Class AuthzManager

java.lang.Object
org.dogtagpki.server.authorization.AuthzManager
Direct Known Subclasses:
AAclAuthz, BasicGroupAuthz

public abstract class AuthzManager extends Object
Authorization Manager interface needs to be implemented by all authorization managers.
  • Field Details

  • Constructor Details

    • AuthzManager

      public AuthzManager()
  • Method Details

    • getCMSEngine

      public CMSEngine getCMSEngine()
    • setCMSEngine

      public void setCMSEngine(CMSEngine engine)
    • getName

      public String getName()
      Get the name of this authorization manager instance.
      Returns:
      String the name of this authorization manager.
    • getImplName

      public String getImplName()
      Get implementation name of authorization manager plugin. An example of an implementation name will be:
       com.netscape.cms.BasicAclAuthz
       
      Returns:
      The name of the authorization manager plugin.
    • accessInit

      public abstract void accessInit(String accessInfo) throws EBaseException
      accessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.

      The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following: Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties

      Parameters:
      accessInfo - the access info string in the format specified in the authorization manager
      Throws:
      EBaseException - error parsing the accessInfo
    • authorize

      public abstract AuthzToken authorize(AuthToken authToken, String resource, String operation) throws EAuthzInternalError, EAuthzAccessDenied
      Check if the user is authorized to perform the given operation on the given resource.
      Parameters:
      authToken - the authToken associated with a user.
      resource - - the protected resource name
      operation - - the protected resource operation name
      Returns:
      authzToken if the user is authorized
      Throws:
      EAuthzInternalError - if an internal error occurred.
      EAuthzAccessDenied - if access denied
    • authorize

      public abstract AuthzToken authorize(AuthToken authToken, String expression) throws EAuthzInternalError, EAuthzAccessDenied
      Throws:
      EAuthzInternalError
      EAuthzAccessDenied
    • init

      public abstract void init(String name, String implName, AuthzManagerConfig config) throws EBaseException
      Initialize this authorization manager.
      Parameters:
      name - The name of this authorization manager instance.
      implName - The name of the authorization manager plugin.
      config - The configuration store for this authorization manager.
      Throws:
      EBaseException - If an initialization error occurred.
    • shutdown

      public abstract void shutdown()
      Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.
    • getConfigParams

      public abstract String[] getConfigParams() throws EBaseException
      Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.
      Returns:
      a list of names for configuration parameters.
      Throws:
      EBaseException - If an internal error occurred
    • getConfigStore

      public AuthzManagerConfig getConfigStore()
      Get the configuration store for this authorization manager.
      Returns:
      The configuration store of this authorization manager.
    • getACLs

      public abstract Collection<ACL> getACLs() throws EACLsException
      Get ACL entries
      Returns:
      collection of ACL entries.
      Throws:
      EACLsException
    • getACL

      public abstract ACL getACL(String target) throws EACLsException
      Get individual ACL entry for the given name of entry.
      Parameters:
      target - The name of the ACL entry
      Returns:
      The ACL entry.
      Throws:
      EACLsException
    • updateACLs

      public abstract void updateACLs(String id, String rights, String strACLs, String desc) throws EACLsException
      Update ACLs in the database
      Parameters:
      id - The name of the ACL entry (ie, resource id)
      rights - The allowable rights for this resource
      strACLs - The value of the ACL entry
      desc - The description for this resource
      Throws:
      EACLsException - when update fails.
    • aclEvaluatorElements

      public abstract Enumeration<AccessEvaluator> aclEvaluatorElements()
      Get all registered evaluators.
      Returns:
      All registered evaluators.
    • registerEvaluator

      public abstract void registerEvaluator(String type, AccessEvaluator evaluator)
      Register new evaluator
      Parameters:
      type - Type of evaluator
      evaluator - Value of evaluator
    • getAccessEvaluators

      public abstract Hashtable<String,AccessEvaluator> getAccessEvaluators()
      Return a table of evaluators
      Returns:
      A table of evaluators