diff options
author | Ade Lee <alee@redhat.com> | 2016-04-19 14:52:40 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2016-04-20 17:31:01 -0400 |
commit | b59d8305130e81d3e00240b5612a327c9dfc7d12 (patch) | |
tree | 0634fd72c54083da01fa8bf5173c027cb3a55fdb /base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java | |
parent | 3e4eb72ec8a295784e9283cccf637d4199d96626 (diff) | |
download | pki-b59d8305130e81d3e00240b5612a327c9dfc7d12.tar.gz pki-b59d8305130e81d3e00240b5612a327c9dfc7d12.tar.xz pki-b59d8305130e81d3e00240b5612a327c9dfc7d12.zip |
Realms - Address comments from review
Review comments addressed:
1. when archiving or generating keys, realm is checked
2. when no plugin is found for a realm, access is denied.
3. rename mFoo to foo for new variables.
4. add chaining of exceptions
5. remove attributes from KeyArchivalRequest etc. when realm is null
6. Add more detail to denial in BasicGroupAuthz
Part of Trac Ticket 2041
Diffstat (limited to 'base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java b/base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java index 1908e3c69..0bf24311f 100644 --- a/base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java +++ b/base/server/cms/src/com/netscape/cms/authorization/BasicGroupAuthz.java @@ -44,35 +44,35 @@ public class BasicGroupAuthz implements IAuthzManager, IExtendedPluginInfo { private static final String GROUP = "group"; /* name of this authorization manager instance */ - private String name = null; + private String name; /* name of the authorization manager plugin */ - private String implName = null; + private String implName; /* configuration store */ private IConfigStore config; /* group that is allowed to access resources */ - private String groupName = null; + private String groupName; /* Vector of extendedPluginInfo strings */ - protected static Vector<String> mExtendedPluginInfo = null; + protected static Vector<String> extendedPluginInfo; - protected static String[] mConfigParams = null; + protected static String[] configParams; static { - mExtendedPluginInfo = new Vector<String>(); - mExtendedPluginInfo.add("group;string,required;" + + extendedPluginInfo = new Vector<String>(); + extendedPluginInfo.add("group;string,required;" + "Group to permit access"); } public BasicGroupAuthz() { - mConfigParams = new String[] {"group"}; + configParams = new String[] {"group"}; } @Override public String[] getExtendedPluginInfo(Locale locale) { - String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo); + String[] s = Utils.getStringArrayFromVector(extendedPluginInfo); return s; } @@ -103,6 +103,7 @@ public class BasicGroupAuthz implements IAuthzManager, IExtendedPluginInfo { IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG); IGroup group = ug.getGroupFromName(groupName); if (!group.isMember(user)) { + CMS.debug("BasicGroupAuthz: access denied. User: " + user + " is not a member of group: " + groupName); throw new EAuthzAccessDenied("Access denied"); } @@ -139,7 +140,7 @@ public class BasicGroupAuthz implements IAuthzManager, IExtendedPluginInfo { @Override public String[] getConfigParams() throws EBaseException { - return mConfigParams; + return configParams; } @Override |