Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.tivoli.pd.rgy.authz
Class AuthzRgyRegistryFactory

java.lang.Object
  extended by com.tivoli.pd.rgy.authz.AuthzRgyRegistryFactory

public class AuthzRgyRegistryFactory
extends java.lang.Object

Provides Authorization and Audit facilities for other RgyRegistry instances. The Authorization uses the Java PDAdmin API's PDAuthorizationContext. Both Authorization and Audit can be independently used.

Field Summary
static java.lang.String AUTHZ_ENABLE_AUTHORIZATION
           
static java.lang.String AUTHZ_INITIALIZE_PDADMIN
           
static java.lang.String AUTHZ_PDAUTHORIZATIONCONTEXT_PWD
           
static java.lang.String AUTHZ_PDAUTHORIZATIONCONTEXT_USER
           
 
Method Summary
static PDAuthorizationContext getPdAuthzContext(RgyRegistry rgyRegistry)
          Obtains the PDAuthorizationContext being used the the supplied RgyRegistry but only if the RgyRegistry is an instance of AuthzRgyRegistry, and only if a PDAuthorizationContext is being used.
static RgyRegistry getRgyRegistryInstance(java.util.Properties properties, java.util.Map<java.lang.String,java.lang.Object> enhancements, RgyRegistry wrappedRgyRegistry, PDAuthorizationContext pdAuthzContext, java.lang.String adminUserId)
          Creates a unique instance of AuthzRgyRegistry each invocation configured using the supplied properties and enhancements, and it uses the provided PDAuthorizatonContext to authorize the provided adminUserId when using this API.
static RgyRegistry getRgyRegistryInstance(java.net.URL propertiesUrl, java.util.Map<java.lang.String,java.lang.Object> enhancements, RgyRegistry wrappedRgyRegistry)
          Creates a unique instance of AuthzRgyRegistry each invocation configured using the supplied properties and enhancements.
static RgyRegistry getRgyRegistryInstance(java.net.URL propertiesUrl, java.util.Map<java.lang.String,java.lang.Object> enhancements, RgyRegistry wrappedRgyRegistry, PDAuthorizationContext pdAuthzContext, java.lang.String adminUserId)
          Creates a unique instance of AuthzRgyRegistry each invocation configured using the supplied properties and enhancements, and it uses the provided PDAuthorizatonContext to authorize the provided adminUserId when using this API.
static void updateAdminId(RgyRegistry rgyRegistry, java.lang.String adminUserId)
          Updates the admin user ID use for authorization checks.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

AUTHZ_ENABLE_AUTHORIZATION

public static final java.lang.String AUTHZ_ENABLE_AUTHORIZATION
See Also:
Constant Field Values

AUTHZ_PDAUTHORIZATIONCONTEXT_USER

public static final java.lang.String AUTHZ_PDAUTHORIZATIONCONTEXT_USER
See Also:
Constant Field Values

AUTHZ_PDAUTHORIZATIONCONTEXT_PWD

public static final java.lang.String AUTHZ_PDAUTHORIZATIONCONTEXT_PWD
See Also:
Constant Field Values

AUTHZ_INITIALIZE_PDADMIN

public static final java.lang.String AUTHZ_INITIALIZE_PDADMIN
See Also:
Constant Field Values
Method Detail

getRgyRegistryInstance

public static RgyRegistry getRgyRegistryInstance(java.net.URL propertiesUrl,
                                                 java.util.Map<java.lang.String,java.lang.Object> enhancements,
                                                 RgyRegistry wrappedRgyRegistry)
                                          throws RgyException
Creates a unique instance of AuthzRgyRegistry each invocation configured using the supplied properties and enhancements. If authz.enable-authorization is set to true in the propertiesUrl supplied, then the propertiesUrl file must also contain configuration sufficient to create a PDAuthorizationContext. This PDAuthorizationContext will be used to authorize access to the wrappedRgyRegistry. For this case, you must also respect the PDAuthorizationContext limitations of only allowing one instance per unique propertiesUrl file. if both authz.pdauthorizatoncontext-user and authz.pdauthorizatoncontext-pwd are provided in the configuration file, then PDAuthorizationContext(user, pwd) instance will be created. If authz.pdauthorizatoncontext-pwd is not provided, then a regular PDAuthorizationContext() instance will be created. authz.pdauthorizatoncontext-user is also used for the name of the user to check authorization against for all operations.

Parameters:
propertiesUrl - File containing properties to configure this AuthzRgyRegistry instance, and possibly a PDAuthorizationContext.
enhancements - May be null, currently unused.
wrappedRgyRegistry - The RgyRegistry instance to Authorize access to, and/or Audit.
Returns:
Instance of AuthzRgyRegistry.
Throws:
RgyException - If an error occurs during setup.

getRgyRegistryInstance

public static RgyRegistry getRgyRegistryInstance(java.util.Properties properties,
                                                 java.util.Map<java.lang.String,java.lang.Object> enhancements,
                                                 RgyRegistry wrappedRgyRegistry,
                                                 PDAuthorizationContext pdAuthzContext,
                                                 java.lang.String adminUserId)
                                          throws RgyException
Creates a unique instance of AuthzRgyRegistry each invocation configured using the supplied properties and enhancements, and it uses the provided PDAuthorizatonContext to authorize the provided adminUserId when using this API. If PDAuthorizationContext is null, no authorization will be performed, just auditing, if configured.

The authz.enable-authorization setting is ignored, and the authorization enablement will depend on the value for pdAuthzContext.

Parameters:
properties - Properties to configure this AuthzRgyRegistry instance.
enhancements - May be null, currently unused.
wrappedRgyRegistry - The RgyRegistry instance to Authorize access to, and/or Audit.
pdAuthzContext - If non-null this will be used to authorize access to the wrappedRgyRegistry. If null, no authorization will occur.
adminUserId - If pdAuthzContext is specified this user will be used for authorization checks. authz.pdauthorizatoncontext-user will be ignored.
Returns:
Instance of AuthzRgyRegistry.
Throws:
RgyException - If an error occurs during setup.

getRgyRegistryInstance

public static RgyRegistry getRgyRegistryInstance(java.net.URL propertiesUrl,
                                                 java.util.Map<java.lang.String,java.lang.Object> enhancements,
                                                 RgyRegistry wrappedRgyRegistry,
                                                 PDAuthorizationContext pdAuthzContext,
                                                 java.lang.String adminUserId)
                                          throws RgyException
Creates a unique instance of AuthzRgyRegistry each invocation configured using the supplied properties and enhancements, and it uses the provided PDAuthorizatonContext to authorize the provided adminUserId when using this API. If PDAuthorizationContext is null, no authorization will be performed, just auditing, if configured.

The authz.enable-authorization setting is ignored, and the authorization enablement will depend on the value for pdAuthzContext.

Parameters:
propertiesUrl - Properties to configure this AuthzRgyRegistry instance.
enhancements - May be null, currently unused.
wrappedRgyRegistry - The RgyRegistry instance to Authorize access to, and/or Audit.
pdAuthzContext - If non-null this will be used to authorize access to the wrappedRgyRegistry. If null, no authorization will occur.
adminUserId - If pdAuthzContext is specified this user will be used for authorization checks. authz.pdauthorizatoncontext-user will be ignored.
Returns:
Instance of AuthzRgyRegistry.
Throws:
RgyException - If an error occurs during setup.

updateAdminId

public static void updateAdminId(RgyRegistry rgyRegistry,
                                 java.lang.String adminUserId)
                          throws ConfigurationErrorRgyException
Updates the admin user ID use for authorization checks. This would be used if the admin user ID needed to change to a different value, or the admin user credentials cached by the registry are out of date due to an update to the admin user account. This method will be ignored if authorization is not enabled.

Parameters:
rgyRegistry - An AuthzRgyRegisry instance to update.
adminUserId - The admin user SAM ID to fetch credentials for and use.
Throws:
ConfigurationErrorRgyException - adminUserID is not valid.

getPdAuthzContext

public static PDAuthorizationContext getPdAuthzContext(RgyRegistry rgyRegistry)
Obtains the PDAuthorizationContext being used the the supplied RgyRegistry but only if the RgyRegistry is an instance of AuthzRgyRegistry, and only if a PDAuthorizationContext is being used.

Parameters:
rgyRegistry - The AuthzRgyRegistry to fetch the PDAuthorizationContext from.
Returns:
PDAuthorizatonContext instance, or null if none is present or the RgyRegistry is not a AuthzRgyRegistry.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD