diff options
author | Ade Lee <alee@redhat.com> | 2016-04-19 22:32:33 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2016-04-20 17:31:17 -0400 |
commit | 9dc5a7829e9521ac29196515e1384f552068a649 (patch) | |
tree | 170fea823082cccc3d1d367ab915fdb2de9d1cb4 /base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java | |
parent | b59d8305130e81d3e00240b5612a327c9dfc7d12 (diff) | |
download | pki-9dc5a7829e9521ac29196515e1384f552068a649.tar.gz pki-9dc5a7829e9521ac29196515e1384f552068a649.tar.xz pki-9dc5a7829e9521ac29196515e1384f552068a649.zip |
Realm: allow auth instances to support multiple realms
In practice, most folks will use something like DirAclAuthz
to manage their realm. Rather than requiring a new authz plugin
for each realm, we allow the authz plugin to support multiple
realms (as a comma separated list).
For the Acl plugins in particular, we expand the authorize call
to allow the caller to pass in the realm as well as the resource
and operation. The resource queried would then be constructed on
the fly as realm.resource
Examples will be provided in the wiki page.
Trac Ticket 2041
Diffstat (limited to 'base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java')
-rw-r--r-- | base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java index 156643897..c7d8df56b 100644 --- a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java +++ b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java @@ -80,6 +80,9 @@ public interface IAuthzSubsystem extends ISubsystem { public AuthzToken authorize(String authzMgrName, IAuthToken authToken, String exp) throws EBaseException; + public AuthzToken authorize(String authzMgrName, IAuthToken authToken, + String resource, String operation, String realm) throws EBaseException; + /** * Authorize the user against the specified realm. Looks for authz manager * associated with the plugin and authenticates if present. |