diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/evaluators')
4 files changed, 59 insertions, 51 deletions
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java index d026cdbaf..530ca9447 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; @@ -28,7 +27,6 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; - /** * A class represents a group acls evaluator. * <P> @@ -54,7 +52,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("GroupAccessEvaluator: init"); @@ -62,6 +60,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: "group" or "at_group" */ public String getType() { @@ -70,6 +69,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -86,13 +86,14 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * evaluates uid in AuthToken to see if it has membership in - * group value + * group value + * * @param authToken authentication token * @param type must be "at_group" * @param op must be "=" * @param value the group name * @return true if AuthToken uid belongs to the group value, - * false otherwise + * false otherwise */ public boolean evaluate(IAuthToken authToken, String type, String op, String value) { @@ -104,17 +105,17 @@ public class GroupAccessEvaluator implements IAccessEvaluator { if (uid == null) { uid = authToken.getInString("uid"); if (uid == null) { - CMS.debug("GroupAccessEvaluator: evaluate: uid null"); - log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); - return false; + CMS.debug("GroupAccessEvaluator: evaluate: uid null"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); + return false; } } - CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value); + CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value=" + value); String groupname = authToken.getInString("gid"); if (groupname != null) { - CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname); + CMS.debug("GroupAccessEvaluator: evaluate: authToken gid=" + groupname); if (op.equals("=")) { return groupname.equals(Utils.stripQuotes(value)); } else if (op.equals("!=")) { @@ -123,12 +124,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } else { CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken"); IUser id = null; - try { - id = mUG.getUser(uid); - } catch (EBaseException e) { + try { + id = mUG.getUser(uid); + } catch (EBaseException e) { CMS.debug("GroupAccessEvaluator: " + e.toString()); return false; - } + } if (op.equals("=")) { return mUG.isMemberOf(id, Utils.stripQuotes(value)); @@ -143,12 +144,13 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * evaluates uid in SessionContext to see if it has membership in - * group value + * group value + * * @param type must be "group" * @param op must be "=" * @param value the group name * @return true if SessionContext uid belongs to the group value, - * false otherwise + * false otherwise */ public boolean evaluate(String type, String op, String value) { @@ -161,12 +163,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator { log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); return false; } - if (op.equals("=")) + if (op.equals("=")) return mUG.isMemberOf(id, Utils.stripQuotes(value)); else return !(mUG.isMemberOf(id, Utils.stripQuotes(value))); - - } + + } return false; } @@ -175,7 +177,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "GroupAccessEvaluator: " + msg); + level, "GroupAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java index a5c99eeb9..17d383688 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -25,7 +24,6 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; - /** * A class represents a IP address acls evaluator. * <P> @@ -44,13 +42,14 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { } /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: ipaddress */ public String getType() { @@ -59,6 +58,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -75,6 +75,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * Gets the IP address from session context + * * @param authToken authentication token * @param type must be "ipaddress" * @param op must be "=" or "!=" @@ -87,12 +88,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * evaluates uid in SessionContext to see if it has membership in - * group value + * group value + * * @param type must be "group" * @param op must be "=" * @param value the group name * @return true if SessionContext uid belongs to the group value, - * false otherwise + * false otherwise */ public boolean evaluate(String type, String op, String value) { @@ -106,13 +108,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL")); return false; } - if (op.equals("=")) { + if (op.equals("=")) { return ipaddress.matches(value); } else { return !(ipaddress.matches(value)); } - - } + + } return false; } @@ -121,6 +123,6 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "GroupAccessEvaluator: " + msg); + level, "GroupAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java index 4b6b56772..bf7727c92 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -26,7 +25,6 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; - /** * A class represents a user acls evaluator. * <P> @@ -48,7 +46,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("UserAccessEvaluator: init"); @@ -56,6 +54,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: "user" or "at_user" */ public String getType() { @@ -64,6 +63,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -80,6 +80,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * Evaluates the user in AuthToken to see if it's equal to value + * * @param authToken AuthToken from authentication * @param type must be "at_user" * @param op must be "=" @@ -92,9 +93,9 @@ public class UserAccessEvaluator implements IAccessEvaluator { String s = Utils.stripQuotes(value); if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("=")) - return true; - - // should define "uid" at a common place + return true; + + // should define "uid" at a common place String uid = null; uid = authToken.getInString("uid"); @@ -108,13 +109,14 @@ public class UserAccessEvaluator implements IAccessEvaluator { return s.equalsIgnoreCase(uid); else if (op.equals("!=")) return !(s.equalsIgnoreCase(uid)); - } + } return false; } /** * Evaluates the user in session context to see if it's equal to value + * * @param type must be "user" * @param op must be "=" * @param value the user id @@ -145,7 +147,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { if (mLogger == null) return; mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, - level, "UserAccessEvaluator: " + msg); + level, "UserAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java index b1b406c09..442828e75 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -26,10 +25,9 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; - /** * A class represents a user-origreq uid mapping acls evaluator. - * This is primarily used for renewal. During renewal, the orig_req + * This is primarily used for renewal. During renewal, the orig_req * uid is placed in the SessionContext of the renewal session context * to be evaluated by this evaluator * <P> @@ -52,7 +50,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("UserOrigReqAccessEvaluator: init"); @@ -60,6 +58,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator + * * @return type for this acl evaluator: "user_origreq" or "at_user_origreq" */ public String getType() { @@ -68,6 +67,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator + * * @return description for this acl evaluator */ public String getDescription() { @@ -84,6 +84,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * Evaluates the user in AuthToken to see if it's equal to value + * * @param authToken AuthToken from authentication * @param type must be "at_userreq" * @param op must be "=" @@ -96,9 +97,9 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { String s = Utils.stripQuotes(value); if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("=")) - return true; - - // should define "uid" at a common place + return true; + + // should define "uid" at a common place String uid = null; uid = authToken.getInString("uid"); @@ -107,30 +108,31 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null"); return false; } else - CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="+ uid); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken =" + uid); // find value of param in request SessionContext mSC = SessionContext.getContext(); - CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "+"orig_req."+s+ " in SessionContext"); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting " + "orig_req." + s + " in SessionContext"); // "orig_req.auth_token.uid" - String orig_id = (String) mSC.get("orig_req."+s); + String orig_id = (String) mSC.get("orig_req." + s); if (orig_id == null) { CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null"); return false; } - CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="+ orig_id); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id =" + orig_id); if (op.equals("=")) return uid.equalsIgnoreCase(orig_id); else if (op.equals("!=")) return !(uid.equalsIgnoreCase(orig_id)); - } + } return false; } /** * Evaluates the user in session context to see if it's equal to value + * * @param type must be "user_origreq" * @param op must be "=" * @param value the user id @@ -141,7 +143,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { SessionContext mSC = SessionContext.getContext(); if (type.equals(mType)) { -// what do I do with s here? + // what do I do with s here? String s = Utils.stripQuotes(value); if (s.equals(ANYBODY) && op.equals("=")) @@ -149,7 +151,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { IUser id = (IUser) mSC.get(SessionContext.USER); // "orig_req.auth_token.uid" - String orig_id = (String) mSC.get("orig_req"+s); + String orig_id = (String) mSC.get("orig_req" + s); if (op.equals("=")) return id.getName().equalsIgnoreCase(orig_id); |