summaryrefslogtreecommitdiffstats
path: root/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
blob: 156643897a07890eb7edd9555b3061a720322b71 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.certsrv.authorization;

import java.util.Enumeration;
import java.util.Hashtable;

import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.ISubsystem;

/**
 * An interface that represents an authorization component
 * <P>
 *
 * @version $Revision$, $Date$
 */
public interface IAuthzSubsystem extends ISubsystem {

    /**
     * Constant for auths.
     */
    public static final String ID = "authz";

    /**
     * Constant for class.
     */
    public static final String PROP_CLASS = "class";

    /**
     * Constant for impl
     */
    public static final String PROP_IMPL = "impl";

    /**
     * Constant for pluginName.
     */
    public static final String PROP_PLUGIN = "pluginName";

    /**
     * Constant for instance.
     */
    public static final String PROP_INSTANCE = "instance";

    /**
     * Constant for realm
     */
    public static final String PROP_REALM = "realm";

    /**
     * authorize the user associated with the given authToken for a given
     * operation with the given authorization manager name
     *
     * @param authzMgrName The authorization manager name
     * @param authToken the authenticaton token associated with a user
     * @param resource the resource protected by the authorization system
     * @param operation the operation for resource protected by the authorization system
     * @return a authorization token.
     * @exception EBaseException If an error occurs during authorization.
     */
    public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
            String resource, String operation)
            throws EBaseException;

    public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
            String exp) throws EBaseException;

    /**
     * Authorize the user against the specified realm.  Looks for authz manager
     * associated with the plugin and authenticates if present.
     *
     * @param realm
     * @param authToken
     * @param owner TODO
     * @param resource
     * @param operation
     * @throws EBaseException if any error occurs during authentication.
     */
    public void checkRealm(String realm, IAuthToken authToken,
            String owner, String resource, String operation) throws EBaseException;

    /**
     * Adds (registers) the given authorization manager.
     *
     * @param name The authorization manager name
     * @param authzMgr The authorization manager instance.
     */
    public void add(String name, IAuthzManager authzMgr);

    /**
     * Deletes (deregisters) the given authorization manager.
     *
     * @param name The authorization manager name to delete.
     */
    public void delete(String name);

    /**
     * Gets the Authorization manager instance of the specified name.
     *
     * @param name The authorization manager's name.
     * @return an authorization manager interface
     */
    public IAuthzManager getAuthzManager(String name) throws EBaseException;

    /**
     * Gets an enumeration of authorization managers registered to the
     * authorization component.
     *
     * @return a list of authorization managers
     */
    public Enumeration<IAuthzManager> getAuthzManagers();

    /**
     * Initialize authz info - usually used for BasicAclAuthz
     *
     * @param authzMgrName name of the authorization manager
     * @param accessInfo string representation of the ACL
     * @exception EBaseException if authorization manager is not found
     */
    public void authzMgrAccessInit(String authzMgrName, String accessInfo) throws EBaseException;

    /**
     * Gets an enumeration of authorization manager plugins.
     *
     * @return list of authorization manager plugins
     */
    public Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins();

    /**
     * Gets a single authorization manager plugin implementation
     *
     * @param name given authorization plugin name
     * @return authorization manager plugin
     */
    public IAuthzManager getAuthzManagerPlugin(String name);

    /**
     * Log error message.
     *
     * @param level log level
     * @param msg error message
     */
    public void log(int level, String msg);

    /**
     * Get a hashtable containing all authentication plugins.
     *
     * @return all authentication plugins.
     */
    public Hashtable<String, AuthzMgrPlugin> getPlugins();

    /**
     * Get a hashtable containing all authentication instances.
     *
     * @return all authentication instances.
     */
    public Hashtable<String, AuthzManagerProxy> getInstances();

    /**
     * Get an authorization manager interface for the given name.
     *
     * @param name given authorization manager name.
     * @return an authorization manager interface
     */
    public IAuthzManager get(String name);
}