Class AuthzSubsystem

  • All Implemented Interfaces:
    ISubsystem

    public class AuthzSubsystem
    extends java.lang.Object
    implements ISubsystem
    Default authorization subsystem

    Version:
    $Revision$, $Date$
    Author:
    cfu
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void add​(java.lang.String name, IAuthzManager authzMgrInst)
      Add an authorization manager instance.
      AuthzToken authorize​(java.lang.String authzMgrInstName, IAuthToken authToken, java.lang.String exp)  
      AuthzToken authorize​(java.lang.String authzMgrName, IAuthToken authToken, java.lang.String resource, java.lang.String operation)  
      AuthzToken authorize​(java.lang.String authzMgrInstName, IAuthToken authToken, java.lang.String resource, java.lang.String operation, java.lang.String realm)
      Authorization to the named authorization manager instance
      void authzMgrAccessInit​(java.lang.String authzMgrInstName, java.lang.String accessInfo)
      authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation.
      void checkRealm​(java.lang.String realm, IAuthToken authToken, java.lang.String owner, java.lang.String resource, java.lang.String operation)
      Authorize the user against the specified realm.
      void delete​(java.lang.String name)
      Removes a authorization manager instance.
      IAuthzManager get​(java.lang.String name)
      Gets the authorization manager instance of the specified name.
      IAuthzManager getAuthzManager​(java.lang.String name)
      gets the named authorization manager
      java.lang.String getAuthzManagerNameByRealm​(java.lang.String realm)
      Given a realm name, return the name of an authz manager for that realm.
      IAuthzManager getAuthzManagerPlugin​(java.lang.String name)
      Retrieve a single authz manager instance
      AuthzMgrPlugin getAuthzManagerPluginImpl​(java.lang.String name)
      retrieve a single authz manager plugin by name
      java.util.Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins()
      Enumerate all registered authorization manager plugins.
      java.util.Enumeration<IAuthzManager> getAuthzManagers()
      Enumerate all authorization manager instances.
      java.lang.String[] getConfigParams​(java.lang.String implName)
      Gets configuration parameters for the given authorization manager plugin.
      IConfigStore getConfigStore()
      Returns the root configuration storage of this system.
      java.lang.String getId()
      Retrieves id (name) of this subsystem.
      static AuthzSubsystem getInstance()  
      java.util.Hashtable<java.lang.String,​AuthzManagerProxy> getInstances()
      Get a hashtable containing all authentication instances.
      java.util.Hashtable<java.lang.String,​AuthzMgrPlugin> getPlugins()
      Get a hashtable containing all authentication plugins.
      void init​(IConfigStore config)
      Initializes the authorization subsystem from the config store.
      void setId​(java.lang.String id)
      Sets id string to this subsystem.
      void shutdown()
      shuts down authorization managers one by one.
      void startup()
      registers the administration servlet with the administration subsystem.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • init

        public void init​(IConfigStore config)
                  throws EBaseException
        Initializes the authorization subsystem from the config store. Load Authorization manager plugins, create and initialize initialize authorization manager instances.
        Specified by:
        init in interface ISubsystem
        Parameters:
        config - The configuration store.
        Throws:
        EBaseException - failed to initialize
      • authzMgrAccessInit

        public void authzMgrAccessInit​(java.lang.String authzMgrInstName,
                                       java.lang.String accessInfo)
                                throws EAuthzMgrNotFound,
                                       EBaseException
        authMgrzAccessInit is for servlets who want to initialize their own authorization information before full operation. It is supposed to be called during the init() method of a servlet.
        Parameters:
        authzMgrInstName - The authorization manager name
        accessInfo - the access information to be initialized. currently it's acl string in the format specified in the authorization manager
        Throws:
        EAuthzMgrNotFound
        EBaseException
      • authorize

        public AuthzToken authorize​(java.lang.String authzMgrInstName,
                                    IAuthToken authToken,
                                    java.lang.String resource,
                                    java.lang.String operation,
                                    java.lang.String realm)
                             throws EAuthzMgrNotFound,
                                    EBaseException
        Authorization to the named authorization manager instance
        Parameters:
        authzMgrInstName - The authorization manager name
        authToken - the authentication token associated with a user
        resource - the resource protected by the authorization system
        operation - the operation for resource protected by the authoriz n system
        Returns:
        a authorization token.
        Throws:
        EBaseException - If an error occurs during authorization.
        EAuthzMgrNotFound
      • add

        public void add​(java.lang.String name,
                        IAuthzManager authzMgrInst)
        Add an authorization manager instance.
        Parameters:
        name - name of the authorization manager instance
        authzMgrInst - the authorization manager instance to be added
      • delete

        public void delete​(java.lang.String name)
        Removes a authorization manager instance.
        Parameters:
        name - name of the authorization manager
      • get

        public IAuthzManager get​(java.lang.String name)
        Gets the authorization manager instance of the specified name.
        Parameters:
        name - name of the authorization manager instance
        Returns:
        the named authorization manager instance
      • getAuthzManagers

        public java.util.Enumeration<IAuthzManager> getAuthzManagers()
        Enumerate all authorization manager instances.
      • getAuthzManagerPlugins

        public java.util.Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins()
        Enumerate all registered authorization manager plugins.
      • getAuthzManagerPluginImpl

        public AuthzMgrPlugin getAuthzManagerPluginImpl​(java.lang.String name)
        retrieve a single authz manager plugin by name
      • getAuthzManagerPlugin

        public IAuthzManager getAuthzManagerPlugin​(java.lang.String name)
        Retrieve a single authz manager instance
      • getId

        public java.lang.String getId()
        Retrieves id (name) of this subsystem.
        Specified by:
        getId in interface ISubsystem
        Returns:
        name of the authorization subsystem
      • setId

        public void setId​(java.lang.String id)
                   throws EBaseException
        Sets id string to this subsystem.

        Use with caution. Should not do it when sharing with others

        Specified by:
        setId in interface ISubsystem
        Parameters:
        id - name to be applied to an authorization sybsystem
        Throws:
        EBaseException - failed to set id
      • shutdown

        public void shutdown()
        shuts down authorization managers one by one.

        Specified by:
        shutdown in interface ISubsystem
      • getPlugins

        public java.util.Hashtable<java.lang.String,​AuthzMgrPlugin> getPlugins()
        Get a hashtable containing all authentication plugins.
        Returns:
        all authentication plugins.
      • getInstances

        public java.util.Hashtable<java.lang.String,​AuthzManagerProxy> getInstances()
        Get a hashtable containing all authentication instances.
        Returns:
        all authentication instances.
      • getConfigStore

        public IConfigStore getConfigStore()
        Returns the root configuration storage of this system.

        Specified by:
        getConfigStore in interface ISubsystem
        Returns:
        configuration store of this subsystem
      • getAuthzManager

        public IAuthzManager getAuthzManager​(java.lang.String name)
        gets the named authorization manager
        Parameters:
        name - of the authorization manager
        Returns:
        the named authorization manager
      • checkRealm

        public void checkRealm​(java.lang.String realm,
                               IAuthToken authToken,
                               java.lang.String owner,
                               java.lang.String resource,
                               java.lang.String operation)
                        throws EBaseException
        Authorize the user against the specified realm. Looks for authz manager associated with the plugin and authenticates if present.
        Parameters:
        realm -
        authToken -
        owner - TODO
        resource -
        operation -
        Throws:
        EBaseException - if any error occurs during authentication.
      • getAuthzManagerNameByRealm

        public java.lang.String getAuthzManagerNameByRealm​(java.lang.String realm)
                                                    throws EAuthzUnknownRealm
        Given a realm name, return the name of an authz manager for that realm.
        Throws:
        EAuthzUnknownRealm - if no authz manager is found.