KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > model > authorization > AuthorizationProxy


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.core.model.authorization;
15
16 import java.io.Serializable JavaDoc;
17 import java.util.HashMap JavaDoc;
18
19 import javax.ejb.FinderException JavaDoc;
20
21 import org.ejbca.core.ejb.authorization.AdminGroupDataLocalHome;
22
23
24 /**
25  * A class used to improve performance by proxying administrator authorization request by minimizing the need of traversing
26  * trough the authorization tree and rmi lookups.
27  *
28  * @author TomSelleck
29  * @version $Id: AuthorizationProxy.java,v 1.1 2006/01/17 20:30:56 anatom Exp $
30  */

31 public class AuthorizationProxy implements Serializable JavaDoc {
32
33     // Public Constants.
34

35     /** Creates a new instance of AuthorizationProxy. */
36     public AuthorizationProxy(AdminGroupDataLocalHome admingrouphome,
37                               AccessTree accesstree) {
38               // Get the RaAdminSession instance.
39
authstore = new HashMap JavaDoc();
40        groupstore = new HashMap JavaDoc();
41        this.accesstree = accesstree;
42        this.admingrouphome = admingrouphome;
43     }
44
45
46     /**
47      * Method that first checks in hashmap if administrator already have been checked in accesstree.
48      * If not it looks in the accesstree.
49      */

50   
51     public boolean isAuthorized(AdminInformation admin, String JavaDoc resource){
52       Boolean JavaDoc returnval = null;
53       int adm = 0;
54       
55       if(admin.isSpecialUser()){
56         adm = admin.getSpecialUser();
57       }
58       else
59         adm = admin.getX509Certificate().getSerialNumber().hashCode();
60       int tmp = adm ^ resource.hashCode();
61         // Check if name is in hashmap
62
returnval = (Boolean JavaDoc) authstore.get(new Integer JavaDoc(tmp));
63       
64       if(returnval==null){
65         // Get authorization from access tree
66
returnval = new Boolean JavaDoc(accesstree.isAuthorized(admin, resource));
67           authstore.put(new Integer JavaDoc(tmp),returnval);
68         }
69
70       return returnval.booleanValue();
71     }
72     
73     public boolean isGroupAuthorized(AdminInformation admin,
74                                        int admingrouppk, String JavaDoc resource){
75         Boolean JavaDoc returnval = null;
76                                       
77         int tmp = admingrouppk ^ resource.hashCode();
78           // Check if name is in hashmap
79
returnval = (Boolean JavaDoc) groupstore.get(new Integer JavaDoc(tmp));
80       
81         if(returnval==null){
82           // Get authorization from access tree
83
try {
84                 AdminInformation admgroup = new AdminInformation(admingrouphome.findByPrimaryKey(new Integer JavaDoc(admingrouppk)).getAdminGroupNames());
85                 returnval = new Boolean JavaDoc(accesstree.isAuthorized(admgroup, resource) ||
86                                         accesstree.isAuthorized(admgroup, "/super_administrator"));
87                                                                                                                        
88             } catch (FinderException JavaDoc e) {
89                 returnval = Boolean.FALSE;
90             }
91             groupstore.put(new Integer JavaDoc(tmp),returnval);
92           }
93
94         return returnval.booleanValue();
95                 
96     }
97
98     /**
99      * Method used to clear the proxy, should be called every time administrator priviledges have been
100      * changed.
101      */

102     public void clear(){
103       this.authstore.clear();
104       this.groupstore.clear();
105     }
106
107
108     // Private fields.
109
private HashMap JavaDoc authstore;
110     private HashMap JavaDoc groupstore;
111     private AccessTree accesstree;
112     private AdminGroupDataLocalHome admingrouphome;
113
114 }
115
Popular Tags