Class AuthzSubsystem

java.lang.Object
com.netscape.cmscore.authorization.AuthzSubsystem
All Implemented Interfaces:
ISubsystem

public class AuthzSubsystem extends Object implements ISubsystem
Default authorization subsystem

Version:
$Revision$, $Date$
Author:
cfu
  • Field Details

  • Method Details

    • getInstance

      public static AuthzSubsystem getInstance()
    • init

      public void init(ConfigStore config) throws EBaseException
      Initializes the authorization subsystem from the config store. Load Authorization manager plugins, create and initialize initialize authorization manager instances.
      Specified by:
      init in interface ISubsystem
      Parameters:
      config - The configuration store.
      Throws:
      EBaseException
    • authzMgrAccessInit

      public void authzMgrAccessInit(String authzMgrInstName, String accessInfo) throws EAuthzMgrNotFound, EBaseException
      authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called during the init() method of a servlet.
      Parameters:
      authzMgrInstName - The authorization manager name
      accessInfo - the access information to be initialized. currently it's acl string in the format specified in the authorization manager
      Throws:
      EAuthzMgrNotFound
      EBaseException
    • authorize

      public AuthzToken authorize(String authzMgrInstName, IAuthToken authToken, String resource, String operation, String realm) throws EAuthzMgrNotFound, EBaseException
      Authorization to the named authorization manager instance
      Parameters:
      authzMgrInstName - The authorization manager name
      authToken - the authentication token associated with a user
      resource - the resource protected by the authorization system
      operation - the operation for resource protected by the authoriz n system
      Returns:
      a authorization token.
      Throws:
      EBaseException - If an error occurs during authorization.
      EAuthzMgrNotFound
    • authorize

      public AuthzToken authorize(String authzMgrName, IAuthToken authToken, String resource, String operation) throws EBaseException
      Throws:
      EBaseException
    • authorize

      public AuthzToken authorize(String authzMgrInstName, IAuthToken authToken, String exp) throws EAuthzMgrNotFound, EBaseException
      Throws:
      EAuthzMgrNotFound
      EBaseException
    • getConfigParams

      public String[] getConfigParams(String implName) throws EAuthzMgrPluginNotFound, EBaseException
      Gets configuration parameters for the given authorization manager plugin.
      Parameters:
      implName - Name of the authorization plugin.
      Returns:
      Hashtable of required parameters.
      Throws:
      EAuthzMgrPluginNotFound
      EBaseException
    • add

      public void add(String name, IAuthzManager authzMgrInst)
      Add an authorization manager instance.
      Parameters:
      name - name of the authorization manager instance
      authzMgrInst - the authorization manager instance to be added
    • delete

      public void delete(String name)
      Removes a authorization manager instance.
      Parameters:
      name - name of the authorization manager
    • get

      public IAuthzManager get(String name)
      Gets the authorization manager instance of the specified name.
      Parameters:
      name - name of the authorization manager instance
      Returns:
      the named authorization manager instance
    • getAuthzManagers

      public Enumeration<IAuthzManager> getAuthzManagers()
      Enumerate all authorization manager instances.
    • getAuthzManagerPlugins

      public Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins()
      Enumerate all registered authorization manager plugins.
    • getAuthzManagerPluginImpl

      public AuthzMgrPlugin getAuthzManagerPluginImpl(String name)
      retrieve a single authz manager plugin by name
    • getAuthzManagerPlugin

      public IAuthzManager getAuthzManagerPlugin(String name)
      Retrieve a single authz manager instance
    • getId

      public String getId()
      Retrieves id (name) of this subsystem.
      Specified by:
      getId in interface ISubsystem
      Returns:
      name of the authorization subsystem
    • setId

      public void setId(String id) throws EBaseException
      Sets id string to this subsystem.

      Use with caution. Should not do it when sharing with others

      Specified by:
      setId in interface ISubsystem
      Parameters:
      id - name to be applied to an authorization sybsystem
      Throws:
      EBaseException - failed to set id
    • startup

      public void startup() throws EBaseException
      registers the administration servlet with the administration subsystem.
      Specified by:
      startup in interface ISubsystem
      Throws:
      EBaseException - failed to start up
    • shutdown

      public void shutdown()
      shuts down authorization managers one by one.

      Specified by:
      shutdown in interface ISubsystem
    • getPlugins

      public Hashtable<String,AuthzMgrPlugin> getPlugins()
      Get a hashtable containing all authentication plugins.
      Returns:
      all authentication plugins.
    • getInstances

      public Hashtable<String,AuthzManagerProxy> getInstances()
      Get a hashtable containing all authentication instances.
      Returns:
      all authentication instances.
    • getConfigStore

      public ConfigStore getConfigStore()
      Returns the root configuration storage of this system.

      Specified by:
      getConfigStore in interface ISubsystem
      Returns:
      configuration store of this subsystem
    • getAuthzManager

      public IAuthzManager getAuthzManager(String name)
      gets the named authorization manager
      Parameters:
      name - of the authorization manager
      Returns:
      the named authorization manager
    • checkRealm

      public void checkRealm(String realm, IAuthToken authToken, String owner, String resource, String operation) throws EBaseException
      Authorize the user against the specified realm. Looks for authz manager associated with the plugin and authenticates if present.
      Parameters:
      realm -
      authToken -
      owner - TODO
      resource -
      operation -
      Throws:
      EBaseException - if any error occurs during authentication.
    • getAuthzManagerNameByRealm

      public String getAuthzManagerNameByRealm(String realm) throws EAuthzUnknownRealm
      Given a realm name, return the name of an authz manager for that realm.
      Throws:
      EAuthzUnknownRealm - if no authz manager is found.