Package com.netscape.cms.authorization
Class BasicGroupAuthz
java.lang.Object
com.netscape.cms.authorization.BasicGroupAuthz
- All Implemented Interfaces:
IExtendedPluginInfo
,IAuthzManager
-
Field Summary
FieldsFields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
accessInit
(String accessInfo) accessInit
is for servlets who want to initialize their own authorization information before full operation.Get all registered evaluators.authorize
(IAuthToken authToken, String expression) authorize
(IAuthToken authToken, String resource, String operation) Check if the user is authorized to perform the given operation on the given resource.Return a table of evaluatorsGet individual ACL entry for the given name of entry.getACLs()
Get ACL entriesString[]
Get configuration parameters for this implementation.Get the configuration store for this authorization manager.String[]
This method returns an array of strings.Get implementation name of authorization manager plugin.getName()
Get the name of this authorization manager instance.void
init
(String name, String implName, AuthzManagerConfig config) Initialize this authorization manager.void
registerEvaluator
(String type, IAccessEvaluator evaluator) Register new evaluatorvoid
shutdown()
Prepare this authorization manager for a graceful shutdown.void
updateACLs
(String id, String rights, String strACLs, String desc) Update ACLs in the database
-
Field Details
-
logger
public static org.slf4j.Logger logger -
extendedPluginInfo
-
configParams
-
-
Constructor Details
-
BasicGroupAuthz
public BasicGroupAuthz()
-
-
Method Details
-
getExtendedPluginInfo
Description copied from interface:IExtendedPluginInfo
This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"- Specified by:
getExtendedPluginInfo
in interfaceIExtendedPluginInfo
-
getName
Description copied from interface:IAuthzManager
Get the name of this authorization manager instance.- Specified by:
getName
in interfaceIAuthzManager
- Returns:
- String the name of this authorization manager.
-
getImplName
Description copied from interface:IAuthzManager
Get implementation name of authorization manager plugin.An example of an implementation name will be:
com.netscape.cms.BasicAclAuthz
- Specified by:
getImplName
in interfaceIAuthzManager
- Returns:
- The name of the authorization manager plugin.
-
accessInit
Description copied from interface:IAuthzManager
accessInit
is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following: Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
- Specified by:
accessInit
in interfaceIAuthzManager
- Parameters:
accessInfo
- the access info string in the format specified in the authorization manager- Throws:
EBaseException
- error parsing the accessInfo
-
authorize
public AuthzToken authorize(IAuthToken authToken, String resource, String operation) throws EAuthzInternalError, EAuthzAccessDenied Description copied from interface:IAuthzManager
Check if the user is authorized to perform the given operation on the given resource.- Specified by:
authorize
in interfaceIAuthzManager
- Parameters:
authToken
- the authToken associated with a user.resource
- - the protected resource nameoperation
- - the protected resource operation name- Returns:
- authzToken if the user is authorized
- Throws:
EAuthzInternalError
- if an internal error occurred.EAuthzAccessDenied
- if access denied
-
authorize
public AuthzToken authorize(IAuthToken authToken, String expression) throws EAuthzInternalError, EAuthzAccessDenied - Specified by:
authorize
in interfaceIAuthzManager
- Throws:
EAuthzInternalError
EAuthzAccessDenied
-
init
Description copied from interface:IAuthzManager
Initialize this authorization manager.- Specified by:
init
in interfaceIAuthzManager
- Parameters:
name
- The name of this authorization manager instance.implName
- The name of the authorization manager plugin.config
- The configuration store for this authorization manager.- Throws:
EBaseException
- If an initialization error occurred.
-
shutdown
public void shutdown()Description copied from interface:IAuthzManager
Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.- Specified by:
shutdown
in interfaceIAuthzManager
-
getConfigParams
Description copied from interface:IAuthzManager
Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.- Specified by:
getConfigParams
in interfaceIAuthzManager
- Returns:
- a list of names for configuration parameters.
- Throws:
EBaseException
- If an internal error occurred
-
getConfigStore
Description copied from interface:IAuthzManager
Get the configuration store for this authorization manager.- Specified by:
getConfigStore
in interfaceIAuthzManager
- Returns:
- The configuration store of this authorization manager.
-
getACLs
Description copied from interface:IAuthzManager
Get ACL entries- Specified by:
getACLs
in interfaceIAuthzManager
- Returns:
- enumeration of ACL entries.
-
getACL
Description copied from interface:IAuthzManager
Get individual ACL entry for the given name of entry.- Specified by:
getACL
in interfaceIAuthzManager
- Parameters:
target
- The name of the ACL entry- Returns:
- The ACL entry.
-
updateACLs
Description copied from interface:IAuthzManager
Update ACLs in the database- Specified by:
updateACLs
in interfaceIAuthzManager
- Parameters:
id
- The name of the ACL entry (ie, resource id)rights
- The allowable rights for this resourcestrACLs
- The value of the ACL entrydesc
- The description for this resource- Throws:
EACLsException
- when update fails.
-
aclEvaluatorElements
Description copied from interface:IAuthzManager
Get all registered evaluators.- Specified by:
aclEvaluatorElements
in interfaceIAuthzManager
- Returns:
- All registered evaluators.
-
registerEvaluator
Description copied from interface:IAuthzManager
Register new evaluator- Specified by:
registerEvaluator
in interfaceIAuthzManager
- Parameters:
type
- Type of evaluatorevaluator
- Value of evaluator
-
getAccessEvaluators
Description copied from interface:IAuthzManager
Return a table of evaluators- Specified by:
getAccessEvaluators
in interfaceIAuthzManager
- Returns:
- A table of evaluators
-