This patch renames (a better name) and moves to the IAuthzSubsystem interface a method in AuthzSubsystem that may be useful for doing authorisation checks for external principals.
Thanks, Fraser
From 6a1ddf4cf79e40ff0a0702e063afa6e6237f0fb6 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Fri, 25 Nov 2016 21:08:56 +1000 Subject: [PATCH 141/141] Add getAuthzManagerNameByRealm to IAuthzSubsystem The getAuthzManagerByRealm public method is defined in AuthzSubsystem but to support external principals we want to make this part of the IAuthzSubsystem interface, so other classes (e.g. ACLInterceptor) can use it. Part of: https://fedorahosted.org/pki/ticket/1359 --- .../netscape/certsrv/authorization/IAuthzSubsystem.java | 9 +++++++++ .../netscape/cmscore/authorization/AuthzSubsystem.java | 16 +++++++++------- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java index c7d8df56bbfb1bf8af6c51ce491fc1384560b4a8..6fcf8e7b03eb596bb7914912474eeb3c298b6da1 100644 --- a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java +++ b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java @@ -21,6 +21,7 @@ import java.util.Enumeration; import java.util.Hashtable; import com.netscape.certsrv.authentication.IAuthToken; +import com.netscape.certsrv.authorization.EAuthzUnknownRealm; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.ISubsystem; @@ -181,4 +182,12 @@ public interface IAuthzSubsystem extends ISubsystem { * @return an authorization manager interface */ public IAuthzManager get(String name); + + /** + * Given a realm name, return the name of an authz manager for that realm. + * + * @throws EAuthzUnknownRealm if no authz manager is found. + */ + public String getAuthzManagerNameByRealm(String realm) + throws EAuthzUnknownRealm; } diff --git a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java index 31d5e71b4bdd672fa3eae3108824480d87eafdf3..67d12bdff2e716bcea4034726d189a23c6f50796 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java +++ b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java @@ -495,10 +495,7 @@ public class AuthzSubsystem implements IAuthzSubsystem { // if record owner == requester, SUCCESS if ((owner != null) && owner.equals(authToken.getInString(IAuthToken.USER_ID))) return; - String mgrName = getAuthzManagerByRealm(realm); - if (mgrName == null) { - throw new EAuthzUnknownRealm("Realm not found"); - } + String mgrName = getAuthzManagerNameByRealm(realm); AuthzToken authzToken = authorize(mgrName, authToken, resource, operation, realm); if (authzToken == null) { @@ -506,12 +503,17 @@ public class AuthzSubsystem implements IAuthzSubsystem { } } - public String getAuthzManagerByRealm(String realm) throws EBaseException { + public String getAuthzManagerNameByRealm(String realm) throws EAuthzUnknownRealm { for (AuthzManagerProxy proxy : mAuthzMgrInsts.values()) { IAuthzManager mgr = proxy.getAuthzManager(); if (mgr != null) { IConfigStore cfg = mgr.getConfigStore(); - String mgrRealmString = cfg.getString(PROP_REALM, null); + String mgrRealmString = null; + try { + mgrRealmString = cfg.getString(PROP_REALM, null); + } catch (EBaseException e) { + // never mind + } if (mgrRealmString == null) continue; List<String> mgrRealms = Arrays.asList(mgrRealmString.split(",")); @@ -521,7 +523,7 @@ public class AuthzSubsystem implements IAuthzSubsystem { } } } - return null; + throw new EAuthzUnknownRealm("Realm not found"); } } -- 2.7.4
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
