Package com.netscape.cmscore.authorization

Class AuthzSubsystem

  • All Implemented Interfaces:
    ISubsystem, IAuthzSubsystem
    public class AuthzSubsystem
extends java.lang.Object
implements IAuthzSubsystem
    Default authorization subsystem

    Version:
    $Revision$, $Date$
    Author:
    cfu

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void add​(java.lang.String name, IAuthzManager authzMgrInst)
      Add an authorization manager instance.
      AuthzToken authorize​(java.lang.String authzMgrInstName, IAuthToken authToken, java.lang.String exp)  
      AuthzToken authorize​(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String resource, java.lang.String operation)
      authorize the user associated with the given authToken for a given operation with the given authorization manager name
      AuthzToken authorize​(java.lang.String authzMgrInstName, IAuthToken authToken, java.lang.String resource, java.lang.String operation, java.lang.String realm)
      Authorization to the named authorization manager instance
      void authzMgrAccessInit​(java.lang.String authzMgrInstName, java.lang.String accessInfo)
      authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation.
      void checkRealm​(java.lang.String realm, IAuthToken authToken, java.lang.String owner, java.lang.String resource, java.lang.String operation)
      Authorize the user against the specified realm.
      void delete​(java.lang.String name)
      Deletes (deregisters) the given authorization manager.
      IAuthzManager get​(java.lang.String name)
      Gets the authorization manager instance of the specified name.
      IAuthzManager getAuthzManager​(java.lang.String name)
      gets the named authorization manager
      java.lang.String getAuthzManagerNameByRealm​(java.lang.String realm)
      Given a realm name, return the name of an authz manager for that realm.
      IAuthzManager getAuthzManagerPlugin​(java.lang.String name)
      Retrieve a single authz manager instance
      AuthzMgrPlugin getAuthzManagerPluginImpl​(java.lang.String name)
      retrieve a single authz manager plugin by name
      java.util.Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins()
      Enumerate all registered authorization manager plugins.
      java.util.Enumeration<IAuthzManager> getAuthzManagers()
      Enumerate all authorization manager instances.
      java.lang.String[] getConfigParams​(java.lang.String implName)
      Gets configuration parameters for the given authorization manager plugin.
      IConfigStore getConfigStore()
      Returns the root configuration storage of this system.
      java.lang.String getId()
      Retrieves id (name) of this subsystem.
      static AuthzSubsystem getInstance()  
      java.util.Hashtable<java.lang.String,​AuthzManagerProxy> getInstances()
      Get a hashtable containing all authentication instances.
      java.util.Hashtable<java.lang.String,​AuthzMgrPlugin> getPlugins()
      Get a hashtable containing all authentication plugins.
      void init​(IConfigStore config)
      Initializes the authorization subsystem from the config store.
      void setId​(java.lang.String id)
      Sets id string to this subsystem.
      void shutdown()
      shuts down authorization managers one by one.
      void startup()
      registers the administration servlet with the administration subsystem.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • logger

        public static org.slf4j.Logger logger

      • mAuthzMgrPlugins

        public java.util.Hashtable<java.lang.String,​AuthzMgrPlugin> mAuthzMgrPlugins

      • mAuthzMgrInsts

        public java.util.Hashtable<java.lang.String,​AuthzManagerProxy> mAuthzMgrInsts

    • Method Detail

      • init

        public void init​(IConfigStore config)
          throws EBaseException
        Initializes the authorization subsystem from the config store. Load Authorization manager plugins, create and initialize initialize authorization manager instances.
        Specified by:
        init in interface ISubsystem
        Parameters:
        config - The configuration store.
        Throws:
        EBaseException - failed to initialize

      • authzMgrAccessInit

        public void authzMgrAccessInit​(java.lang.String authzMgrInstName,
                               java.lang.String accessInfo)
                        throws EAuthzMgrNotFound,
                               EBaseException
        authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called during the init() method of a servlet.
        Specified by:
        authzMgrAccessInit in interface IAuthzSubsystem
        Parameters:
        authzMgrName - The authorization manager name
        accessInfo - the access information to be initialized. currently it's acl string in the format specified in the authorization manager
        Throws:
        EBaseException - if authorization manager is not found
        EAuthzMgrNotFound

      • authorize

        public AuthzToken authorize​(java.lang.String authzMgrInstName,
                            IAuthToken authToken,
                            java.lang.String resource,
                            java.lang.String operation,
                            java.lang.String realm)
                     throws EAuthzMgrNotFound,
                            EBaseException
        Authorization to the named authorization manager instance
        Specified by:
        authorize in interface IAuthzSubsystem
        Parameters:
        authzMgrName - The authorization manager name
        authToken - the authentication token associated with a user
        resource - the resource protected by the authorization system
        operation - the operation for resource protected by the authoriz n system
        Returns:
        a authorization token.
        Throws:
        EBaseException - If an error occurs during authorization.
        EAuthzMgrNotFound

      • authorize

        public AuthzToken authorize​(java.lang.String authzMgrName,
                            IAuthToken authToken,
                            java.lang.String resource,
                            java.lang.String operation)
                     throws EBaseException
        Description copied from interface: IAuthzSubsystem
        authorize the user associated with the given authToken for a given operation with the given authorization manager name
        Specified by:
        authorize in interface IAuthzSubsystem
        Parameters:
        authzMgrName - The authorization manager name
        authToken - the authenticaton token associated with a user
        resource - the resource protected by the authorization system
        operation - the operation for resource protected by the authorization system
        Returns:
        a authorization token.
        Throws:
        EBaseException - If an error occurs during authorization.

      • add

        public void add​(java.lang.String name,
                IAuthzManager authzMgrInst)
        Add an authorization manager instance.
        Specified by:
        add in interface IAuthzSubsystem
        Parameters:
        name - name of the authorization manager instance
        authzMgr - the authorization manager instance to be added

      • delete

        public void delete​(java.lang.String name)
        Description copied from interface: IAuthzSubsystem
        Deletes (deregisters) the given authorization manager.
        Specified by:
        delete in interface IAuthzSubsystem
        Parameters:
        name - The authorization manager name to delete.

      • get

        public IAuthzManager get​(java.lang.String name)
        Gets the authorization manager instance of the specified name.
        Specified by:
        get in interface IAuthzSubsystem
        Parameters:
        name - name of the authorization manager instance
        Returns:
        the named authorization manager instance

      • getAuthzManagers

        public java.util.Enumeration<IAuthzManager> getAuthzManagers()
        Enumerate all authorization manager instances.
        Specified by:
        getAuthzManagers in interface IAuthzSubsystem
        Returns:
        a list of authorization managers

      • getAuthzManagerPlugins

        public java.util.Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins()
        Enumerate all registered authorization manager plugins.
        Specified by:
        getAuthzManagerPlugins in interface IAuthzSubsystem
        Returns:
        list of authorization manager plugins

      • getAuthzManagerPluginImpl

        public AuthzMgrPlugin getAuthzManagerPluginImpl​(java.lang.String name)
        retrieve a single authz manager plugin by name

      • getAuthzManagerPlugin

        public IAuthzManager getAuthzManagerPlugin​(java.lang.String name)
        Retrieve a single authz manager instance
        Specified by:
        getAuthzManagerPlugin in interface IAuthzSubsystem
        Parameters:
        name - given authorization plugin name
        Returns:
        authorization manager plugin

      • getId

        public java.lang.String getId()
        Retrieves id (name) of this subsystem.
        Specified by:
        getId in interface ISubsystem
        Returns:
        name of the authorization subsystem

      • setId

        public void setId​(java.lang.String id)
           throws EBaseException
        Sets id string to this subsystem.

        Use with caution. Should not do it when sharing with others

        Specified by:
        setId in interface ISubsystem
        Parameters:
        id - name to be applied to an authorization sybsystem
        Throws:
        EBaseException - failed to set id

      • shutdown

        public void shutdown()
        shuts down authorization managers one by one.

        Specified by:
        shutdown in interface ISubsystem

      • getPlugins

        public java.util.Hashtable<java.lang.String,​AuthzMgrPlugin> getPlugins()
        Description copied from interface: IAuthzSubsystem
        Get a hashtable containing all authentication plugins.
        Specified by:
        getPlugins in interface IAuthzSubsystem
        Returns:
        all authentication plugins.

      • getInstances

        public java.util.Hashtable<java.lang.String,​AuthzManagerProxy> getInstances()
        Description copied from interface: IAuthzSubsystem
        Get a hashtable containing all authentication instances.
        Specified by:
        getInstances in interface IAuthzSubsystem
        Returns:
        all authentication instances.

      • getConfigStore

        public IConfigStore getConfigStore()
        Returns the root configuration storage of this system.

        Specified by:
        getConfigStore in interface ISubsystem
        Returns:
        configuration store of this subsystem

      • getAuthzManager

        public IAuthzManager getAuthzManager​(java.lang.String name)
        gets the named authorization manager
        Specified by:
        getAuthzManager in interface IAuthzSubsystem
        Parameters:
        name - of the authorization manager
        Returns:
        the named authorization manager

      • checkRealm

        public void checkRealm​(java.lang.String realm,
                       IAuthToken authToken,
                       java.lang.String owner,
                       java.lang.String resource,
                       java.lang.String operation)
                throws EBaseException
        Description copied from interface: IAuthzSubsystem
        Authorize the user against the specified realm. Looks for authz manager associated with the plugin and authenticates if present.
        Specified by:
        checkRealm in interface IAuthzSubsystem
        owner - TODO
        Throws:
        EBaseException - if any error occurs during authentication.