Interface IAuthzManager
- All Known Implementing Classes:
AAclAuthz
,BasicAclAuthz
,BasicGroupAuthz
,DirAclAuthz
public interface IAuthzManager
Authorization Manager interface needs to be implemented by all
authorization managers.
- Version:
- $Revision$, $Date$
-
Method Summary
Modifier and TypeMethodDescriptionvoid
accessInit
(String accessInfo) accessInit
is for servlets who want to initialize their own authorization information before full operation.Get all registered evaluators.authorize
(IAuthToken authToken, String expression) authorize
(IAuthToken authToken, String resource, String operation) Check if the user is authorized to perform the given operation on the given resource.Return a table of evaluatorsGet individual ACL entry for the given name of entry.getACLs()
Get ACL entriesString[]
Get configuration parameters for this implementation.Get the configuration store for this authorization manager.Get implementation name of authorization manager plugin.getName()
Get the name of this authorization manager instance.void
init
(String name, String implName, AuthzManagerConfig config) Initialize this authorization manager.void
registerEvaluator
(String type, IAccessEvaluator evaluator) Register new evaluatorvoid
shutdown()
Prepare this authorization manager for a graceful shutdown.void
updateACLs
(String id, String rights, String strACLs, String desc) Update ACLs in the database
-
Method Details
-
getName
String getName()Get the name of this authorization manager instance.- Returns:
- String the name of this authorization manager.
-
getImplName
String getImplName()Get implementation name of authorization manager plugin.An example of an implementation name will be:
com.netscape.cms.BasicAclAuthz
- Returns:
- The name of the authorization manager plugin.
-
accessInit
accessInit
is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following: Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
- Parameters:
accessInfo
- the access info string in the format specified in the authorization manager- Throws:
EBaseException
- error parsing the accessInfo
-
authorize
AuthzToken authorize(IAuthToken authToken, String resource, String operation) throws EAuthzInternalError, EAuthzAccessDenied Check if the user is authorized to perform the given operation on the given resource.- Parameters:
authToken
- the authToken associated with a user.resource
- - the protected resource nameoperation
- - the protected resource operation name- Returns:
- authzToken if the user is authorized
- Throws:
EAuthzInternalError
- if an internal error occurred.EAuthzAccessDenied
- if access denied
-
authorize
AuthzToken authorize(IAuthToken authToken, String expression) throws EAuthzInternalError, EAuthzAccessDenied -
init
Initialize this authorization manager.- Parameters:
name
- The name of this authorization manager instance.implName
- The name of the authorization manager plugin.config
- The configuration store for this authorization manager.- Throws:
EBaseException
- If an initialization error occurred.
-
shutdown
void shutdown()Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed. -
getConfigParams
Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.- Returns:
- a list of names for configuration parameters.
- Throws:
EBaseException
- If an internal error occurred
-
getConfigStore
ConfigStore getConfigStore()Get the configuration store for this authorization manager.- Returns:
- The configuration store of this authorization manager.
-
getACLs
Enumeration<IACL> getACLs()Get ACL entries- Returns:
- enumeration of ACL entries.
-
getACL
Get individual ACL entry for the given name of entry.- Parameters:
target
- The name of the ACL entry- Returns:
- The ACL entry.
-
updateACLs
Update ACLs in the database- Parameters:
id
- The name of the ACL entry (ie, resource id)rights
- The allowable rights for this resourcestrACLs
- The value of the ACL entrydesc
- The description for this resource- Throws:
EACLsException
- when update fails.
-
aclEvaluatorElements
Enumeration<IAccessEvaluator> aclEvaluatorElements()Get all registered evaluators.- Returns:
- All registered evaluators.
-
registerEvaluator
Register new evaluator- Parameters:
type
- Type of evaluatorevaluator
- Value of evaluator
-
getAccessEvaluators
Hashtable<String,IAccessEvaluator> getAccessEvaluators()Return a table of evaluators- Returns:
- A table of evaluators
-