BasicAclAuthz (pki-javadoc)

java.lang.Object
- com.netscape.cms.authorization.AAclAuthz
- - com.netscape.cms.authorization.BasicAclAuthz

All Implemented Interfaces:

IAuthzManager, IExtendedPluginInfo
```
public class BasicAclAuthz
extends AAclAuthz
implements IAuthzManager, IExtendedPluginInfo
```
A class for basic acls authorization manager

Version:

$Revision$, $Date$

Field Summary

Fields
Modifier and Type Field and Description

protected static java.lang.String PROP_BASEDN
- Fields inherited from class com.netscape.cms.authorization.AAclAuthz
  ACLS_ATTR, mConfigParams, mExtendedPluginInfo, PROP_CLASS, PROP_EVAL, PROP_IMPL
- Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
  HELP_TEXT, HELP_TOKEN

Fields
Modifier and Type	Field and Description
`protected static java.lang.String`	`PROP_BASEDN`

Constructor Summary

Constructors
Constructor and Description

BasicAclAuthz()
Default constructor

Constructors
Constructor and Description
`BasicAclAuthz()` Default constructor

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`AuthzToken`	`authorize(IAuthToken authToken, java.lang.String expression)`
`AuthzToken`	`authorize(IAuthToken authToken, java.lang.String resource, java.lang.String operation)` check the authorization permission for the user associated with authToken on operation
`protected void`	`flushResourceACLs()` updates resourceACLs to permanent storage.
`java.lang.String`	`getImplName()` gets the plugin name of this authorization manager.
`java.lang.String`	`getName()` gets the name of this authorization manager instance
`void`	`init(java.lang.String name, java.lang.String implName, IConfigStore config)` Initialize this authorization manager.
`protected void`	`log(int level, java.lang.String msg)` Logs a message for this class in the system log file.
`void`	`shutdown()` graceful shutdown
`void`	`updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc)` This currently does not flush to permanent storage

Methods inherited from class com.netscape.cms.authorization.AAclAuthz
accessInit, aclEvaluatorElements, aclResElements, addACLs, checkPermission, checkPermission, evaluateACLs, getAccessEvaluators, getACL, getACLs, getAllowEntries, getConfigParams, getConfigStore, getDenyEntries, getExtendedPluginInfo, getNodes, getOrder, getTargetNames, init, isTypeUnique, registerEvaluator

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.netscape.certsrv.authorization.IAuthzManager
accessInit, aclEvaluatorElements, getAccessEvaluators, getACL, getACLs, getConfigParams, getConfigStore, registerEvaluator

Methods inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
getExtendedPluginInfo

- Field Detail
  - PROP_BASEDN
```
protected static final java.lang.String PROP_BASEDN
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - BasicAclAuthz
```
public BasicAclAuthz()
```
    Default constructor
- Method Detail
  - init
```
public void init(java.lang.String name,
                 java.lang.String implName,
                 IConfigStore config)
          throws EBaseException
```
    Description copied from interface: IAuthzManager
    
    Initialize this authorization manager.
    
    Specified by:
    
    init in interface IAuthzManager
    
    Parameters:
    
    name - The name of this authorization manager instance.
    
    implName - The name of the authorization manager plugin.
    
    config - The configuration store for this authorization manager.
    
    Throws:
    
    EBaseException - If an initialization error occurred.
  - getName
```
public java.lang.String getName()
```
    gets the name of this authorization manager instance
    
    Specified by:
    
    getName in interface IAuthzManager
    
    Returns:
    
    String the name of this authorization manager.
  - getImplName
```
public java.lang.String getImplName()
```
    gets the plugin name of this authorization manager.
    
    Specified by:
    
    getImplName in interface IAuthzManager
    
    Returns:
    
    The name of the authorization manager plugin.
  - authorize
```
public AuthzToken authorize(IAuthToken authToken,
                            java.lang.String resource,
                            java.lang.String operation)
                     throws EAuthzInternalError,
                            EAuthzAccessDenied
```
    check the authorization permission for the user associated with authToken on operation
    Example:
    For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:
```
 try {
     authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read");
 } catch (EBaseException e) {
     log(ILogger.LL_FAILURE, "authorize call: " + e.toString());
 }
 
```
    Specified by:
    
    authorize in interface IAuthzManager
    
    Specified by:
    
    authorize in class AAclAuthz
    
    Parameters:
    
    authToken - the authToken associated with a user
    
    resource - - the protected resource name
    
    operation - - the protected resource operation name
    
    Returns:
    
    authzToken if success
    
    Throws:
    
    EAuthzInternalError - if an internal error occurred.
    
    EAuthzAccessDenied - if access denied
  - authorize
```
public AuthzToken authorize(IAuthToken authToken,
                            java.lang.String expression)
                     throws EAuthzAccessDenied
```
    Specified by:
    
    authorize in interface IAuthzManager
    
    Throws:
    
    EAuthzAccessDenied
  - updateACLs
```
public void updateACLs(java.lang.String id,
                       java.lang.String rights,
                       java.lang.String strACLs,
                       java.lang.String desc)
                throws EACLsException
```
    This currently does not flush to permanent storage
    
    Specified by:
    
    updateACLs in interface IAuthzManager
    
    Overrides:
    
    updateACLs in class AAclAuthz
    
    Parameters:
    
    id - is the resource id
    
    strACLs -
    
    rights - The allowable rights for this resource
    
    desc - The description for this resource
    
    Throws:
    
    EACLsException - when update fails.
  - flushResourceACLs
```
protected void flushResourceACLs()
                          throws EACLsException
```
    updates resourceACLs to permanent storage. currently not implemented for this authzMgr
    
    Specified by:
    
    flushResourceACLs in class AAclAuthz
    
    Throws:
    
    EACLsException
  - shutdown
```
public void shutdown()
```
    graceful shutdown
    
    Specified by:
    
    shutdown in interface IAuthzManager
    
    Specified by:
    
    shutdown in class AAclAuthz
  - log
```
protected void log(int level,
                   java.lang.String msg)
```
    Logs a message for this class in the system log file.
    
    Parameters:
    
    level - The log level.
    
    msg - The message to log.
    
    See Also:
    
    ILogger

Class BasicAclAuthz

Field Summary

Fields inherited from class com.netscape.cms.authorization.AAclAuthz

Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo

Constructor Summary

Method Summary

Methods inherited from class com.netscape.cms.authorization.AAclAuthz

Methods inherited from class java.lang.Object

Methods inherited from interface com.netscape.certsrv.authorization.IAuthzManager

Methods inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo

Field Detail

PROP_BASEDN

Constructor Detail

BasicAclAuthz

Method Detail

init

getName

getImplName

authorize

authorize

updateACLs

flushResourceACLs

shutdown

log