Class AuthzManager
java.lang.Object
org.dogtagpki.server.authorization.AuthzManager
- Direct Known Subclasses:
AAclAuthz
,BasicGroupAuthz
Authorization Manager interface needs to be implemented by all
authorization managers.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionabstract void
accessInit
(String accessInfo) accessInit
is for servlets who want to initialize their own authorization information before full operation.abstract Enumeration
<AccessEvaluator> Get all registered evaluators.abstract AuthzToken
abstract AuthzToken
Check if the user is authorized to perform the given operation on the given resource.abstract Hashtable
<String, AccessEvaluator> Return a table of evaluatorsabstract ACL
Get individual ACL entry for the given name of entry.abstract Collection
<ACL> getACLs()
Get ACL entriesabstract String[]
Get configuration parameters for this implementation.Get the configuration store for this authorization manager.Get implementation name of authorization manager plugin.getName()
Get the name of this authorization manager instance.abstract void
init
(String name, String implName, AuthzManagerConfig config) Initialize this authorization manager.abstract void
registerEvaluator
(String type, AccessEvaluator evaluator) Register new evaluatorvoid
setCMSEngine
(CMSEngine engine) abstract void
shutdown()
Prepare this authorization manager for a graceful shutdown.abstract void
updateACLs
(String id, String rights, String strACLs, String desc) Update ACLs in the database
-
Field Details
-
engine
-
name
-
implName
-
config
-
-
Constructor Details
-
AuthzManager
public AuthzManager()
-
-
Method Details
-
getCMSEngine
-
setCMSEngine
-
getName
Get the name of this authorization manager instance.- Returns:
- String the name of this authorization manager.
-
getImplName
Get implementation name of authorization manager plugin. An example of an implementation name will be:com.netscape.cms.BasicAclAuthz
- Returns:
- The name of the authorization manager plugin.
-
accessInit
accessInit
is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following: Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
- Parameters:
accessInfo
- the access info string in the format specified in the authorization manager- Throws:
EBaseException
- error parsing the accessInfo
-
authorize
public abstract AuthzToken authorize(AuthToken authToken, String resource, String operation) throws EAuthzInternalError, EAuthzAccessDenied Check if the user is authorized to perform the given operation on the given resource.- Parameters:
authToken
- the authToken associated with a user.resource
- - the protected resource nameoperation
- - the protected resource operation name- Returns:
- authzToken if the user is authorized
- Throws:
EAuthzInternalError
- if an internal error occurred.EAuthzAccessDenied
- if access denied
-
authorize
public abstract AuthzToken authorize(AuthToken authToken, String expression) throws EAuthzInternalError, EAuthzAccessDenied -
init
public abstract void init(String name, String implName, AuthzManagerConfig config) throws EBaseException Initialize this authorization manager.- Parameters:
name
- The name of this authorization manager instance.implName
- The name of the authorization manager plugin.config
- The configuration store for this authorization manager.- Throws:
EBaseException
- If an initialization error occurred.
-
shutdown
public abstract void shutdown()Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed. -
getConfigParams
Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.- Returns:
- a list of names for configuration parameters.
- Throws:
EBaseException
- If an internal error occurred
-
getConfigStore
Get the configuration store for this authorization manager.- Returns:
- The configuration store of this authorization manager.
-
getACLs
Get ACL entries- Returns:
- collection of ACL entries.
- Throws:
EACLsException
-
getACL
Get individual ACL entry for the given name of entry.- Parameters:
target
- The name of the ACL entry- Returns:
- The ACL entry.
- Throws:
EACLsException
-
updateACLs
public abstract void updateACLs(String id, String rights, String strACLs, String desc) throws EACLsException Update ACLs in the database- Parameters:
id
- The name of the ACL entry (ie, resource id)rights
- The allowable rights for this resourcestrACLs
- The value of the ACL entrydesc
- The description for this resource- Throws:
EACLsException
- when update fails.
-
aclEvaluatorElements
Get all registered evaluators.- Returns:
- All registered evaluators.
-
registerEvaluator
Register new evaluator- Parameters:
type
- Type of evaluatorevaluator
- Value of evaluator
-
getAccessEvaluators
Return a table of evaluators- Returns:
- A table of evaluators
-