[Pki-devel] [PATCH] 0141 Add getAuthzManagerNameByRealm to IAuthzSubsystem

Fraser Tweedale ftweedal at redhat.com
Mon Dec 12 02:01:12 UTC 2016 

Acked by alee:
https://github.com/frasertweedale/pki/commit/4a43f08a96f80a44ad0d8fffcb49f70b5d274277

Pushed to master (e2e4b70bab9c81b9007057cafd25447190d6cde4).

Thanks,
Fraser

On Tue, Nov 29, 2016 at 07:12:28PM +1000, Fraser Tweedale wrote:
> This patch renames (a better name) and moves to the IAuthzSubsystem
> interface a method in AuthzSubsystem that may be useful for doing
> authorisation checks for external principals.
> 
> Thanks,
> Fraser

> From 6a1ddf4cf79e40ff0a0702e063afa6e6237f0fb6 Mon Sep 17 00:00:00 2001
> From: Fraser Tweedale <ftweedal at redhat.com>
> Date: Fri, 25 Nov 2016 21:08:56 +1000
> Subject: [PATCH 141/141] Add getAuthzManagerNameByRealm to IAuthzSubsystem
> 
> The getAuthzManagerByRealm public method is defined in
> AuthzSubsystem but to support external principals we want to make
> this part of the IAuthzSubsystem interface, so other classes (e.g.
> ACLInterceptor) can use it.
> 
> Part of: https://fedorahosted.org/pki/ticket/1359
> ---
>  .../netscape/certsrv/authorization/IAuthzSubsystem.java  |  9 +++++++++
>  .../netscape/cmscore/authorization/AuthzSubsystem.java   | 16 +++++++++-------
>  2 files changed, 18 insertions(+), 7 deletions(-)
> 
> diff --git a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
> index c7d8df56bbfb1bf8af6c51ce491fc1384560b4a8..6fcf8e7b03eb596bb7914912474eeb3c298b6da1 100644
> --- a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
> +++ b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
> @@ -21,6 +21,7 @@ import java.util.Enumeration;
>  import java.util.Hashtable;
>  
>  import com.netscape.certsrv.authentication.IAuthToken;
> +import com.netscape.certsrv.authorization.EAuthzUnknownRealm;
>  import com.netscape.certsrv.base.EBaseException;
>  import com.netscape.certsrv.base.ISubsystem;
>  
> @@ -181,4 +182,12 @@ public interface IAuthzSubsystem extends ISubsystem {
>       * @return an authorization manager interface
>       */
>      public IAuthzManager get(String name);
> +
> +    /**
> +     * Given a realm name, return the name of an authz manager for that realm.
> +     *
> +     * @throws EAuthzUnknownRealm if no authz manager is found.
> +     */
> +    public String getAuthzManagerNameByRealm(String realm)
> +        throws EAuthzUnknownRealm;
>  }
> diff --git a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
> index 31d5e71b4bdd672fa3eae3108824480d87eafdf3..67d12bdff2e716bcea4034726d189a23c6f50796 100644
> --- a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
> +++ b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
> @@ -495,10 +495,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
>          // if record owner == requester, SUCCESS
>          if ((owner != null) && owner.equals(authToken.getInString(IAuthToken.USER_ID))) return;
>  
> -        String mgrName = getAuthzManagerByRealm(realm);
> -        if (mgrName == null) {
> -            throw new EAuthzUnknownRealm("Realm not found");
> -        }
> +        String mgrName = getAuthzManagerNameByRealm(realm);
>  
>          AuthzToken authzToken = authorize(mgrName, authToken, resource, operation, realm);
>          if (authzToken == null) {
> @@ -506,12 +503,17 @@ public class AuthzSubsystem implements IAuthzSubsystem {
>          }
>      }
>  
> -    public String getAuthzManagerByRealm(String realm) throws EBaseException {
> +    public String getAuthzManagerNameByRealm(String realm) throws EAuthzUnknownRealm {
>          for (AuthzManagerProxy proxy : mAuthzMgrInsts.values()) {
>              IAuthzManager mgr = proxy.getAuthzManager();
>              if (mgr != null) {
>                  IConfigStore cfg = mgr.getConfigStore();
> -                String mgrRealmString = cfg.getString(PROP_REALM, null);
> +                String mgrRealmString = null;
> +                try {
> +                    mgrRealmString = cfg.getString(PROP_REALM, null);
> +                } catch (EBaseException e) {
> +                    // never mind
> +                }
>                  if (mgrRealmString == null) continue;
>  
>                  List<String> mgrRealms = Arrays.asList(mgrRealmString.split(","));
> @@ -521,7 +523,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
>                  }
>              }
>          }
> -        return null;
> +        throw new EAuthzUnknownRealm("Realm not found");
>      }
>  
>  }
> -- 
> 2.7.4
> 

> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list