public class DirAclAuthz extends AAclAuthz implements IAuthzManager, IExtendedPluginInfo
Modifier and Type | Field and Description |
---|---|
protected static java.lang.String |
PROP_BASEDN |
ACLS_ATTR, mConfigParams, mExtendedPluginInfo, PROP_CLASS, PROP_EVAL, PROP_IMPL
HELP_TEXT, HELP_TOKEN
Constructor and Description |
---|
DirAclAuthz()
Default constructor
|
Modifier and Type | Method and Description |
---|---|
AuthzToken |
authorize(IAuthToken authToken,
java.lang.String expression) |
AuthzToken |
authorize(IAuthToken authToken,
java.lang.String resource,
java.lang.String operation)
check the authorization permission for the user associated with
authToken on operation
|
protected void |
flushResourceACLs()
updates resourceACLs to ldap.
|
protected netscape.ldap.LDAPConnection |
getConn() |
java.lang.String |
getImplName()
gets the plugin name of this authorization manager.
|
java.lang.String |
getName()
gets the name of this authorization manager instance
|
void |
init(java.lang.String name,
java.lang.String implName,
IConfigStore config)
Initialize this authorization manager.
|
protected void |
log(int level,
java.lang.String msg)
Logs a message for this class in the system log file.
|
protected void |
returnConn(netscape.ldap.LDAPConnection conn) |
void |
shutdown()
graceful shutdown
|
void |
updateACLs(java.lang.String id,
java.lang.String rights,
java.lang.String strACLs,
java.lang.String desc)
update acls.
|
accessInit, aclEvaluatorElements, aclResElements, addACLs, checkPermission, checkPermission, evaluateACLs, getAccessEvaluators, getACL, getACLs, getAllowEntries, getConfigParams, getConfigStore, getDenyEntries, getExtendedPluginInfo, getNodes, getOrder, getTargetNames, init, isTypeUnique, registerEvaluator
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
accessInit, aclEvaluatorElements, getAccessEvaluators, getACL, getACLs, getConfigParams, getConfigStore, registerEvaluator
getExtendedPluginInfo
protected static final java.lang.String PROP_BASEDN
public void init(java.lang.String name, java.lang.String implName, IConfigStore config) throws EBaseException
IAuthzManager
init
in interface IAuthzManager
name
- The name of this authorization manager instance.implName
- The name of the authorization manager plugin.config
- The configuration store for this authorization manager.EBaseException
- If an initialization error occurred.public java.lang.String getName()
getName
in interface IAuthzManager
public java.lang.String getImplName()
getImplName
in interface IAuthzManager
public AuthzToken authorize(IAuthToken authToken, java.lang.String resource, java.lang.String operation) throws EAuthzInternalError, EAuthzAccessDenied
Example:
For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:
try { authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read"); } catch (EBaseException e) { log(ILogger.LL_FAILURE, "authorize call: "+ e.toString()); }
authorize
in interface IAuthzManager
authorize
in class AAclAuthz
authToken
- the authToken associated with a userresource
- - the protected resource nameoperation
- - the protected resource operation nameEBaseException
- If an internal error occurred.EAuthzInternalError
- if an internal error occurred.EAuthzAccessDenied
- if access deniedpublic AuthzToken authorize(IAuthToken authToken, java.lang.String expression) throws EAuthzAccessDenied
authorize
in interface IAuthzManager
EAuthzAccessDenied
public void updateACLs(java.lang.String id, java.lang.String rights, java.lang.String strACLs, java.lang.String desc) throws EACLsException
Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts down, another flush will be attempted.
updateACLs
in interface IAuthzManager
updateACLs
in class AAclAuthz
id
- is the resource idrights
- The allowable rights for this resourcestrACLs
- has the same format as a resourceACLs entry acis
on the ldap serverdesc
- The description for this resourceEACLsException
- when update fails.protected void flushResourceACLs() throws EACLsException
flushResourceACLs
in class AAclAuthz
EACLsException
protected netscape.ldap.LDAPConnection getConn() throws ELdapException
ELdapException
protected void returnConn(netscape.ldap.LDAPConnection conn) throws ELdapException
ELdapException
public void shutdown()
shutdown
in interface IAuthzManager
shutdown
in class AAclAuthz
protected void log(int level, java.lang.String msg)
level
- The log level.msg
- The message to log.ILogger