diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java | 97 |
1 files changed, 52 insertions, 45 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java index 29cb671e6..f9d1864cb 100644 --- a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java +++ b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.authorization; - // cert server imports. import com.netscape.certsrv.acls.EACLsException; import com.netscape.certsrv.apps.CMS; @@ -31,14 +30,13 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.IExtendedPluginInfo; import com.netscape.certsrv.logging.ILogger; - /** * A class for basic acls authorization manager - * + * * @version $Revision$, $Date$ */ -public class BasicAclAuthz extends AAclAuthz - implements IAuthzManager, IExtendedPluginInfo { +public class BasicAclAuthz extends AAclAuthz implements IAuthzManager, + IExtendedPluginInfo { // members @@ -67,22 +65,20 @@ public class BasicAclAuthz extends AAclAuthz */ public BasicAclAuthz() { - /* Holds configuration parameters accepted by this implementation. - * This list is passed to the configuration console so configuration - * for instances of this implementation can be configured through the + /* + * Holds configuration parameters accepted by this implementation. This + * list is passed to the configuration console so configuration for + * instances of this implementation can be configured through the * console. */ - mConfigParams = - new String[] { - "dummy" - }; + mConfigParams = new String[] { "dummy" }; } /** * */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -108,20 +104,23 @@ public class BasicAclAuthz extends AAclAuthz } /** - * check the authorization permission for the user associated with - * authToken on operation + * check the authorization permission for the user associated with authToken + * on operation * <p> * Example: * <p> - * For example, if UsrGrpAdminServlet needs to authorize the caller - * it would do be done in the following fashion: + * For example, if UsrGrpAdminServlet needs to authorize the caller it would + * do be done in the following fashion: + * * <PRE> - * try { - * authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read"); - * } catch (EBaseException e) { - * log(ILogger.LL_FAILURE, "authorize call: "+ e.toString()); - * } - * </PRE> + * try { + * authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, + * "read"); + * } catch (EBaseException e) { + * log(ILogger.LL_FAILURE, "authorize call: " + e.toString()); + * } + * </PRE> + * * @param authToken the authToken associated with a user * @param resource - the protected resource name * @param operation - the protected resource operation name @@ -129,8 +128,8 @@ public class BasicAclAuthz extends AAclAuthz * @exception EAuthzAccessDenied if access denied * @return authzToken if success */ - public AuthzToken authorize(IAuthToken authToken, String resource, String operation) - throws EAuthzInternalError, EAuthzAccessDenied { + public AuthzToken authorize(IAuthToken authToken, String resource, + String operation) throws EAuthzInternalError, EAuthzAccessDenied { AuthzToken authzToken = new AuthzToken(this); try { @@ -142,63 +141,70 @@ public class BasicAclAuthz extends AAclAuthz authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource); authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation); authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS, - AuthzToken.AUTHZ_STATUS_SUCCESS); + AuthzToken.AUTHZ_STATUS_SUCCESS); } catch (EACLsException e) { - // audit here later - log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED")); - String params[] = {resource, operation}; + // audit here later + log(ILogger.LL_FAILURE, + CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED")); + String params[] = { resource, operation }; - throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); + throw new EAuthzAccessDenied(CMS.getUserMessage( + "CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } return authzToken; } public AuthzToken authorize(IAuthToken authToken, String expression) - throws EAuthzAccessDenied { + throws EAuthzAccessDenied { if (evaluateACLs(authToken, expression)) { return (new AuthzToken(this)); } else { - String params[] = {expression}; - throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); + String params[] = { expression }; + throw new EAuthzAccessDenied(CMS.getUserMessage( + "CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params)); } } /** * This currently does not flush to permanent storage + * * @param id is the resource id - * @param strACLs + * @param strACLs */ - public void updateACLs(String id, String rights, String strACLs, - String desc) throws EACLsException { + public void updateACLs(String id, String rights, String strACLs, String desc) + throws EACLsException { try { super.updateACLs(id, rights, strACLs, desc); - // flushResourceACLs(); + // flushResourceACLs(); needsFlush = false; } catch (EACLsException ex) { // flushing failed, set flag needsFlush = true; String errMsg = "updateACLs: failed to flushResourceACLs(): " - + ex.toString(); + + ex.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", + ex.toString())); throw new EACLsException(CMS.getUserMessage("CMS_ACL_UPDATE_FAIL")); } } /** - * updates resourceACLs to permanent storage. - * currently not implemented for this authzMgr + * updates resourceACLs to permanent storage. currently not implemented for + * this authzMgr */ protected void flushResourceACLs() throws EACLsException { log(ILogger.LL_FAILURE, "flushResourceACL() is not implemented"); - throw new EACLsException(CMS.getUserMessage("CMS_ACL_METHOD_NOT_IMPLEMENTED")); + throw new EACLsException( + CMS.getUserMessage("CMS_ACL_METHOD_NOT_IMPLEMENTED")); } /** - * graceful shutdown + * graceful shutdown */ public void shutdown() { log(ILogger.LL_INFO, "shutting down"); @@ -206,6 +212,7 @@ public class BasicAclAuthz extends AAclAuthz /** * Logs a message for this class in the system log file. + * * @param level The log level. * @param msg The message to log. * @see com.netscape.certsrv.logging.ILogger @@ -213,7 +220,7 @@ public class BasicAclAuthz extends AAclAuthz protected void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, - level, msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, level, + msg); } } |