1 13 14 package org.ejbca.core.model.authorization; 15 16 import java.io.Serializable ; 17 import java.rmi.RemoteException ; 18 import java.util.HashMap ; 19 20 import javax.ejb.EJBException ; 21 import javax.naming.InitialContext ; 22 23 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 24 import org.ejbca.core.ejb.authorization.IAuthorizationSessionRemote; 25 import org.ejbca.core.ejb.log.ILogSessionHome; 26 import org.ejbca.core.ejb.log.ILogSessionRemote; 27 import org.ejbca.core.model.log.Admin; 28 import org.ejbca.core.model.log.LogEntry; 29 30 37 public class EndEntityProfileAuthorizationProxy implements Serializable { 38 39 41 public static final String VIEW_RIGHTS = AvailableAccessRules.VIEW_RIGHTS; 42 public static final String EDIT_RIGHTS = AvailableAccessRules.EDIT_RIGHTS; 43 public static final String CREATE_RIGHTS = AvailableAccessRules.CREATE_RIGHTS; 44 public static final String DELETE_RIGHTS = AvailableAccessRules.DELETE_RIGHTS; 45 public static final String REVOKE_RIGHTS = AvailableAccessRules.REVOKE_RIGHTS; 46 public static final String HISTORY_RIGHTS = AvailableAccessRules.HISTORY_RIGHTS; 47 public static final String HARDTOKEN_VIEW_RIGHTS = AvailableAccessRules.HARDTOKEN_RIGHTS; 48 public static final String KEYRECOVERY_RIGHTS = AvailableAccessRules.KEYRECOVERY_RIGHTS; 49 50 51 public EndEntityProfileAuthorizationProxy(IAuthorizationSessionRemote authorizationsession) { 52 profileauthstore = new HashMap (); 54 this.local=false; 55 this.authorizationsessionremote = authorizationsession; 56 } 57 58 public EndEntityProfileAuthorizationProxy(IAuthorizationSessionLocal authorizationsession) { 59 profileauthstore = new HashMap (); 61 this.local=true; 62 this.authorizationsessionlocal = authorizationsession; 63 } 64 65 66 73 public boolean getEndEntityProfileAuthorization(Admin admin, int profileid, String rights, int module) throws RemoteException { 74 return isAuthorized(admin,profileid,rights,true,module); 75 } 76 77 86 public boolean getEndEntityProfileAuthorizationNoLog(Admin admin, int profileid, String rights) throws RemoteException { 87 return isAuthorized(admin,profileid,rights,false, 0); 88 } 89 90 public boolean isAuthorized(Admin admin, int profileid, String rights, boolean log, int module) throws RemoteException { 92 Boolean returnval = null; 93 String resource= null; 94 String adm = null; 95 96 97 if(admin.getAdminInformation().isSpecialUser()){ 98 adm = Integer.toString(admin.getAdminInformation().getSpecialUser()); 99 return true; 101 } 102 adm = new String (admin.getAdminInformation().getX509Certificate().getSignature()); 103 resource = adm + AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights; 104 returnval = (Boolean ) profileauthstore.get(resource); 106 107 if(returnval != null && log){ 108 if(returnval.booleanValue()){ 109 getLogSessionBean().log(admin, admin.getCaId(), module, new java.util.Date (),null, null, LogEntry.EVENT_INFO_AUTHORIZEDTORESOURCE, 110 "Resource : " + AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights); 111 }else{ 112 getLogSessionBean().log(admin, admin.getCaId(), module, new java.util.Date (),null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE, 113 "Resource : " + AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights); 114 } 115 } 116 117 if(returnval==null){ 118 try{ 120 if(local){ 121 if(log) 122 authorizationsessionlocal.isAuthorized(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights); 123 else 124 authorizationsessionlocal.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights); 125 }else{ 126 if(log) 127 authorizationsessionremote.isAuthorized(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights); 128 else 129 authorizationsessionremote.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights); 130 } 131 returnval = Boolean.TRUE; 132 }catch(AuthorizationDeniedException e){ 133 returnval = Boolean.FALSE; 134 } 135 profileauthstore.put(resource,returnval); 136 } 137 138 return returnval.booleanValue(); 139 } 140 141 private ILogSessionRemote getLogSessionBean() { 142 if(logsession == null){ 143 try{ 144 jndicontext = new InitialContext (); 145 ILogSessionHome logsessionhome = (ILogSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("LogSession"),ILogSessionHome.class); 146 logsession = logsessionhome.create(); 147 }catch(Exception e){ 148 throw new EJBException (e.getMessage()); 149 } 150 } 151 return logsession; 152 } 153 154 private boolean local = false; 156 private InitialContext jndicontext; 157 private HashMap profileauthstore; 158 private IAuthorizationSessionRemote authorizationsessionremote; 159 private IAuthorizationSessionLocal authorizationsessionlocal; 160 private ILogSessionRemote logsession; 161 162 } 163 | Popular Tags |