KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > model > authorization > AccessTreeNode


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.core.model.authorization;
15
16 import java.io.Serializable JavaDoc;
17 import java.util.ArrayList JavaDoc;
18 import java.util.Collection JavaDoc;
19 import java.util.HashMap JavaDoc;
20 import java.util.Iterator JavaDoc;
21
22 import org.apache.log4j.Logger;
23
24 /**
25  * The building component of the AccessTree. All nodes consist of these objects.
26  *
27  * @author Philip Vendil
28  * @version $Id: AccessTreeNode.java,v 1.1 2006/01/17 20:30:56 anatom Exp $
29  */

30 public class AccessTreeNode implements Serializable JavaDoc{
31
32     private static Logger log = Logger.getLogger(AccessTreeNode.class);
33
34
35     // Private Constants
36
// OBSERVE that the order is important!!
37
public static final int STATE_UNKNOWN = 1;
38     public static final int STATE_ACCEPT = 2;
39     public static final int STATE_ACCEPT_RECURSIVE = 3;
40     public static final int STATE_DECLINE = 4;
41     public static final int STATE_DECLINE_RECURSIVE = 5;
42
43     /** Creates a new instance of AccessTreeNode */
44     public AccessTreeNode(String JavaDoc resource) {
45         //log.debug(">AccessTreeNode:" +resource);
46
name=resource;
47         useraccesspairs = new ArrayList JavaDoc();
48         leafs = new HashMap JavaDoc();
49     }
50
51     /** Checks the tree if the users X509Certificate is athorized to view the requested resource */
52     public boolean isAuthorized(AdminInformation admininformation, String JavaDoc resource) {
53         log.debug(">isAuthorized: " +resource);
54         boolean retval =isAuthorizedRecursive(admininformation,resource,STATE_DECLINE); // Default is to decline access.
55
log.debug("<isAuthorized: returns " + retval);
56         return retval;
57     }
58
59      /** Adds an access rule with associated admingroup to the tree. */
60      public void addAccessRule(String JavaDoc subresource, AccessRule accessrule, AdminGroup admingroup) {
61        log.debug(">addAccessRule: " + subresource );
62        int index;
63        AccessTreeNode next;
64        String JavaDoc nextname;
65        String JavaDoc nextsubresource;
66
67        if(subresource.equals(this.name)){ // Root is a special case.
68
Object JavaDoc[] accessadmingroupair = {accessrule,admingroup};
69            useraccesspairs.add(accessadmingroupair);
70        }
71        else{
72            nextsubresource = subresource.substring(this.name.length());
73            if((nextsubresource.toCharArray()[0])=='/')
74              nextsubresource = nextsubresource.substring(1);
75
76            index = nextsubresource.indexOf('/');
77            if(index != -1){
78              nextname = nextsubresource.substring(0,index);
79            }
80            else{
81              nextname = nextsubresource;
82            }
83            next= (AccessTreeNode) leafs.get(nextname);
84            if(next == null){ // Doesn't exist, create.
85
next=new AccessTreeNode(nextname);
86               leafs.put(nextname, next);
87            }
88            //log.debug(this.name + " --> ");
89

90            next.addAccessRule(nextsubresource, accessrule, admingroup);
91        }
92        log.debug("<addAccessRule: " + subresource);
93      }
94
95     private boolean isAuthorizedRecursive(AdminInformation admininformation, String JavaDoc resource, int state){
96        log.debug("isAuthorizedRecursive: " + " resource: " + resource + " name: "+ this.name + "," +state);
97        int index;
98        int internalstate = STATE_DECLINE;
99        boolean returnval = false;
100        AccessTreeNode next;
101        String JavaDoc nextname = null;
102        String JavaDoc nextsubresource;
103
104        internalstate = matchInformation(admininformation);
105        if(resource.equals(this.name)) {
106          // If this resource have state accept recursive state is given
107
if( state == STATE_ACCEPT_RECURSIVE || internalstate == STATE_ACCEPT || internalstate == STATE_ACCEPT_RECURSIVE ){
108              // If this resource's rule set don't says decline.
109
if(!(internalstate == STATE_DECLINE || internalstate == STATE_DECLINE_RECURSIVE))
110              returnval=true;
111          }
112        }
113        else{
114          //log.debug(" resource : " + resource);
115
nextsubresource = resource.substring(this.name.length());
116          if((nextsubresource.toCharArray()[0])=='/')
117          nextsubresource = nextsubresource.substring(1);
118          //log.debug(" nextresource : " + nextsubresource);
119

120          index = nextsubresource.indexOf('/');
121          if(index != -1){
122              nextname = nextsubresource.substring(0,index);
123          }
124          else {
125            nextname = nextsubresource;
126          }
127          //log.debug(" nextname : " + nextname);
128

129          next = (AccessTreeNode) leafs.get(nextname);
130          if(next == null ){ // resource path doesn't exist
131

132             // If internal state isn't decline recusive is accept recursive.
133
if(internalstate == STATE_ACCEPT_RECURSIVE){
134                returnval=true;
135             }
136             // If state accept recursive is given and internal state isn't decline recusive.
137
if(state == STATE_ACCEPT_RECURSIVE && internalstate != STATE_DECLINE_RECURSIVE && internalstate != STATE_DECLINE){
138               returnval=true;
139             }
140        /* if(internalstate == STATE_ACCEPT && lastresource){
141               returnval=true;
142             } */

143          }
144          if(next != null){ // resource path exists.
145
// If internalstate is accept recursive or decline recusive.
146
if(internalstate == STATE_ACCEPT_RECURSIVE || internalstate == STATE_DECLINE_RECURSIVE){
147              state=internalstate;
148            }
149            //log.debug(this.name + " --> ");
150
returnval=next.isAuthorizedRecursive(admininformation, nextsubresource, state);
151          }
152        }
153        log.debug("<isAthorizedRecursive: returns " + returnval + " : " + resource + "," +state);
154        return returnval;
155     }
156
157        private int matchInformation(AdminInformation admininformation){
158           log.debug(">matchInformation");
159           final int ACCESSRULE = 0;
160           final int ADMINGROUP = 1;
161
162           int state = STATE_UNKNOWN;
163           int stateprio = 0;
164           Object JavaDoc[] accessuserpair;
165           Collection JavaDoc adminentities;
166            
167           for (int i = 0; i < useraccesspairs.size();i++){
168             accessuserpair = (Object JavaDoc[]) useraccesspairs.get(i);
169             if(admininformation.isGroupUser()){
170               if(((AdminGroup) accessuserpair[ADMINGROUP]).getAdminGroupId() == admininformation.getGroupId()){
171                 state = ((AccessRule) accessuserpair[ACCESSRULE]).getRuleState();
172               }
173             }else{
174               adminentities = ((AdminGroup) accessuserpair[ADMINGROUP]).getAdminEntities();
175               Iterator JavaDoc iter = adminentities.iterator();
176               while(iter.hasNext()){
177                 AdminEntity adminentity = (AdminEntity) iter.next();
178                 // If user entity match.
179
if(adminentity.match(admininformation)){
180                   int thisuserstate = ((AccessRule) accessuserpair[ACCESSRULE]).getRuleState();
181                   int thisuserstateprio = adminentity.getPriority();
182                   // If rule has higher priority, it's state is to be used.
183
if( stateprio < thisuserstateprio){
184                     state=thisuserstate;
185                     stateprio=thisuserstateprio;
186                   }
187                   else{
188                     if( stateprio == thisuserstateprio){
189                       // If the priority is the same then decline has priority over accept.
190
if(state < thisuserstate){
191                         state=thisuserstate;
192                       }
193                     }
194                   }
195                 }
196               }
197             }
198           }
199           log.debug("<matchInformation: returns " + state );
200           return state;
201        }
202
203     // Private fields.
204
private String JavaDoc name;
205     private ArrayList JavaDoc useraccesspairs;
206     private HashMap JavaDoc leafs;
207
208 }
209
Popular Tags