KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ejbca > ui > web > admin > configuration > AuthorizationDataHandler


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/

13  
14 package org.ejbca.ui.web.admin.configuration;
15
16 import java.security.cert.X509Certificate JavaDoc;
17 import java.util.Collection JavaDoc;
18 import java.util.Iterator JavaDoc;
19
20 import org.ejbca.core.ejb.authorization.IAuthorizationSessionLocal;
21 import org.ejbca.core.model.authorization.AccessRule;
22 import org.ejbca.core.model.authorization.AdminGroup;
23 import org.ejbca.core.model.authorization.AdminGroupExistsException;
24 import org.ejbca.core.model.authorization.AuthenticationFailedException;
25 import org.ejbca.core.model.authorization.AuthorizationDeniedException;
26 import org.ejbca.core.model.authorization.AvailableAccessRules;
27 import org.ejbca.core.model.log.Admin;
28
29
30 /**
31  * A class handling the authorization data.
32  *
33  * @author Philip Vendil
34  * @version $Id: AuthorizationDataHandler.java,v 1.1 2006/01/17 20:32:19 anatom Exp $
35  */

36 public class AuthorizationDataHandler implements java.io.Serializable JavaDoc {
37
38     /** Creates a new instance of ProfileDataHandler */
39     public AuthorizationDataHandler(Admin administrator, InformationMemory informationmemory, IAuthorizationSessionLocal authorizationsession){
40        this.authorizationsession = authorizationsession;
41               
42        this.administrator = administrator;
43        this.informationmemory = informationmemory;
44    }
45     // Public methods.
46
/**
47      * Method to check if a admin is authorized to a resource
48      *
49      * @param admin information about the administrator to be authorized.
50      * @param resource the resource to look up.
51      * @return true if authorizes
52      * @throws AuthorizationDeniedException when authorization is denied.
53      */

54     public boolean isAuthorized(Admin admin, String JavaDoc resource) throws AuthorizationDeniedException{
55       return authorizationsession.isAuthorized(admin, resource);
56     }
57
58     /**
59      * Method to check if a admin is authorized to a resource without performing any logging.
60      *
61      * @param admin information about the administrator to be authorized.
62      * @param resource the resource to look up.
63      * @return true if authorizes
64      * @throws AuthorizationDeniedException when authorization is denied.
65      */

66     public boolean isAuthorizedNoLog(Admin admin, String JavaDoc resource) throws AuthorizationDeniedException{
67       return authorizationsession.isAuthorizedNoLog(admin, resource);
68     }
69
70     /**
71      * Method that authenticates a certificate by checking validity and lookup if certificate is revoked.
72      *
73      * @param certificate the certificate to be authenticated.
74      *
75      * @throws AuthenticationFailedException if authentication failed.
76      */

77     public void authenticate(X509Certificate JavaDoc certificate) throws AuthenticationFailedException {
78       authorizationsession.authenticate(certificate);
79     }
80
81     // Methods used with admingroup data
82
/** Method to add a new admingroup to the administrator priviledges data.*/
83     public void addAdminGroup(String JavaDoc name, int caid) throws AdminGroupExistsException, AuthorizationDeniedException{
84         // Authorized to edit administrative priviledges
85
authorizationsession.isAuthorized(administrator, "/system_functionality/edit_administrator_privileges");
86         // Authorized to given CA.
87
authorizationsession.isAuthorized(administrator, AvailableAccessRules.CAPREFIX + caid);
88       authorizationsession.addAdminGroup(administrator, name,caid);
89       informationmemory.administrativePriviledgesEdited();
90       this.authorizedadmingroups = null;
91     }
92
93     /** Method to remove a admingroup.*/
94     public void removeAdminGroup(String JavaDoc name, int caid) throws AuthorizationDeniedException{
95       authorizedToEditAdministratorPrivileges(name, caid);
96       authorizationsession.removeAdminGroup(administrator, name,caid);
97       informationmemory.administrativePriviledgesEdited();
98       this.authorizedadmingroups = null;
99     }
100
101     /** Method to rename a admingroup. */
102     public void renameAdminGroup(String JavaDoc oldname, String JavaDoc newname, int caid) throws AdminGroupExistsException, AuthorizationDeniedException{
103       authorizedToEditAdministratorPrivileges(oldname, caid);
104       authorizationsession.renameAdminGroup(administrator, oldname, caid, newname);
105       informationmemory.administrativePriviledgesEdited();
106       this.authorizedadmingroups = null;
107     }
108
109     /**
110      * Method returning a Collection of authorized AdminGroups.
111      * Only the fields admingroupname and CA id is filled in these objects.
112      */

113    
114     public Collection JavaDoc getAdminGroupNames(){
115       if(this.authorizedadmingroups==null)
116         this.authorizedadmingroups= authorizationsession.getAuthorizedAdminGroupNames(administrator);
117         
118       return this.authorizedadmingroups;
119     }
120     
121     /**
122      * Returns the given AdminGroup with it's authorization data
123      *
124      * @throws AuthorizationDeniedException if admininstrator isn't authorized to
125      * access admingroup.
126      */

127     public AdminGroup getAdminGroup(String JavaDoc admingroupname, int caid) throws AuthorizationDeniedException {
128       authorizedToEditAdministratorPrivileges(admingroupname, caid);
129       
130       return authorizationsession.getAdminGroup(administrator, admingroupname, caid);
131     }
132
133     /**
134      * Method to add a Collection of AccessRule to an admingroup.
135      * @throws AuthorizationDeniedException when administrator is't authorized to edit this CA
136      * or when administrator tries to add accessrules he isn't authorized to.
137      */

138     public void addAccessRules(String JavaDoc admingroupname, int caid, Collection JavaDoc accessrules) throws AuthorizationDeniedException{
139       authorizedToEditAdministratorPrivileges(admingroupname, caid);
140       authorizedToAddAccessRules(accessrules);
141       authorizationsession.addAccessRules(administrator, admingroupname, caid, accessrules);
142       informationmemory.administrativePriviledgesEdited();
143     }
144
145     /**
146      * Method to remove an collection of access rules from a admingroup.
147      *
148      * @param accessrules a Collection of String containing accesssrules to remove.
149      * @throws AuthorizationDeniedException when administrator is't authorized to edit this CA.
150      */

151     public void removeAccessRules(String JavaDoc admingroupname,int caid, Collection JavaDoc accessrules) throws AuthorizationDeniedException {
152       authorizedToEditAdministratorPrivileges(admingroupname, caid);
153       authorizationsession.removeAccessRules(administrator, admingroupname, caid, accessrules);
154       informationmemory.administrativePriviledgesEdited();
155     }
156
157     /**
158      * Method to replace an collection of access rules in a admingroup.
159      *
160      * @param accessrules a Collection of String containing accesssrules to replace.
161      * @throws AuthorizationDeniedException when administrator is't authorized to edit this CA.
162      */

163     public void replaceAccessRules(String JavaDoc admingroupname,int caid, Collection JavaDoc accessrules) throws AuthorizationDeniedException {
164         authorizedToEditAdministratorPrivileges(admingroupname, caid);
165         authorizationsession.replaceAccessRules(administrator, admingroupname, caid, accessrules);
166         informationmemory.administrativePriviledgesEdited();
167     }
168     
169     
170     /**
171      * Method réturning all the available access rules authorized to administrator to manage.
172      *
173      * @returns a Collection of String with available access rules.
174      */

175     public Collection JavaDoc getAvailableAccessRules(){
176       return this.informationmemory.getAuthorizedAccessRules();
177     }
178     
179       /**
180        * Method to add a Collection of AdminEntity to an admingroup.
181        *
182        * @throws AuthorizationDeniedException if administrator isn't authorized to edit CAs
183        * administrative priviledges.
184        */

185     public void addAdminEntities(String JavaDoc admingroupname, int caid, Collection JavaDoc adminentities) throws AuthorizationDeniedException{
186       authorizedToEditAdministratorPrivileges(admingroupname, caid);
187            
188       authorizationsession.addAdminEntities(administrator, admingroupname, caid, adminentities);
189       informationmemory.administrativePriviledgesEdited();
190     }
191
192         
193       /**
194        * Method to remove a Collection of AdminEntity from an admingroup.
195        *
196        * @throws AuthorizationDeniedException if administrator isn't authorized to edit CAs
197        * administrative priviledges.
198        */

199     public void removeAdminEntities(String JavaDoc admingroupname, int caid, Collection JavaDoc adminentities) throws AuthorizationDeniedException{
200       authorizedToEditAdministratorPrivileges(admingroupname, caid);
201       authorizationsession.removeAdminEntities(administrator, admingroupname, caid, adminentities);
202       informationmemory.administrativePriviledgesEdited();
203     }
204
205
206     private void authorizedToEditAdministratorPrivileges(String JavaDoc admingroup, int caid) throws AuthorizationDeniedException{
207        // Authorized to edit administrative priviledges
208
authorizationsession.isAuthorizedNoLog(administrator, "/system_functionality/edit_administrator_privileges");
209       // Authorized to given CA.
210
authorizationsession.isAuthorizedNoLog(administrator, AvailableAccessRules.CAPREFIX + caid);
211       // Check if admin group is among available admin groups
212
Iterator JavaDoc iter = getAdminGroupNames().iterator();
213       boolean exists = false;
214       while(iter.hasNext()){
215         AdminGroup next = (AdminGroup) iter.next();
216         if(next.getAdminGroupName().equals(admingroup) && next.getCAId() == caid)
217           exists = true;
218       }
219       
220       if(!exists)
221         throw new AuthorizationDeniedException("Admingroup not among authorized admingroups.");
222     }
223     
224     private void authorizedToAddAccessRules(Collection JavaDoc accessrules) throws AuthorizationDeniedException{
225       Iterator JavaDoc iter = accessrules.iterator();
226       while(iter.hasNext())
227         if(!this.informationmemory.getAuthorizedAccessRules().contains(((AccessRule) iter.next()).getAccessRule()))
228           throw new AuthorizationDeniedException("Accessruleset contained non authorized access rules");
229     }
230    
231
232
233
234     // Private fields
235
private IAuthorizationSessionLocal authorizationsession;
236     private Admin administrator;
237     private Collection JavaDoc authorizedadmingroups;
238     private InformationMemory informationmemory;
239 }
240
Popular Tags