Package com.netscape.cms.authorization
Class DirAclAuthz
java.lang.Object
com.netscape.cms.authorization.AAclAuthz
com.netscape.cms.authorization.DirAclAuthz
- All Implemented Interfaces:
IExtendedPluginInfo
,IAuthzManager
A class for ldap acls based authorization manager
The ldap server used for acls is the cms internal ldap db.
- Version:
- $Revision$, $Date$
-
Nested Class Summary
Nested classes/interfaces inherited from class com.netscape.cms.authorization.AAclAuthz
AAclAuthz.EvaluationOrder
-
Field Summary
FieldsFields inherited from class com.netscape.cms.authorization.AAclAuthz
ACLS_ATTR, mConfigParams, mExtendedPluginInfo, PROP_CLASS, PROP_EVAL, PROP_IMPL
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected void
updates resourceACLs to ldap.protected netscape.ldap.LDAPConnection
getConn()
void
init
(String name, String implName, AuthzManagerConfig config) Initializesprotected void
returnConn
(netscape.ldap.LDAPConnection conn) void
shutdown()
graceful shutdownvoid
updateACLs
(String id, String rights, String strACLs, String desc) update acls.Methods inherited from class com.netscape.cms.authorization.AAclAuthz
accessInit, aclEvaluatorElements, aclResElements, addACLs, authorize, authorize, checkAllowEntries, checkDenyEntries, checkPermission, checkPermission, evaluateACLs, getAccessEvaluators, getACL, getACLs, getConfigParams, getConfigStore, getEntries, getExtendedPluginInfo, getImplName, getName, getNodes, getOrder, getTargetNames, isTypeUnique, registerEvaluator
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
getExtendedPluginInfo
-
Field Details
-
logger
public static org.slf4j.Logger logger -
PROP_SEARCHBASE
- See Also:
-
-
Constructor Details
-
DirAclAuthz
public DirAclAuthz()Default constructor
-
-
Method Details
-
init
Description copied from class:AAclAuthz
Initializes- Specified by:
init
in interfaceIAuthzManager
- Overrides:
init
in classAAclAuthz
- Parameters:
name
- The name of this authorization manager instance.implName
- The name of the authorization manager plugin.config
- The configuration store for this authorization manager.- Throws:
EBaseException
- If an initialization error occurred.
-
updateACLs
update acls. when memory update is done, flush to ldap.Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts down, another flush will be attempted.
- Specified by:
updateACLs
in interfaceIAuthzManager
- Overrides:
updateACLs
in classAAclAuthz
- Parameters:
id
- is the resource idrights
- The allowable rights for this resourcestrACLs
- has the same format as a resourceACLs entry acis on the ldap serverdesc
- The description for this resource- Throws:
EACLsException
- when update fails.
-
flushResourceACLs
updates resourceACLs to ldap.- Throws:
EACLsException
-
getConn
- Throws:
ELdapException
-
returnConn
- Throws:
ELdapException
-
shutdown
public void shutdown()graceful shutdown- Specified by:
shutdown
in interfaceIAuthzManager
-