AuthorizationProxy


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13   
14  package org.ejbca.core.model.authorization;
15  
16  import java.io.Serializable  ;
17  import java.util.HashMap  ;
18  
19  import javax.ejb.FinderException  ;
20  
21  import org.ejbca.core.ejb.authorization.AdminGroupDataLocalHome;
22  
23  
24  /**
25   * A class used to improve performance by proxying administrator authorization request by minimizing the need of traversing
26   * trough the authorization tree and rmi lookups. 
27   *
28   * @author  TomSelleck
29   * @version $Id: AuthorizationProxy.java,v 1.1 2006/01/17 20:30:56 anatom Exp $
30   */
31  public class AuthorizationProxy implements Serializable   {
32  
33      // Public Constants.
34      
35      /** Creates a new instance of AuthorizationProxy. */
36      public AuthorizationProxy(AdminGroupDataLocalHome admingrouphome, 
37                                AccessTree accesstree) {
38                // Get the RaAdminSession instance.
39         authstore = new HashMap  ();
40         groupstore = new HashMap  ();
41         this.accesstree = accesstree;
42         this.admingrouphome = admingrouphome;
43      }
44  
45  
46      /**
47       * Method that first checks in hashmap if administrator already have been checked in accesstree.
48       * If not it looks in the accesstree.
49       */
50    
51      public boolean isAuthorized(AdminInformation admin, String   resource){
52        Boolean   returnval = null;
53        int adm = 0;
54        
55        if(admin.isSpecialUser()){
56          adm = admin.getSpecialUser();
57        }
58        else
59          adm = admin.getX509Certificate().getSerialNumber().hashCode();
60        int tmp = adm ^ resource.hashCode();
61          // Check if name is in hashmap
62        returnval = (Boolean  ) authstore.get(new Integer  (tmp));
63        
64        if(returnval==null){          
65          // Get authorization from access tree
66            returnval = new Boolean  (accesstree.isAuthorized(admin, resource));
67            authstore.put(new Integer  (tmp),returnval);      
68          }
69  
70        return returnval.booleanValue();
71      }
72      
73      public boolean isGroupAuthorized(AdminInformation admin, 
74                                         int admingrouppk, String   resource){
75          Boolean   returnval = null;
76                                        
77          int tmp = admingrouppk ^ resource.hashCode();
78            // Check if name is in hashmap
79          returnval = (Boolean  ) groupstore.get(new Integer  (tmp));
80        
81          if(returnval==null){          
82            // Get authorization from access tree
83              try {
84                  AdminInformation admgroup = new AdminInformation(admingrouphome.findByPrimaryKey(new Integer  (admingrouppk)).getAdminGroupNames());              
85                  returnval = new Boolean  (accesstree.isAuthorized(admgroup, resource) || 
86                                          accesstree.isAuthorized(admgroup, "/super_administrator"));
87                                                                                                                         
88              } catch (FinderException   e) {
89                  returnval = Boolean.FALSE;
90              }
91              groupstore.put(new Integer  (tmp),returnval);      
92            }
93  
94          return returnval.booleanValue();
95                  
96      }
97  
98      /**
99       * Method used to clear the proxy, should be called every time administrator priviledges have been
100      * changed. 
101      */
102     public void clear(){
103       this.authstore.clear();
104       this.groupstore.clear();   
105     }
106 
107 
108     // Private fields.
109     private HashMap                       authstore;
110     private HashMap                       groupstore;
111     private AccessTree                  accesstree;
112     private AdminGroupDataLocalHome     admingrouphome;
113 
114 }
115
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags