public class BasicAclAuthz extends AAclAuthz implements IAuthzManager, IExtendedPluginInfo
Modifier and Type | Field and Description |
---|---|
protected static java.lang.String |
PROP_BASEDN |
ACLS_ATTR, mConfigParams, mExtendedPluginInfo, PROP_CLASS, PROP_EVAL, PROP_IMPL
HELP_TEXT, HELP_TOKEN
Constructor and Description |
---|
BasicAclAuthz()
Default constructor
|
Modifier and Type | Method and Description |
---|---|
AuthzToken |
authorize(IAuthToken authToken,
java.lang.String expression) |
AuthzToken |
authorize(IAuthToken authToken,
java.lang.String resource,
java.lang.String operation)
check the authorization permission for the user associated with
authToken on operation
|
protected void |
flushResourceACLs()
updates resourceACLs to permanent storage.
|
java.lang.String |
getImplName()
gets the plugin name of this authorization manager.
|
java.lang.String |
getName()
gets the name of this authorization manager instance
|
void |
init(java.lang.String name,
java.lang.String implName,
IConfigStore config)
Initialize this authorization manager.
|
protected void |
log(int level,
java.lang.String msg)
Logs a message for this class in the system log file.
|
void |
shutdown()
graceful shutdown
|
void |
updateACLs(java.lang.String id,
java.lang.String rights,
java.lang.String strACLs,
java.lang.String desc)
This currently does not flush to permanent storage
|
accessInit, aclEvaluatorElements, aclResElements, addACLs, checkPermission, checkPermission, evaluateACLs, getAccessEvaluators, getACL, getACLs, getAllowEntries, getConfigParams, getConfigStore, getDenyEntries, getExtendedPluginInfo, getNodes, getOrder, getTargetNames, init, isTypeUnique, registerEvaluator
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
accessInit, aclEvaluatorElements, getAccessEvaluators, getACL, getACLs, getConfigParams, getConfigStore, registerEvaluator
getExtendedPluginInfo
protected static final java.lang.String PROP_BASEDN
public void init(java.lang.String name, java.lang.String implName, IConfigStore config) throws EBaseException
IAuthzManager
init
in interface IAuthzManager
name
- The name of this authorization manager instance.implName
- The name of the authorization manager plugin.config
- The configuration store for this authorization manager.EBaseException
- If an initialization error occurred.public java.lang.String getName()
getName
in interface IAuthzManager
public java.lang.String getImplName()
getImplName
in interface IAuthzManager
public AuthzToken authorize(IAuthToken authToken, java.lang.String resource, java.lang.String operation) throws EAuthzInternalError, EAuthzAccessDenied
Example:
For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:
try { authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read"); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "authorize call: "+ e.toString()); }
authorize
in interface IAuthzManager
authorize
in class AAclAuthz
authToken
- the authToken associated with a userresource
- - the protected resource nameoperation
- - the protected resource operation nameEAuthzInternalError
- if an internal error occurred.EAuthzAccessDenied
- if access deniedpublic AuthzToken authorize(IAuthToken authToken, java.lang.String expression) throws EAuthzAccessDenied
authorize
in interface IAuthzManager
EAuthzAccessDenied
public void updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc) throws EACLsException
updateACLs
in interface IAuthzManager
updateACLs
in class AAclAuthz
id
- is the resource idstrACLs
- rights
- The allowable rights for this resourcedesc
- The description for this resourceEACLsException
- when update fails.protected void flushResourceACLs() throws EACLsException
flushResourceACLs
in class AAclAuthz
EACLsException
public void shutdown()
shutdown
in interface IAuthzManager
shutdown
in class AAclAuthz
protected void log(int level, java.lang.String msg)
level
- The log level.msg
- The message to log.ILogger