Added new authz methods to check realm

* Added method to check realm.  This method will look for
  an authz instance for a specified realm and invoke it to
  determine access.
* Added a basic group based authz plugin mostly for testing.
  This plugin simply checks if the requestor is in the correct
  group.  In practice, customers will probably want something more
  complex maybe subclassing BasicAclAuthz.

Part of Trac Ticket #2041

1 files changed, 19 insertions, 0 deletions

diff --git a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
index b96499a77..156643897 100644
--- a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
+++ b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
@@ -58,6 +58,11 @@ public interface IAuthzSubsystem extends ISubsystem {
     public static final String PROP_INSTANCE = "instance";
 
     /**
+     * Constant for realm
+     */
+    public static final String PROP_REALM = "realm";
+
+    /**
      * authorize the user associated with the given authToken for a given
      * operation with the given authorization manager name
      *
@@ -76,6 +81,20 @@ public interface IAuthzSubsystem extends ISubsystem {
             String exp) throws EBaseException;
 
     /**
+     * Authorize the user against the specified realm.  Looks for authz manager
+     * associated with the plugin and authenticates if present.
+     *
+     * @param realm
+     * @param authToken
+     * @param owner TODO
+     * @param resource
+     * @param operation
+     * @throws EBaseException if any error occurs during authentication.
+     */
+    public void checkRealm(String realm, IAuthToken authToken,
+            String owner, String resource, String operation) throws EBaseException;
+
+    /**
      * Adds (registers) the given authorization manager.
      *
      * @param name The authorization manager name