Class AuthzSubsystem
java.lang.Object
com.netscape.certsrv.base.Subsystem
com.netscape.cmscore.authorization.AuthzSubsystem
Default authorization subsystem
- Version:
- $Revision$, $Date$
- Author:
- cfu
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
add
(String name, AuthzManager authzMgrInst) Add an authorization manager instance.void
addACLInfo
(String aclMethod, String aclInfo) authorize
(String authzMgrInstName, AuthToken authToken, String resource, String operation, String realm) Authorization to the named authorization manager instancevoid
authzMgrAccessInit
(String authzMgrInstName, String accessInfo) authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation.void
Authorize the user against the specified realm.void
Removes a authorization manager instance.Gets the authorization manager instance of the specified name.getAuthzManager
(String name) gets the named authorization managergetAuthzManagerNameByRealm
(String realm) Given a realm name, return the name of an authz manager for that realm.getAuthzManagerPlugin
(String name) Retrieve a single authz manager instanceretrieve a single authz manager plugin by nameEnumerate all registered authorization manager plugins.Enumerate all authorization manager instances.String[]
getConfigParams
(String implName) Gets configuration parameters for the given authorization manager plugin.Returns the root configuration storage of this system.getId()
Retrieves id (name) of this subsystem.Get a hashtable containing all authentication instances.Get a hashtable containing all authentication plugins.void
init
(ConfigStore config) Initializes the authorization subsystem from the config store.void
Sets id string to this subsystem.void
shutdown()
shuts down authorization managers one by one.void
startup()
registers the administration servlet with the administration subsystem.Methods inherited from class com.netscape.certsrv.base.Subsystem
getCMSEngine, setCMSEngine
-
Field Details
-
logger
public static org.slf4j.Logger logger -
ID
- See Also:
-
PROP_CLASS
- See Also:
-
PROP_IMPL
- See Also:
-
mAuthzMgrPlugins
-
mAuthzMgrInsts
-
-
Constructor Details
-
AuthzSubsystem
public AuthzSubsystem()
-
-
Method Details
-
init
Initializes the authorization subsystem from the config store. Load Authorization manager plugins, create and initialize initialize authorization manager instances. -
authzMgrAccessInit
public void authzMgrAccessInit(String authzMgrInstName, String accessInfo) throws EAuthzMgrNotFound, EBaseException authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called during the init() method of a servlet.- Parameters:
authzMgrInstName
- The authorization manager nameaccessInfo
- the access information to be initialized. currently it's acl string in the format specified in the authorization manager- Throws:
EAuthzMgrNotFound
EBaseException
-
addACLInfo
- Throws:
EBaseException
-
authorize
public AuthzToken authorize(String authzMgrInstName, AuthToken authToken, String resource, String operation, String realm) throws EAuthzMgrNotFound, EBaseException Authorization to the named authorization manager instance- Parameters:
authzMgrInstName
- The authorization manager nameauthToken
- the authentication token associated with a userresource
- the resource protected by the authorization systemoperation
- the operation for resource protected by the authoriz n system- Returns:
- a authorization token.
- Throws:
EBaseException
- If an error occurs during authorization.EAuthzMgrNotFound
-
authorize
public AuthzToken authorize(String authzMgrName, AuthToken authToken, String resource, String operation) throws EBaseException - Throws:
EBaseException
-
authorize
public AuthzToken authorize(String authzMgrInstName, AuthToken authToken, String exp) throws EAuthzMgrNotFound, EBaseException - Throws:
EAuthzMgrNotFound
EBaseException
-
getConfigParams
Gets configuration parameters for the given authorization manager plugin.- Parameters:
implName
- Name of the authorization plugin.- Returns:
- Hashtable of required parameters.
- Throws:
EAuthzMgrPluginNotFound
EBaseException
-
add
Add an authorization manager instance.- Parameters:
name
- name of the authorization manager instanceauthzMgrInst
- the authorization manager instance to be added
-
delete
Removes a authorization manager instance.- Parameters:
name
- name of the authorization manager
-
get
Gets the authorization manager instance of the specified name.- Parameters:
name
- name of the authorization manager instance- Returns:
- the named authorization manager instance
-
getAuthzManagers
Enumerate all authorization manager instances. -
getAuthzManagerPlugins
Enumerate all registered authorization manager plugins. -
getAuthzManagerPluginImpl
retrieve a single authz manager plugin by name -
getAuthzManagerPlugin
Retrieve a single authz manager instance -
getId
Retrieves id (name) of this subsystem. -
setId
Sets id string to this subsystem.Use with caution. Should not do it when sharing with others
- Overrides:
setId
in classSubsystem
- Parameters:
id
- name to be applied to an authorization sybsystem- Throws:
EBaseException
- failed to set id
-
startup
registers the administration servlet with the administration subsystem.- Overrides:
startup
in classSubsystem
- Throws:
EBaseException
- failed to start up
-
shutdown
public void shutdown()shuts down authorization managers one by one. -
getPlugins
Get a hashtable containing all authentication plugins.- Returns:
- all authentication plugins.
-
getInstances
Get a hashtable containing all authentication instances.- Returns:
- all authentication instances.
-
getConfigStore
Returns the root configuration storage of this system.- Overrides:
getConfigStore
in classSubsystem
- Returns:
- configuration store of this subsystem
-
getAuthzManager
gets the named authorization manager- Parameters:
name
- of the authorization manager- Returns:
- the named authorization manager
-
checkRealm
public void checkRealm(String realm, AuthToken authToken, String owner, String resource, String operation) throws EBaseException Authorize the user against the specified realm. Looks for authz manager associated with the plugin and authenticates if present.- Parameters:
realm
-authToken
-owner
- TODOresource
-operation
-- Throws:
EBaseException
- if any error occurs during authentication.
-
getAuthzManagerNameByRealm
Given a realm name, return the name of an authz manager for that realm.- Throws:
EAuthzUnknownRealm
- if no authz manager is found.
-