1 13 14 package org.ejbca.core.model.authorization; 15 16 import java.util.ArrayList ; 17 import java.util.Collection ; 18 import java.util.HashMap ; 19 import java.util.HashSet ; 20 import java.util.Iterator ; 21 22 28 public class BasicAccessRuleSetEncoder implements java.io.Serializable { 29 30 private boolean forceadvanced = false; 31 32 private int currentrole = BasicAccessRuleSet.ROLE_NONE; 33 private Collection availableroles = new ArrayList (); 34 private HashSet currentcas = new HashSet (); 35 private HashSet availablecas = new HashSet (); 36 private HashSet currentendentityrules = new HashSet (); 37 private ArrayList availableendentityrules = new ArrayList (); 38 private HashSet currentendentityprofiles = new HashSet (); 39 private HashSet availableendentityprofiles = new HashSet (); 40 private HashSet currentotherrules = new HashSet (); 41 private ArrayList availableotherrules = new ArrayList (); 42 43 47 public BasicAccessRuleSetEncoder(Collection currentaccessrules, Collection availableaccessrules, boolean usehardtokens, boolean usekeyrecovery){ 48 HashSet aar = new HashSet (); 49 aar.addAll(availableaccessrules); 50 Iterator iter = currentaccessrules.iterator(); 51 while(iter.hasNext()) aar.add(((AccessRule) iter.next()).getAccessRule()); 52 initAvailableRoles(aar); 53 initAvailableRules(usehardtokens, usekeyrecovery, aar); 54 55 initCurrentRole(currentaccessrules); 56 initCurrentRules(currentaccessrules); 57 58 } 59 60 61 64 public boolean getForceAdvanced(){ 65 return forceadvanced; 66 } 67 68 73 74 public int getCurrentRole(){ 75 return currentrole; 76 } 77 78 83 public Collection getAvailableRoles(){ 84 return availableroles; 85 } 86 87 90 public HashSet getCurrentCAs(){ 91 return currentcas; 92 } 93 94 97 public Collection getAvailableCAs(){ 98 return availablecas; 99 } 100 101 104 public HashSet getCurrentEndEntityRules(){ 105 return currentendentityrules; 106 } 107 108 111 public Collection getAvailableEndEntityRules(){ 112 return availableendentityrules; 113 } 114 115 118 public HashSet getCurrentEndEntityProfiles(){ 119 return currentendentityprofiles; 120 } 121 122 125 public Collection getAvailableEndEntityProfiles(){ 126 return availableendentityprofiles; 127 } 128 129 132 public HashSet getCurrentOtherRules(){ 133 return currentotherrules; 134 } 135 136 139 public Collection getAvailableOtherRules(){ 140 return availableotherrules; 141 } 142 143 private void initAvailableRoles(HashSet availableruleset){ 144 availableroles.add(new Integer (BasicAccessRuleSet.ROLE_NONE)); 145 availableroles.add(new Integer (BasicAccessRuleSet.ROLE_CAADMINISTRATOR)); 146 147 availableroles.add(new Integer (BasicAccessRuleSet.ROLE_RAADMINISTRATOR)); 148 availableroles.add(new Integer (BasicAccessRuleSet.ROLE_SUPERVISOR)); 149 if(availableruleset.contains(AvailableAccessRules.ROLE_SUPERADMINISTRATOR)){ 151 availableroles.add(new Integer (BasicAccessRuleSet.ROLE_SUPERADMINISTRATOR)); 152 } 153 154 } 155 156 private void initCurrentRole(Collection currentaccessrules){ 157 159 if(currentaccessrules.size() >0){ 160 if(isSuperAdministrator(currentaccessrules)){ 161 162 this.currentrole = BasicAccessRuleSet.ROLE_SUPERADMINISTRATOR; 163 }else 164 if(isCAAdministrator(currentaccessrules)){ 166 this.currentrole = BasicAccessRuleSet.ROLE_CAADMINISTRATOR; 167 }else 168 if(isRAAdministrator(currentaccessrules)){ 170 this.currentrole = BasicAccessRuleSet.ROLE_RAADMINISTRATOR; 171 }else 172 if(isSupervisor(currentaccessrules)){ 174 this.currentrole = BasicAccessRuleSet.ROLE_SUPERVISOR; 175 }else 176 this.forceadvanced = true; 177 }else{ 178 this.currentrole = BasicAccessRuleSet.ROLE_NONE; 179 } 180 } 181 182 private boolean isSuperAdministrator(Collection currentaccessrules){ 183 184 boolean returnval = false; 185 if(currentaccessrules.size() ==1){ 186 AccessRule ar = (AccessRule) currentaccessrules.iterator().next(); 187 if(ar.getAccessRule().equals(AvailableAccessRules.ROLE_SUPERADMINISTRATOR) && 188 ar.getRule() == AccessRule.RULE_ACCEPT && 189 !ar.isRecursive()) 190 returnval = true; 191 } 192 193 return returnval; 194 } 195 196 private boolean isCAAdministrator(Collection currentaccessrules){ 197 boolean returnval = false; 198 199 if(currentaccessrules.size() >= 7){ 200 HashSet requiredacceptrecrules = new HashSet (); 201 requiredacceptrecrules.add(AvailableAccessRules.REGULAR_CAFUNCTIONALTY); 202 requiredacceptrecrules.add(AvailableAccessRules.REGULAR_LOGFUNCTIONALITY); 203 requiredacceptrecrules.add(AvailableAccessRules.REGULAR_RAFUNCTIONALITY); 204 requiredacceptrecrules.add(AvailableAccessRules.REGULAR_SYSTEMFUNCTIONALITY); 205 requiredacceptrecrules.add(AvailableAccessRules.ENDENTITYPROFILEBASE); 206 HashSet requiredacceptnonrecrules = new HashSet (); 207 requiredacceptnonrecrules.add(AvailableAccessRules.ROLE_ADMINISTRATOR); 208 requiredacceptnonrecrules.add(AvailableAccessRules.HARDTOKEN_EDITHARDTOKENISSUERS); 209 requiredacceptnonrecrules.add(AvailableAccessRules.HARDTOKEN_EDITHARDTOKENPROFILES); 210 211 Iterator iter = currentaccessrules.iterator(); 212 boolean illegal = false; 213 while(iter.hasNext()){ 214 AccessRule ar = (AccessRule) iter.next(); 215 if(!isAllowedCAAdministratorRule(ar)) 216 if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive() && requiredacceptrecrules.contains(ar.getAccessRule())) 217 requiredacceptrecrules.remove(ar.getAccessRule()); 218 else 219 if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive() && requiredacceptnonrecrules.contains(ar.getAccessRule())) 220 requiredacceptnonrecrules.remove(ar.getAccessRule()); 221 else{ 222 illegal = true; 223 break; 224 } 225 } 226 if(!illegal && requiredacceptrecrules.size()==0 && requiredacceptnonrecrules.size() == 0) 227 returnval = true; 228 229 } 230 231 232 233 return returnval; 234 } 235 236 private boolean isAllowedCAAdministratorRule(AccessRule ar){ 237 boolean returnval = false; 238 239 if(ar.getAccessRule().equals(AvailableAccessRules.CABASE) && ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()) 240 returnval = true; 241 242 if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX) && ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()) 243 returnval = true; 244 245 if(ar.getAccessRule().startsWith(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS) && ar.getRule() == AccessRule.RULE_ACCEPT) 246 returnval = true; 247 248 return returnval; 249 } 250 251 private boolean isRAAdministrator(Collection currentaccessrules){ 252 boolean returnval = false; 253 254 if(currentaccessrules.size() >= 4){ 255 HashSet requiredaccepnonrecrules = new HashSet (); 256 requiredaccepnonrecrules.add(AvailableAccessRules.ROLE_ADMINISTRATOR); 257 requiredaccepnonrecrules.add(AvailableAccessRules.REGULAR_CREATECERTIFICATE); 258 requiredaccepnonrecrules.add(AvailableAccessRules.REGULAR_STORECERTIFICATE); 259 requiredaccepnonrecrules.add(AvailableAccessRules.REGULAR_VIEWCERTIFICATE); 260 261 Iterator iter = currentaccessrules.iterator(); 262 boolean illegal = false; 263 while(iter.hasNext()){ 264 AccessRule ar = (AccessRule) iter.next(); 265 if(!isAllowedRAAdministratorRule(ar)) 266 if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive() && requiredaccepnonrecrules.contains(ar.getAccessRule())) 267 requiredaccepnonrecrules.remove(ar.getAccessRule()); 268 else{ 269 illegal = true; 270 break; 271 } 272 } 273 if(!illegal && requiredaccepnonrecrules.size() == 0) 274 returnval = true; 275 } 276 277 return returnval; 278 } 279 280 281 private boolean isAllowedRAAdministratorRule(AccessRule ar){ 282 boolean returnval = false; 283 284 if(ar.getRule() == AccessRule.RULE_ACCEPT){ 285 if(ar.getAccessRule().equals(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS)) 286 returnval = true; 287 if(ar.isRecursive()){ 288 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWLOG)) 289 returnval = true; 290 if(ar.getAccessRule().equals(AvailableAccessRules.ENDENTITYPROFILEBASE) || 291 ar.getAccessRule().equals(AvailableAccessRules.CABASE)) 292 returnval = true; 293 }else{ 294 if(ar.getAccessRule().startsWith(AvailableAccessRules.REGULAR_RAFUNCTIONALITY + "/") 295 && !ar.getAccessRule().equals(AvailableAccessRules.REGULAR_EDITENDENTITYPROFILES)) 296 returnval = true; 297 if(ar.getAccessRule().startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX)) 298 returnval = true; 299 if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX)) 300 returnval = true; 301 } 302 } 303 return returnval; 304 } 305 306 private boolean isSupervisor(Collection currentaccessrules){ 307 boolean returnval = false; 308 309 if(currentaccessrules.size() >= 2){ 310 HashSet requiredacceptrecrules = new HashSet (); 311 requiredacceptrecrules.add(AvailableAccessRules.REGULAR_VIEWLOG); 312 HashSet requiredacceptnonrecrules = new HashSet (); 313 requiredacceptnonrecrules.add(AvailableAccessRules.ROLE_ADMINISTRATOR); 314 requiredacceptnonrecrules.add(AvailableAccessRules.REGULAR_VIEWCERTIFICATE); 315 Iterator iter = currentaccessrules.iterator(); 316 boolean illegal = false; 317 while(iter.hasNext()){ 318 AccessRule ar = (AccessRule) iter.next(); 319 if(!isAllowedSupervisorRule(ar)) 320 if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive() && requiredacceptrecrules.contains(ar.getAccessRule())) 321 requiredacceptrecrules.remove(ar.getAccessRule()); 322 else 323 if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive() && requiredacceptnonrecrules.contains(ar.getAccessRule())) 324 requiredacceptnonrecrules.remove(ar.getAccessRule()); 325 else{ 326 illegal = true; 327 break; 328 } 329 } 330 if(!illegal && requiredacceptrecrules.size() ==0 && requiredacceptnonrecrules.size() == 0) 331 returnval = true; 332 333 334 } 335 336 return returnval; 337 } 338 339 340 private boolean isAllowedSupervisorRule(AccessRule ar){ 341 boolean returnval = false; 342 343 if(ar.getRule() == AccessRule.RULE_ACCEPT){ 344 if(ar.isRecursive()){ 345 if(ar.getAccessRule().equals(AvailableAccessRules.ENDENTITYPROFILEBASE) || 346 ar.getAccessRule().equals(AvailableAccessRules.CABASE)) 347 returnval = true; 348 }else{ 349 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITY) || 350 ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITYHISTORY) || 351 ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWHARDTOKENS) ) 352 returnval = true; 353 if(ar.getAccessRule().startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX)) 354 returnval = true; 355 if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX)) 356 returnval = true; 357 } 358 } 359 return returnval; 360 } 361 362 private void initAvailableRules(boolean usehardtokens, boolean usekeyrecovery, Collection availableaccessrules){ 363 availableendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_VIEW)); 364 availableendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_VIEWHISTORY)); 365 if(usehardtokens) 366 availableendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS)); 367 availableendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_CREATE)); 368 availableendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_EDIT)); 369 availableendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_DELETE)); 370 availableendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_REVOKE)); 371 availableendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_APPROVE)); 372 if(usekeyrecovery) 373 availableendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_KEYRECOVER)); 374 375 Iterator iter = availableaccessrules.iterator(); 376 while(iter.hasNext()){ 377 String nextrule = (String ) iter.next(); 378 if(nextrule.equals(AvailableAccessRules.CABASE)){ 379 this.availablecas.add(new Integer (BasicAccessRuleSet.CA_ALL)); 380 }else 381 if(nextrule.startsWith(AvailableAccessRules.CAPREFIX)){ 382 this.availablecas.add(new Integer (nextrule.substring(AvailableAccessRules.CAPREFIX.length()))); 383 }else 384 if(nextrule.equals(AvailableAccessRules.ENDENTITYPROFILEBASE)){ 385 this.availableendentityprofiles.add(new Integer (BasicAccessRuleSet.ENDENTITYPROFILE_ALL)); 386 }else 387 if(nextrule.startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX)){ 388 if(nextrule.lastIndexOf('/') <= AvailableAccessRules.ENDENTITYPROFILEPREFIX.length()) 389 this.availableendentityprofiles.add(new Integer (nextrule.substring(AvailableAccessRules.ENDENTITYPROFILEPREFIX.length()))); 390 else 391 this.availableendentityprofiles.add(new Integer (nextrule.substring(AvailableAccessRules.ENDENTITYPROFILEPREFIX.length(), nextrule.lastIndexOf('/')))); 392 } 393 } 394 395 396 this.availableotherrules.add(new Integer (BasicAccessRuleSet.OTHER_VIEWLOG)); 397 if(usehardtokens) 398 this.availableotherrules.add(new Integer (BasicAccessRuleSet.OTHER_ISSUEHARDTOKENS)); 399 400 } 401 402 private void initCurrentRules(Collection currentaccessrules){ 403 Iterator iter = currentaccessrules.iterator(); 404 HashMap endentityrules = new HashMap (); 405 406 Integer general = new Integer (0); 407 endentityrules.put(general, new Integer (0)); 408 409 410 while(iter.hasNext()){ 411 AccessRule ar = (AccessRule) iter.next(); 412 413 if(ar.getAccessRule().startsWith(AvailableAccessRules.REGULAR_RAFUNCTIONALITY) && 414 ar.getAccessRule().length() > AvailableAccessRules.REGULAR_RAFUNCTIONALITY.length() && 415 !ar.getAccessRule().equals(AvailableAccessRules.REGULAR_EDITENDENTITYPROFILES)){ 416 if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()){ 417 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITY)){ 418 419 currentendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_VIEW)); 420 endentityrules.put(general, new Integer (((Integer ) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_VIEW)); 421 }else 422 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWENDENTITYHISTORY)){ 423 currentendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_VIEWHISTORY)); 424 endentityrules.put(general, new Integer (((Integer ) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_VIEWHISTORY)); 425 }else 426 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_CREATEENDENTITY)){ 427 currentendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_CREATE)); 428 endentityrules.put(general, new Integer (((Integer ) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_CREATE)); 429 }else 430 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_DELETEENDENTITY)){ 431 currentendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_DELETE)); 432 endentityrules.put(general, new Integer (((Integer ) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_DELETE)); 433 }else 434 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_EDITENDENTITY)){ 435 currentendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_EDIT)); 436 endentityrules.put(general, new Integer (((Integer ) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_EDIT)); 437 }else 438 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_REVOKEENDENTITY)){ 439 currentendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_REVOKE)); 440 endentityrules.put(general, new Integer (((Integer ) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_REVOKE)); 441 }else 442 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWHARDTOKENS)){ 443 currentendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS)); 444 endentityrules.put(general, new Integer (((Integer ) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS)); 445 }else 446 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_KEYRECOVERY)){ 447 currentendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_KEYRECOVER)); 448 endentityrules.put(general, new Integer (((Integer ) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_KEYRECOVER)); 449 } 450 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_APPROVEENDENTITY)){ 451 currentendentityrules.add(new Integer (BasicAccessRuleSet.ENDENTITY_APPROVE)); 452 endentityrules.put(general, new Integer (((Integer ) endentityrules.get(general)).intValue() + BasicAccessRuleSet.ENDENTITY_APPROVE)); 453 } 454 }else{ 455 this.forceadvanced = true; 456 break; 457 } 458 }else{ 459 if(ar.getAccessRule().equals(AvailableAccessRules.ENDENTITYPROFILEBASE)){ 460 if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()){ 461 this.currentendentityprofiles.add(new Integer (BasicAccessRuleSet.ENDENTITYPROFILE_ALL)); 462 }else{ 463 this.forceadvanced = true; 464 break; 465 } 466 }else 467 if(ar.getAccessRule().startsWith(AvailableAccessRules.ENDENTITYPROFILEPREFIX)){ 468 if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()){ 469 Integer profileid = null; 470 if(ar.getAccessRule().lastIndexOf('/') > AvailableAccessRules.ENDENTITYPROFILEPREFIX.length()){ 471 profileid = new Integer (ar.getAccessRule().substring(AvailableAccessRules.ENDENTITYPROFILEPREFIX.length(), ar.getAccessRule().lastIndexOf('/'))); 472 }else{ 473 this.forceadvanced = true; 474 break; 475 } 476 int currentval = 0; 477 if(endentityrules.get(profileid) != null) 478 currentval = ((Integer ) endentityrules.get(profileid)).intValue(); 479 480 if(ar.getAccessRule().endsWith(AvailableAccessRules.VIEW_RIGHTS)){ 481 currentval += BasicAccessRuleSet.ENDENTITY_VIEW; 482 }else 483 if(ar.getAccessRule().endsWith(AvailableAccessRules.HISTORY_RIGHTS)){ 484 currentval += BasicAccessRuleSet.ENDENTITY_VIEWHISTORY; 485 }else 486 if(ar.getAccessRule().endsWith(AvailableAccessRules.HARDTOKEN_RIGHTS)){ 487 currentval += BasicAccessRuleSet.ENDENTITY_VIEWHARDTOKENS; 488 }else 489 if(ar.getAccessRule().endsWith(AvailableAccessRules.CREATE_RIGHTS)){ 490 currentval += BasicAccessRuleSet.ENDENTITY_CREATE; 491 }else 492 if(ar.getAccessRule().endsWith(AvailableAccessRules.DELETE_RIGHTS)){ 493 currentval += BasicAccessRuleSet.ENDENTITY_DELETE; 494 }else 495 if(ar.getAccessRule().endsWith(AvailableAccessRules.EDIT_RIGHTS)){ 496 currentval += BasicAccessRuleSet.ENDENTITY_EDIT; 497 }else 498 if(ar.getAccessRule().endsWith(AvailableAccessRules.REVOKE_RIGHTS)){ 499 currentval += BasicAccessRuleSet.ENDENTITY_REVOKE; 500 }else 501 if(ar.getAccessRule().endsWith(AvailableAccessRules.KEYRECOVERY_RIGHTS)){ 502 currentval += BasicAccessRuleSet.ENDENTITY_KEYRECOVER; 503 } 504 if(ar.getAccessRule().endsWith(AvailableAccessRules.APPROVAL_RIGHTS)){ 505 currentval += BasicAccessRuleSet.ENDENTITY_APPROVE; 506 } 507 endentityrules.put(profileid, new Integer (currentval)); 508 }else{ 509 this.forceadvanced = true; 510 break; 511 } 512 }else{ 513 if(ar.getAccessRule().equals(AvailableAccessRules.CABASE)){ 514 if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()){ 515 this.currentcas.add(new Integer (BasicAccessRuleSet.CA_ALL)); 516 }else{ 517 this.forceadvanced = true; 518 break; 519 } 520 }else{ 521 if(ar.getAccessRule().startsWith(AvailableAccessRules.CAPREFIX)){ 522 if(ar.getRule() == AccessRule.RULE_ACCEPT && !ar.isRecursive()){ 523 Integer caid = new Integer (ar.getAccessRule().substring(AvailableAccessRules.CAPREFIX.length())); 524 this.currentcas.add(caid); 525 }else{ 526 this.forceadvanced = true; 527 break; 528 } 529 }else{ 530 if(ar.getAccessRule().equals(AvailableAccessRules.REGULAR_VIEWLOG)){ 531 if(ar.getRule() == AccessRule.RULE_ACCEPT && ar.isRecursive()){ 532 this.currentotherrules.add( new Integer (BasicAccessRuleSet.OTHER_VIEWLOG)); 533 }else{ 534 this.forceadvanced = true; 535 break; 536 } 537 }else 538 if(ar.getAccessRule().equals(AvailableAccessRules.HARDTOKEN_ISSUEHARDTOKENS)){ 539 if(ar.getRule() == AccessRule.RULE_ACCEPT){ 540 this.currentotherrules.add( new Integer (BasicAccessRuleSet.OTHER_ISSUEHARDTOKENS)); 541 }else{ 542 this.forceadvanced = true; 543 break; 544 } 545 } 546 } 547 } 548 } 549 } 550 } 551 552 553 554 int endentityruleval = ((Integer ) endentityrules.get(general)).intValue(); 555 556 iter = endentityrules.keySet().iterator(); 557 while(iter.hasNext()){ 558 Integer next = (Integer ) iter.next(); 559 if(!next.equals(general)){ 560 if(((Integer ) endentityrules.get(next)).intValue() == endentityruleval ){ 561 this.currentendentityprofiles.add(next); 562 }else 563 this.forceadvanced = true; 564 } 565 } 566 567 } 568 569 } 570 | Popular Tags |