From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001 From: mharmsen Date: Tue, 4 Oct 2011 01:17:41 +0000 Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1 git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../certsrv/authorization/AuthzManagerProxy.java | 56 +++++++ .../certsrv/authorization/AuthzMgrPlugin.java | 80 ++++++++++ .../certsrv/authorization/AuthzResources.java | 44 ++++++ .../netscape/certsrv/authorization/AuthzToken.java | 164 ++++++++++++++++++++ .../certsrv/authorization/EAuthzAccessDenied.java | 32 ++++ .../certsrv/authorization/EAuthzException.java | 82 ++++++++++ .../certsrv/authorization/EAuthzInternalError.java | 32 ++++ .../certsrv/authorization/EAuthzMgrNotFound.java | 32 ++++ .../authorization/EAuthzMgrPluginNotFound.java | 32 ++++ .../authorization/EAuthzUnknownOperation.java | 32 ++++ .../authorization/EAuthzUnknownProtectedRes.java | 32 ++++ .../certsrv/authorization/IAuthzManager.java | 169 +++++++++++++++++++++ .../certsrv/authorization/IAuthzSubsystem.java | 149 ++++++++++++++++++ 13 files changed, 936 insertions(+) create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java create mode 100644 pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java (limited to 'pki/base/common/src/com/netscape/certsrv/authorization') diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java new file mode 100644 index 000000000..0960311ee --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java @@ -0,0 +1,56 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +/** + * A class represents an authorization manager. It contains an + * authorization manager instance and its state (enable or not). + * @version $Revision$, $Date$ + */ +public class AuthzManagerProxy { + private boolean mEnable; + private IAuthzManager mMgr; + + /** + * Constructor + * @param enable true if the authzMgr is enabled; false otherwise + * @param mgr authorization manager instance + */ + public AuthzManagerProxy(boolean enable, IAuthzManager mgr) { + mEnable = enable; + mMgr = mgr; + } + + /** + * Returns the state of the authorization manager instance + * @return true if the state of the authorization manager instance is + * enabled; false otherwise. + */ + public boolean isEnable() { + return mEnable; + } + + /** + * Returns an authorization manager instance. + * @return an authorization manager instance + */ + public IAuthzManager getAuthzManager() { + return mMgr; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java new file mode 100644 index 000000000..ef8c62f8f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java @@ -0,0 +1,80 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import java.util.*; +import java.lang.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authorization.*; + + +/** + * This class represents a registered authorization manager plugin. + *

+ * + * @version $Revision$, $Date$ + */ +public class AuthzMgrPlugin { + protected String mId = null; + protected String mClassPath = null; + protected Class mClass = null; + protected boolean mVisible = true; + + /** + * Constructs a AuthzManager plugin. + * @param id authz manager implementation name + * @param classPath class path + */ + public AuthzMgrPlugin(String id, String classPath) { + mId = id; + mClassPath = classPath; + } + + /** + * Returns an authorization manager implementation name + * @return an authorization manager implementation name + */ + public String getId() { + return mId; + } + + /** + * Returns a classpath of a AuthzManager plugin + * @return a classpath of a AuthzManager plugin + */ + public String getClassPath() { + return mClassPath; + } + + /** + * Returns a visibility of the plugin + * @return a visibility of the plugin + */ + public boolean isVisible() { + return mVisible; + } + + /** + * Sets visibility of the plugin + * @param visibility visibility of the plugin + */ + public void setVisible(boolean visibility) { + mVisible = visibility; + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java new file mode 100644 index 000000000..f17038eff --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java @@ -0,0 +1,44 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import java.util.*; + + +/** + * A class represents a resource bundle for the authorization subsystem + *

+ * @deprecated + * @version $Revision$, $Date$ + */ +public class AuthzResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + * @return the content of this resource + */ + public Object[][] getContents() { + return contents; + } + + /** + * A set of constants for localized error messages. + */ + static final Object[][] contents = {}; +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java new file mode 100644 index 000000000..dc64d322a --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java @@ -0,0 +1,164 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import java.util.Hashtable; +import java.util.Date; +import java.util.Enumeration; +import com.netscape.certsrv.base.*; + + +/** + * Authorization token returned by Authorization Managers. + * Upon return, it contains the name of the authorization manager that create + * the AuthzToken, the plugin name of the authorization manager, time of + * authorization happened, name of the resource, type of operation performed + * on the resource. + *

+ * @version $Revision$, $Date$ + */ +public class AuthzToken implements IAttrSet { + private Hashtable mAttrs = null; + + /** + * Plugin name of the authorization manager that created the + * AuthzToken as a string. + */ + public static final String TOKEN_AUTHZMGR_IMPL_NAME = "authzMgrImplName"; + + /** + * Name of the authorization manager that created the AuthzToken + * as a string. + */ + public static final String TOKEN_AUTHZMGR_INST_NAME = "authzMgrInstName"; + + /** + * Time of authorization as a java.util.Date + */ + public static final String TOKEN_AUTHZTIME = "authzTime"; + + /** + * name of the resource + */ + public static final String TOKEN_AUTHZ_RESOURCE = "authzRes"; + + /** + * name of the operation + */ + public static final String TOKEN_AUTHZ_OPERATION = "authzOp"; + + /* + * Status of the authorization evaluation + */ + public static final String TOKEN_AUTHZ_STATUS = "status"; + + /** + * Constant for the success status of the authorization evaluation. + */ + public static final String AUTHZ_STATUS_SUCCESS = "statusSuccess"; + + /** + * Constructs an instance of a authorization token. + * The token by default contains the following attributes:
+ * 

+     *		"authzMgrInstName" - The authorization manager instance name.
+     *		"authzMgrImplName" - The authorization manager plugin name.
+     *		"authzTime" - The - The time of authorization.
+     *
+ * @param authzMgr The authorization manager that created this Token. + */ + public AuthzToken(IAuthzManager authzMgr) { + mAttrs = new Hashtable(); + mAttrs.put(TOKEN_AUTHZMGR_INST_NAME, authzMgr.getName()); + mAttrs.put(TOKEN_AUTHZMGR_IMPL_NAME, authzMgr.getImplName()); + mAttrs.put(TOKEN_AUTHZTIME, new Date()); + } + + /** + * Get the value of an attribute in the AuthzToken + * @param attrName The attribute name + * @return The value of attrName if any. + */ + public Object get(String attrName) { + return mAttrs.get(attrName); + } + + /** + * Used by an Authorization manager to set an attribute and value + * in the AuthzToken. + * @param attrName The name of the attribute + * @param value The value of the attribute to set. + */ + public void set(String attrName, Object value) { + mAttrs.put(attrName, value); + } + + /** + * Removes an attribute in the AuthzToken + * @param attrName The name of the attribute to remove. + */ + public void delete(String attrName) { + mAttrs.remove(attrName); + } + + /** + * Enumerate all attribute names in the AuthzToken. + * @return Enumeration of all attribute names in this AuthzToken. + */ + public Enumeration getElements() { + return (mAttrs.keys()); + } + + /** + * Enumerate all attribute values in the AuthzToken. + * @return Enumeration of all attribute names in this AuthzToken. + */ + public Enumeration getVals() { + return (mAttrs.elements()); + } + + /** + * Gets the name of the authorization manager instance that created + * this token. + * @return The name of the authorization manager instance that created + * this token. + */ + public String getAuthzManagerInstName() { + return ((String) mAttrs.get(TOKEN_AUTHZMGR_INST_NAME)); + } + + /** + * Gets the plugin name of the authorization manager that created this + * token. + * @return The plugin name of the authorization manager that created this + * token. + */ + public String getAuthzManagerImplName() { + return ((String) mAttrs.get(TOKEN_AUTHZMGR_IMPL_NAME)); + } + + /** + * Gets the time of authorization. + * @return The time of authorization + */ + public Date getAuthzTime() { + return ((Date) mAttrs.get(TOKEN_AUTHZTIME)); + } +} + diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java new file mode 100644 index 000000000..0284de58c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for authorization failure + */ +public class EAuthzAccessDenied extends EAuthzException { + + /** + * Constructs a exception for access denied by Authz manager + * @param errorString Detailed error message. + */ + public EAuthzAccessDenied(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java new file mode 100644 index 000000000..4c2670b00 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java @@ -0,0 +1,82 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import com.netscape.certsrv.base.EBaseException; + +/** + * This class represents authorization exceptions. + *

+ * @version $Revision$, $Date$ + */ +public class EAuthzException extends EBaseException { + + /** + * Resource class name. + */ + private static final String AUTHZ_RESOURCES = AuthzResources.class.getName(); + + /** + * Constructs a authz exception + *

+ * @param msgFormat exception details + */ + public EAuthzException(String msgFormat) { + super(msgFormat); + } + + /** + * Constructs a authz exception with a parameter. + *

+ * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EAuthzException(String msgFormat, String param) { + super(msgFormat, param); + } + + /** + * Constructs a authz exception with a exception parameter. + *

+ * @param msgFormat exception details in message string format + * @param param system exception + */ + public EAuthzException(String msgFormat, Exception param) { + super(msgFormat, param); + } + + /** + * Constructs a authz exception with a list of parameters. + *

+ * @param msgFormat the message format. + * @param params list of message format parameters + */ + public EAuthzException(String msgFormat, Object params[]) { + super(msgFormat, params); + } + + /** + * Returns the resource bundle name + * @return resource bundle name + */ + protected String getBundleName() { + return AUTHZ_RESOURCES; + } + +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java new file mode 100644 index 000000000..52b1b9ade --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * An exception for internal error for authorization. + */ +public class EAuthzInternalError extends EAuthzException { + + /** + * Constructs an authorization internal error exception + * @param errorString error with a detailed message. + */ + public EAuthzInternalError(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java new file mode 100644 index 000000000..7bf76ba6f --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for authorization manager not found. + */ +public class EAuthzMgrNotFound extends EAuthzException { + + /** + * Constructs a exception for a missing required authorization manager + * @param errorString Detailed error message. + */ + public EAuthzMgrNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java new file mode 100644 index 000000000..b305d627b --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for authorization manager plugin not found. + */ +public class EAuthzMgrPluginNotFound extends EAuthzException { + + /** + * Constructs a exception for a missing authorization plugin + * @param errorString Detailed error message. + */ + public EAuthzMgrPluginNotFound(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java new file mode 100644 index 000000000..99caba2be --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for operation unknown to the authorization manager + */ +public class EAuthzUnknownOperation extends EAuthzException { + + /** + * Constructs a exception for an operation unknown to the authorization manager + * @param errorString Detailed error message. + */ + public EAuthzUnknownOperation(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java new file mode 100644 index 000000000..169ed443c --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java @@ -0,0 +1,32 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + +/** + * Exception for protected resource unknown to the authorization manager + */ +public class EAuthzUnknownProtectedRes extends EAuthzException { + + /** + * Constructs a exception for a protected resource unknown to the authorization manager + * @param errorString Detailed error message. + */ + public EAuthzUnknownProtectedRes(String errorString) { + super(errorString); + } +} diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java new file mode 100644 index 000000000..db016f248 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java @@ -0,0 +1,169 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.authorization; + + +import com.netscape.certsrv.authentication.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.acls.*; +import com.netscape.certsrv.evaluators.*; +import java.util.*; + + +/** + * Authorization Manager interface needs to be implemented by all + * authorization managers. + *

+ * + * @version $Revision$, $Date$ + */ +public interface IAuthzManager { + + /** + * Get the name of this authorization manager instance. + *

+ * @return String the name of this authorization manager. + */ + public String getName(); + + /** + * Get implementation name of authorization manager plugin. + *

+ * An example of an implementation name will be: + * 

+     * com.netscape.cms.BasicAclAuthz
+     *
+ *

+ * @return The name of the authorization manager plugin. + */ + public String getImplName(); + + /** + * accessInit is for servlets who want to initialize their + * own authorization information before full operation. It is supposed + * to be called from the authzMgrAccessInit() method of the AuthzSubsystem. + *

+ * The accessInfo format is determined by each individual + * authzmgr. For example, for BasicAclAuthz, + * The accessInfo is the resACLs, whose format should conform + * to the following: + * 

+     *    :right-1[,right-n]:[allow,deny](right(s))=:
+     * 

+     * Example:
+     *    resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
+     * @param accessInfo the access info string in the format specified in the authorization manager
+     * @exception EBaseException error parsing the accessInfo
+     */
+    public void accessInit(String accessInfo) throws EBaseException;
+
+    /**
+     * Check if the user is authorized to perform the given operation on the
+     * given resource.
+     * @param authToken the authToken associated with a user.
+     * @param resource - the protected resource name
+     * @param operation - the protected resource operation name
+     * @return authzToken if the user is authorized
+     * @exception EAuthzInternalError if an internal error occurred.
+     * @exception EAuthzAccessDenied if access denied
+     */
+    public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
+        throws EAuthzInternalError, EAuthzAccessDenied;
+
+    public AuthzToken authorize(IAuthToken authToken, String expression)
+      throws EAuthzInternalError, EAuthzAccessDenied;
+
+    /**
+     * Initialize this authorization manager.
+     * @param name The name of this authorization manager instance.
+     * @param implName The name of the authorization manager plugin.
+     * @param config The configuration store for this authorization manager.
+     * @exception EBaseException If an initialization error occurred.
+     */
+    public void init(String name, String implName, IConfigStore config)
+        throws EBaseException;
+
+    /**
+     * Prepare this authorization manager for a graceful shutdown.
+     * Called when the server is exiting for any cleanup needed.
+     */
+    public void shutdown();
+
+    /**
+     * Get configuration parameters for this implementation.
+     * The configuration parameters returned is passed to the 
+     * console so configuration for instances of this 
+     * implementation can be made through the console.
+     * 
+     * @return a list of names for configuration parameters.
+     * @exception EBaseException If an internal error occurred
+     */
+    public String[] getConfigParams()
+        throws EBaseException;
+
+    /**
+     * Get the configuration store for this authorization manager.
+     * @return The configuration store of this authorization manager.
+     */
+    public IConfigStore getConfigStore();
+
+    /**
+     * Get ACL entries
+     * @return enumeration of ACL entries.
+     */
+    public Enumeration getACLs();
+
+    /**
+     * Get individual ACL entry for the given name of entry.
+     * @param target The name of the ACL entry
+     * @return The ACL entry.
+     */
+    public IACL getACL(String target);
+
+    /**
+     * Update ACLs in the database
+     * @param id The name of the ACL entry (ie, resource id)
+     * @param rights The allowable rights for this resource
+     * @param strACLs The value of the ACL entry
+     * @param desc The description for this resource
+     * @exception EACLsException when update fails.
+     */
+    public void updateACLs(String id, String rights, String strACLs, 
+        String desc) throws EACLsException;
+
+    /**
+     * Get all registered evaluators.
+     * @return All registered evaluators.
+     */
+    public Enumeration aclEvaluatorElements();
+
+    /**
+     * Register new evaluator
+     * @param type Type of evaluator
+     * @param evaluator Value of evaluator
+     */
+    public void registerEvaluator(String type, IAccessEvaluator evaluator);
+
+    /**
+     * Return a table of evaluators
+     * @return A table of evaluators
+     */
+    public Hashtable getAccessEvaluators();
+}
+
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
new file mode 100644
index 000000000..2d0f81ee8
--- /dev/null
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
@@ -0,0 +1,149 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.certsrv.authorization;
+
+import com.netscape.certsrv.authentication.*;
+import com.netscape.certsrv.base.*;
+import java.util.*;
+
+/**
+ * An interface that represents an authorization component
+ * 

+ *
+ * @version $Revision$, $Date$
+ */
+public interface IAuthzSubsystem extends ISubsystem {
+    
+    /**
+     * Constant for auths.
+     */
+    public static final String ID = "authz";
+
+    /**
+     * Constant for class.
+     */
+    public static final String PROP_CLASS = "class"; 
+
+    /**
+     * Constant for impl
+     */
+    public static final String PROP_IMPL = "impl"; 
+
+    /**
+     * Constant for pluginName.
+     */
+    public static final String PROP_PLUGIN = "pluginName"; 
+
+    /**
+     * Constant for instance.
+     */
+    public static final String PROP_INSTANCE = "instance";
+
+    /**
+     * authorize the user associated with the given authToken for a given
+     * operation with the given authorization manager name
+     * @param authzMgrName The authorization manager name
+     * @param authToken the authenticaton token associated with a user
+     * @param resource the resource protected by the authorization system
+     * @param operation the operation for resource protected by the authorization system
+     * @return a authorization token.
+     * @exception EBaseException If an error occurs during authorization.
+     */
+    public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
+        String resource, String operation)
+        throws EBaseException;
+
+    public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
+        String exp) throws EBaseException;
+
+    /**
+     * Adds (registers) the given authorization manager.
+     * @param name The authorization manager name
+     * @param authzMgr The authorization manager instance.
+     */
+    public void add(String name, IAuthzManager authzMgr);
+
+    /**
+     * Deletes (deregisters) the given authorization manager.
+     * @param name The authorization manager name to delete.
+     */
+    public void delete(String name);
+
+    /**
+     * Gets the Authorization manager instance of the specified name.
+     * @param name The authorization manager's name.
+     * @return an authorization manager interface
+     */
+    public IAuthzManager getAuthzManager(String name) throws EBaseException;
+
+    /**
+     * Gets an enumeration of authorization managers registered to the
+     * authorization component.
+     * @return a list of authorization managers
+     */
+    public Enumeration getAuthzManagers();
+
+    /**
+     * Initialize authz info - usually used for BasicAclAuthz
+     * 
+     * @param authzMgrName name of the authorization manager
+     * @param accessInfo string representation of the ACL
+     * @exception EBaseException if authorization manager is not found
+     */
+    public void authzMgrAccessInit(String authzMgrName, String accessInfo) throws EBaseException;
+
+    /**
+     * Gets an enumeration of authorization manager plugins.
+     * @return list of authorization manager plugins
+     */
+    public Enumeration getAuthzManagerPlugins();
+
+    /**
+     * Gets a single authorization manager plugin implementation
+     * @param name given authorization plugin name
+     * @return authorization manager plugin
+     */
+    public IAuthzManager getAuthzManagerPlugin(String name);
+
+    /**
+     * Log error message.
+     * @param level log level
+     * @param msg error message
+     */
+    public void log(int level, String msg);
+
+    /**
+     * Get a hashtable containing all authentication plugins.
+     * @return all authentication plugins.
+     */
+    public Hashtable getPlugins();
+
+    /**
+     * Get a hashtable containing all authentication instances.
+     * @return all authentication instances.
+     */
+    public Hashtable getInstances();
+
+    /**
+     * Get an authorization manager interface for the given name.
+     * @param name given authorization manager name.
+     * @return an authorization manager interface
+     */
+    public IAuthzManager get(String name);
+}
+
-- 
cgit