com.netscape.certsrv.authorization
Interface IAuthzManager

All Known Implementing Classes:
BasicAclAuthz, DirAclAuthz

public interface IAuthzManager

Authorization Manager interface needs to be implemented by all authorization managers.

Version:
$Revision: 1211 $, $Date: 2010-08-18 10:15:37 -0700 (Wed, 18 Aug 2010) $

Method Summary
 void accessInit(java.lang.String accessInfo)
          accessInit is for servlets who want to initialize their own authorization information before full operation.
 java.util.Enumeration aclEvaluatorElements()
          Get all registered evaluators.
 AuthzToken authorize(IAuthToken authToken, java.lang.String expression)
           
 AuthzToken authorize(IAuthToken authToken, java.lang.String resource, java.lang.String operation)
          Check if the user is authorized to perform the given operation on the given resource.
 java.util.Hashtable getAccessEvaluators()
          Return a table of evaluators
 IACL getACL(java.lang.String target)
          Get individual ACL entry for the given name of entry.
 java.util.Enumeration getACLs()
          Get ACL entries
 java.lang.String[] getConfigParams()
          Get configuration parameters for this implementation.
 IConfigStore getConfigStore()
          Get the configuration store for this authorization manager.
 java.lang.String getImplName()
          Get implementation name of authorization manager plugin.
 java.lang.String getName()
          Get the name of this authorization manager instance.
 void init(java.lang.String name, java.lang.String implName, IConfigStore config)
          Initialize this authorization manager.
 void registerEvaluator(java.lang.String type, IAccessEvaluator evaluator)
          Register new evaluator
 void shutdown()
          Prepare this authorization manager for a graceful shutdown.
 void updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc)
          Update ACLs in the database
 

Method Detail

getName

java.lang.String getName()
Get the name of this authorization manager instance.

Returns:
String the name of this authorization manager.

getImplName

java.lang.String getImplName()
Get implementation name of authorization manager plugin.

An example of an implementation name will be:

 com.netscape.cms.BasicAclAuthz
 

Returns:
The name of the authorization manager plugin.

accessInit

void accessInit(java.lang.String accessInfo)
                throws EBaseException
accessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.

The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following:

    :right-1[,right-n]:[allow,deny](right(s))=:
 

Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties

Parameters:
accessInfo - the access info string in the format specified in the authorization manager
Throws:
EBaseException - error parsing the accessInfo

authorize

AuthzToken authorize(IAuthToken authToken,
                     java.lang.String resource,
                     java.lang.String operation)
                     throws EAuthzInternalError,
                            EAuthzAccessDenied
Check if the user is authorized to perform the given operation on the given resource.

Parameters:
authToken - the authToken associated with a user.
resource - - the protected resource name
operation - - the protected resource operation name
Returns:
authzToken if the user is authorized
Throws:
EAuthzInternalError - if an internal error occurred.
EAuthzAccessDenied - if access denied

authorize

AuthzToken authorize(IAuthToken authToken,
                     java.lang.String expression)
                     throws EAuthzInternalError,
                            EAuthzAccessDenied
Throws:
EAuthzInternalError
EAuthzAccessDenied

init

void init(java.lang.String name,
          java.lang.String implName,
          IConfigStore config)
          throws EBaseException
Initialize this authorization manager.

Parameters:
name - The name of this authorization manager instance.
implName - The name of the authorization manager plugin.
config - The configuration store for this authorization manager.
Throws:
EBaseException - If an initialization error occurred.

shutdown

void shutdown()
Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.


getConfigParams

java.lang.String[] getConfigParams()
                                   throws EBaseException
Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.

Returns:
a list of names for configuration parameters.
Throws:
EBaseException - If an internal error occurred

getConfigStore

IConfigStore getConfigStore()
Get the configuration store for this authorization manager.

Returns:
The configuration store of this authorization manager.

getACLs

java.util.Enumeration getACLs()
Get ACL entries

Returns:
enumeration of ACL entries.

getACL

IACL getACL(java.lang.String target)
Get individual ACL entry for the given name of entry.

Parameters:
target - The name of the ACL entry
Returns:
The ACL entry.

updateACLs

void updateACLs(java.lang.String id,
                java.lang.String rights,
                java.lang.String strACLs,
                java.lang.String desc)
                throws EACLsException
Update ACLs in the database

Parameters:
id - The name of the ACL entry (ie, resource id)
rights - The allowable rights for this resource
strACLs - The value of the ACL entry
desc - The description for this resource
Throws:
EACLsException - when update fails.

aclEvaluatorElements

java.util.Enumeration aclEvaluatorElements()
Get all registered evaluators.

Returns:
All registered evaluators.

registerEvaluator

void registerEvaluator(java.lang.String type,
                       IAccessEvaluator evaluator)
Register new evaluator

Parameters:
type - Type of evaluator
evaluator - Value of evaluator

getAccessEvaluators

java.util.Hashtable getAccessEvaluators()
Return a table of evaluators

Returns:
A table of evaluators