diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/authorization')
13 files changed, 936 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java new file mode 100644 index 000000000..0960311ee --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java @@ -0,0 +1,56 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +/** + * A class represents an authorization manager. It contains an + * authorization manager instance and its state (enable or not). + * @version $Revision$, $Date$ + */ +public class AuthzManagerProxy { + private boolean mEnable; + private IAuthzManager mMgr; + + /** + * Constructor + * @param enable true if the authzMgr is enabled; false otherwise + * @param mgr authorization manager instance + */ + public AuthzManagerProxy(boolean enable, IAuthzManager mgr) { + mEnable = enable; + mMgr = mgr; + } + + /** + * Returns the state of the authorization manager instance + * @return true if the state of the authorization manager instance is + * enabled; false otherwise. + */ + public boolean isEnable() { + return mEnable; + } + + /** + * Returns an authorization manager instance. + * @return an authorization manager instance + */ + public IAuthzManager getAuthzManager() { + return mMgr; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java new file mode 100644 index 000000000..ef8c62f8f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java @@ -0,0 +1,80 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import java.util.*; +import java.lang.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authorization.*; + + +/** + * This class represents a registered authorization manager plugin. + * <P> + * + * @version $Revision$, $Date$ + */ +public class AuthzMgrPlugin { + protected String mId = null; + protected String mClassPath = null; + protected Class mClass = null; + protected boolean mVisible = true; + + /** + * Constructs a AuthzManager plugin. + * @param id authz manager implementation name + * @param classPath class path + */ + public AuthzMgrPlugin(String id, String classPath) { + mId = id; + mClassPath = classPath; + } + + /** + * Returns an authorization manager implementation name + * @return an authorization manager implementation name + */ + public String getId() { + return mId; + } + + /** + * Returns a classpath of a AuthzManager plugin + * @return a classpath of a AuthzManager plugin + */ + public String getClassPath() { + return mClassPath; + } + + /** + * Returns a visibility of the plugin + * @return a visibility of the plugin + */ + public boolean isVisible() { + return mVisible; + } + + /** + * Sets visibility of the plugin + * @param visibility visibility of the plugin + */ + public void setVisible(boolean visibility) { + mVisible = visibility; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java new file mode 100644 index 000000000..f17038eff --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import java.util.*; + + +/** + * A class represents a resource bundle for the authorization subsystem + * <P> + * @deprecated + * @version $Revision$, $Date$ + */ +public class AuthzResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + * @return the content of this resource + */ + public Object[][] getContents() { + return contents; + } + + /** + * A set of constants for localized error messages. + */ + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java new file mode 100644 index 000000000..dc64d322a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java @@ -0,0 +1,164 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import java.util.Hashtable; +import java.util.Date; +import java.util.Enumeration; +import com.netscape.certsrv.base.*; + + +/** + * Authorization token returned by Authorization Managers. + * Upon return, it contains the name of the authorization manager that create + * the AuthzToken, the plugin name of the authorization manager, time of + * authorization happened, name of the resource, type of operation performed + * on the resource. + * <p> + * @version $Revision$, $Date$ + */ +public class AuthzToken implements IAttrSet { + private Hashtable mAttrs = null; + + /** + * Plugin name of the authorization manager that created the + * AuthzToken as a string. + */ + public static final String TOKEN_AUTHZMGR_IMPL_NAME = "authzMgrImplName"; + + /** + * Name of the authorization manager that created the AuthzToken + * as a string. + */ + public static final String TOKEN_AUTHZMGR_INST_NAME = "authzMgrInstName"; + + /** + * Time of authorization as a java.util.Date + */ + public static final String TOKEN_AUTHZTIME = "authzTime"; + + /** + * name of the resource + */ + public static final String TOKEN_AUTHZ_RESOURCE = "authzRes"; + + /** + * name of the operation + */ + public static final String TOKEN_AUTHZ_OPERATION = "authzOp"; + + /* + * Status of the authorization evaluation + */ + public static final String TOKEN_AUTHZ_STATUS = "status"; + + /** + * Constant for the success status of the authorization evaluation. + */ + public static final String AUTHZ_STATUS_SUCCESS = "statusSuccess"; + + /** + * Constructs an instance of a authorization token. + * The token by default contains the following attributes: <br> + * <pre> + * "authzMgrInstName" - The authorization manager instance name. + * "authzMgrImplName" - The authorization manager plugin name. + * "authzTime" - The - The time of authorization. + * </pre> + * @param authzMgr The authorization manager that created this Token. + */ + public AuthzToken(IAuthzManager authzMgr) { + mAttrs = new Hashtable(); + mAttrs.put(TOKEN_AUTHZMGR_INST_NAME, authzMgr.getName()); + mAttrs.put(TOKEN_AUTHZMGR_IMPL_NAME, authzMgr.getImplName()); + mAttrs.put(TOKEN_AUTHZTIME, new Date()); + } + + /** + * Get the value of an attribute in the AuthzToken + * @param attrName The attribute name + * @return The value of attrName if any. + */ + public Object get(String attrName) { + return mAttrs.get(attrName); + } + + /** + * Used by an Authorization manager to set an attribute and value + * in the AuthzToken. + * @param attrName The name of the attribute + * @param value The value of the attribute to set. + */ + public void set(String attrName, Object value) { + mAttrs.put(attrName, value); + } + + /** + * Removes an attribute in the AuthzToken + * @param attrName The name of the attribute to remove. + */ + public void delete(String attrName) { + mAttrs.remove(attrName); + } + + /** + * Enumerate all attribute names in the AuthzToken. + * @return Enumeration of all attribute names in this AuthzToken. + */ + public Enumeration getElements() { + return (mAttrs.keys()); + } + + /** + * Enumerate all attribute values in the AuthzToken. + * @return Enumeration of all attribute names in this AuthzToken. + */ + public Enumeration getVals() { + return (mAttrs.elements()); + } + + /** + * Gets the name of the authorization manager instance that created + * this token. + * @return The name of the authorization manager instance that created + * this token. + */ + public String getAuthzManagerInstName() { + return ((String) mAttrs.get(TOKEN_AUTHZMGR_INST_NAME)); + } + + /** + * Gets the plugin name of the authorization manager that created this + * token. + * @return The plugin name of the authorization manager that created this + * token. + */ + public String getAuthzManagerImplName() { + return ((String) mAttrs.get(TOKEN_AUTHZMGR_IMPL_NAME)); + } + + /** + * Gets the time of authorization. + * @return The time of authorization + */ + public Date getAuthzTime() { + return ((Date) mAttrs.get(TOKEN_AUTHZTIME)); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java new file mode 100644 index 000000000..0284de58c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for authorization failure + */ +public class EAuthzAccessDenied extends EAuthzException { + + /** + * Constructs a exception for access denied by Authz manager + * @param errorString Detailed error message. + */ + public EAuthzAccessDenied(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java new file mode 100644 index 000000000..4c2670b00 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java @@ -0,0 +1,82 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import com.netscape.certsrv.base.EBaseException; + +/** + * This class represents authorization exceptions. + * <P> + * @version $Revision$, $Date$ + */ +public class EAuthzException extends EBaseException { + + /** + * Resource class name. + */ + private static final String AUTHZ_RESOURCES = AuthzResources.class.getName(); + + /** + * Constructs a authz exception + * <P> + * @param msgFormat exception details + */ + public EAuthzException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a authz exception with a parameter. + * <p> + * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EAuthzException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a authz exception with a exception parameter. + * <P> + * @param msgFormat exception details in message string format + * @param param system exception + */ + public EAuthzException(String msgFormat, Exception param) { + super(msgFormat, param); + } + + /** + * Constructs a authz exception with a list of parameters. + * <P> + * @param msgFormat the message format. + * @param params list of message format parameters + */ + public EAuthzException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Returns the resource bundle name + * @return resource bundle name + */ + protected String getBundleName() { + return AUTHZ_RESOURCES; + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java new file mode 100644 index 000000000..52b1b9ade --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * An exception for internal error for authorization. + */ +public class EAuthzInternalError extends EAuthzException { + + /** + * Constructs an authorization internal error exception + * @param errorString error with a detailed message. + */ + public EAuthzInternalError(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java new file mode 100644 index 000000000..7bf76ba6f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for authorization manager not found. + */ +public class EAuthzMgrNotFound extends EAuthzException { + + /** + * Constructs a exception for a missing required authorization manager + * @param errorString Detailed error message. + */ + public EAuthzMgrNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java new file mode 100644 index 000000000..b305d627b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for authorization manager plugin not found. + */ +public class EAuthzMgrPluginNotFound extends EAuthzException { + + /** + * Constructs a exception for a missing authorization plugin + * @param errorString Detailed error message. + */ + public EAuthzMgrPluginNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java new file mode 100644 index 000000000..99caba2be --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for operation unknown to the authorization manager + */ +public class EAuthzUnknownOperation extends EAuthzException { + + /** + * Constructs a exception for an operation unknown to the authorization manager + * @param errorString Detailed error message. + */ + public EAuthzUnknownOperation(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java new file mode 100644 index 000000000..169ed443c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for protected resource unknown to the authorization manager + */ +public class EAuthzUnknownProtectedRes extends EAuthzException { + + /** + * Constructs a exception for a protected resource unknown to the authorization manager + * @param errorString Detailed error message. + */ + public EAuthzUnknownProtectedRes(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java new file mode 100644 index 000000000..db016f248 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java @@ -0,0 +1,169 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import com.netscape.certsrv.authentication.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.acls.*; +import com.netscape.certsrv.evaluators.*; +import java.util.*; + + +/** + * Authorization Manager interface needs to be implemented by all + * authorization managers. + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthzManager { + + /** + * Get the name of this authorization manager instance. + * <p> + * @return String the name of this authorization manager. + */ + public String getName(); + + /** + * Get implementation name of authorization manager plugin. + * <p> + * An example of an implementation name will be: + * <PRE> + * com.netscape.cms.BasicAclAuthz + * </PRE> + * <p> + * @return The name of the authorization manager plugin. + */ + public String getImplName(); + + /** + * <code>accessInit</code> is for servlets who want to initialize their + * own authorization information before full operation. It is supposed + * to be called from the authzMgrAccessInit() method of the AuthzSubsystem. + * <p> + * The accessInfo format is determined by each individual + * authzmgr. For example, for BasicAclAuthz, + * The accessInfo is the resACLs, whose format should conform + * to the following: + * <pre> + * <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl + * </pre> + * <P> + * Example: + * resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties + * @param accessInfo the access info string in the format specified in the authorization manager + * @exception EBaseException error parsing the accessInfo + */ + public void accessInit(String accessInfo) throws EBaseException; + + /** + * Check if the user is authorized to perform the given operation on the + * given resource. + * @param authToken the authToken associated with a user. + * @param resource - the protected resource name + * @param operation - the protected resource operation name + * @return authzToken if the user is authorized + * @exception EAuthzInternalError if an internal error occurred. + * @exception EAuthzAccessDenied if access denied + */ + public AuthzToken authorize(IAuthToken authToken, String resource, String operation) + throws EAuthzInternalError, EAuthzAccessDenied; + + public AuthzToken authorize(IAuthToken authToken, String expression) + throws EAuthzInternalError, EAuthzAccessDenied; + + /** + * Initialize this authorization manager. + * @param name The name of this authorization manager instance. + * @param implName The name of the authorization manager plugin. + * @param config The configuration store for this authorization manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException; + + /** + * Prepare this authorization manager for a graceful shutdown. + * Called when the server is exiting for any cleanup needed. + */ + public void shutdown(); + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * console so configuration for instances of this + * implementation can be made through the console. + * + * @return a list of names for configuration parameters. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException; + + /** + * Get the configuration store for this authorization manager. + * @return The configuration store of this authorization manager. + */ + public IConfigStore getConfigStore(); + + /** + * Get ACL entries + * @return enumeration of ACL entries. + */ + public Enumeration getACLs(); + + /** + * Get individual ACL entry for the given name of entry. + * @param target The name of the ACL entry + * @return The ACL entry. + */ + public IACL getACL(String target); + + /** + * Update ACLs in the database + * @param id The name of the ACL entry (ie, resource id) + * @param rights The allowable rights for this resource + * @param strACLs The value of the ACL entry + * @param desc The description for this resource + * @exception EACLsException when update fails. + */ + public void updateACLs(String id, String rights, String strACLs, + String desc) throws EACLsException; + + /** + * Get all registered evaluators. + * @return All registered evaluators. + */ + public Enumeration aclEvaluatorElements(); + + /** + * Register new evaluator + * @param type Type of evaluator + * @param evaluator Value of evaluator + */ + public void registerEvaluator(String type, IAccessEvaluator evaluator); + + /** + * Return a table of evaluators + * @return A table of evaluators + */ + public Hashtable getAccessEvaluators(); +} + diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java new file mode 100644 index 000000000..2d0f81ee8 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java @@ -0,0 +1,149 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +import com.netscape.certsrv.authentication.*; +import com.netscape.certsrv.base.*; +import java.util.*; + +/** + * An interface that represents an authorization component + * <P> + * + * @version $Revision$, $Date$ + */ +public interface IAuthzSubsystem extends ISubsystem { + + /** + * Constant for auths. + */ + public static final String ID = "authz"; + + /** + * Constant for class. + */ + public static final String PROP_CLASS = "class"; + + /** + * Constant for impl + */ + public static final String PROP_IMPL = "impl"; + + /** + * Constant for pluginName. + */ + public static final String PROP_PLUGIN = "pluginName"; + + /** + * Constant for instance. + */ + public static final String PROP_INSTANCE = "instance"; + + /** + * authorize the user associated with the given authToken for a given + * operation with the given authorization manager name + * @param authzMgrName The authorization manager name + * @param authToken the authenticaton token associated with a user + * @param resource the resource protected by the authorization system + * @param operation the operation for resource protected by the authorization system + * @return a authorization token. + * @exception EBaseException If an error occurs during authorization. + */ + public AuthzToken authorize(String authzMgrName, IAuthToken authToken, + String resource, String operation) + throws EBaseException; + + public AuthzToken authorize(String authzMgrName, IAuthToken authToken, + String exp) throws EBaseException; + + /** + * Adds (registers) the given authorization manager. + * @param name The authorization manager name + * @param authzMgr The authorization manager instance. + */ + public void add(String name, IAuthzManager authzMgr); + + /** + * Deletes (deregisters) the given authorization manager. + * @param name The authorization manager name to delete. + */ + public void delete(String name); + + /** + * Gets the Authorization manager instance of the specified name. + * @param name The authorization manager's name. + * @return an authorization manager interface + */ + public IAuthzManager getAuthzManager(String name) throws EBaseException; + + /** + * Gets an enumeration of authorization managers registered to the + * authorization component. + * @return a list of authorization managers + */ + public Enumeration getAuthzManagers(); + + /** + * Initialize authz info - usually used for BasicAclAuthz + * + * @param authzMgrName name of the authorization manager + * @param accessInfo string representation of the ACL + * @exception EBaseException if authorization manager is not found + */ + public void authzMgrAccessInit(String authzMgrName, String accessInfo) throws EBaseException; + + /** + * Gets an enumeration of authorization manager plugins. + * @return list of authorization manager plugins + */ + public Enumeration getAuthzManagerPlugins(); + + /** + * Gets a single authorization manager plugin implementation + * @param name given authorization plugin name + * @return authorization manager plugin + */ + public IAuthzManager getAuthzManagerPlugin(String name); + + /** + * Log error message. + * @param level log level + * @param msg error message + */ + public void log(int level, String msg); + + /** + * Get a hashtable containing all authentication plugins. + * @return all authentication plugins. + */ + public Hashtable getPlugins(); + + /** + * Get a hashtable containing all authentication instances. + * @return all authentication instances. + */ + public Hashtable getInstances(); + + /** + * Get an authorization manager interface for the given name. + * @param name given authorization manager name. + * @return an authorization manager interface + */ + public IAuthzManager get(String name); +} + |