Class BasicGroupAuthz

    • Constructor Summary

      Constructors 
      Constructor Description
      BasicGroupAuthz()  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void accessInit​(java.lang.String accessInfo)
      accessInit is for servlets who want to initialize their own authorization information before full operation.
      java.util.Enumeration<IAccessEvaluator> aclEvaluatorElements()
      Get all registered evaluators.
      AuthzToken authorize​(IAuthToken authToken, java.lang.String expression)  
      AuthzToken authorize​(IAuthToken authToken, java.lang.String resource, java.lang.String operation)
      Check if the user is authorized to perform the given operation on the given resource.
      java.util.Hashtable<java.lang.String,​IAccessEvaluator> getAccessEvaluators()
      Return a table of evaluators
      IACL getACL​(java.lang.String target)
      Get individual ACL entry for the given name of entry.
      java.util.Enumeration<ACL> getACLs()
      Get ACL entries
      java.lang.String[] getConfigParams()
      Get configuration parameters for this implementation.
      IConfigStore getConfigStore()
      Get the configuration store for this authorization manager.
      java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
      This method returns an array of strings.
      java.lang.String getImplName()
      Get implementation name of authorization manager plugin.
      java.lang.String getName()
      Get the name of this authorization manager instance.
      void init​(java.lang.String name, java.lang.String implName, IConfigStore config)
      Initialize this authorization manager.
      void registerEvaluator​(java.lang.String type, IAccessEvaluator evaluator)
      Register new evaluator
      void shutdown()
      Prepare this authorization manager for a graceful shutdown.
      void updateACLs​(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc)
      Update ACLs in the database
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • extendedPluginInfo

        protected static java.util.Vector<java.lang.String> extendedPluginInfo
      • configParams

        protected static java.lang.String[] configParams
    • Constructor Detail

      • BasicGroupAuthz

        public BasicGroupAuthz()
    • Method Detail

      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
        Description copied from interface: IExtendedPluginInfo
        This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
        Specified by:
        getExtendedPluginInfo in interface IExtendedPluginInfo
      • getName

        public java.lang.String getName()
        Description copied from interface: IAuthzManager
        Get the name of this authorization manager instance.

        Specified by:
        getName in interface IAuthzManager
        Returns:
        String the name of this authorization manager.
      • getImplName

        public java.lang.String getImplName()
        Description copied from interface: IAuthzManager
        Get implementation name of authorization manager plugin.

        An example of an implementation name will be:

         com.netscape.cms.BasicAclAuthz
         

        Specified by:
        getImplName in interface IAuthzManager
        Returns:
        The name of the authorization manager plugin.
      • accessInit

        public void accessInit​(java.lang.String accessInfo)
                        throws EBaseException
        Description copied from interface: IAuthzManager
        accessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.

        The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following:

            :right-1[,right-n]:[allow,deny](right(s))=:
         

        Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties

        Specified by:
        accessInit in interface IAuthzManager
        Parameters:
        accessInfo - the access info string in the format specified in the authorization manager
        Throws:
        EBaseException - error parsing the accessInfo
      • authorize

        public AuthzToken authorize​(IAuthToken authToken,
                                    java.lang.String resource,
                                    java.lang.String operation)
                             throws EAuthzInternalError,
                                    EAuthzAccessDenied
        Description copied from interface: IAuthzManager
        Check if the user is authorized to perform the given operation on the given resource.
        Specified by:
        authorize in interface IAuthzManager
        Parameters:
        authToken - the authToken associated with a user.
        resource - - the protected resource name
        operation - - the protected resource operation name
        Returns:
        authzToken if the user is authorized
        Throws:
        EAuthzInternalError - if an internal error occurred.
        EAuthzAccessDenied - if access denied
      • init

        public void init​(java.lang.String name,
                         java.lang.String implName,
                         IConfigStore config)
                  throws EBaseException
        Description copied from interface: IAuthzManager
        Initialize this authorization manager.
        Specified by:
        init in interface IAuthzManager
        Parameters:
        name - The name of this authorization manager instance.
        implName - The name of the authorization manager plugin.
        config - The configuration store for this authorization manager.
        Throws:
        EBaseException - If an initialization error occurred.
      • shutdown

        public void shutdown()
        Description copied from interface: IAuthzManager
        Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.
        Specified by:
        shutdown in interface IAuthzManager
      • getConfigParams

        public java.lang.String[] getConfigParams()
                                           throws EBaseException
        Description copied from interface: IAuthzManager
        Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.
        Specified by:
        getConfigParams in interface IAuthzManager
        Returns:
        a list of names for configuration parameters.
        Throws:
        EBaseException - If an internal error occurred
      • getConfigStore

        public IConfigStore getConfigStore()
        Description copied from interface: IAuthzManager
        Get the configuration store for this authorization manager.
        Specified by:
        getConfigStore in interface IAuthzManager
        Returns:
        The configuration store of this authorization manager.
      • getACLs

        public java.util.Enumeration<ACL> getACLs()
        Description copied from interface: IAuthzManager
        Get ACL entries
        Specified by:
        getACLs in interface IAuthzManager
        Returns:
        enumeration of ACL entries.
      • getACL

        public IACL getACL​(java.lang.String target)
        Description copied from interface: IAuthzManager
        Get individual ACL entry for the given name of entry.
        Specified by:
        getACL in interface IAuthzManager
        Parameters:
        target - The name of the ACL entry
        Returns:
        The ACL entry.
      • updateACLs

        public void updateACLs​(java.lang.String id,
                               java.lang.String rights,
                               java.lang.String strACLs,
                               java.lang.String desc)
                        throws EACLsException
        Description copied from interface: IAuthzManager
        Update ACLs in the database
        Specified by:
        updateACLs in interface IAuthzManager
        Parameters:
        id - The name of the ACL entry (ie, resource id)
        rights - The allowable rights for this resource
        strACLs - The value of the ACL entry
        desc - The description for this resource
        Throws:
        EACLsException - when update fails.
      • registerEvaluator

        public void registerEvaluator​(java.lang.String type,
                                      IAccessEvaluator evaluator)
        Description copied from interface: IAuthzManager
        Register new evaluator
        Specified by:
        registerEvaluator in interface IAuthzManager
        Parameters:
        type - Type of evaluator
        evaluator - Value of evaluator