diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java | 97 |
1 files changed, 45 insertions, 52 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java index f9d1864cb..29cb671e6 100644 --- a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java +++ b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authorization; + // cert server imports. import com.netscape.certsrv.acls.EACLsException; import com.netscape.certsrv.apps.CMS; @@ -30,13 +31,14 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.logging.ILogger; + /** * A class for basic acls authorization manager - * + * * @version $Revision$, $Date$ */ -public class BasicAclAuthz extends AAclAuthz implements IAuthzManager, - IExtendedPluginInfo { +public class BasicAclAuthz extends AAclAuthz + implements IAuthzManager, IExtendedPluginInfo { // members @@ -65,20 +67,22 @@ public class BasicAclAuthz extends AAclAuthz implements IAuthzManager, */ public BasicAclAuthz() { - /* - * Holds configuration parameters accepted by this implementation. This - * list is passed to the configuration console so configuration for - * instances of this implementation can be configured through the + /* Holds configuration parameters accepted by this implementation. + * This list is passed to the configuration console so configuration + * for instances of this implementation can be configured through the * console. */ - mConfigParams = new String[] { "dummy" }; + mConfigParams = + new String[] { + "dummy" + }; } /** * */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -104,23 +108,20 @@ public class BasicAclAuthz extends AAclAuthz implements IAuthzManager, } /** - * check the authorization permission for the user associated with authToken - * on operation + * check the authorization permission for the user associated with + * authToken on operation * <p> * Example: * <p> - * For example, if UsrGrpAdminServlet needs to authorize the caller it would - * do be done in the following fashion: - * + * For example, if UsrGrpAdminServlet needs to authorize the caller + * it would do be done in the following fashion: * <PRE> - * try { - * authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, - * "read"); - * } catch (EBaseException e) { - * log(ILogger.LL_FAILURE, "authorize call: " + e.toString()); - * } - * </PRE> - * + * try { + * authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read"); + * } catch (EBaseException e) { + * log(ILogger.LL_FAILURE, "authorize call: "+ e.toString()); + * } + * </PRE> * @param authToken the authToken associated with a user * @param resource - the protected resource name * @param operation - the protected resource operation name @@ -128,8 +129,8 @@ public class BasicAclAuthz extends AAclAuthz implements IAuthzManager, * @exception EAuthzAccessDenied if access denied * @return authzToken if success */ - public AuthzToken authorize(IAuthToken authToken, String resource, - String operation) throws EAuthzInternalError, EAuthzAccessDenied { + public AuthzToken authorize(IAuthToken authToken, String resource, String operation) + throws EAuthzInternalError, EAuthzAccessDenied { AuthzToken authzToken = new AuthzToken(this); try { @@ -141,70 +142,63 @@ public class BasicAclAuthz extends AAclAuthz implements IAuthzManager, authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource); authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation); authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS, - AuthzToken.AUTHZ_STATUS_SUCCESS); + AuthzToken.AUTHZ_STATUS_SUCCESS); } catch (EACLsException e) { - // audit here later - log(ILogger.LL_FAILURE, - CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED")); - String params[] = { resource, operation }; + // audit here later + log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED")); + String params[] = {resource, operation}; - throw new EAuthzAccessDenied(CMS.getUserMessage( - "CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); + throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } return authzToken; } public AuthzToken authorize(IAuthToken authToken, String expression) - throws EAuthzAccessDenied { + throws EAuthzAccessDenied { if (evaluateACLs(authToken, expression)) { return (new AuthzToken(this)); } else { - String params[] = { expression }; - throw new EAuthzAccessDenied(CMS.getUserMessage( - "CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); + String params[] = {expression}; + throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } } /** * This currently does not flush to permanent storage - * * @param id is the resource id - * @param strACLs + * @param strACLs */ - public void updateACLs(String id, String rights, String strACLs, String desc) - throws EACLsException { + public void updateACLs(String id, String rights, String strACLs, + String desc) throws EACLsException { try { super.updateACLs(id, rights, strACLs, desc); - // flushResourceACLs(); + // flushResourceACLs(); needsFlush = false; } catch (EACLsException ex) { // flushing failed, set flag needsFlush = true; String errMsg = "updateACLs: failed to flushResourceACLs(): " - + ex.toString(); + + ex.toString(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", - ex.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString())); throw new EACLsException(CMS.getUserMessage("CMS_ACL_UPDATE_FAIL")); } } /** - * updates resourceACLs to permanent storage. currently not implemented for - * this authzMgr + * updates resourceACLs to permanent storage. + * currently not implemented for this authzMgr */ protected void flushResourceACLs() throws EACLsException { log(ILogger.LL_FAILURE, "flushResourceACL() is not implemented"); - throw new EACLsException( - CMS.getUserMessage("CMS_ACL_METHOD_NOT_IMPLEMENTED")); + throw new EACLsException(CMS.getUserMessage("CMS_ACL_METHOD_NOT_IMPLEMENTED")); } /** - * graceful shutdown + * graceful shutdown */ public void shutdown() { log(ILogger.LL_INFO, "shutting down"); @@ -212,7 +206,6 @@ public class BasicAclAuthz extends AAclAuthz implements IAuthzManager, /** * Logs a message for this class in the system log file. - * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -220,7 +213,7 @@ public class BasicAclAuthz extends AAclAuthz implements IAuthzManager, protected void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, level, - msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, + level, msg); } } |