1 files changed, 46 insertions, 49 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
index 820bf97bf..b2318e7ea 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authorization;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPAttribute;
@@ -44,15 +43,14 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class for ldap acls based authorization manager
  * The ldap server used for acls is the cms internal ldap db.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DirAclAuthz extends AAclAuthz
-    implements IAuthzManager, IExtendedPluginInfo {
+        implements IAuthzManager, IExtendedPluginInfo {
 
     // members
 
@@ -76,21 +74,21 @@ public class DirAclAuthz extends AAclAuthz
 
     static {
         mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" +
-            "LDAP host to connect to");
+                "LDAP host to connect to");
         mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" +
-            "LDAP port number (use 389, or 636 if SSL)");
+                "LDAP port number (use 389, or 636 if SSL)");
         mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" +
-            "Use SSL to connect to directory?");
+                "Use SSL to connect to directory?");
         mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" +
-            "LDAP protocol version");
+                "LDAP protocol version");
         mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start sarching " +
-            "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " +
-            "might want to use 'o=NetscapeCertificateServer' here");
+                "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " +
+                "might want to use 'o=NetscapeCertificateServer' here");
         mExtendedPluginInfo.add("ldap.minConns;number;number of connections " +
-            "to keep open to directory server. Default 5.");
+                "to keep open to directory server. Default 5.");
         mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection "
-            +
-            "pool can grow to this many (multiplexed) connections. Default 1000");
+                +
+                "pool can grow to this many (multiplexed) connections. Default 1000");
     }
 
     /**
@@ -104,14 +102,14 @@ public class DirAclAuthz extends AAclAuthz
          * console.
          */
         mConfigParams =
-                new String[] { 
-                    "ldap.ldapconn.host",
-                    "ldap.ldapconn.port",
-                    "ldap.ldapconn.secureConn",
-                    "ldap.ldapconn.version",
-                    "ldap.basedn",
-                    "ldap.minConns",
-                    "ldap.maxConns",
+                new String[] {
+                        "ldap.ldapconn.host",
+                        "ldap.ldapconn.port",
+                        "ldap.ldapconn.secureConn",
+                        "ldap.ldapconn.version",
+                        "ldap.basedn",
+                        "ldap.minConns",
+                        "ldap.maxConns",
                 };
     }
 
@@ -119,7 +117,7 @@ public class DirAclAuthz extends AAclAuthz
      *
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -154,7 +152,7 @@ public class DirAclAuthz extends AAclAuthz
         CMS.debug("DirAclAuthz: about to ldap search aclResources");
         try {
             conn = getConn();
-            LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, 
+            LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
                     "cn=aclResources", null, false);
 
             returnConn(conn);
@@ -165,7 +163,7 @@ public class DirAclAuthz extends AAclAuthz
                 LDAPAttribute aclRes = entry.getAttribute("resourceACLS");
 
                 @SuppressWarnings("unchecked")
-				Enumeration<String> en = (Enumeration<String> )aclRes.getStringValues();
+                Enumeration<String> en = (Enumeration<String>) aclRes.getStringValues();
 
                 for (; en != null && en.hasMoreElements();) {
                     addACLs(en.nextElement());
@@ -205,15 +203,16 @@ public class DirAclAuthz extends AAclAuthz
      * <p>
      * Example:
      * <p>
-     * For example, if UsrGrpAdminServlet needs to authorize the caller
-     * it would do be done in the following fashion:
+     * For example, if UsrGrpAdminServlet needs to authorize the caller it would do be done in the following fashion:
+     * 
      * <PRE>
-     *   try {
-     *     authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read");
-     *   } catch (EBaseException e) {
-     *      log(ILogger.LL_FAILURE, "authorize call: "+ e.toString());
-     *   }
-     * </PRE> 
+     * try {
+     *     authzTok = mAuthz.authorize(&quot;DirAclAuthz&quot;, authToken, RES_GROUP, &quot;read&quot;);
+     * } catch (EBaseException e) {
+     *     log(ILogger.LL_FAILURE, &quot;authorize call: &quot; + e.toString());
+     * }
+     * </PRE>
+     * 
      * @param authToken the authToken associated with a user
      * @param resource - the protected resource name
      * @param operation - the protected resource operation name
@@ -221,7 +220,7 @@ public class DirAclAuthz extends AAclAuthz
      * @return authzToken
      */
     public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
-        throws EAuthzInternalError, EAuthzAccessDenied {
+            throws EAuthzInternalError, EAuthzAccessDenied {
         AuthzToken authzToken = new AuthzToken(this);
 
         try {
@@ -234,40 +233,37 @@ public class DirAclAuthz extends AAclAuthz
         } catch (EACLsException e) {
             // audit here later 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
-            String params[] = {resource, operation};
+            String params[] = { resource, operation };
 
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
-		
+
         return authzToken;
     }
 
     public AuthzToken authorize(IAuthToken authToken, String expression)
-      throws EAuthzAccessDenied {
+            throws EAuthzAccessDenied {
         if (evaluateACLs(authToken, expression)) {
             return (new AuthzToken(this));
         } else {
-            String params[] = {expression};
+            String params[] = { expression };
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
     }
 
     /**
-     * update acls.  when memory update is done, flush to ldap.
+     * update acls. when memory update is done, flush to ldap.
      * <p>
-     * Currently, it is possible that when the memory is updated
-     *	 successfully, and the ldap isn't, the memory upates lingers.
-     *	 The result is that the changes will only be done on ldap at the
-     *	 next update, or when the system shuts down, another flush will be
-     *	 attempted.
+     * Currently, it is possible that when the memory is updated successfully, and the ldap isn't, the memory upates lingers. The result is that the changes will only be done on ldap at the next update, or when the system shuts down, another flush will be attempted.
+     * 
      * @param id is the resource id
      * @param rights The allowable rights for this resource
      * @param strACLs has the same format as a resourceACLs entry acis
-     *	 on the ldap server
+     *            on the ldap server
      * @param desc The description for this resource
      */
     public void updateACLs(String id, String rights, String strACLs,
-        String desc) throws EACLsException {
+            String desc) throws EACLsException {
         try {
             super.updateACLs(id, rights, strACLs, desc);
             flushResourceACLs();
@@ -277,7 +273,7 @@ public class DirAclAuthz extends AAclAuthz
             needsFlush = true;
 
             String errMsg = "updateACLs: failed to flushResourceACLs(): "
-                + ex.toString();
+                    + ex.toString();
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString()));
 
@@ -335,7 +331,7 @@ public class DirAclAuthz extends AAclAuthz
     }
 
     /**
-     * graceful shutdown 
+     * graceful shutdown
      */
     public void shutdown() {
         if (needsFlush) {
@@ -351,13 +347,14 @@ public class DirAclAuthz extends AAclAuthz
         try {
             mLdapConnFactory.reset();
             mLdapConnFactory = null;
-        } catch (ELdapException e) { 
+        } catch (ELdapException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_LDAP_ERROR", e.toString()));
         }
     }
 
     /**
      * Logs a message for this class in the system log file.
+     * 
      * @param level The log level.
      * @param msg The message to log.
      * @see com.netscape.certsrv.logging.ILogger
@@ -366,6 +363,6 @@ public class DirAclAuthz extends AAclAuthz
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-            level, msg);
+                level, msg);
     }
 }