Class AuthzSubsystem
- java.lang.Object
-
- com.netscape.cmscore.authorization.AuthzSubsystem
-
- All Implemented Interfaces:
ISubsystem
public class AuthzSubsystem extends java.lang.Object implements ISubsystem
Default authorization subsystem- Version:
- $Revision$, $Date$
- Author:
- cfu
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ID
static org.slf4j.Logger
logger
java.util.Hashtable<java.lang.String,AuthzManagerProxy>
mAuthzMgrInsts
java.util.Hashtable<java.lang.String,com.netscape.certsrv.authorization.AuthzMgrPlugin>
mAuthzMgrPlugins
static java.lang.String
PROP_CLASS
static java.lang.String
PROP_IMPL
static java.lang.String
PROP_PLUGIN
static java.lang.String
PROP_REALM
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
add(java.lang.String name, IAuthzManager authzMgrInst)
Add an authorization manager instance.AuthzToken
authorize(java.lang.String authzMgrInstName, com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String exp)
AuthzToken
authorize(java.lang.String authzMgrName, com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String resource, java.lang.String operation)
AuthzToken
authorize(java.lang.String authzMgrInstName, com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String resource, java.lang.String operation, java.lang.String realm)
Authorization to the named authorization manager instancevoid
authzMgrAccessInit(java.lang.String authzMgrInstName, java.lang.String accessInfo)
authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation.void
checkRealm(java.lang.String realm, com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String owner, java.lang.String resource, java.lang.String operation)
Authorize the user against the specified realm.void
delete(java.lang.String name)
Removes a authorization manager instance.IAuthzManager
get(java.lang.String name)
Gets the authorization manager instance of the specified name.IAuthzManager
getAuthzManager(java.lang.String name)
gets the named authorization managerjava.lang.String
getAuthzManagerNameByRealm(java.lang.String realm)
Given a realm name, return the name of an authz manager for that realm.IAuthzManager
getAuthzManagerPlugin(java.lang.String name)
Retrieve a single authz manager instancecom.netscape.certsrv.authorization.AuthzMgrPlugin
getAuthzManagerPluginImpl(java.lang.String name)
retrieve a single authz manager plugin by namejava.util.Enumeration<com.netscape.certsrv.authorization.AuthzMgrPlugin>
getAuthzManagerPlugins()
Enumerate all registered authorization manager plugins.java.util.Enumeration<IAuthzManager>
getAuthzManagers()
Enumerate all authorization manager instances.java.lang.String[]
getConfigParams(java.lang.String implName)
Gets configuration parameters for the given authorization manager plugin.IConfigStore
getConfigStore()
Returns the root configuration storage of this system.java.lang.String
getId()
Retrieves id (name) of this subsystem.static AuthzSubsystem
getInstance()
java.util.Hashtable<java.lang.String,AuthzManagerProxy>
getInstances()
Get a hashtable containing all authentication instances.java.util.Hashtable<java.lang.String,com.netscape.certsrv.authorization.AuthzMgrPlugin>
getPlugins()
Get a hashtable containing all authentication plugins.void
init(IConfigStore config)
Initializes the authorization subsystem from the config store.void
setId(java.lang.String id)
Sets id string to this subsystem.void
shutdown()
shuts down authorization managers one by one.void
startup()
registers the administration servlet with the administration subsystem.
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
ID
public static final java.lang.String ID
- See Also:
- Constant Field Values
-
PROP_CLASS
public static final java.lang.String PROP_CLASS
- See Also:
- Constant Field Values
-
PROP_IMPL
public static final java.lang.String PROP_IMPL
- See Also:
- Constant Field Values
-
PROP_PLUGIN
public static final java.lang.String PROP_PLUGIN
- See Also:
- Constant Field Values
-
PROP_REALM
public static final java.lang.String PROP_REALM
- See Also:
- Constant Field Values
-
mAuthzMgrPlugins
public java.util.Hashtable<java.lang.String,com.netscape.certsrv.authorization.AuthzMgrPlugin> mAuthzMgrPlugins
-
mAuthzMgrInsts
public java.util.Hashtable<java.lang.String,AuthzManagerProxy> mAuthzMgrInsts
-
-
Method Detail
-
getInstance
public static AuthzSubsystem getInstance()
-
init
public void init(IConfigStore config) throws EBaseException
Initializes the authorization subsystem from the config store. Load Authorization manager plugins, create and initialize initialize authorization manager instances.- Specified by:
init
in interfaceISubsystem
- Parameters:
config
- The configuration store.- Throws:
EBaseException
- failed to initialize
-
authzMgrAccessInit
public void authzMgrAccessInit(java.lang.String authzMgrInstName, java.lang.String accessInfo) throws com.netscape.certsrv.authorization.EAuthzMgrNotFound, EBaseException
authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called during the init() method of a servlet.- Parameters:
authzMgrName
- The authorization manager nameaccessInfo
- the access information to be initialized. currently it's acl string in the format specified in the authorization manager- Throws:
com.netscape.certsrv.authorization.EAuthzMgrNotFound
EBaseException
-
authorize
public AuthzToken authorize(java.lang.String authzMgrInstName, com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String resource, java.lang.String operation, java.lang.String realm) throws com.netscape.certsrv.authorization.EAuthzMgrNotFound, EBaseException
Authorization to the named authorization manager instance- Parameters:
authzMgrName
- The authorization manager nameauthToken
- the authentication token associated with a userresource
- the resource protected by the authorization systemoperation
- the operation for resource protected by the authoriz n system- Returns:
- a authorization token.
- Throws:
EBaseException
- If an error occurs during authorization.com.netscape.certsrv.authorization.EAuthzMgrNotFound
-
authorize
public AuthzToken authorize(java.lang.String authzMgrName, com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String resource, java.lang.String operation) throws EBaseException
- Throws:
EBaseException
-
authorize
public AuthzToken authorize(java.lang.String authzMgrInstName, com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String exp) throws com.netscape.certsrv.authorization.EAuthzMgrNotFound, EBaseException
- Throws:
com.netscape.certsrv.authorization.EAuthzMgrNotFound
EBaseException
-
getConfigParams
public java.lang.String[] getConfigParams(java.lang.String implName) throws com.netscape.certsrv.authorization.EAuthzMgrPluginNotFound, EBaseException
Gets configuration parameters for the given authorization manager plugin.- Parameters:
implName
- Name of the authorization plugin.- Returns:
- Hashtable of required parameters.
- Throws:
com.netscape.certsrv.authorization.EAuthzMgrPluginNotFound
EBaseException
-
add
public void add(java.lang.String name, IAuthzManager authzMgrInst)
Add an authorization manager instance.- Parameters:
name
- name of the authorization manager instanceauthzMgr
- the authorization manager instance to be added
-
delete
public void delete(java.lang.String name)
Removes a authorization manager instance.- Parameters:
name
- name of the authorization manager
-
get
public IAuthzManager get(java.lang.String name)
Gets the authorization manager instance of the specified name.- Parameters:
name
- name of the authorization manager instance- Returns:
- the named authorization manager instance
-
getAuthzManagers
public java.util.Enumeration<IAuthzManager> getAuthzManagers()
Enumerate all authorization manager instances.
-
getAuthzManagerPlugins
public java.util.Enumeration<com.netscape.certsrv.authorization.AuthzMgrPlugin> getAuthzManagerPlugins()
Enumerate all registered authorization manager plugins.
-
getAuthzManagerPluginImpl
public com.netscape.certsrv.authorization.AuthzMgrPlugin getAuthzManagerPluginImpl(java.lang.String name)
retrieve a single authz manager plugin by name
-
getAuthzManagerPlugin
public IAuthzManager getAuthzManagerPlugin(java.lang.String name)
Retrieve a single authz manager instance
-
getId
public java.lang.String getId()
Retrieves id (name) of this subsystem.- Specified by:
getId
in interfaceISubsystem
- Returns:
- name of the authorization subsystem
-
setId
public void setId(java.lang.String id) throws EBaseException
Sets id string to this subsystem.Use with caution. Should not do it when sharing with others
- Specified by:
setId
in interfaceISubsystem
- Parameters:
id
- name to be applied to an authorization sybsystem- Throws:
EBaseException
- failed to set id
-
startup
public void startup() throws EBaseException
registers the administration servlet with the administration subsystem.- Specified by:
startup
in interfaceISubsystem
- Throws:
EBaseException
- failed to start up
-
shutdown
public void shutdown()
shuts down authorization managers one by one.- Specified by:
shutdown
in interfaceISubsystem
-
getPlugins
public java.util.Hashtable<java.lang.String,com.netscape.certsrv.authorization.AuthzMgrPlugin> getPlugins()
Get a hashtable containing all authentication plugins.- Returns:
- all authentication plugins.
-
getInstances
public java.util.Hashtable<java.lang.String,AuthzManagerProxy> getInstances()
Get a hashtable containing all authentication instances.- Returns:
- all authentication instances.
-
getConfigStore
public IConfigStore getConfigStore()
Returns the root configuration storage of this system.- Specified by:
getConfigStore
in interfaceISubsystem
- Returns:
- configuration store of this subsystem
-
getAuthzManager
public IAuthzManager getAuthzManager(java.lang.String name)
gets the named authorization manager- Parameters:
name
- of the authorization manager- Returns:
- the named authorization manager
-
checkRealm
public void checkRealm(java.lang.String realm, com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String owner, java.lang.String resource, java.lang.String operation) throws EBaseException
Authorize the user against the specified realm. Looks for authz manager associated with the plugin and authenticates if present.- Parameters:
realm
-authToken
-owner
- TODOresource
-operation
-- Throws:
EBaseException
- if any error occurs during authentication.
-
getAuthzManagerNameByRealm
public java.lang.String getAuthzManagerNameByRealm(java.lang.String realm) throws com.netscape.certsrv.authorization.EAuthzUnknownRealm
Given a realm name, return the name of an authz manager for that realm.- Throws:
com.netscape.certsrv.authorization.EAuthzUnknownRealm
- if no authz manager is found.
-
-