diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/evaluators')
4 files changed, 71 insertions, 90 deletions
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java index d945d7082..d026cdbaf 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; @@ -27,6 +28,7 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; + /** * A class represents a group acls evaluator. * <P> @@ -52,7 +54,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("GroupAccessEvaluator: init"); @@ -60,7 +62,6 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator - * * @return type for this acl evaluator: "group" or "at_group" */ public String getType() { @@ -69,7 +70,6 @@ public class GroupAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator - * * @return description for this acl evaluator */ public String getDescription() { @@ -85,16 +85,16 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } /** - * evaluates uid in AuthToken to see if it has membership in group value - * + * evaluates uid in AuthToken to see if it has membership in + * group value * @param authToken authentication token * @param type must be "at_group" * @param op must be "=" * @param value the group name - * @return true if AuthToken uid belongs to the group value, false otherwise + * @return true if AuthToken uid belongs to the group value, + * false otherwise */ - public boolean evaluate(IAuthToken authToken, String type, String op, - String value) { + public boolean evaluate(IAuthToken authToken, String type, String op, String value) { if (type.equals(mType)) { // should define "uid" at a common place @@ -104,20 +104,17 @@ public class GroupAccessEvaluator implements IAccessEvaluator { if (uid == null) { uid = authToken.getInString("uid"); if (uid == null) { - CMS.debug("GroupAccessEvaluator: evaluate: uid null"); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("EVALUTOR_UID_NULL")); - return false; + CMS.debug("GroupAccessEvaluator: evaluate: uid null"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); + return false; } } - CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value=" - + value); + CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value); String groupname = authToken.getInString("gid"); if (groupname != null) { - CMS.debug("GroupAccessEvaluator: evaluate: authToken gid=" - + groupname); + CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname); if (op.equals("=")) { return groupname.equals(Utils.stripQuotes(value)); } else if (op.equals("!=")) { @@ -126,12 +123,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } else { CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken"); IUser id = null; - try { - id = mUG.getUser(uid); - } catch (EBaseException e) { + try { + id = mUG.getUser(uid); + } catch (EBaseException e) { CMS.debug("GroupAccessEvaluator: " + e.toString()); return false; - } + } if (op.equals("=")) { return mUG.isMemberOf(id, Utils.stripQuotes(value)); @@ -145,14 +142,13 @@ public class GroupAccessEvaluator implements IAccessEvaluator { } /** - * evaluates uid in SessionContext to see if it has membership in group - * value - * + * evaluates uid in SessionContext to see if it has membership in + * group value * @param type must be "group" * @param op must be "=" * @param value the group name - * @return true if SessionContext uid belongs to the group value, false - * otherwise + * @return true if SessionContext uid belongs to the group value, + * false otherwise */ public boolean evaluate(String type, String op, String value) { @@ -165,12 +161,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator { log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL")); return false; } - if (op.equals("=")) + if (op.equals("=")) return mUG.isMemberOf(id, Utils.stripQuotes(value)); else return !(mUG.isMemberOf(id, Utils.stripQuotes(value))); - - } + + } return false; } @@ -178,8 +174,8 @@ public class GroupAccessEvaluator implements IAccessEvaluator { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level, - "GroupAccessEvaluator: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, + level, "GroupAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java index 4de8f694f..a5c99eeb9 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -24,6 +25,7 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator; import com.netscape.certsrv.logging.ILogger; import com.netscape.cmsutil.util.Utils; + /** * A class represents a IP address acls evaluator. * <P> @@ -42,14 +44,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { } /** * gets the type name for this acl evaluator - * * @return type for this acl evaluator: ipaddress */ public String getType() { @@ -58,7 +59,6 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator - * * @return description for this acl evaluator */ public String getDescription() { @@ -75,27 +75,24 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { /** * Gets the IP address from session context - * * @param authToken authentication token * @param type must be "ipaddress" * @param op must be "=" or "!=" * @param value the ipaddress */ - public boolean evaluate(IAuthToken authToken, String type, String op, - String value) { + public boolean evaluate(IAuthToken authToken, String type, String op, String value) { return evaluate(type, op, value); } /** - * evaluates uid in SessionContext to see if it has membership in group - * value - * + * evaluates uid in SessionContext to see if it has membership in + * group value * @param type must be "group" * @param op must be "=" * @param value the group name - * @return true if SessionContext uid belongs to the group value, false - * otherwise + * @return true if SessionContext uid belongs to the group value, + * false otherwise */ public boolean evaluate(String type, String op, String value) { @@ -106,17 +103,16 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { if (type.equals(mType)) { if (ipaddress == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL")); return false; } - if (op.equals("=")) { + if (op.equals("=")) { return ipaddress.matches(value); } else { return !(ipaddress.matches(value)); } - - } + + } return false; } @@ -124,7 +120,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level, - "GroupAccessEvaluator: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, + level, "GroupAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java index 862206a9a..4b6b56772 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -25,6 +26,7 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; + /** * A class represents a user acls evaluator. * <P> @@ -46,7 +48,7 @@ public class UserAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("UserAccessEvaluator: init"); @@ -54,7 +56,6 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator - * * @return type for this acl evaluator: "user" or "at_user" */ public String getType() { @@ -63,7 +64,6 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator - * * @return description for this acl evaluator */ public String getDescription() { @@ -80,30 +80,27 @@ public class UserAccessEvaluator implements IAccessEvaluator { /** * Evaluates the user in AuthToken to see if it's equal to value - * * @param authToken AuthToken from authentication * @param type must be "at_user" * @param op must be "=" * @param value the user id * @return true if AuthToken uid is same as value, false otherwise */ - public boolean evaluate(IAuthToken authToken, String type, String op, - String value) { + public boolean evaluate(IAuthToken authToken, String type, String op, String value) { if (type.equals(mType)) { String s = Utils.stripQuotes(value); if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("=")) - return true; - - // should define "uid" at a common place + return true; + + // should define "uid" at a common place String uid = null; uid = authToken.getInString("uid"); if (uid == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("EVALUTOR_UID_IS_NULL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_IS_NULL")); return false; } @@ -111,14 +108,13 @@ public class UserAccessEvaluator implements IAccessEvaluator { return s.equalsIgnoreCase(uid); else if (op.equals("!=")) return !(s.equalsIgnoreCase(uid)); - } + } return false; } /** * Evaluates the user in session context to see if it's equal to value - * * @param type must be "user" * @param op must be "=" * @param value the user id @@ -148,8 +144,8 @@ public class UserAccessEvaluator implements IAccessEvaluator { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level, - "UserAccessEvaluator: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, + level, "UserAccessEvaluator: " + msg); } } diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java index ffe4a4f8e..88358aa58 100644 --- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java +++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.evaluators; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.SessionContext; @@ -25,11 +26,12 @@ import com.netscape.certsrv.logging.ILogger; import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cmsutil.util.Utils; + /** - * A class represents a user-origreq uid mapping acls evaluator. This is - * primarily used for renewal. During renewal, the orig_req uid is placed in the - * SessionContext of the renewal session context to be evaluated by this - * evaluator + * A class represents a user-origreq uid mapping acls evaluator. + * This is primarily used for renewal. During renewal, the orig_req + * uid is placed in the SessionContext of the renewal session context + * to be evaluated by this evaluator * <P> * * @author Christina Fu @@ -50,7 +52,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { } /** - * initialization. nothing for now. + * initialization. nothing for now. */ public void init() { CMS.debug("UserOrigReqAccessEvaluator: init"); @@ -58,7 +60,6 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * gets the type name for this acl evaluator - * * @return type for this acl evaluator: "user_origreq" or "at_user_origreq" */ public String getType() { @@ -67,7 +68,6 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * gets the description for this acl evaluator - * * @return description for this acl evaluator */ public String getDescription() { @@ -84,23 +84,21 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { /** * Evaluates the user in AuthToken to see if it's equal to value - * * @param authToken AuthToken from authentication * @param type must be "at_userreq" * @param op must be "=" * @param value the request param name * @return true if AuthToken uid is same as value, false otherwise */ - public boolean evaluate(IAuthToken authToken, String type, String op, - String value) { + public boolean evaluate(IAuthToken authToken, String type, String op, String value) { CMS.debug("UserOrigReqAccessEvaluator: evaluate() begins"); if (type.equals(mType)) { String s = Utils.stripQuotes(value); if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("=")) - return true; - - // should define "uid" at a common place + return true; + + // should define "uid" at a common place String uid = null; uid = authToken.getInString("uid"); @@ -109,34 +107,30 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null"); return false; } else - CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken =" - + uid); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="+ uid); // find value of param in request SessionContext mSC = SessionContext.getContext(); - CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting " - + "orig_req." + s + " in SessionContext"); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "+"orig_req."+s+ " in SessionContext"); // "orig_req.auth_token.uid" - String orig_id = (String) mSC.get("orig_req." + s); + String orig_id = (String) mSC.get("orig_req."+s); if (orig_id == null) { CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null"); return false; } - CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id =" - + orig_id); + CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="+ orig_id); if (op.equals("=")) return uid.equalsIgnoreCase(orig_id); else if (op.equals("!=")) return !(uid.equalsIgnoreCase(orig_id)); - } + } return false; } /** * Evaluates the user in session context to see if it's equal to value - * * @param type must be "user_origreq" * @param op must be "=" * @param value the user id @@ -147,7 +141,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { SessionContext mSC = SessionContext.getContext(); if (type.equals(mType)) { - // what do I do with s here? +// what do I do with s here? String s = Utils.stripQuotes(value); if (s.equals(ANYBODY) && op.equals("=")) @@ -155,7 +149,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { IUser id = (IUser) mSC.get(SessionContext.USER); // "orig_req.auth_token.uid" - String orig_id = (String) mSC.get("orig_req" + s); + String orig_id = (String) mSC.get("orig_req"+s); if (op.equals("=")) return id.getName().equalsIgnoreCase(orig_id); @@ -165,12 +159,11 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator { return false; } - private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level, - "UserOrigReqAccessEvaluator: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, + level, "UserOrigReqAccessEvaluator: " + msg); } } |