[Pki-devel] [PATCH] 0141 Add getAuthzManagerNameByRealm to IAuthzSubsystem
Fraser Tweedale
ftweedal at redhat.com
Mon Dec 12 02:01:12 UTC 2016
Acked by alee:
https://github.com/frasertweedale/pki/commit/4a43f08a96f80a44ad0d8fffcb49f70b5d274277
Pushed to master (e2e4b70bab9c81b9007057cafd25447190d6cde4).
Thanks,
Fraser
On Tue, Nov 29, 2016 at 07:12:28PM +1000, Fraser Tweedale wrote:
> This patch renames (a better name) and moves to the IAuthzSubsystem
> interface a method in AuthzSubsystem that may be useful for doing
> authorisation checks for external principals.
>
> Thanks,
> Fraser
> From 6a1ddf4cf79e40ff0a0702e063afa6e6237f0fb6 Mon Sep 17 00:00:00 2001
> From: Fraser Tweedale <ftweedal at redhat.com>
> Date: Fri, 25 Nov 2016 21:08:56 +1000
> Subject: [PATCH 141/141] Add getAuthzManagerNameByRealm to IAuthzSubsystem
>
> The getAuthzManagerByRealm public method is defined in
> AuthzSubsystem but to support external principals we want to make
> this part of the IAuthzSubsystem interface, so other classes (e.g.
> ACLInterceptor) can use it.
>
> Part of: https://fedorahosted.org/pki/ticket/1359
> ---
> .../netscape/certsrv/authorization/IAuthzSubsystem.java | 9 +++++++++
> .../netscape/cmscore/authorization/AuthzSubsystem.java | 16 +++++++++-------
> 2 files changed, 18 insertions(+), 7 deletions(-)
>
> diff --git a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
> index c7d8df56bbfb1bf8af6c51ce491fc1384560b4a8..6fcf8e7b03eb596bb7914912474eeb3c298b6da1 100644
> --- a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
> +++ b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
> @@ -21,6 +21,7 @@ import java.util.Enumeration;
> import java.util.Hashtable;
>
> import com.netscape.certsrv.authentication.IAuthToken;
> +import com.netscape.certsrv.authorization.EAuthzUnknownRealm;
> import com.netscape.certsrv.base.EBaseException;
> import com.netscape.certsrv.base.ISubsystem;
>
> @@ -181,4 +182,12 @@ public interface IAuthzSubsystem extends ISubsystem {
> * @return an authorization manager interface
> */
> public IAuthzManager get(String name);
> +
> + /**
> + * Given a realm name, return the name of an authz manager for that realm.
> + *
> + * @throws EAuthzUnknownRealm if no authz manager is found.
> + */
> + public String getAuthzManagerNameByRealm(String realm)
> + throws EAuthzUnknownRealm;
> }
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
> index 31d5e71b4bdd672fa3eae3108824480d87eafdf3..67d12bdff2e716bcea4034726d189a23c6f50796 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
> @@ -495,10 +495,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
> // if record owner == requester, SUCCESS
> if ((owner != null) && owner.equals(authToken.getInString(IAuthToken.USER_ID))) return;
>
> - String mgrName = getAuthzManagerByRealm(realm);
> - if (mgrName == null) {
> - throw new EAuthzUnknownRealm("Realm not found");
> - }
> + String mgrName = getAuthzManagerNameByRealm(realm);
>
> AuthzToken authzToken = authorize(mgrName, authToken, resource, operation, realm);
> if (authzToken == null) {
> @@ -506,12 +503,17 @@ public class AuthzSubsystem implements IAuthzSubsystem {
> }
> }
>
> - public String getAuthzManagerByRealm(String realm) throws EBaseException {
> + public String getAuthzManagerNameByRealm(String realm) throws EAuthzUnknownRealm {
> for (AuthzManagerProxy proxy : mAuthzMgrInsts.values()) {
> IAuthzManager mgr = proxy.getAuthzManager();
> if (mgr != null) {
> IConfigStore cfg = mgr.getConfigStore();
> - String mgrRealmString = cfg.getString(PROP_REALM, null);
> + String mgrRealmString = null;
> + try {
> + mgrRealmString = cfg.getString(PROP_REALM, null);
> + } catch (EBaseException e) {
> + // never mind
> + }
> if (mgrRealmString == null) continue;
>
> List<String> mgrRealms = Arrays.asList(mgrRealmString.split(","));
> @@ -521,7 +523,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
> }
> }
> }
> - return null;
> + throw new EAuthzUnknownRealm("Realm not found");
> }
>
> }
> --
> 2.7.4
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list