Interface IAuthzManager
-
- All Known Implementing Classes:
AAclAuthz
,BasicAclAuthz
,BasicGroupAuthz
,DirAclAuthz
public interface IAuthzManager
Authorization Manager interface needs to be implemented by all authorization managers.- Version:
- $Revision$, $Date$
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
accessInit(java.lang.String accessInfo)
accessInit
is for servlets who want to initialize their own authorization information before full operation.java.util.Enumeration<com.netscape.certsrv.evaluators.IAccessEvaluator>
aclEvaluatorElements()
Get all registered evaluators.AuthzToken
authorize(com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String expression)
AuthzToken
authorize(com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String resource, java.lang.String operation)
Check if the user is authorized to perform the given operation on the given resource.java.util.Hashtable<java.lang.String,com.netscape.certsrv.evaluators.IAccessEvaluator>
getAccessEvaluators()
Return a table of evaluatorscom.netscape.certsrv.acls.IACL
getACL(java.lang.String target)
Get individual ACL entry for the given name of entry.java.util.Enumeration<com.netscape.certsrv.acls.IACL>
getACLs()
Get ACL entriesjava.lang.String[]
getConfigParams()
Get configuration parameters for this implementation.IConfigStore
getConfigStore()
Get the configuration store for this authorization manager.java.lang.String
getImplName()
Get implementation name of authorization manager plugin.java.lang.String
getName()
Get the name of this authorization manager instance.void
init(java.lang.String name, java.lang.String implName, AuthzManagerConfig config)
Initialize this authorization manager.void
registerEvaluator(java.lang.String type, com.netscape.certsrv.evaluators.IAccessEvaluator evaluator)
Register new evaluatorvoid
shutdown()
Prepare this authorization manager for a graceful shutdown.void
updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc)
Update ACLs in the database
-
-
-
Method Detail
-
getName
java.lang.String getName()
Get the name of this authorization manager instance.- Returns:
- String the name of this authorization manager.
-
getImplName
java.lang.String getImplName()
Get implementation name of authorization manager plugin.An example of an implementation name will be:
com.netscape.cms.BasicAclAuthz
- Returns:
- The name of the authorization manager plugin.
-
accessInit
void accessInit(java.lang.String accessInfo) throws EBaseException
accessInit
is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following:
:right-1[,right-n]:[allow,deny](right(s)) = : Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
- Parameters:
accessInfo
- the access info string in the format specified in the authorization manager- Throws:
EBaseException
- error parsing the accessInfo
-
authorize
AuthzToken authorize(com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String resource, java.lang.String operation) throws com.netscape.certsrv.authorization.EAuthzInternalError, com.netscape.certsrv.authorization.EAuthzAccessDenied
Check if the user is authorized to perform the given operation on the given resource.- Parameters:
authToken
- the authToken associated with a user.resource
- - the protected resource nameoperation
- - the protected resource operation name- Returns:
- authzToken if the user is authorized
- Throws:
com.netscape.certsrv.authorization.EAuthzInternalError
- if an internal error occurred.com.netscape.certsrv.authorization.EAuthzAccessDenied
- if access denied
-
authorize
AuthzToken authorize(com.netscape.certsrv.authentication.IAuthToken authToken, java.lang.String expression) throws com.netscape.certsrv.authorization.EAuthzInternalError, com.netscape.certsrv.authorization.EAuthzAccessDenied
- Throws:
com.netscape.certsrv.authorization.EAuthzInternalError
com.netscape.certsrv.authorization.EAuthzAccessDenied
-
init
void init(java.lang.String name, java.lang.String implName, AuthzManagerConfig config) throws EBaseException
Initialize this authorization manager.- Parameters:
name
- The name of this authorization manager instance.implName
- The name of the authorization manager plugin.config
- The configuration store for this authorization manager.- Throws:
EBaseException
- If an initialization error occurred.
-
shutdown
void shutdown()
Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.
-
getConfigParams
java.lang.String[] getConfigParams() throws EBaseException
Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.- Returns:
- a list of names for configuration parameters.
- Throws:
EBaseException
- If an internal error occurred
-
getConfigStore
IConfigStore getConfigStore()
Get the configuration store for this authorization manager.- Returns:
- The configuration store of this authorization manager.
-
getACLs
java.util.Enumeration<com.netscape.certsrv.acls.IACL> getACLs()
Get ACL entries- Returns:
- enumeration of ACL entries.
-
getACL
com.netscape.certsrv.acls.IACL getACL(java.lang.String target)
Get individual ACL entry for the given name of entry.- Parameters:
target
- The name of the ACL entry- Returns:
- The ACL entry.
-
updateACLs
void updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc) throws com.netscape.certsrv.acls.EACLsException
Update ACLs in the database- Parameters:
id
- The name of the ACL entry (ie, resource id)rights
- The allowable rights for this resourcestrACLs
- The value of the ACL entrydesc
- The description for this resource- Throws:
com.netscape.certsrv.acls.EACLsException
- when update fails.
-
aclEvaluatorElements
java.util.Enumeration<com.netscape.certsrv.evaluators.IAccessEvaluator> aclEvaluatorElements()
Get all registered evaluators.- Returns:
- All registered evaluators.
-
registerEvaluator
void registerEvaluator(java.lang.String type, com.netscape.certsrv.evaluators.IAccessEvaluator evaluator)
Register new evaluator- Parameters:
type
- Type of evaluatorevaluator
- Value of evaluator
-
getAccessEvaluators
java.util.Hashtable<java.lang.String,com.netscape.certsrv.evaluators.IAccessEvaluator> getAccessEvaluators()
Return a table of evaluators- Returns:
- A table of evaluators
-
-