[Pki-devel] [PATCH] 0141 Add getAuthzManagerNameByRealm to IAuthzSubsystem
Fraser Tweedale
ftweedal at redhat.com
Tue Nov 29 09:12:28 UTC 2016
This patch renames (a better name) and moves to the IAuthzSubsystem
interface a method in AuthzSubsystem that may be useful for doing
authorisation checks for external principals.
Thanks,
Fraser
-------------- next part --------------
From 6a1ddf4cf79e40ff0a0702e063afa6e6237f0fb6 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Fri, 25 Nov 2016 21:08:56 +1000
Subject: [PATCH 141/141] Add getAuthzManagerNameByRealm to IAuthzSubsystem
The getAuthzManagerByRealm public method is defined in
AuthzSubsystem but to support external principals we want to make
this part of the IAuthzSubsystem interface, so other classes (e.g.
ACLInterceptor) can use it.
Part of: https://fedorahosted.org/pki/ticket/1359
---
.../netscape/certsrv/authorization/IAuthzSubsystem.java | 9 +++++++++
.../netscape/cmscore/authorization/AuthzSubsystem.java | 16 +++++++++-------
2 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
index c7d8df56bbfb1bf8af6c51ce491fc1384560b4a8..6fcf8e7b03eb596bb7914912474eeb3c298b6da1 100644
--- a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
+++ b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
@@ -21,6 +21,7 @@ import java.util.Enumeration;
import java.util.Hashtable;
import com.netscape.certsrv.authentication.IAuthToken;
+import com.netscape.certsrv.authorization.EAuthzUnknownRealm;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.ISubsystem;
@@ -181,4 +182,12 @@ public interface IAuthzSubsystem extends ISubsystem {
* @return an authorization manager interface
*/
public IAuthzManager get(String name);
+
+ /**
+ * Given a realm name, return the name of an authz manager for that realm.
+ *
+ * @throws EAuthzUnknownRealm if no authz manager is found.
+ */
+ public String getAuthzManagerNameByRealm(String realm)
+ throws EAuthzUnknownRealm;
}
diff --git a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
index 31d5e71b4bdd672fa3eae3108824480d87eafdf3..67d12bdff2e716bcea4034726d189a23c6f50796 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
@@ -495,10 +495,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
// if record owner == requester, SUCCESS
if ((owner != null) && owner.equals(authToken.getInString(IAuthToken.USER_ID))) return;
- String mgrName = getAuthzManagerByRealm(realm);
- if (mgrName == null) {
- throw new EAuthzUnknownRealm("Realm not found");
- }
+ String mgrName = getAuthzManagerNameByRealm(realm);
AuthzToken authzToken = authorize(mgrName, authToken, resource, operation, realm);
if (authzToken == null) {
@@ -506,12 +503,17 @@ public class AuthzSubsystem implements IAuthzSubsystem {
}
}
- public String getAuthzManagerByRealm(String realm) throws EBaseException {
+ public String getAuthzManagerNameByRealm(String realm) throws EAuthzUnknownRealm {
for (AuthzManagerProxy proxy : mAuthzMgrInsts.values()) {
IAuthzManager mgr = proxy.getAuthzManager();
if (mgr != null) {
IConfigStore cfg = mgr.getConfigStore();
- String mgrRealmString = cfg.getString(PROP_REALM, null);
+ String mgrRealmString = null;
+ try {
+ mgrRealmString = cfg.getString(PROP_REALM, null);
+ } catch (EBaseException e) {
+ // never mind
+ }
if (mgrRealmString == null) continue;
List<String> mgrRealms = Arrays.asList(mgrRealmString.split(","));
@@ -521,7 +523,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
}
}
}
- return null;
+ throw new EAuthzUnknownRealm("Realm not found");
}
}
--
2.7.4
More information about the Pki-devel
mailing list