com.netscape.cms.authorization
Class BasicAclAuthz

java.lang.Object
  extended by com.netscape.cms.authorization.AAclAuthz
      extended by com.netscape.cms.authorization.BasicAclAuthz
All Implemented Interfaces:
IAuthzManager, IExtendedPluginInfo

public class BasicAclAuthz
extends AAclAuthz
implements IAuthzManager, IExtendedPluginInfo

A class for basic acls authorization manager

Version:
$Revision: 1211 $, $Date: 2010-08-18 10:15:37 -0700 (Wed, 18 Aug 2010) $

Field Summary
protected static java.lang.String PROP_BASEDN
           
 
Fields inherited from class com.netscape.cms.authorization.AAclAuthz
ACLS_ATTR, mConfigParams, mExtendedPluginInfo, PROP_CLASS, PROP_EVAL, PROP_IMPL
 
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
 
Constructor Summary
BasicAclAuthz()
          Default constructor
 
Method Summary
 AuthzToken authorize(IAuthToken authToken, java.lang.String expression)
           
 AuthzToken authorize(IAuthToken authToken, java.lang.String resource, java.lang.String operation)
          check the authorization permission for the user associated with authToken on operation
protected  void flushResourceACLs()
          updates resourceACLs to permanent storage.
 java.lang.String getImplName()
          gets the plugin name of this authorization manager.
 java.lang.String getName()
          gets the name of this authorization manager instance
 void init(java.lang.String name, java.lang.String implName, IConfigStore config)
          Initialize this authorization manager.
protected  void log(int level, java.lang.String msg)
          Logs a message for this class in the system log file.
 void shutdown()
          graceful shutdown
 void updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc)
          This currently does not flush to permanent storage
 
Methods inherited from class com.netscape.cms.authorization.AAclAuthz
accessInit, aclEvaluatorElements, aclResElements, addACLs, checkPermission, checkPermission, evaluateACLs, getAccessEvaluators, getACL, getACLs, getAllowEntries, getConfigParams, getConfigStore, getDenyEntries, getExtendedPluginInfo, getNodes, getOrder, getTargetNames, init, isTypeUnique, registerEvaluator
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface com.netscape.certsrv.authorization.IAuthzManager
accessInit, aclEvaluatorElements, getAccessEvaluators, getACL, getACLs, getConfigParams, getConfigStore, registerEvaluator
 
Methods inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
getExtendedPluginInfo
 

Field Detail

PROP_BASEDN

protected static final java.lang.String PROP_BASEDN
See Also:
Constant Field Values
Constructor Detail

BasicAclAuthz

public BasicAclAuthz()
Default constructor

Method Detail

init

public void init(java.lang.String name,
                 java.lang.String implName,
                 IConfigStore config)
          throws EBaseException
Description copied from interface: IAuthzManager
Initialize this authorization manager.

Specified by:
init in interface IAuthzManager
Parameters:
name - The name of this authorization manager instance.
implName - The name of the authorization manager plugin.
config - The configuration store for this authorization manager.
Throws:
EBaseException - If an initialization error occurred.

getName

public java.lang.String getName()
gets the name of this authorization manager instance

Specified by:
getName in interface IAuthzManager
Returns:
String the name of this authorization manager.

getImplName

public java.lang.String getImplName()
gets the plugin name of this authorization manager.

Specified by:
getImplName in interface IAuthzManager
Returns:
The name of the authorization manager plugin.

authorize

public AuthzToken authorize(IAuthToken authToken,
                            java.lang.String resource,
                            java.lang.String operation)
                     throws EAuthzInternalError,
                            EAuthzAccessDenied
check the authorization permission for the user associated with authToken on operation

Example:

For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:

   try {
     authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read");
   } catch (EBaseException e) {
      log(ILogger.LL_FAILURE, "authorize call: "+ e.toString());
   }
 

Specified by:
authorize in interface IAuthzManager
Specified by:
authorize in class AAclAuthz
Parameters:
authToken - the authToken associated with a user
resource - - the protected resource name
operation - - the protected resource operation name
Returns:
authzToken if success
Throws:
EAuthzInternalError - if an internal error occurred.
EAuthzAccessDenied - if access denied

authorize

public AuthzToken authorize(IAuthToken authToken,
                            java.lang.String expression)
                     throws EAuthzAccessDenied
Specified by:
authorize in interface IAuthzManager
Throws:
EAuthzAccessDenied

updateACLs

public void updateACLs(java.lang.String id,
                       java.lang.String rights,
                       java.lang.String strACLs,
                       java.lang.String desc)
                throws EACLsException
This currently does not flush to permanent storage

Specified by:
updateACLs in interface IAuthzManager
Overrides:
updateACLs in class AAclAuthz
Parameters:
id - is the resource id
strACLs -
rights - The allowable rights for this resource
desc - The description for this resource
Throws:
EACLsException - when update fails.

flushResourceACLs

protected void flushResourceACLs()
                          throws EACLsException
updates resourceACLs to permanent storage. currently not implemented for this authzMgr

Specified by:
flushResourceACLs in class AAclAuthz
Throws:
EACLsException

shutdown

public void shutdown()
graceful shutdown

Specified by:
shutdown in interface IAuthzManager
Specified by:
shutdown in class AAclAuthz

log

protected void log(int level,
                   java.lang.String msg)
Logs a message for this class in the system log file.

Parameters:
level - The log level.
msg - The message to log.
See Also:
ILogger