Acked by alee: https://github.com/frasertweedale/pki/commit/4a43f08a96f80a44ad0d8fffcb49f70b5d274277
Pushed to master (e2e4b70bab9c81b9007057cafd25447190d6cde4). Thanks, Fraser On Tue, Nov 29, 2016 at 07:12:28PM +1000, Fraser Tweedale wrote: > This patch renames (a better name) and moves to the IAuthzSubsystem > interface a method in AuthzSubsystem that may be useful for doing > authorisation checks for external principals. > > Thanks, > Fraser > From 6a1ddf4cf79e40ff0a0702e063afa6e6237f0fb6 Mon Sep 17 00:00:00 2001 > From: Fraser Tweedale <ftwee...@redhat.com> > Date: Fri, 25 Nov 2016 21:08:56 +1000 > Subject: [PATCH 141/141] Add getAuthzManagerNameByRealm to IAuthzSubsystem > > The getAuthzManagerByRealm public method is defined in > AuthzSubsystem but to support external principals we want to make > this part of the IAuthzSubsystem interface, so other classes (e.g. > ACLInterceptor) can use it. > > Part of: https://fedorahosted.org/pki/ticket/1359 > --- > .../netscape/certsrv/authorization/IAuthzSubsystem.java | 9 +++++++++ > .../netscape/cmscore/authorization/AuthzSubsystem.java | 16 > +++++++++------- > 2 files changed, 18 insertions(+), 7 deletions(-) > > diff --git > a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java > b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java > index > c7d8df56bbfb1bf8af6c51ce491fc1384560b4a8..6fcf8e7b03eb596bb7914912474eeb3c298b6da1 > 100644 > --- a/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java > +++ b/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java > @@ -21,6 +21,7 @@ import java.util.Enumeration; > import java.util.Hashtable; > > import com.netscape.certsrv.authentication.IAuthToken; > +import com.netscape.certsrv.authorization.EAuthzUnknownRealm; > import com.netscape.certsrv.base.EBaseException; > import com.netscape.certsrv.base.ISubsystem; > > @@ -181,4 +182,12 @@ public interface IAuthzSubsystem extends ISubsystem { > * @return an authorization manager interface > */ > public IAuthzManager get(String name); > + > + /** > + * Given a realm name, return the name of an authz manager for that > realm. > + * > + * @throws EAuthzUnknownRealm if no authz manager is found. > + */ > + public String getAuthzManagerNameByRealm(String realm) > + throws EAuthzUnknownRealm; > } > diff --git > a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java > > b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java > index > 31d5e71b4bdd672fa3eae3108824480d87eafdf3..67d12bdff2e716bcea4034726d189a23c6f50796 > 100644 > --- > a/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java > +++ > b/base/server/cmscore/src/com/netscape/cmscore/authorization/AuthzSubsystem.java > @@ -495,10 +495,7 @@ public class AuthzSubsystem implements IAuthzSubsystem { > // if record owner == requester, SUCCESS > if ((owner != null) && > owner.equals(authToken.getInString(IAuthToken.USER_ID))) return; > > - String mgrName = getAuthzManagerByRealm(realm); > - if (mgrName == null) { > - throw new EAuthzUnknownRealm("Realm not found"); > - } > + String mgrName = getAuthzManagerNameByRealm(realm); > > AuthzToken authzToken = authorize(mgrName, authToken, resource, > operation, realm); > if (authzToken == null) { > @@ -506,12 +503,17 @@ public class AuthzSubsystem implements IAuthzSubsystem { > } > } > > - public String getAuthzManagerByRealm(String realm) throws EBaseException > { > + public String getAuthzManagerNameByRealm(String realm) throws > EAuthzUnknownRealm { > for (AuthzManagerProxy proxy : mAuthzMgrInsts.values()) { > IAuthzManager mgr = proxy.getAuthzManager(); > if (mgr != null) { > IConfigStore cfg = mgr.getConfigStore(); > - String mgrRealmString = cfg.getString(PROP_REALM, null); > + String mgrRealmString = null; > + try { > + mgrRealmString = cfg.getString(PROP_REALM, null); > + } catch (EBaseException e) { > + // never mind > + } > if (mgrRealmString == null) continue; > > List<String> mgrRealms = > Arrays.asList(mgrRealmString.split(",")); > @@ -521,7 +523,7 @@ public class AuthzSubsystem implements IAuthzSubsystem { > } > } > } > - return null; > + throw new EAuthzUnknownRealm("Realm not found"); > } > > } > -- > 2.7.4 > > _______________________________________________ > Pki-devel mailing list > Pki-devel@redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel