com.netscape.cms.authorization

Class DirAclAuthz

java.lang.Object

com.netscape.cms.authorization.AAclAuthz

com.netscape.cms.authorization.DirAclAuthz

All Implemented Interfaces:

IAuthzManager, IExtendedPluginInfo

public class DirAclAuthz
extends AAclAuthz
implements IAuthzManager, IExtendedPluginInfo

A class for ldap acls based authorization manager The ldap server used for acls is the cms internal ldap db.

Version:

$Revision$, $Date$

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	PROP_BASEDN

Fields inherited from class com.netscape.cms.authorization.AAclAuthz

ACLS_ATTR, mConfigParams, mExtendedPluginInfo, PROP_CLASS, PROP_EVAL, PROP_IMPL

Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo

HELP_TEXT, HELP_TOKEN

Constructor Summary

Constructors

Constructor and Description
DirAclAuthz() Default constructor

Method Summary

Modifier and Type	Method and Description
AuthzToken	authorize(IAuthToken authToken, java.lang.String expression)
AuthzToken	authorize(IAuthToken authToken, java.lang.String resource, java.lang.String operation) check the authorization permission for the user associated with authToken on operation
protected void	flushResourceACLs() updates resourceACLs to ldap.
protected netscape.ldap.LDAPConnection	getConn()
java.lang.String	getImplName() gets the plugin name of this authorization manager.
java.lang.String	getName() gets the name of this authorization manager instance
void	init(java.lang.String name, java.lang.String implName, IConfigStore config) Initialize this authorization manager.
protected void	log(int level, java.lang.String msg) Logs a message for this class in the system log file.
protected void	returnConn(netscape.ldap.LDAPConnection conn)
void	shutdown() graceful shutdown
void	updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc) update acls.

Methods inherited from class com.netscape.cms.authorization.AAclAuthz

accessInit, aclEvaluatorElements, aclResElements, addACLs, checkPermission, checkPermission, evaluateACLs, getAccessEvaluators, getACL, getACLs, getAllowEntries, getConfigParams, getConfigStore, getDenyEntries, getExtendedPluginInfo, getNodes, getOrder, getTargetNames, init, isTypeUnique, registerEvaluator

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.netscape.certsrv.authorization.IAuthzManager

accessInit, aclEvaluatorElements, getAccessEvaluators, getACL, getACLs, getConfigParams, getConfigStore, registerEvaluator

Methods inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo

getExtendedPluginInfo

Field Detail

PROP_BASEDN

protected static final java.lang.String PROP_BASEDN

See Also:

Constant Field Values

Constructor Detail

DirAclAuthz

public DirAclAuthz()

Default constructor

Method Detail

init

public void init(java.lang.String name,
                 java.lang.String implName,
                 IConfigStore config)
          throws EBaseException

Description copied from interface: IAuthzManager

Initialize this authorization manager.

Specified by:

init in interface IAuthzManager

Parameters:

name - The name of this authorization manager instance.

implName - The name of the authorization manager plugin.

config - The configuration store for this authorization manager.

Throws:

EBaseException - If an initialization error occurred.

getName

public java.lang.String getName()

gets the name of this authorization manager instance

Specified by:

getName in interface IAuthzManager

Returns:

String the name of this authorization manager.

getImplName

public java.lang.String getImplName()

gets the plugin name of this authorization manager.

Specified by:

getImplName in interface IAuthzManager

Returns:

The name of the authorization manager plugin.

authorize

public AuthzToken authorize(IAuthToken authToken,
                            java.lang.String resource,
                            java.lang.String operation)
                     throws EAuthzInternalError,
                            EAuthzAccessDenied

check the authorization permission for the user associated with authToken on operation

Example:

For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:

 try {
     authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read");
 } catch (EBaseException e) {
     log(ILogger.LL_FAILURE, "authorize call: " + e.toString());
 }
 

Specified by:

authorize in interface IAuthzManager

Specified by:

authorize in class AAclAuthz

Parameters:

authToken - the authToken associated with a user

resource - - the protected resource name

operation - - the protected resource operation name

Returns:

authzToken

Throws:

EBaseException - If an internal error occurred.

EAuthzInternalError - if an internal error occurred.

EAuthzAccessDenied - if access denied

authorize

public AuthzToken authorize(IAuthToken authToken,
                            java.lang.String expression)
                     throws EAuthzAccessDenied

Specified by:

authorize in interface IAuthzManager

Throws:

EAuthzAccessDenied

updateACLs

public void updateACLs(java.lang.String id,
                       java.lang.String rights,
                       java.lang.String strACLs,
                       java.lang.String desc)
                throws EACLsException

update acls. when memory update is done, flush to ldap.

Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts down, another flush will be attempted.

Specified by:

updateACLs in interface IAuthzManager

Overrides:

updateACLs in class AAclAuthz

Parameters:

id - is the resource id

rights - The allowable rights for this resource

strACLs - has the same format as a resourceACLs entry acis on the ldap server

desc - The description for this resource

Throws:

EACLsException - when update fails.

flushResourceACLs

protected void flushResourceACLs()
                          throws EACLsException

updates resourceACLs to ldap.

Specified by:

flushResourceACLs in class AAclAuthz

Throws:

EACLsException

getConn

protected netscape.ldap.LDAPConnection getConn()
                                        throws ELdapException

Throws:

ELdapException

returnConn

protected void returnConn(netscape.ldap.LDAPConnection conn)
                   throws ELdapException

Throws:

ELdapException

shutdown

public void shutdown()

graceful shutdown

Specified by:

shutdown in interface IAuthzManager

Specified by:

shutdown in class AAclAuthz

log

protected void log(int level,
                   java.lang.String msg)

Logs a message for this class in the system log file.

Parameters:

level - The log level.

msg - The message to log.

See Also:

ILogger