Modifier and Type | Class and Description |
---|---|
class |
ExternalAuthToken
Authentication token that wraps an externally authenticated
principal to return.
|
Modifier and Type | Method and Description |
---|---|
char[] |
ISharedToken.getSharedToken(java.lang.String identification,
IAuthToken authToken) |
Modifier and Type | Method and Description |
---|---|
boolean |
IAccessEvaluator.evaluate(IAuthToken authToken,
java.lang.String type,
java.lang.String op,
java.lang.String value)
Evaluates if the given value satisfies the access
control in authToken obtained from Authentication.
|
Modifier and Type | Method and Description |
---|---|
IAuthToken |
IRequest.getExtDataInAuthToken(java.lang.String key)
Retrieves an authtoken.
|
Modifier and Type | Method and Description |
---|---|
boolean |
IRequest.setExtData(java.lang.String key,
IAuthToken data)
Stores an AuthToken the same as a Hashtable.
|
Modifier and Type | Method and Description |
---|---|
IAuthToken |
TokenAuthentication.authenticate(IAuthCredentials authCred)
authenticates user(agent) by certificate
|
IAuthToken |
SessionAuthentication.authenticate(IAuthCredentials authCred)
Authenticate user.
|
IAuthToken |
SSLclientCertAuthentication.authenticate(IAuthCredentials authCred)
authenticates user by certificate
|
IAuthToken |
HashAuthentication.authenticate(IAuthCredentials authCreds)
Authenticates a user based on uid, pwd in the directory.
|
IAuthToken |
FlatFileAuth.authenticate(IAuthCredentials authCred)
Authenticate the request
|
IAuthToken |
DirBasedAuthentication.authenticate(IAuthCredentials authCred)
Authenticates user through LDAP by a set of credentials.
|
IAuthToken |
CMCAuth.authenticate(IAuthCredentials authCred)
Authenticates user by their CMC;
resulting AuthToken sets a TOKEN_SUBJECT for the subject name.
|
IAuthToken |
AgentCertAuthentication.authenticate(IAuthCredentials authCred)
authenticates user(agent) by certificate
|
IAuthToken |
HashAuthentication.getAuthToken(java.lang.String key) |
protected IAuthToken |
CMCAuth.verifySignerInfo(SessionContext auditContext,
AuthToken authToken,
org.mozilla.jss.pkix.cms.SignedData cmcFullReq) |
Modifier and Type | Method and Description |
---|---|
void |
HashAuthentication.addAuthToken(java.lang.String pageID,
IAuthToken token) |
char[] |
SharedSecret.getSharedToken(java.lang.String identification,
IAuthToken authToken)
getSharedToken(String identification, IAuthToken authToken) provides
support for id_cmc_identification shared secret based enrollment
|
void |
UserPwdDirAuthentication.populate(IAuthToken token,
IRequest request) |
void |
UidPwdPinDirAuthentication.populate(IAuthToken token,
IRequest request) |
void |
UidPwdDirAuthentication.populate(IAuthToken token,
IRequest request) |
void |
TokenAuthentication.populate(IAuthToken token,
IRequest request) |
void |
SessionAuthentication.populate(IAuthToken token,
IRequest request) |
void |
SSLclientCertAuthentication.populate(IAuthToken token,
IRequest request) |
void |
FlatFileAuth.populate(IAuthToken token,
IRequest request) |
void |
CMCAuth.populate(IAuthToken token,
IRequest request) |
void |
AgentCertAuthentication.populate(IAuthToken token,
IRequest request) |
Modifier and Type | Method and Description |
---|---|
AuthzToken |
BasicGroupAuthz.authorize(IAuthToken authToken,
java.lang.String expression) |
AuthzToken |
AAclAuthz.authorize(IAuthToken authToken,
java.lang.String expression) |
AuthzToken |
BasicGroupAuthz.authorize(IAuthToken authToken,
java.lang.String resource,
java.lang.String operation) |
AuthzToken |
AAclAuthz.authorize(IAuthToken authToken,
java.lang.String resource,
java.lang.String operation)
check the authorization permission for the user associated with
authToken on operation
Example:
For example, if UsrGrpAdminServlet needs to authorize the
caller it would do be done in the following fashion:
try {
authzTok = mAuthz.authorize(
"DirAclAuthz", authToken, RES_GROUP, "read");
} catch (EBaseException e) {
logger.warn("authorize call: " + e.getMessage(), e);
}
|
protected boolean |
AAclAuthz.checkAllowEntries(IAuthToken authToken,
java.lang.Iterable<java.lang.String> nodes,
java.lang.String perm) |
protected void |
AAclAuthz.checkDenyEntries(IAuthToken authToken,
java.lang.Iterable<java.lang.String> nodes,
java.lang.String perm)
throw EACLsException if a deny entry is matched
|
void |
AAclAuthz.checkPermission(IAuthToken authToken,
java.lang.String name,
java.lang.String perm)
Checks if the permission is granted or denied with id from authtoken
gotten from authentication that precedes authorization.
|
boolean |
AAclAuthz.evaluateACLs(IAuthToken authToken,
java.lang.String exp) |
Modifier and Type | Method and Description |
---|---|
boolean |
UserOrigReqAccessEvaluator.evaluate(IAuthToken authToken,
java.lang.String type,
java.lang.String op,
java.lang.String value)
Evaluates the user in AuthToken to see if it's equal to value
|
boolean |
UserAccessEvaluator.evaluate(IAuthToken authToken,
java.lang.String type,
java.lang.String op,
java.lang.String value)
Evaluates the user in AuthToken to see if it's equal to value
|
boolean |
IPAddressAccessEvaluator.evaluate(IAuthToken authToken,
java.lang.String type,
java.lang.String op,
java.lang.String value)
Gets the IP address from session context
|
boolean |
GroupAccessEvaluator.evaluate(IAuthToken authToken,
java.lang.String type,
java.lang.String op,
java.lang.String value)
evaluates uid in AuthToken to see if it has membership in
group value
|
Modifier and Type | Method and Description |
---|---|
void |
ProfileAuthenticator.populate(IAuthToken token,
IRequest request)
Populates authentication specific information into the
request for auditing purposes.
|
Modifier and Type | Method and Description |
---|---|
abstract void |
Profile.submit(IAuthToken token,
IRequest request)
Handles end-user request submission.
|
void |
EnrollProfile.submit(IAuthToken token,
IRequest request)
This method is called after the user submits the
request from the end-entity page.
|
Modifier and Type | Method and Description |
---|---|
IAuthToken |
PKIPrincipal.getAuthToken() |
Modifier and Type | Method and Description |
---|---|
protected java.security.Principal |
PKIRealm.getPrincipal(java.lang.String username,
IAuthToken authToken) |
protected java.security.Principal |
PKIRealm.getPrincipal(com.netscape.cmscore.usrgrp.User user,
IAuthToken authToken) |
Constructor and Description |
---|
PKIPrincipal(com.netscape.cmscore.usrgrp.User user,
java.lang.String password,
java.util.List<java.lang.String> roles,
IAuthToken authToken) |
Modifier and Type | Method and Description |
---|---|
boolean |
AdminServlet.authorize(IAuthToken token)
authorize a user based on its authentication credentials.
|
Modifier and Type | Method and Description |
---|---|
IAuthToken |
CMSServlet.authenticate(CMSRequest req) |
IAuthToken |
CMSServlet.authenticate(CMSRequest req,
java.lang.String authMgrName) |
IAuthToken |
CMSServlet.authenticate(javax.servlet.http.HttpServletRequest httpReq) |
IAuthToken |
CMSServlet.authenticate(javax.servlet.http.HttpServletRequest httpReq,
java.lang.String authMgrName)
Authentication
|
protected IAuthToken |
CMSServlet.getAuthToken(IRequest req) |
Modifier and Type | Method and Description |
---|---|
AuthzToken |
CMSServlet.authorize(java.lang.String authzMgrName,
IAuthToken authToken,
java.lang.String resource,
java.lang.String operation)
Authorize must occur after Authenticate
|
AuthzToken |
CMSServlet.authorize(java.lang.String authzMgrName,
java.lang.String resource,
IAuthToken authToken,
java.lang.String exp) |
protected static void |
CMSServlet.saveAuthToken(IAuthToken token,
IRequest req) |
Modifier and Type | Method and Description |
---|---|
static IAuthToken |
CMSGateway.checkAuthManager(javax.servlet.http.HttpServletRequest httpReq,
IArgBlock httpParams,
java.security.cert.X509Certificate cert,
java.lang.String authMgrName) |
Modifier and Type | Method and Description |
---|---|
protected IAuthToken |
CloneServlet.authenticate(java.security.cert.X509Certificate peerCert) |
Modifier and Type | Method and Description |
---|---|
protected IPKIMessage |
ConnectorServlet.processRequest(java.lang.String source,
java.lang.String sourceUserId,
IPKIMessage msg,
IAuthToken token)
Process request
|
protected IPKIMessage |
CloneServlet.processRequest(java.lang.String source,
java.lang.String sourceUserId,
IPKIMessage msg,
IAuthToken token) |
Modifier and Type | Method and Description |
---|---|
void |
KeyRequestDAO.approveRequest(RequestId id,
java.lang.String requestor,
IAuthToken authToken) |
void |
KeyRequestDAO.cancelRequest(RequestId id,
IAuthToken authToken) |
IRequest |
KeyRequestDAO.createRecoveryRequest(KeyRecoveryRequest data,
javax.ws.rs.core.UriInfo uriInfo,
java.lang.String requestor,
IAuthToken authToken,
boolean ephemeral) |
KeyRequestInfo |
KeyRequestDAO.getRequest(RequestId id,
javax.ws.rs.core.UriInfo uriInfo,
IAuthToken authToken)
Gets info for a specific request
|
void |
KeyRequestDAO.rejectRequest(RequestId id,
IAuthToken authToken) |
KeyRequestResponse |
KeyRequestDAO.submitAsyncKeyRecoveryRequest(KeyRecoveryRequest data,
javax.ws.rs.core.UriInfo uriInfo,
java.lang.String requestor,
IAuthToken authToken) |
KeyRequestResponse |
KeyRequestDAO.submitRequest(KeyRecoveryRequest data,
javax.ws.rs.core.UriInfo uriInfo,
java.lang.String requestor,
IAuthToken authToken)
Submits a key recovery request.
|
Modifier and Type | Method and Description |
---|---|
void |
PKCS10Processor.fillCertInfo(org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10,
org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
IAuthToken authToken,
IArgBlock httpParams) |
protected void |
PKIProcessor.fillCertInfo(java.lang.String protocolString,
org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
IAuthToken authToken,
IArgBlock httpParams) |
void |
PKCS10Processor.fillCertInfo(java.lang.String protocolString,
org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
IAuthToken authToken,
IArgBlock httpParams) |
void |
KeyGenProcessor.fillCertInfo(java.lang.String protocolString,
org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
IAuthToken authToken,
IArgBlock httpParams) |
void |
CMCProcessor.fillCertInfo(java.lang.String protocolString,
org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
IAuthToken authToken,
IArgBlock httpParams) |
protected org.mozilla.jss.netscape.security.x509.X509CertInfo[] |
PKIProcessor.fillCertInfoArray(java.lang.String protocolString,
IAuthToken authToken,
IArgBlock httpParams,
IRequest req) |
org.mozilla.jss.netscape.security.x509.X509CertInfo[] |
CRMFProcessor.fillCertInfoArray(java.lang.String protocolString,
IAuthToken authToken,
IArgBlock httpParams,
IRequest req) |
org.mozilla.jss.netscape.security.x509.X509CertInfo[] |
CMCProcessor.fillCertInfoArray(java.lang.String protocolString,
IAuthToken authToken,
IArgBlock httpParams,
IRequest req) |
static void |
PKIProcessor.fillCertInfoFromAuthToken(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo,
IAuthToken authToken)
fill subject name, validity, extensions from authoken if any,
overriding what was in pkcs10.
|
org.mozilla.jss.netscape.security.x509.X509CertInfo |
CRMFProcessor.processIndividualRequest(org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg,
IAuthToken authToken,
IArgBlock httpParams) |
Modifier and Type | Class and Description |
---|---|
class |
AuthToken
Authentication token returned by Authentication Managers.
|
Modifier and Type | Method and Description |
---|---|
IAuthToken |
AuthManager.authenticate(IAuthCredentials authCred)
Authenticate the given credentials.
|
Modifier and Type | Method and Description |
---|---|
AuthzToken |
IAuthzManager.authorize(IAuthToken authToken,
java.lang.String expression) |
AuthzToken |
IAuthzManager.authorize(IAuthToken authToken,
java.lang.String resource,
java.lang.String operation)
Check if the user is authorized to perform the given operation on the
given resource.
|