KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > core > model > ra > RAAuthorization


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13  
14 package org.ejbca.core.model.ra;
15
16 import java.io.Serializable JavaDoc;
17 import java.util.Collection JavaDoc;
18 import java.util.HashMap JavaDoc;
19 import java.util.Iterator JavaDoc;
20 import java.util.TreeMap JavaDoc;
21
22 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;
23 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal;
24 import org.ejbca.core.model.authorization.AuthorizationDeniedException;
25 import org.ejbca.core.model.authorization.AvailableAccessRules;
26 import org.ejbca.core.model.log.Admin;
27
28 /**
29  * A class that looks up the which CA:s or end entity profiles the administrator is authorized to view.
30  *
31  * @version $Id: RAAuthorization.java,v 1.2 2006/08/09 07:29:51 herrvendil Exp $
32  */
33 public class RAAuthorization implements Serializable JavaDoc {
34     
35   
36     
37     /** Creates a new instance of RAAuthorization. */
38     public RAAuthorization(Admin admin, IRaAdminSessionLocal raadminsession, IAuthorizationSessionLocal authorizationsession) {
39       this.admin=admin;
40       this.raadminsession=raadminsession;
41       this.authorizationsession=authorizationsession;
42     }
43
44     
45     
46     /**
47      * Method that checks the administrators CA privileges and returns a string that should be used in where clause of userdata SQL queries.
48      *
49      * @return a string of administrators CA privileges that should be used in the where clause of SQL queries.
50      */
51     public String JavaDoc getCAAuthorizationString() {
52       if(authcastring==null){
53         Iterator JavaDoc iter = this.authorizationsession.getAuthorizedCAIds(admin).iterator();
54          
55         authcastring = "";
56         
57         while(iter.hasNext()){
58           if(authcastring.equals(""))
59             authcastring = " caid = " + ((Integer JavaDoc) iter.next()).toString();
60           else
61             authcastring = authcastring + " OR caid = " + ((Integer JavaDoc) iter.next()).toString();
62         }
63         
64         if(!authcastring.equals(""))
65           authcastring = "( " + authcastring + " )";
66  
67       }
68       
69       return authcastring;
70     }
71     
72     /**
73      * Method that checks the administrators end entity profile privileges and returns a string that should be used in where clause of userdata SQL queries.
74      *
75      * @return a string of end entity profile privileges that should be used in the where clause of SQL queries.
76      */
77     public String JavaDoc getEndEntityProfileAuthorizationString(boolean includeparanteses){
78       if(authendentityprofilestring==null){
79         Collection JavaDoc result = this.authorizationsession.getAuthorizedEndEntityProfileIds(admin, AvailableAccessRules.VIEW_RIGHTS);
80         result.retainAll(this.raadminsession.getAuthorizedEndEntityProfileIds(admin));
81         Iterator JavaDoc iter = result.iterator();
82                             
83         while(iter.hasNext()){
84           if(authendentityprofilestring == null)
85             authendentityprofilestring = " endEntityprofileId = " + ((Integer JavaDoc) iter.next()).toString();
86           else
87             authendentityprofilestring = authendentityprofilestring + " OR endEntityprofileId = " + ((Integer JavaDoc) iter.next()).toString();
88         }
89         
90         if(authendentityprofilestring != null)
91           authendentityprofilestring = "( " + authendentityprofilestring + " )";
92           
93       }
94         
95       return authendentityprofilestring;
96     }
97     
98     
99     public TreeMap JavaDoc getAuthorizedEndEntityProfileNames(){
100       if(authprofilenames==null){
101         authprofilenames = new TreeMap JavaDoc();
102         Iterator JavaDoc iter = raadminsession.getAuthorizedEndEntityProfileIds(admin).iterator();
103         HashMap JavaDoc idtonamemap = raadminsession.getEndEntityProfileIdToNameMap(admin);
104         while(iter.hasNext()){
105           Integer JavaDoc id = (Integer JavaDoc) iter.next();
106           authprofilenames.put(idtonamemap.get(id),id);
107         }
108       }
109       return authprofilenames;
110     }
111     
112     public TreeMap JavaDoc getCreateAuthorizedEndEntityProfileNames() {
113         if(authcreateprofilenames == null){
114             authcreateprofilenames = this.authEndEntityProfileNames(AvailableAccessRules.CREATE_RIGHTS);
115         }
116            
117         return authcreateprofilenames;
118     }
119           
120     public TreeMap JavaDoc getViewAuthorizedEndEntityProfileNames(){
121       if(authviewprofilenames == null){
122           authviewprofilenames = this.authEndEntityProfileNames(AvailableAccessRules.VIEW_RIGHTS);
123       }
124       
125       
126       return authviewprofilenames;
127     }
128     
129     public void clear(){
130       authcastring=null;
131       authendentityprofilestring=null;
132       authprofilenames = null;
133       authcreateprofilenames = null;
134       authviewprofilenames = null;
135     }
136     
137     
138     public TreeMap JavaDoc authEndEntityProfileNames(String JavaDoc rights) {
139       TreeMap JavaDoc returnval = new TreeMap JavaDoc();
140       HashMap JavaDoc profilemap = this.raadminsession.getEndEntityProfileIdToNameMap(admin);
141       Iterator JavaDoc iter = raadminsession.getAuthorizedEndEntityProfileIds(admin).iterator();
142       while(iter.hasNext()){
143         Integer JavaDoc next = ((Integer JavaDoc) iter.next());
144         if(this.endEntityAuthorization(admin, next.intValue(), rights))
145           returnval.put(profilemap.get(next), next);
146       }
147       
148       return returnval;
149     }
150     
151     
152     /**
153      * Help function used to check end entity profile authorization.
154      */
155     public boolean endEntityAuthorization(Admin admin, int profileid, String JavaDoc rights){
156       boolean returnval = false;
157       
158       // TODO FIX
159 if(admin.getAdminInformation().isSpecialUser()){
160         return true;
161       }
162       try{
163            returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights);
164       }catch(AuthorizationDeniedException e){}
165
166       return returnval;
167     }
168
169     
170     // Private fields.
171 private String JavaDoc authcastring = null;
172     private String JavaDoc authendentityprofilestring = null;
173     private TreeMap JavaDoc authprofilenames = null;
174     private TreeMap JavaDoc authcreateprofilenames = null;
175     private TreeMap JavaDoc authviewprofilenames = null;
176     private Admin admin;
177     private IAuthorizationSessionLocal authorizationsession;
178     private IRaAdminSessionLocal raadminsession;
179
180 }
181
182
183
Popular Tags