Java > Open Source Codes > org > ejbca > core > model > authorization > EndEntityProfileAuthorizationProxy


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13  
14 package org.ejbca.core.model.authorization;
15
16 import java.io.Serializable ;
17 import java.rmi.RemoteException ;
18 import java.util.HashMap ;
19
20 import javax.ejb.EJBException ;
21 import javax.naming.InitialContext ;
22
23 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;
24 import org.ejbca.core.ejb.authorization.IAuthorizationSessionRemote;
25 import org.ejbca.core.ejb.log.ILogSessionHome;
26 import org.ejbca.core.ejb.log.ILogSessionRemote;
27 import org.ejbca.core.model.log.Admin;
28 import org.ejbca.core.model.log.LogEntry;
29
30 /**
31  * A class used to improve performance by proxying a users end entity profile authorization minimizing the need of traversing
32  * trough the authorization tree and rmi lookups. It's use should only be within short time to avoid desyncronisation.
33  *
34  * @author TomSelleck
35  * @version $Id: EndEntityProfileAuthorizationProxy.java,v 1.1 2006/01/17 20:30:56 anatom Exp $
36  */
37 public class EndEntityProfileAuthorizationProxy implements Serializable {
38
39     // Public Constants.
40 /* Constants specifying the kind user access rights to look for, */
41     public static final String VIEW_RIGHTS = AvailableAccessRules.VIEW_RIGHTS;
42     public static final String EDIT_RIGHTS = AvailableAccessRules.EDIT_RIGHTS;
43     public static final String CREATE_RIGHTS = AvailableAccessRules.CREATE_RIGHTS;
44     public static final String DELETE_RIGHTS = AvailableAccessRules.DELETE_RIGHTS;
45     public static final String REVOKE_RIGHTS = AvailableAccessRules.REVOKE_RIGHTS;
46     public static final String HISTORY_RIGHTS = AvailableAccessRules.HISTORY_RIGHTS;
47     public static final String HARDTOKEN_VIEW_RIGHTS = AvailableAccessRules.HARDTOKEN_RIGHTS;
48     public static final String KEYRECOVERY_RIGHTS = AvailableAccessRules.KEYRECOVERY_RIGHTS;
49     
50     /** Creates a new instance of ProfileAuthorizationProxy. */
51     public EndEntityProfileAuthorizationProxy(IAuthorizationSessionRemote authorizationsession) {
52               // Get the RaAdminSession instance.
53 profileauthstore = new HashMap ();
54        this.local=false;
55        this.authorizationsessionremote = authorizationsession;
56     }
57
58     public EndEntityProfileAuthorizationProxy(IAuthorizationSessionLocal authorizationsession) {
59               // Get the RaAdminSession instance.
60 profileauthstore = new HashMap ();
61        this.local=true;
62        this.authorizationsessionlocal = authorizationsession;
63     }
64
65
66     /**
67      * Method that first tries to authorize a users profile right in local hashmap and if it doesn't exists looks it up over RMI.
68      *
69      * @param profileid the profile to look up.
70      * @param rights which profile rights to look for.
71      * @return the profilename or null if no profilename is relatied to the given id
72      */
73     public boolean getEndEntityProfileAuthorization(Admin admin, int profileid, String rights, int module) throws RemoteException {
74       return isAuthorized(admin,profileid,rights,true,module);
75     }
76
77     /**
78      * Method that first tries to authorize a users profile right in local hashmap and if it doesn't exists looks it up over RMI, without
79      * performing any logging.
80      *
81      *
82      * @param profileid the profile to look up.
83      * @param rights which profile rights to look for.
84      * @return the profilename or null if no profilename is relatied to the given id
85      */
86     public boolean getEndEntityProfileAuthorizationNoLog(Admin admin, int profileid, String rights) throws RemoteException {
87       return isAuthorized(admin,profileid,rights,false, 0);
88     }
89
90     // Private Methods
91 public boolean isAuthorized(Admin admin, int profileid, String rights, boolean log, int module) throws RemoteException {
92         Boolean returnval = null;
93         String resource= null;
94         String adm = null;
95         
96         
97         if(admin.getAdminInformation().isSpecialUser()){
98             adm = Integer.toString(admin.getAdminInformation().getSpecialUser());
99             // TODO Fix
100 return true;
101         }
102         adm = new String (admin.getAdminInformation().getX509Certificate().getSignature());
103         resource = adm + AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights;
104         // Check if name is in hashmap
105 returnval = (Boolean ) profileauthstore.get(resource);
106         
107         if(returnval != null && log){
108             if(returnval.booleanValue()){
109                 getLogSessionBean().log(admin, admin.getCaId(), module, new java.util.Date (),null, null, LogEntry.EVENT_INFO_AUTHORIZEDTORESOURCE,
110                         "Resource : " + AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights);
111             }else{
112                 getLogSessionBean().log(admin, admin.getCaId(), module, new java.util.Date (),null, null, LogEntry.EVENT_ERROR_NOTAUTHORIZEDTORESOURCE,
113                         "Resource : " + AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights);
114             }
115         }
116         
117         if(returnval==null){
118             // Retreive profilename over RMI
119 try{
120                 if(local){
121                     if(log)
122                         authorizationsessionlocal.isAuthorized(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights);
123                     else
124                         authorizationsessionlocal.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights);
125                 }else{
126                     if(log)
127                         authorizationsessionremote.isAuthorized(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights);
128                     else
129                         authorizationsessionremote.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights);
130                 }
131                 returnval = Boolean.TRUE;
132             }catch(AuthorizationDeniedException e){
133                 returnval = Boolean.FALSE;
134             }
135             profileauthstore.put(resource,returnval);
136         }
137         
138         return returnval.booleanValue();
139     }
140
141     private ILogSessionRemote getLogSessionBean() {
142       if(logsession == null){
143         try{
144           jndicontext = new InitialContext ();
145           ILogSessionHome logsessionhome = (ILogSessionHome) javax.rmi.PortableRemoteObject.narrow(jndicontext.lookup("LogSession"),ILogSessionHome.class);
146           logsession = logsessionhome.create();
147         }catch(Exception e){
148            throw new EJBException (e.getMessage());
149         }
150       }
151       return logsession;
152     }
153
154     // Private fields.
155 private boolean local = false;
156     private InitialContext jndicontext;
157     private HashMap profileauthstore;
158     private IAuthorizationSessionRemote authorizationsessionremote;
159     private IAuthorizationSessionLocal authorizationsessionlocal;
160     private ILogSessionRemote logsession;
161
162 }
163

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags