Class BasicGroupAuthz

java.lang.Object
org.dogtagpki.server.authorization.AuthzManager
com.netscape.cms.authorization.BasicGroupAuthz
All Implemented Interfaces:
IExtendedPluginInfo

public class BasicGroupAuthz extends AuthzManager implements IExtendedPluginInfo
  • Field Details

    • logger

      public static org.slf4j.Logger logger
    • extendedPluginInfo

      protected static Vector<String> extendedPluginInfo
    • configParams

      protected static String[] configParams
  • Constructor Details

    • BasicGroupAuthz

      public BasicGroupAuthz()
  • Method Details

    • getExtendedPluginInfo

      public String[] getExtendedPluginInfo()
      Description copied from interface: IExtendedPluginInfo
      This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
      Specified by:
      getExtendedPluginInfo in interface IExtendedPluginInfo
    • accessInit

      public void accessInit(String accessInfo) throws EBaseException
      Description copied from class: AuthzManager
      accessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.

      The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following: Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties

      Specified by:
      accessInit in class AuthzManager
      Parameters:
      accessInfo - the access info string in the format specified in the authorization manager
      Throws:
      EBaseException - error parsing the accessInfo
    • authorize

      public AuthzToken authorize(AuthToken authToken, String resource, String operation) throws EAuthzInternalError, EAuthzAccessDenied
      Description copied from class: AuthzManager
      Check if the user is authorized to perform the given operation on the given resource.
      Specified by:
      authorize in class AuthzManager
      Parameters:
      authToken - the authToken associated with a user.
      resource - - the protected resource name
      operation - - the protected resource operation name
      Returns:
      authzToken if the user is authorized
      Throws:
      EAuthzInternalError - if an internal error occurred.
      EAuthzAccessDenied - if access denied
    • authorize

      public AuthzToken authorize(AuthToken authToken, String expression) throws EAuthzInternalError, EAuthzAccessDenied
      Specified by:
      authorize in class AuthzManager
      Throws:
      EAuthzInternalError
      EAuthzAccessDenied
    • init

      public void init(String name, String implName, AuthzManagerConfig config) throws EBaseException
      Description copied from class: AuthzManager
      Initialize this authorization manager.
      Specified by:
      init in class AuthzManager
      Parameters:
      name - The name of this authorization manager instance.
      implName - The name of the authorization manager plugin.
      config - The configuration store for this authorization manager.
      Throws:
      EBaseException - If an initialization error occurred.
    • shutdown

      public void shutdown()
      Description copied from class: AuthzManager
      Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.
      Specified by:
      shutdown in class AuthzManager
    • getConfigParams

      public String[] getConfigParams() throws EBaseException
      Description copied from class: AuthzManager
      Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.
      Specified by:
      getConfigParams in class AuthzManager
      Returns:
      a list of names for configuration parameters.
      Throws:
      EBaseException - If an internal error occurred
    • getACLs

      public Collection<ACL> getACLs()
      Description copied from class: AuthzManager
      Get ACL entries
      Specified by:
      getACLs in class AuthzManager
      Returns:
      collection of ACL entries.
    • getACL

      public ACL getACL(String target)
      Description copied from class: AuthzManager
      Get individual ACL entry for the given name of entry.
      Specified by:
      getACL in class AuthzManager
      Parameters:
      target - The name of the ACL entry
      Returns:
      The ACL entry.
    • updateACLs

      public void updateACLs(String id, String rights, String strACLs, String desc) throws EACLsException
      Description copied from class: AuthzManager
      Update ACLs in the database
      Specified by:
      updateACLs in class AuthzManager
      Parameters:
      id - The name of the ACL entry (ie, resource id)
      rights - The allowable rights for this resource
      strACLs - The value of the ACL entry
      desc - The description for this resource
      Throws:
      EACLsException - when update fails.
    • aclEvaluatorElements

      public Enumeration<AccessEvaluator> aclEvaluatorElements()
      Description copied from class: AuthzManager
      Get all registered evaluators.
      Specified by:
      aclEvaluatorElements in class AuthzManager
      Returns:
      All registered evaluators.
    • registerEvaluator

      public void registerEvaluator(String type, AccessEvaluator evaluator)
      Description copied from class: AuthzManager
      Register new evaluator
      Specified by:
      registerEvaluator in class AuthzManager
      Parameters:
      type - Type of evaluator
      evaluator - Value of evaluator
    • getAccessEvaluators

      public Hashtable<String,AccessEvaluator> getAccessEvaluators()
      Description copied from class: AuthzManager
      Return a table of evaluators
      Specified by:
      getAccessEvaluators in class AuthzManager
      Returns:
      A table of evaluators