Class AccessEvaluator

java.lang.Object
com.netscape.certsrv.evaluators.AccessEvaluator
Direct Known Subclasses:
GroupAccessEvaluator, IPAddressAccessEvaluator, UserAccessEvaluator, UserOrigReqAccessEvaluator

public abstract class AccessEvaluator extends Object
A class represents an evaluator. An evaluator is used to evaluate an expression. For example, one can write an evaluator to evaluate if a user belongs to a certain group. An evaluator is generally used for access control expression evaluation, however, it can be used for other evaluation-related operations.
  • Field Details

    • engine

      protected CMSEngine engine
    • type

      protected String type
    • description

      protected String description
  • Constructor Details

    • AccessEvaluator

      public AccessEvaluator()
  • Method Details

    • getCMSEngine

      public CMSEngine getCMSEngine()
    • setCMSEngine

      public void setCMSEngine(CMSEngine engine)
    • init

      public abstract void init()
      Initialize the evaluator
    • getType

      public String getType()
      Gets the type of the evaluator. Type is defined by each evaluator plugin. Each evaluator plugin should have a unique type.
      Returns:
      type of the evaluator
    • getDescription

      public String getDescription()
      Gets the description of the evaluator
      Returns:
      a text description for this evaluator
    • evaluate

      public abstract boolean evaluate(String type, String op, String value)
      Evaluates if the given value satisfies the access control in current context.
      Parameters:
      type - Type of the evaluator, eg, user, group etc
      op - Operator of the evaluator, eg, =, !=
      value - Part of the expression that can be used to evaluate, e.g, value can be the name of the group if the purpose of the evaluator is to evaluate if the user is a member of the group.
      Returns:
      true if the evaluation expression is matched; false otherwise.
    • evaluate

      public abstract boolean evaluate(AuthToken authToken, String type, String op, String value)
      Evaluates if the given value satisfies the access control in authToken obtained from Authentication.
      Parameters:
      authToken - Authentication token
      type - Type of the evaluator, eg, user, group etc
      op - Operator of the evaluator, eg, =, !=
      value - Part of the expression that can be used to evaluate, e.g, value can be the name of the group if the purpose of the evaluator is to evaluate if the user is a member of the group.
      Returns:
      true if the evaluation expression is matched; false otherwise.
    • getSupportedOperators

      public abstract String[] getSupportedOperators()
      Get the supported operators for this evaluator
      Returns:
      Supported operators in string array