|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.netscape.cms.authorization.AAclAuthz
com.netscape.cms.authorization.BasicAclAuthz
public class BasicAclAuthz
A class for basic acls authorization manager
Field Summary | |
---|---|
protected static java.lang.String |
PROP_BASEDN
|
Fields inherited from class com.netscape.cms.authorization.AAclAuthz |
---|
ACLS_ATTR, mConfigParams, mExtendedPluginInfo, PROP_CLASS, PROP_EVAL, PROP_IMPL |
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo |
---|
HELP_TEXT, HELP_TOKEN |
Constructor Summary | |
---|---|
BasicAclAuthz()
Default constructor |
Method Summary | |
---|---|
AuthzToken |
authorize(IAuthToken authToken,
java.lang.String expression)
|
AuthzToken |
authorize(IAuthToken authToken,
java.lang.String resource,
java.lang.String operation)
check the authorization permission for the user associated with authToken on operation |
protected void |
flushResourceACLs()
updates resourceACLs to permanent storage. |
java.lang.String |
getImplName()
gets the plugin name of this authorization manager. |
java.lang.String |
getName()
gets the name of this authorization manager instance |
void |
init(java.lang.String name,
java.lang.String implName,
IConfigStore config)
Initialize this authorization manager. |
protected void |
log(int level,
java.lang.String msg)
Logs a message for this class in the system log file. |
void |
shutdown()
graceful shutdown |
void |
updateACLs(java.lang.String id,
java.lang.String rights,
java.lang.String strACLs,
java.lang.String desc)
This currently does not flush to permanent storage |
Methods inherited from class com.netscape.cms.authorization.AAclAuthz |
---|
accessInit, aclEvaluatorElements, aclResElements, addACLs, checkPermission, checkPermission, evaluateACLs, getAccessEvaluators, getACL, getACLs, getAllowEntries, getConfigParams, getConfigStore, getDenyEntries, getExtendedPluginInfo, getNodes, getOrder, getTargetNames, init, isTypeUnique, registerEvaluator |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface com.netscape.certsrv.authorization.IAuthzManager |
---|
accessInit, aclEvaluatorElements, getAccessEvaluators, getACL, getACLs, getConfigParams, getConfigStore, registerEvaluator |
Methods inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo |
---|
getExtendedPluginInfo |
Field Detail |
---|
protected static final java.lang.String PROP_BASEDN
Constructor Detail |
---|
public BasicAclAuthz()
Method Detail |
---|
public void init(java.lang.String name, java.lang.String implName, IConfigStore config) throws EBaseException
IAuthzManager
init
in interface IAuthzManager
name
- The name of this authorization manager instance.implName
- The name of the authorization manager plugin.config
- The configuration store for this authorization manager.
EBaseException
- If an initialization error occurred.public java.lang.String getName()
getName
in interface IAuthzManager
public java.lang.String getImplName()
getImplName
in interface IAuthzManager
public AuthzToken authorize(IAuthToken authToken, java.lang.String resource, java.lang.String operation) throws EAuthzInternalError, EAuthzAccessDenied
Example:
For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:
try { authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read"); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "authorize call: "+ e.toString()); }
authorize
in interface IAuthzManager
authorize
in class AAclAuthz
authToken
- the authToken associated with a userresource
- - the protected resource nameoperation
- - the protected resource operation name
EAuthzInternalError
- if an internal error occurred.
EAuthzAccessDenied
- if access deniedpublic AuthzToken authorize(IAuthToken authToken, java.lang.String expression) throws EAuthzAccessDenied
authorize
in interface IAuthzManager
EAuthzAccessDenied
public void updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc) throws EACLsException
updateACLs
in interface IAuthzManager
updateACLs
in class AAclAuthz
id
- is the resource idstrACLs
- rights
- The allowable rights for this resourcedesc
- The description for this resource
EACLsException
- when update fails.protected void flushResourceACLs() throws EACLsException
flushResourceACLs
in class AAclAuthz
EACLsException
public void shutdown()
shutdown
in interface IAuthzManager
shutdown
in class AAclAuthz
protected void log(int level, java.lang.String msg)
level
- The log level.msg
- The message to log.ILogger
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |