Class AuthzSubsystem
- java.lang.Object
-
- com.netscape.cmscore.authorization.AuthzSubsystem
-
- All Implemented Interfaces:
ISubsystem
,IAuthzSubsystem
public class AuthzSubsystem extends java.lang.Object implements IAuthzSubsystem
Default authorization subsystem- Version:
- $Revision$, $Date$
- Author:
- cfu
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ID
static org.slf4j.Logger
logger
java.util.Hashtable<java.lang.String,AuthzManagerProxy>
mAuthzMgrInsts
java.util.Hashtable<java.lang.String,AuthzMgrPlugin>
mAuthzMgrPlugins
-
Fields inherited from interface org.dogtagpki.server.authorization.IAuthzSubsystem
PROP_CLASS, PROP_IMPL, PROP_PLUGIN, PROP_REALM
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
add(java.lang.String name, IAuthzManager authzMgrInst)
Add an authorization manager instance.AuthzToken
authorize(java.lang.String authzMgrInstName, IAuthToken authToken, java.lang.String exp)
AuthzToken
authorize(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String resource, java.lang.String operation)
authorize the user associated with the given authToken for a given operation with the given authorization manager nameAuthzToken
authorize(java.lang.String authzMgrInstName, IAuthToken authToken, java.lang.String resource, java.lang.String operation, java.lang.String realm)
Authorization to the named authorization manager instancevoid
authzMgrAccessInit(java.lang.String authzMgrInstName, java.lang.String accessInfo)
authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation.void
checkRealm(java.lang.String realm, IAuthToken authToken, java.lang.String owner, java.lang.String resource, java.lang.String operation)
Authorize the user against the specified realm.void
delete(java.lang.String name)
Deletes (deregisters) the given authorization manager.IAuthzManager
get(java.lang.String name)
Gets the authorization manager instance of the specified name.IAuthzManager
getAuthzManager(java.lang.String name)
gets the named authorization managerjava.lang.String
getAuthzManagerNameByRealm(java.lang.String realm)
Given a realm name, return the name of an authz manager for that realm.IAuthzManager
getAuthzManagerPlugin(java.lang.String name)
Retrieve a single authz manager instanceAuthzMgrPlugin
getAuthzManagerPluginImpl(java.lang.String name)
retrieve a single authz manager plugin by namejava.util.Enumeration<AuthzMgrPlugin>
getAuthzManagerPlugins()
Enumerate all registered authorization manager plugins.java.util.Enumeration<IAuthzManager>
getAuthzManagers()
Enumerate all authorization manager instances.java.lang.String[]
getConfigParams(java.lang.String implName)
Gets configuration parameters for the given authorization manager plugin.IConfigStore
getConfigStore()
Returns the root configuration storage of this system.java.lang.String
getId()
Retrieves id (name) of this subsystem.static AuthzSubsystem
getInstance()
java.util.Hashtable<java.lang.String,AuthzManagerProxy>
getInstances()
Get a hashtable containing all authentication instances.java.util.Hashtable<java.lang.String,AuthzMgrPlugin>
getPlugins()
Get a hashtable containing all authentication plugins.void
init(IConfigStore config)
Initializes the authorization subsystem from the config store.void
setId(java.lang.String id)
Sets id string to this subsystem.void
shutdown()
shuts down authorization managers one by one.void
startup()
registers the administration servlet with the administration subsystem.
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
ID
public static final java.lang.String ID
- See Also:
- Constant Field Values
-
mAuthzMgrPlugins
public java.util.Hashtable<java.lang.String,AuthzMgrPlugin> mAuthzMgrPlugins
-
mAuthzMgrInsts
public java.util.Hashtable<java.lang.String,AuthzManagerProxy> mAuthzMgrInsts
-
-
Method Detail
-
getInstance
public static AuthzSubsystem getInstance()
-
init
public void init(IConfigStore config) throws EBaseException
Initializes the authorization subsystem from the config store. Load Authorization manager plugins, create and initialize initialize authorization manager instances.- Specified by:
init
in interfaceISubsystem
- Parameters:
config
- The configuration store.- Throws:
EBaseException
- failed to initialize
-
authzMgrAccessInit
public void authzMgrAccessInit(java.lang.String authzMgrInstName, java.lang.String accessInfo) throws EAuthzMgrNotFound, EBaseException
authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called during the init() method of a servlet.- Specified by:
authzMgrAccessInit
in interfaceIAuthzSubsystem
- Parameters:
authzMgrName
- The authorization manager nameaccessInfo
- the access information to be initialized. currently it's acl string in the format specified in the authorization manager- Throws:
EBaseException
- if authorization manager is not foundEAuthzMgrNotFound
-
authorize
public AuthzToken authorize(java.lang.String authzMgrInstName, IAuthToken authToken, java.lang.String resource, java.lang.String operation, java.lang.String realm) throws EAuthzMgrNotFound, EBaseException
Authorization to the named authorization manager instance- Specified by:
authorize
in interfaceIAuthzSubsystem
- Parameters:
authzMgrName
- The authorization manager nameauthToken
- the authentication token associated with a userresource
- the resource protected by the authorization systemoperation
- the operation for resource protected by the authoriz n system- Returns:
- a authorization token.
- Throws:
EBaseException
- If an error occurs during authorization.EAuthzMgrNotFound
-
authorize
public AuthzToken authorize(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String resource, java.lang.String operation) throws EBaseException
Description copied from interface:IAuthzSubsystem
authorize the user associated with the given authToken for a given operation with the given authorization manager name- Specified by:
authorize
in interfaceIAuthzSubsystem
- Parameters:
authzMgrName
- The authorization manager nameauthToken
- the authenticaton token associated with a userresource
- the resource protected by the authorization systemoperation
- the operation for resource protected by the authorization system- Returns:
- a authorization token.
- Throws:
EBaseException
- If an error occurs during authorization.
-
authorize
public AuthzToken authorize(java.lang.String authzMgrInstName, IAuthToken authToken, java.lang.String exp) throws EAuthzMgrNotFound, EBaseException
- Specified by:
authorize
in interfaceIAuthzSubsystem
- Throws:
EAuthzMgrNotFound
EBaseException
-
getConfigParams
public java.lang.String[] getConfigParams(java.lang.String implName) throws EAuthzMgrPluginNotFound, EBaseException
Gets configuration parameters for the given authorization manager plugin.- Parameters:
implName
- Name of the authorization plugin.- Returns:
- Hashtable of required parameters.
- Throws:
EAuthzMgrPluginNotFound
EBaseException
-
add
public void add(java.lang.String name, IAuthzManager authzMgrInst)
Add an authorization manager instance.- Specified by:
add
in interfaceIAuthzSubsystem
- Parameters:
name
- name of the authorization manager instanceauthzMgr
- the authorization manager instance to be added
-
delete
public void delete(java.lang.String name)
Description copied from interface:IAuthzSubsystem
Deletes (deregisters) the given authorization manager.- Specified by:
delete
in interfaceIAuthzSubsystem
- Parameters:
name
- The authorization manager name to delete.
-
get
public IAuthzManager get(java.lang.String name)
Gets the authorization manager instance of the specified name.- Specified by:
get
in interfaceIAuthzSubsystem
- Parameters:
name
- name of the authorization manager instance- Returns:
- the named authorization manager instance
-
getAuthzManagers
public java.util.Enumeration<IAuthzManager> getAuthzManagers()
Enumerate all authorization manager instances.- Specified by:
getAuthzManagers
in interfaceIAuthzSubsystem
- Returns:
- a list of authorization managers
-
getAuthzManagerPlugins
public java.util.Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins()
Enumerate all registered authorization manager plugins.- Specified by:
getAuthzManagerPlugins
in interfaceIAuthzSubsystem
- Returns:
- list of authorization manager plugins
-
getAuthzManagerPluginImpl
public AuthzMgrPlugin getAuthzManagerPluginImpl(java.lang.String name)
retrieve a single authz manager plugin by name
-
getAuthzManagerPlugin
public IAuthzManager getAuthzManagerPlugin(java.lang.String name)
Retrieve a single authz manager instance- Specified by:
getAuthzManagerPlugin
in interfaceIAuthzSubsystem
- Parameters:
name
- given authorization plugin name- Returns:
- authorization manager plugin
-
getId
public java.lang.String getId()
Retrieves id (name) of this subsystem.- Specified by:
getId
in interfaceISubsystem
- Returns:
- name of the authorization subsystem
-
setId
public void setId(java.lang.String id) throws EBaseException
Sets id string to this subsystem.Use with caution. Should not do it when sharing with others
- Specified by:
setId
in interfaceISubsystem
- Parameters:
id
- name to be applied to an authorization sybsystem- Throws:
EBaseException
- failed to set id
-
startup
public void startup() throws EBaseException
registers the administration servlet with the administration subsystem.- Specified by:
startup
in interfaceISubsystem
- Throws:
EBaseException
- failed to start up
-
shutdown
public void shutdown()
shuts down authorization managers one by one.- Specified by:
shutdown
in interfaceISubsystem
-
getPlugins
public java.util.Hashtable<java.lang.String,AuthzMgrPlugin> getPlugins()
Description copied from interface:IAuthzSubsystem
Get a hashtable containing all authentication plugins.- Specified by:
getPlugins
in interfaceIAuthzSubsystem
- Returns:
- all authentication plugins.
-
getInstances
public java.util.Hashtable<java.lang.String,AuthzManagerProxy> getInstances()
Description copied from interface:IAuthzSubsystem
Get a hashtable containing all authentication instances.- Specified by:
getInstances
in interfaceIAuthzSubsystem
- Returns:
- all authentication instances.
-
getConfigStore
public IConfigStore getConfigStore()
Returns the root configuration storage of this system.- Specified by:
getConfigStore
in interfaceISubsystem
- Returns:
- configuration store of this subsystem
-
getAuthzManager
public IAuthzManager getAuthzManager(java.lang.String name)
gets the named authorization manager- Specified by:
getAuthzManager
in interfaceIAuthzSubsystem
- Parameters:
name
- of the authorization manager- Returns:
- the named authorization manager
-
checkRealm
public void checkRealm(java.lang.String realm, IAuthToken authToken, java.lang.String owner, java.lang.String resource, java.lang.String operation) throws EBaseException
Description copied from interface:IAuthzSubsystem
Authorize the user against the specified realm. Looks for authz manager associated with the plugin and authenticates if present.- Specified by:
checkRealm
in interfaceIAuthzSubsystem
owner
- TODO- Throws:
EBaseException
- if any error occurs during authentication.
-
getAuthzManagerNameByRealm
public java.lang.String getAuthzManagerNameByRealm(java.lang.String realm) throws EAuthzUnknownRealm
Description copied from interface:IAuthzSubsystem
Given a realm name, return the name of an authz manager for that realm.- Specified by:
getAuthzManagerNameByRealm
in interfaceIAuthzSubsystem
- Throws:
EAuthzUnknownRealm
- if no authz manager is found.
-
-