1 13 14 package org.ejbca.core.model.ra; 15 16 import java.io.Serializable ; 17 import java.util.Collection ; 18 import java.util.HashMap ; 19 import java.util.Iterator ; 20 import java.util.TreeMap ; 21 22 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal; 23 import org.ejbca.core.ejb.ra.raadmin.IRaAdminSessionLocal; 24 import org.ejbca.core.model.authorization.AuthorizationDeniedException; 25 import org.ejbca.core.model.authorization.AvailableAccessRules; 26 import org.ejbca.core.model.log.Admin; 27 28 33 public class RAAuthorization implements Serializable { 34 35 36 37 38 public RAAuthorization(Admin admin, IRaAdminSessionLocal raadminsession, IAuthorizationSessionLocal authorizationsession) { 39 this.admin=admin; 40 this.raadminsession=raadminsession; 41 this.authorizationsession=authorizationsession; 42 } 43 44 45 46 51 public String getCAAuthorizationString() { 52 if(authcastring==null){ 53 Iterator iter = this.authorizationsession.getAuthorizedCAIds(admin).iterator(); 54 55 authcastring = ""; 56 57 while(iter.hasNext()){ 58 if(authcastring.equals("")) 59 authcastring = " caid = " + ((Integer ) iter.next()).toString(); 60 else 61 authcastring = authcastring + " OR caid = " + ((Integer ) iter.next()).toString(); 62 } 63 64 if(!authcastring.equals("")) 65 authcastring = "( " + authcastring + " )"; 66 67 } 68 69 return authcastring; 70 } 71 72 77 public String getEndEntityProfileAuthorizationString(boolean includeparanteses){ 78 if(authendentityprofilestring==null){ 79 Collection result = this.authorizationsession.getAuthorizedEndEntityProfileIds(admin, AvailableAccessRules.VIEW_RIGHTS); 80 result.retainAll(this.raadminsession.getAuthorizedEndEntityProfileIds(admin)); 81 Iterator iter = result.iterator(); 82 83 while(iter.hasNext()){ 84 if(authendentityprofilestring == null) 85 authendentityprofilestring = " endEntityprofileId = " + ((Integer ) iter.next()).toString(); 86 else 87 authendentityprofilestring = authendentityprofilestring + " OR endEntityprofileId = " + ((Integer ) iter.next()).toString(); 88 } 89 90 if(authendentityprofilestring != null) 91 authendentityprofilestring = "( " + authendentityprofilestring + " )"; 92 93 } 94 95 return authendentityprofilestring; 96 } 97 98 99 public TreeMap getAuthorizedEndEntityProfileNames(){ 100 if(authprofilenames==null){ 101 authprofilenames = new TreeMap (); 102 Iterator iter = raadminsession.getAuthorizedEndEntityProfileIds(admin).iterator(); 103 HashMap idtonamemap = raadminsession.getEndEntityProfileIdToNameMap(admin); 104 while(iter.hasNext()){ 105 Integer id = (Integer ) iter.next(); 106 authprofilenames.put(idtonamemap.get(id),id); 107 } 108 } 109 return authprofilenames; 110 } 111 112 public TreeMap getCreateAuthorizedEndEntityProfileNames() { 113 if(authcreateprofilenames == null){ 114 authcreateprofilenames = this.authEndEntityProfileNames(AvailableAccessRules.CREATE_RIGHTS); 115 } 116 117 return authcreateprofilenames; 118 } 119 120 public TreeMap getViewAuthorizedEndEntityProfileNames(){ 121 if(authviewprofilenames == null){ 122 authviewprofilenames = this.authEndEntityProfileNames(AvailableAccessRules.VIEW_RIGHTS); 123 } 124 125 126 return authviewprofilenames; 127 } 128 129 public void clear(){ 130 authcastring=null; 131 authendentityprofilestring=null; 132 authprofilenames = null; 133 authcreateprofilenames = null; 134 authviewprofilenames = null; 135 } 136 137 138 public TreeMap authEndEntityProfileNames(String rights) { 139 TreeMap returnval = new TreeMap (); 140 HashMap profilemap = this.raadminsession.getEndEntityProfileIdToNameMap(admin); 141 Iterator iter = raadminsession.getAuthorizedEndEntityProfileIds(admin).iterator(); 142 while(iter.hasNext()){ 143 Integer next = ((Integer ) iter.next()); 144 if(this.endEntityAuthorization(admin, next.intValue(), rights)) 145 returnval.put(profilemap.get(next), next); 146 } 147 148 return returnval; 149 } 150 151 152 155 public boolean endEntityAuthorization(Admin admin, int profileid, String rights){ 156 boolean returnval = false; 157 158 if(admin.getAdminInformation().isSpecialUser()){ 160 return true; 161 } 162 try{ 163 returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX+Integer.toString(profileid)+rights); 164 }catch(AuthorizationDeniedException e){} 165 166 return returnval; 167 } 168 169 170 private String authcastring = null; 172 private String authendentityprofilestring = null; 173 private TreeMap authprofilenames = null; 174 private TreeMap authcreateprofilenames = null; 175 private TreeMap authviewprofilenames = null; 176 private Admin admin; 177 private IAuthorizationSessionLocal authorizationsession; 178 private IRaAdminSessionLocal raadminsession; 179 180 } 181 182 183 | Popular Tags |