Class AuthzSubsystem

java.lang.Object
com.netscape.certsrv.base.Subsystem
com.netscape.cmscore.authorization.AuthzSubsystem

public class AuthzSubsystem extends Subsystem
Default authorization subsystem

Version:
$Revision$, $Date$
Author:
cfu
  • Field Details

  • Constructor Details

    • AuthzSubsystem

      public AuthzSubsystem()
  • Method Details

    • init

      public void init(ConfigStore config) throws Exception
      Initializes the authorization subsystem from the config store. Load Authorization manager plugins, create and initialize initialize authorization manager instances.
      Overrides:
      init in class Subsystem
      Parameters:
      config - Subsystem configuration
      Throws:
      Exception - Unable to initialize subsystem
    • authzMgrAccessInit

      public void authzMgrAccessInit(String authzMgrInstName, String accessInfo) throws EAuthzMgrNotFound, EBaseException
      authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called during the init() method of a servlet.
      Parameters:
      authzMgrInstName - The authorization manager name
      accessInfo - the access information to be initialized. currently it's acl string in the format specified in the authorization manager
      Throws:
      EAuthzMgrNotFound
      EBaseException
    • addACLInfo

      public void addACLInfo(String aclMethod, String aclInfo) throws EBaseException
      Throws:
      EBaseException
    • authorize

      public AuthzToken authorize(String authzMgrInstName, AuthToken authToken, String resource, String operation, String realm) throws EAuthzMgrNotFound, EBaseException
      Authorization to the named authorization manager instance
      Parameters:
      authzMgrInstName - The authorization manager name
      authToken - the authentication token associated with a user
      resource - the resource protected by the authorization system
      operation - the operation for resource protected by the authoriz n system
      Returns:
      a authorization token.
      Throws:
      EBaseException - If an error occurs during authorization.
      EAuthzMgrNotFound
    • authorize

      public AuthzToken authorize(String authzMgrName, AuthToken authToken, String resource, String operation) throws EBaseException
      Throws:
      EBaseException
    • authorize

      public AuthzToken authorize(String authzMgrInstName, AuthToken authToken, String exp) throws EAuthzMgrNotFound, EBaseException
      Throws:
      EAuthzMgrNotFound
      EBaseException
    • getConfigParams

      public String[] getConfigParams(String implName) throws EAuthzMgrPluginNotFound, EBaseException
      Gets configuration parameters for the given authorization manager plugin.
      Parameters:
      implName - Name of the authorization plugin.
      Returns:
      Hashtable of required parameters.
      Throws:
      EAuthzMgrPluginNotFound
      EBaseException
    • add

      public void add(String name, AuthzManager authzMgrInst)
      Add an authorization manager instance.
      Parameters:
      name - name of the authorization manager instance
      authzMgrInst - the authorization manager instance to be added
    • delete

      public void delete(String name)
      Removes a authorization manager instance.
      Parameters:
      name - name of the authorization manager
    • get

      public AuthzManager get(String name)
      Gets the authorization manager instance of the specified name.
      Parameters:
      name - name of the authorization manager instance
      Returns:
      the named authorization manager instance
    • getAuthzManagers

      public Enumeration<AuthzManager> getAuthzManagers()
      Enumerate all authorization manager instances.
    • getAuthzManagerPlugins

      public Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins()
      Enumerate all registered authorization manager plugins.
    • getAuthzManagerPluginImpl

      public AuthzMgrPlugin getAuthzManagerPluginImpl(String name)
      retrieve a single authz manager plugin by name
    • getAuthzManagerPlugin

      public AuthzManager getAuthzManagerPlugin(String name)
      Retrieve a single authz manager instance
    • getId

      public String getId()
      Retrieves id (name) of this subsystem.
      Overrides:
      getId in class Subsystem
      Returns:
      name of the authorization subsystem
    • setId

      public void setId(String id) throws EBaseException
      Sets id string to this subsystem.

      Use with caution. Should not do it when sharing with others

      Overrides:
      setId in class Subsystem
      Parameters:
      id - name to be applied to an authorization sybsystem
      Throws:
      EBaseException - failed to set id
    • startup

      public void startup() throws EBaseException
      registers the administration servlet with the administration subsystem.
      Overrides:
      startup in class Subsystem
      Throws:
      EBaseException - failed to start up
    • shutdown

      public void shutdown()
      shuts down authorization managers one by one.

      Overrides:
      shutdown in class Subsystem
    • getPlugins

      public Hashtable<String,AuthzMgrPlugin> getPlugins()
      Get a hashtable containing all authentication plugins.
      Returns:
      all authentication plugins.
    • getInstances

      public Hashtable<String,AuthzManagerProxy> getInstances()
      Get a hashtable containing all authentication instances.
      Returns:
      all authentication instances.
    • getConfigStore

      public ConfigStore getConfigStore()
      Returns the root configuration storage of this system.

      Overrides:
      getConfigStore in class Subsystem
      Returns:
      configuration store of this subsystem
    • getAuthzManager

      public AuthzManager getAuthzManager(String name)
      gets the named authorization manager
      Parameters:
      name - of the authorization manager
      Returns:
      the named authorization manager
    • checkRealm

      public void checkRealm(String realm, AuthToken authToken, String owner, String resource, String operation) throws EBaseException
      Authorize the user against the specified realm. Looks for authz manager associated with the plugin and authenticates if present.
      Parameters:
      realm -
      authToken -
      owner - TODO
      resource -
      operation -
      Throws:
      EBaseException - if any error occurs during authentication.
    • getAuthzManagerNameByRealm

      public String getAuthzManagerNameByRealm(String realm) throws EAuthzUnknownRealm
      Given a realm name, return the name of an authz manager for that realm.
      Throws:
      EAuthzUnknownRealm - if no authz manager is found.