
This goal is achieved within the constructContext method by calling an alternate
constructor of the same class, which takes itself plus the connection as parameters.
Statements are prepared in the clone constructor, using data stored in the metadata class.
Concrete policies are instantiated by an internal class of the Director called the
PolicyManager. The PolicyManager insures that each concrete policy metadata class is
instantiated only once during any execution of the Director, no matter how often it is
referenced in the metadata. However, the policies can clone themselves as part of
DocumentHandlers by implementing the constructContext method.
Fortunately, persons writing concrete classes similar to PersonalPhysician don't have to
worry about prepared statements or cloning. PersonalAgent includes all the logic to
clone the class and create prepared statements. All PersonalPhysician does is customize
the behavior of PersonalAgent by specifying the value "Physician" as a field in the query.
Over time, the Director will incorporate more security data models, and more abstract
policy classes to use them. Creating custom policies derived from these classes will be
easy, but some businesses will still need to modify the abstract policy classes or create