java.lang.Object
- com.netscape.cms.authorization.AAclAuthz
- - com.netscape.cms.authorization.DirAclAuthz

All Implemented Interfaces:

IExtendedPluginInfo, IAuthzManager
```
public class DirAclAuthz
extends AAclAuthz
implements IAuthzManager, IExtendedPluginInfo
```
A class for ldap acls based authorization manager The ldap server used for acls is the cms internal ldap db.

Version:

$Revision$, $Date$

Nested Class Summary
- Nested classes/interfaces inherited from class com.netscape.cms.authorization.AAclAuthz
  AAclAuthz.EvaluationOrder

Field Summary

Fields
Modifier and Type Field Description

static org.slf4j.Logger logger

protected static java.lang.String PROP_SEARCHBASE
- Fields inherited from class com.netscape.cms.authorization.AAclAuthz
  ACLS_ATTR, mConfigParams, mExtendedPluginInfo, PROP_CLASS, PROP_EVAL, PROP_IMPL
- Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
  HELP_TEXT, HELP_TOKEN

Constructor Summary

Constructors
Constructor Description

DirAclAuthz()
Default constructor

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected void`	`flushResourceACLs()`	updates resourceACLs to ldap.
`protected netscape.ldap.LDAPConnection`	`getConn()`
`void`	`init(java.lang.String name, java.lang.String implName, AuthzManagerConfig config)`	Initializes
`protected void`	`returnConn(netscape.ldap.LDAPConnection conn)`
`void`	`shutdown()`	graceful shutdown
`void`	`updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc)`	update acls.

Methods inherited from class com.netscape.cms.authorization.AAclAuthz
accessInit, aclEvaluatorElements, aclResElements, addACLs, authorize, authorize, checkAllowEntries, checkDenyEntries, checkPermission, checkPermission, evaluateACLs, getAccessEvaluators, getACL, getACLs, getConfigParams, getConfigStore, getEntries, getExtendedPluginInfo, getImplName, getName, getNodes, getOrder, getTargetNames, isTypeUnique, registerEvaluator

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.dogtagpki.server.authorization.IAuthzManager
accessInit, aclEvaluatorElements, authorize, authorize, getAccessEvaluators, getACL, getACLs, getConfigParams, getConfigStore, getImplName, getName, registerEvaluator

Methods inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
getExtendedPluginInfo

- Field Detail
  - logger
```
public static org.slf4j.Logger logger
```
  - PROP_SEARCHBASE
```
protected static final java.lang.String PROP_SEARCHBASE
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - DirAclAuthz
```
public DirAclAuthz()
```
    Default constructor
- Method Detail
  - init
```
public void init(java.lang.String name,
                 java.lang.String implName,
                 AuthzManagerConfig config)
          throws EBaseException
```
    Description copied from class: AAclAuthz
    
    Initializes
    
    Specified by:
    
    init in interface IAuthzManager
    
    Overrides:
    
    init in class AAclAuthz
    
    Parameters:
    
    name - The name of this authorization manager instance.
    
    implName - The name of the authorization manager plugin.
    
    config - The configuration store for this authorization manager.
    
    Throws:
    
    EBaseException - If an initialization error occurred.
  - updateACLs
```
public void updateACLs(java.lang.String id,
                       java.lang.String rights,
                       java.lang.String strACLs,
                       java.lang.String desc)
                throws EACLsException
```
    update acls. when memory update is done, flush to ldap.
    Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts down, another flush will be attempted.
    
    Specified by:
    
    updateACLs in interface IAuthzManager
    
    Overrides:
    
    updateACLs in class AAclAuthz
    
    Parameters:
    
    id - is the resource id
    
    rights - The allowable rights for this resource
    
    strACLs - has the same format as a resourceACLs entry acis on the ldap server
    
    desc - The description for this resource
    
    Throws:
    
    EACLsException - when update fails.
  - flushResourceACLs
```
protected void flushResourceACLs()
                          throws EACLsException
```
    updates resourceACLs to ldap.
    
    Throws:
    
    EACLsException
  - getConn
```
protected netscape.ldap.LDAPConnection getConn()
                                        throws ELdapException
```
    Throws:
    
    ELdapException
  - returnConn
```
protected void returnConn(netscape.ldap.LDAPConnection conn)
                   throws ELdapException
```
    Throws:
    
    ELdapException
  - shutdown
```
public void shutdown()
```
    graceful shutdown
    
    Specified by:
    
    shutdown in interface IAuthzManager
    
    Specified by:
    
    shutdown in class AAclAuthz

Modifier and Type	Field	Description
`static org.slf4j.Logger`	`logger`
`protected static java.lang.String`	`PROP_SEARCHBASE`

Class DirAclAuthz

Nested Class Summary

Nested classes/interfaces inherited from class com.netscape.cms.authorization.AAclAuthz

Field Summary

Fields inherited from class com.netscape.cms.authorization.AAclAuthz

Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo

Constructor Summary

Method Summary

Methods inherited from class com.netscape.cms.authorization.AAclAuthz

Methods inherited from class java.lang.Object

Methods inherited from interface org.dogtagpki.server.authorization.IAuthzManager

Methods inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo

Field Detail

logger

PROP_SEARCHBASE

Constructor Detail

DirAclAuthz

Method Detail

init

updateACLs

flushResourceACLs

getConn

returnConn

shutdown