1 13 14 package org.ejbca.core.model.authorization; 15 16 import java.io.Serializable ; 17 import java.util.ArrayList ; 18 import java.util.Collection ; 19 import java.util.HashMap ; 20 import java.util.Iterator ; 21 22 import org.apache.log4j.Logger; 23 24 30 public class AccessTreeNode implements Serializable { 31 32 private static Logger log = Logger.getLogger(AccessTreeNode.class); 33 34 35 public static final int STATE_UNKNOWN = 1; 38 public static final int STATE_ACCEPT = 2; 39 public static final int STATE_ACCEPT_RECURSIVE = 3; 40 public static final int STATE_DECLINE = 4; 41 public static final int STATE_DECLINE_RECURSIVE = 5; 42 43 44 public AccessTreeNode(String resource) { 45 name=resource; 47 useraccesspairs = new ArrayList (); 48 leafs = new HashMap (); 49 } 50 51 52 public boolean isAuthorized(AdminInformation admininformation, String resource) { 53 log.debug(">isAuthorized: " +resource); 54 boolean retval =isAuthorizedRecursive(admininformation,resource,STATE_DECLINE); log.debug("<isAuthorized: returns " + retval); 56 return retval; 57 } 58 59 60 public void addAccessRule(String subresource, AccessRule accessrule, AdminGroup admingroup) { 61 log.debug(">addAccessRule: " + subresource ); 62 int index; 63 AccessTreeNode next; 64 String nextname; 65 String nextsubresource; 66 67 if(subresource.equals(this.name)){ Object [] accessadmingroupair = {accessrule,admingroup}; 69 useraccesspairs.add(accessadmingroupair); 70 } 71 else{ 72 nextsubresource = subresource.substring(this.name.length()); 73 if((nextsubresource.toCharArray()[0])=='/') 74 nextsubresource = nextsubresource.substring(1); 75 76 index = nextsubresource.indexOf('/'); 77 if(index != -1){ 78 nextname = nextsubresource.substring(0,index); 79 } 80 else{ 81 nextname = nextsubresource; 82 } 83 next= (AccessTreeNode) leafs.get(nextname); 84 if(next == null){ next=new AccessTreeNode(nextname); 86 leafs.put(nextname, next); 87 } 88 90 next.addAccessRule(nextsubresource, accessrule, admingroup); 91 } 92 log.debug("<addAccessRule: " + subresource); 93 } 94 95 private boolean isAuthorizedRecursive(AdminInformation admininformation, String resource, int state){ 96 log.debug("isAuthorizedRecursive: " + " resource: " + resource + " name: "+ this.name + "," +state); 97 int index; 98 int internalstate = STATE_DECLINE; 99 boolean returnval = false; 100 AccessTreeNode next; 101 String nextname = null; 102 String nextsubresource; 103 104 internalstate = matchInformation(admininformation); 105 if(resource.equals(this.name)) { 106 if( state == STATE_ACCEPT_RECURSIVE || internalstate == STATE_ACCEPT || internalstate == STATE_ACCEPT_RECURSIVE ){ 108 if(!(internalstate == STATE_DECLINE || internalstate == STATE_DECLINE_RECURSIVE)) 110 returnval=true; 111 } 112 } 113 else{ 114 nextsubresource = resource.substring(this.name.length()); 116 if((nextsubresource.toCharArray()[0])=='/') 117 nextsubresource = nextsubresource.substring(1); 118 120 index = nextsubresource.indexOf('/'); 121 if(index != -1){ 122 nextname = nextsubresource.substring(0,index); 123 } 124 else { 125 nextname = nextsubresource; 126 } 127 129 next = (AccessTreeNode) leafs.get(nextname); 130 if(next == null ){ 132 if(internalstate == STATE_ACCEPT_RECURSIVE){ 134 returnval=true; 135 } 136 if(state == STATE_ACCEPT_RECURSIVE && internalstate != STATE_DECLINE_RECURSIVE && internalstate != STATE_DECLINE){ 138 returnval=true; 139 } 140 143 } 144 if(next != null){ if(internalstate == STATE_ACCEPT_RECURSIVE || internalstate == STATE_DECLINE_RECURSIVE){ 147 state=internalstate; 148 } 149 returnval=next.isAuthorizedRecursive(admininformation, nextsubresource, state); 151 } 152 } 153 log.debug("<isAthorizedRecursive: returns " + returnval + " : " + resource + "," +state); 154 return returnval; 155 } 156 157 private int matchInformation(AdminInformation admininformation){ 158 log.debug(">matchInformation"); 159 final int ACCESSRULE = 0; 160 final int ADMINGROUP = 1; 161 162 int state = STATE_UNKNOWN; 163 int stateprio = 0; 164 Object [] accessuserpair; 165 Collection adminentities; 166 167 for (int i = 0; i < useraccesspairs.size();i++){ 168 accessuserpair = (Object []) useraccesspairs.get(i); 169 if(admininformation.isGroupUser()){ 170 if(((AdminGroup) accessuserpair[ADMINGROUP]).getAdminGroupId() == admininformation.getGroupId()){ 171 state = ((AccessRule) accessuserpair[ACCESSRULE]).getRuleState(); 172 } 173 }else{ 174 adminentities = ((AdminGroup) accessuserpair[ADMINGROUP]).getAdminEntities(); 175 Iterator iter = adminentities.iterator(); 176 while(iter.hasNext()){ 177 AdminEntity adminentity = (AdminEntity) iter.next(); 178 if(adminentity.match(admininformation)){ 180 int thisuserstate = ((AccessRule) accessuserpair[ACCESSRULE]).getRuleState(); 181 int thisuserstateprio = adminentity.getPriority(); 182 if( stateprio < thisuserstateprio){ 184 state=thisuserstate; 185 stateprio=thisuserstateprio; 186 } 187 else{ 188 if( stateprio == thisuserstateprio){ 189 if(state < thisuserstate){ 191 state=thisuserstate; 192 } 193 } 194 } 195 } 196 } 197 } 198 } 199 log.debug("<matchInformation: returns " + state ); 200 return state; 201 } 202 203 private String name; 205 private ArrayList useraccesspairs; 206 private HashMap leafs; 207 208 } 209 | Popular Tags |