Realms - Address comments from review

Review comments addressed:
1. when archiving or generating keys, realm is checked
2. when no plugin is found for a realm, access is denied.
3. rename mFoo to foo for new variables.
4. add chaining of exceptions
5. remove attributes from KeyArchivalRequest etc. when realm is null
6. Add more detail to denial in BasicGroupAuthz

Part of Trac Ticket 2041

1 files changed, 4 insertions, 2 deletions

diff --git a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
index 8b126d2da..354485897 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
@@ -32,6 +32,7 @@ import com.netscape.certsrv.authorization.EAuthzAccessDenied;
 import com.netscape.certsrv.authorization.EAuthzException;
 import com.netscape.certsrv.authorization.EAuthzMgrNotFound;
 import com.netscape.certsrv.authorization.EAuthzMgrPluginNotFound;
+import com.netscape.certsrv.authorization.EAuthzUnknownRealm;
 import com.netscape.certsrv.authorization.IAuthzManager;
 import com.netscape.certsrv.authorization.IAuthzSubsystem;
 import com.netscape.certsrv.base.EBaseException;
@@ -480,8 +481,9 @@ public class AuthzSubsystem implements IAuthzSubsystem {
         if ((owner != null) && owner.equals(authToken.getInString(IAuthToken.USER_ID))) return;
 
         String mgrName = getAuthzManagerByRealm(realm);
-        // if no authz manager for this realm, SUCCESS by default
-        if (mgrName == null) return;
+        if (mgrName == null) {
+            throw new EAuthzUnknownRealm("Realm not found");
+        }
 
         AuthzToken authzToken = authorize(mgrName, authToken, resource, operation);
         if (authzToken == null) {