Interface IAuthzManager

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void accessInit​(java.lang.String accessInfo)
      accessInit is for servlets who want to initialize their own authorization information before full operation.
      java.util.Enumeration<com.netscape.certsrv.evaluators.IAccessEvaluator> aclEvaluatorElements()
      Get all registered evaluators.
      AuthzToken authorize​(com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String expression)  
      AuthzToken authorize​(com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String resource, java.lang.String operation)
      Check if the user is authorized to perform the given operation on the given resource.
      java.util.Hashtable<java.lang.String,​com.netscape.certsrv.evaluators.IAccessEvaluator> getAccessEvaluators()
      Return a table of evaluators
      com.netscape.certsrv.acls.IACL getACL​(java.lang.String target)
      Get individual ACL entry for the given name of entry.
      java.util.Enumeration<com.netscape.certsrv.acls.IACL> getACLs()
      Get ACL entries
      java.lang.String[] getConfigParams()
      Get configuration parameters for this implementation.
      IConfigStore getConfigStore()
      Get the configuration store for this authorization manager.
      java.lang.String getImplName()
      Get implementation name of authorization manager plugin.
      java.lang.String getName()
      Get the name of this authorization manager instance.
      void init​(java.lang.String name, java.lang.String implName, AuthzManagerConfig config)
      Initialize this authorization manager.
      void registerEvaluator​(java.lang.String type, com.netscape.certsrv.evaluators.IAccessEvaluator evaluator)
      Register new evaluator
      void shutdown()
      Prepare this authorization manager for a graceful shutdown.
      void updateACLs​(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc)
      Update ACLs in the database
    • Method Detail

      • getName

        java.lang.String getName()
        Get the name of this authorization manager instance.

        Returns:
        String the name of this authorization manager.
      • getImplName

        java.lang.String getImplName()
        Get implementation name of authorization manager plugin.

        An example of an implementation name will be:

         com.netscape.cms.BasicAclAuthz
         

        Returns:
        The name of the authorization manager plugin.
      • accessInit

        void accessInit​(java.lang.String accessInfo)
                 throws EBaseException
        accessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.

        The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following:

            :right-1[,right-n]:[allow,deny](right(s))=:
         

        Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties

        Parameters:
        accessInfo - the access info string in the format specified in the authorization manager
        Throws:
        EBaseException - error parsing the accessInfo
      • authorize

        AuthzToken authorize​(com.netscape.certsrv.authentication.IAuthToken authToken,
                             java.lang.String resource,
                             java.lang.String operation)
                      throws com.netscape.certsrv.authorization.EAuthzInternalError,
                             com.netscape.certsrv.authorization.EAuthzAccessDenied
        Check if the user is authorized to perform the given operation on the given resource.
        Parameters:
        authToken - the authToken associated with a user.
        resource - - the protected resource name
        operation - - the protected resource operation name
        Returns:
        authzToken if the user is authorized
        Throws:
        com.netscape.certsrv.authorization.EAuthzInternalError - if an internal error occurred.
        com.netscape.certsrv.authorization.EAuthzAccessDenied - if access denied
      • authorize

        AuthzToken authorize​(com.netscape.certsrv.authentication.IAuthToken authToken,
                             java.lang.String expression)
                      throws com.netscape.certsrv.authorization.EAuthzInternalError,
                             com.netscape.certsrv.authorization.EAuthzAccessDenied
        Throws:
        com.netscape.certsrv.authorization.EAuthzInternalError
        com.netscape.certsrv.authorization.EAuthzAccessDenied
      • init

        void init​(java.lang.String name,
                  java.lang.String implName,
                  AuthzManagerConfig config)
           throws EBaseException
        Initialize this authorization manager.
        Parameters:
        name - The name of this authorization manager instance.
        implName - The name of the authorization manager plugin.
        config - The configuration store for this authorization manager.
        Throws:
        EBaseException - If an initialization error occurred.
      • shutdown

        void shutdown()
        Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.
      • getConfigParams

        java.lang.String[] getConfigParams()
                                    throws EBaseException
        Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.
        Returns:
        a list of names for configuration parameters.
        Throws:
        EBaseException - If an internal error occurred
      • getConfigStore

        IConfigStore getConfigStore()
        Get the configuration store for this authorization manager.
        Returns:
        The configuration store of this authorization manager.
      • getACLs

        java.util.Enumeration<com.netscape.certsrv.acls.IACL> getACLs()
        Get ACL entries
        Returns:
        enumeration of ACL entries.
      • getACL

        com.netscape.certsrv.acls.IACL getACL​(java.lang.String target)
        Get individual ACL entry for the given name of entry.
        Parameters:
        target - The name of the ACL entry
        Returns:
        The ACL entry.
      • updateACLs

        void updateACLs​(java.lang.String id,
                        java.lang.String rights,
                        java.lang.String strACLs,
                        java.lang.String desc)
                 throws com.netscape.certsrv.acls.EACLsException
        Update ACLs in the database
        Parameters:
        id - The name of the ACL entry (ie, resource id)
        rights - The allowable rights for this resource
        strACLs - The value of the ACL entry
        desc - The description for this resource
        Throws:
        com.netscape.certsrv.acls.EACLsException - when update fails.
      • aclEvaluatorElements

        java.util.Enumeration<com.netscape.certsrv.evaluators.IAccessEvaluator> aclEvaluatorElements()
        Get all registered evaluators.
        Returns:
        All registered evaluators.
      • registerEvaluator

        void registerEvaluator​(java.lang.String type,
                               com.netscape.certsrv.evaluators.IAccessEvaluator evaluator)
        Register new evaluator
        Parameters:
        type - Type of evaluator
        evaluator - Value of evaluator
      • getAccessEvaluators

        java.util.Hashtable<java.lang.String,​com.netscape.certsrv.evaluators.IAccessEvaluator> getAccessEvaluators()
        Return a table of evaluators
        Returns:
        A table of evaluators