com.netscape.cms.authorization

Class BasicGroupAuthz

java.lang.Object

com.netscape.cms.authorization.BasicGroupAuthz

All Implemented Interfaces:

IAuthzManager, IExtendedPluginInfo

public class BasicGroupAuthz
extends java.lang.Object
implements IAuthzManager, IExtendedPluginInfo

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String[]	configParams
protected static java.util.Vector<java.lang.String>	extendedPluginInfo

Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo

HELP_TEXT, HELP_TOKEN

Constructor Summary

Constructors

Constructor and Description
BasicGroupAuthz()

Method Summary

Modifier and Type	Method and Description
void	accessInit(java.lang.String accessInfo) accessInit is for servlets who want to initialize their own authorization information before full operation.
java.util.Enumeration<IAccessEvaluator>	aclEvaluatorElements() Get all registered evaluators.
AuthzToken	authorize(IAuthToken authToken, java.lang.String expression)
AuthzToken	authorize(IAuthToken authToken, java.lang.String resource, java.lang.String operation) Check if the user is authorized to perform the given operation on the given resource.
java.util.Hashtable<java.lang.String,IAccessEvaluator>	getAccessEvaluators() Return a table of evaluators
IACL	getACL(java.lang.String target) Get individual ACL entry for the given name of entry.
java.util.Enumeration<ACL>	getACLs() Get ACL entries
java.lang.String[]	getConfigParams() Get configuration parameters for this implementation.
IConfigStore	getConfigStore() Get the configuration store for this authorization manager.
java.lang.String[]	getExtendedPluginInfo(java.util.Locale locale) This method returns an array of strings.
java.lang.String	getImplName() Get implementation name of authorization manager plugin.
java.lang.String	getName() Get the name of this authorization manager instance.
void	init(java.lang.String name, java.lang.String implName, IConfigStore config) Initialize this authorization manager.
void	registerEvaluator(java.lang.String type, IAccessEvaluator evaluator) Register new evaluator
void	shutdown() Prepare this authorization manager for a graceful shutdown.
void	updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc) Update ACLs in the database

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

extendedPluginInfo

protected static java.util.Vector<java.lang.String> extendedPluginInfo

configParams

protected static java.lang.String[] configParams

Constructor Detail

BasicGroupAuthz

public BasicGroupAuthz()

Method Detail

getExtendedPluginInfo

public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)

Description copied from interface: IExtendedPluginInfo

This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"

Specified by:

getExtendedPluginInfo in interface IExtendedPluginInfo

getName

public java.lang.String getName()

Description copied from interface: IAuthzManager

Get the name of this authorization manager instance.

Specified by:

getName in interface IAuthzManager

Returns:

String the name of this authorization manager.

getImplName

public java.lang.String getImplName()

Description copied from interface: IAuthzManager

Get implementation name of authorization manager plugin.

An example of an implementation name will be:

 com.netscape.cms.BasicAclAuthz
 

Specified by:

getImplName in interface IAuthzManager

Returns:

The name of the authorization manager plugin.

accessInit

public void accessInit(java.lang.String accessInfo)
                throws EBaseException

Description copied from interface: IAuthzManager

accessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.

The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following:

    :right-1[,right-n]:[allow,deny](right(s))=:
 

 Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties

Specified by:

accessInit in interface IAuthzManager

Parameters:

accessInfo - the access info string in the format specified in the authorization manager

Throws:

EBaseException - error parsing the accessInfo

authorize

public AuthzToken authorize(IAuthToken authToken,
                            java.lang.String resource,
                            java.lang.String operation)
                     throws EAuthzInternalError,
                            EAuthzAccessDenied

Description copied from interface: IAuthzManager

Check if the user is authorized to perform the given operation on the given resource.

Specified by:

authorize in interface IAuthzManager

Parameters:

authToken - the authToken associated with a user.

resource - - the protected resource name

operation - - the protected resource operation name

Returns:

authzToken if the user is authorized

Throws:

EAuthzInternalError - if an internal error occurred.

EAuthzAccessDenied - if access denied

authorize

public AuthzToken authorize(IAuthToken authToken,
                            java.lang.String expression)
                     throws EAuthzInternalError,
                            EAuthzAccessDenied

Specified by:

authorize in interface IAuthzManager

Throws:

EAuthzInternalError

EAuthzAccessDenied

init

public void init(java.lang.String name,
                 java.lang.String implName,
                 IConfigStore config)
          throws EBaseException

Description copied from interface: IAuthzManager

Initialize this authorization manager.

Specified by:

init in interface IAuthzManager

Parameters:

name - The name of this authorization manager instance.

implName - The name of the authorization manager plugin.

config - The configuration store for this authorization manager.

Throws:

EBaseException - If an initialization error occurred.

shutdown

public void shutdown()

Description copied from interface: IAuthzManager

Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.

Specified by:

shutdown in interface IAuthzManager

getConfigParams

public java.lang.String[] getConfigParams()
                                   throws EBaseException

Description copied from interface: IAuthzManager

Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.

Specified by:

getConfigParams in interface IAuthzManager

Returns:

a list of names for configuration parameters.

Throws:

EBaseException - If an internal error occurred

getConfigStore

public IConfigStore getConfigStore()

Description copied from interface: IAuthzManager

Get the configuration store for this authorization manager.

Specified by:

getConfigStore in interface IAuthzManager

Returns:

The configuration store of this authorization manager.

getACLs

public java.util.Enumeration<ACL> getACLs()

Description copied from interface: IAuthzManager

Get ACL entries

Specified by:

getACLs in interface IAuthzManager

Returns:

enumeration of ACL entries.

getACL

public IACL getACL(java.lang.String target)

Description copied from interface: IAuthzManager

Get individual ACL entry for the given name of entry.

Specified by:

getACL in interface IAuthzManager

Parameters:

target - The name of the ACL entry

Returns:

The ACL entry.

updateACLs

public void updateACLs(java.lang.String id,
                       java.lang.String rights,
                       java.lang.String strACLs,
                       java.lang.String desc)
                throws EACLsException

Description copied from interface: IAuthzManager

Update ACLs in the database

Specified by:

updateACLs in interface IAuthzManager

Parameters:

id - The name of the ACL entry (ie, resource id)

rights - The allowable rights for this resource

strACLs - The value of the ACL entry

desc - The description for this resource

Throws:

EACLsException - when update fails.

aclEvaluatorElements

public java.util.Enumeration<IAccessEvaluator> aclEvaluatorElements()

Description copied from interface: IAuthzManager

Get all registered evaluators.

Specified by:

aclEvaluatorElements in interface IAuthzManager

Returns:

All registered evaluators.

registerEvaluator

public void registerEvaluator(java.lang.String type,
                              IAccessEvaluator evaluator)

Description copied from interface: IAuthzManager

Register new evaluator

Specified by:

registerEvaluator in interface IAuthzManager

Parameters:

type - Type of evaluator

evaluator - Value of evaluator

getAccessEvaluators

public java.util.Hashtable<java.lang.String,IAccessEvaluator> getAccessEvaluators()

Description copied from interface: IAuthzManager

Return a table of evaluators

Specified by:

getAccessEvaluators in interface IAuthzManager

Returns:

A table of evaluators