Class BasicGroupAuthz

java.lang.Object
com.netscape.cms.authorization.BasicGroupAuthz
All Implemented Interfaces:
IExtendedPluginInfo, IAuthzManager

public class BasicGroupAuthz extends Object implements IAuthzManager, IExtendedPluginInfo
  • Field Details

    • logger

      public static org.slf4j.Logger logger
    • extendedPluginInfo

      protected static Vector<String> extendedPluginInfo
    • configParams

      protected static String[] configParams
  • Constructor Details

    • BasicGroupAuthz

      public BasicGroupAuthz()
  • Method Details

    • getExtendedPluginInfo

      public String[] getExtendedPluginInfo()
      Description copied from interface: IExtendedPluginInfo
      This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
      Specified by:
      getExtendedPluginInfo in interface IExtendedPluginInfo
    • getName

      public String getName()
      Description copied from interface: IAuthzManager
      Get the name of this authorization manager instance.

      Specified by:
      getName in interface IAuthzManager
      Returns:
      String the name of this authorization manager.
    • getImplName

      public String getImplName()
      Description copied from interface: IAuthzManager
      Get implementation name of authorization manager plugin.

      An example of an implementation name will be:

       com.netscape.cms.BasicAclAuthz
       

      Specified by:
      getImplName in interface IAuthzManager
      Returns:
      The name of the authorization manager plugin.
    • accessInit

      public void accessInit(String accessInfo) throws EBaseException
      Description copied from interface: IAuthzManager
      accessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.

      The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following: Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties

      Specified by:
      accessInit in interface IAuthzManager
      Parameters:
      accessInfo - the access info string in the format specified in the authorization manager
      Throws:
      EBaseException - error parsing the accessInfo
    • authorize

      public AuthzToken authorize(IAuthToken authToken, String resource, String operation) throws EAuthzInternalError, EAuthzAccessDenied
      Description copied from interface: IAuthzManager
      Check if the user is authorized to perform the given operation on the given resource.
      Specified by:
      authorize in interface IAuthzManager
      Parameters:
      authToken - the authToken associated with a user.
      resource - - the protected resource name
      operation - - the protected resource operation name
      Returns:
      authzToken if the user is authorized
      Throws:
      EAuthzInternalError - if an internal error occurred.
      EAuthzAccessDenied - if access denied
    • authorize

      public AuthzToken authorize(IAuthToken authToken, String expression) throws EAuthzInternalError, EAuthzAccessDenied
      Specified by:
      authorize in interface IAuthzManager
      Throws:
      EAuthzInternalError
      EAuthzAccessDenied
    • init

      public void init(String name, String implName, AuthzManagerConfig config) throws EBaseException
      Description copied from interface: IAuthzManager
      Initialize this authorization manager.
      Specified by:
      init in interface IAuthzManager
      Parameters:
      name - The name of this authorization manager instance.
      implName - The name of the authorization manager plugin.
      config - The configuration store for this authorization manager.
      Throws:
      EBaseException - If an initialization error occurred.
    • shutdown

      public void shutdown()
      Description copied from interface: IAuthzManager
      Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.
      Specified by:
      shutdown in interface IAuthzManager
    • getConfigParams

      public String[] getConfigParams() throws EBaseException
      Description copied from interface: IAuthzManager
      Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.
      Specified by:
      getConfigParams in interface IAuthzManager
      Returns:
      a list of names for configuration parameters.
      Throws:
      EBaseException - If an internal error occurred
    • getConfigStore

      public AuthzManagerConfig getConfigStore()
      Description copied from interface: IAuthzManager
      Get the configuration store for this authorization manager.
      Specified by:
      getConfigStore in interface IAuthzManager
      Returns:
      The configuration store of this authorization manager.
    • getACLs

      public Enumeration<IACL> getACLs()
      Description copied from interface: IAuthzManager
      Get ACL entries
      Specified by:
      getACLs in interface IAuthzManager
      Returns:
      enumeration of ACL entries.
    • getACL

      public IACL getACL(String target)
      Description copied from interface: IAuthzManager
      Get individual ACL entry for the given name of entry.
      Specified by:
      getACL in interface IAuthzManager
      Parameters:
      target - The name of the ACL entry
      Returns:
      The ACL entry.
    • updateACLs

      public void updateACLs(String id, String rights, String strACLs, String desc) throws EACLsException
      Description copied from interface: IAuthzManager
      Update ACLs in the database
      Specified by:
      updateACLs in interface IAuthzManager
      Parameters:
      id - The name of the ACL entry (ie, resource id)
      rights - The allowable rights for this resource
      strACLs - The value of the ACL entry
      desc - The description for this resource
      Throws:
      EACLsException - when update fails.
    • aclEvaluatorElements

      public Enumeration<IAccessEvaluator> aclEvaluatorElements()
      Description copied from interface: IAuthzManager
      Get all registered evaluators.
      Specified by:
      aclEvaluatorElements in interface IAuthzManager
      Returns:
      All registered evaluators.
    • registerEvaluator

      public void registerEvaluator(String type, IAccessEvaluator evaluator)
      Description copied from interface: IAuthzManager
      Register new evaluator
      Specified by:
      registerEvaluator in interface IAuthzManager
      Parameters:
      type - Type of evaluator
      evaluator - Value of evaluator
    • getAccessEvaluators

      public Hashtable<String,IAccessEvaluator> getAccessEvaluators()
      Description copied from interface: IAuthzManager
      Return a table of evaluators
      Specified by:
      getAccessEvaluators in interface IAuthzManager
      Returns:
      A table of evaluators