Field Detail

• logger

  public static org.slf4j.Logger logger

• extendedPluginInfo

  protected static java.util.Vector<java.lang.String> extendedPluginInfo

• configParams

  protected static java.lang.String[] configParams

Constructor Detail

• BasicGroupAuthz

  public BasicGroupAuthz()

Method Detail

• getExtendedPluginInfo

  public java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)

  Description copied from interface: IExtendedPluginInfo
  This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"

  Specified by:

  getExtendedPluginInfo in interface IExtendedPluginInfo

• getName

  public java.lang.String getName()

  Description copied from interface: IAuthzManager
  Get the name of this authorization manager instance.

  Specified by:

  getName in interface IAuthzManager

  Returns:

  String the name of this authorization manager.

• getImplName

  public java.lang.String getImplName()

  Description copied from interface: IAuthzManager
  Get implementation name of authorization manager plugin.

  An example of an implementation name will be:

   com.netscape.cms.BasicAclAuthz
   

  Specified by:

  getImplName in interface IAuthzManager

  Returns:

  The name of the authorization manager plugin.

• accessInit

  public void accessInit​(java.lang.String accessInfo)
                  throws EBaseException

  Description copied from interface: IAuthzManager
  accessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called from the authzMgrAccessInit() method of the AuthzSubsystem.

  The accessInfo format is determined by each individual authzmgr. For example, for BasicAclAuthz, The accessInfo is the resACLs, whose format should conform to the following:

      :right-1[,right-n]:[allow,deny](right(s))=:
   
  
   Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties

  Specified by:

  accessInit in interface IAuthzManager

  Parameters:

  accessInfo - the access info string in the format specified in the authorization manager

  Throws:

  EBaseException - error parsing the accessInfo

• authorize

  public AuthzToken authorize​(IAuthToken authToken,
                              java.lang.String resource,
                              java.lang.String operation)
                       throws EAuthzInternalError,
                              EAuthzAccessDenied

  Description copied from interface: IAuthzManager
  Check if the user is authorized to perform the given operation on the given resource.

  Specified by:

  authorize in interface IAuthzManager

  Parameters:

  authToken - the authToken associated with a user.

  resource - - the protected resource name

  operation - - the protected resource operation name

  Returns:

  authzToken if the user is authorized

  Throws:

  EAuthzInternalError - if an internal error occurred.

  EAuthzAccessDenied - if access denied

• authorize

  public AuthzToken authorize​(IAuthToken authToken,
                              java.lang.String expression)
                       throws EAuthzInternalError,
                              EAuthzAccessDenied

  Specified by:

  authorize in interface IAuthzManager

  Throws:

  EAuthzInternalError

  EAuthzAccessDenied

• init

  public void init​(java.lang.String name,
                   java.lang.String implName,
                   AuthzManagerConfig config)
            throws EBaseException

  Description copied from interface: IAuthzManager
  Initialize this authorization manager.

  Specified by:

  init in interface IAuthzManager

  Parameters:

  name - The name of this authorization manager instance.

  implName - The name of the authorization manager plugin.

  config - The configuration store for this authorization manager.

  Throws:

  EBaseException - If an initialization error occurred.

• shutdown

  public void shutdown()

  Description copied from interface: IAuthzManager
  Prepare this authorization manager for a graceful shutdown. Called when the server is exiting for any cleanup needed.

  Specified by:

  shutdown in interface IAuthzManager

• getConfigParams

  public java.lang.String[] getConfigParams()
                                     throws EBaseException

  Description copied from interface: IAuthzManager
  Get configuration parameters for this implementation. The configuration parameters returned is passed to the console so configuration for instances of this implementation can be made through the console.

  Specified by:

  getConfigParams in interface IAuthzManager

  Returns:

  a list of names for configuration parameters.

  Throws:

  EBaseException - If an internal error occurred

• getConfigStore

  public AuthzManagerConfig getConfigStore()

  Description copied from interface: IAuthzManager
  Get the configuration store for this authorization manager.

  Specified by:

  getConfigStore in interface IAuthzManager

  Returns:

  The configuration store of this authorization manager.

• getACLs

  public java.util.Enumeration<IACL> getACLs()

  Description copied from interface: IAuthzManager
  Get ACL entries

  Specified by:

  getACLs in interface IAuthzManager

  Returns:

  enumeration of ACL entries.

• getACL

  public IACL getACL​(java.lang.String target)

  Description copied from interface: IAuthzManager
  Get individual ACL entry for the given name of entry.

  Specified by:

  getACL in interface IAuthzManager

  Parameters:

  target - The name of the ACL entry

  Returns:

  The ACL entry.

• updateACLs

  public void updateACLs​(java.lang.String id,
                         java.lang.String rights,
                         java.lang.String strACLs,
                         java.lang.String desc)
                  throws EACLsException

  Description copied from interface: IAuthzManager
  Update ACLs in the database

  Specified by:

  updateACLs in interface IAuthzManager

  Parameters:

  id - The name of the ACL entry (ie, resource id)

  rights - The allowable rights for this resource

  strACLs - The value of the ACL entry

  desc - The description for this resource

  Throws:

  EACLsException - when update fails.

• aclEvaluatorElements

  public java.util.Enumeration<IAccessEvaluator> aclEvaluatorElements()

  Description copied from interface: IAuthzManager
  Get all registered evaluators.

  Specified by:

  aclEvaluatorElements in interface IAuthzManager

  Returns:

  All registered evaluators.

• registerEvaluator

  public void registerEvaluator​(java.lang.String type,
                                IAccessEvaluator evaluator)

  Description copied from interface: IAuthzManager
  Register new evaluator

  Specified by:

  registerEvaluator in interface IAuthzManager

  Parameters:

  type - Type of evaluator

  evaluator - Value of evaluator

• getAccessEvaluators

  public java.util.Hashtable<java.lang.String,​IAccessEvaluator> getAccessEvaluators()

  Description copied from interface: IAuthzManager
  Return a table of evaluators

  Specified by:

  getAccessEvaluators in interface IAuthzManager

  Returns:

  A table of evaluators