📄 availableaccessrules.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/ package se.anatom.ejbca.authorization;import java.util.ArrayList;import java.util.Collection;import java.util.HashMap;import java.util.HashSet;import java.util.Iterator;import javax.ejb.CreateException;import javax.naming.NamingException;import se.anatom.ejbca.log.Admin;import se.anatom.ejbca.ra.raadmin.GlobalConfiguration;import se.anatom.ejbca.ra.raadmin.IRaAdminSessionLocal;/** * * * @version $Id: AvailableAccessRules.java,v 1.8 2004/04/16 07:38:57 anatom Exp $ */public class AvailableAccessRules { // Available end entity profile authorization rules. public static final String VIEW_RIGHTS = "/view_end_entity"; public static final String EDIT_RIGHTS = "/edit_end_entity"; public static final String CREATE_RIGHTS = "/create_end_entity"; public static final String DELETE_RIGHTS = "/delete_end_entity"; public static final String REVOKE_RIGHTS = "/revoke_end_entity"; public static final String HISTORY_RIGHTS = "/view_end_entity_history"; public static final String HARDTOKEN_RIGHTS = "/view_hardtoken"; public static final String KEYRECOVERY_RIGHTS = "/keyrecovery"; // Endings used in profile authorizxation. public static final String[] ENDENTITYPROFILE_ENDINGS = {VIEW_RIGHTS,EDIT_RIGHTS,CREATE_RIGHTS,DELETE_RIGHTS,REVOKE_RIGHTS,HISTORY_RIGHTS}; // Name of end entity profile prefix directory in authorization module. public static final String ENDENTITYPROFILEBASE = "/endentityprofilesrules"; public static final String ENDENTITYPROFILEPREFIX = "/endentityprofilesrules/"; // Name of ca prefix directory in access rules. public static final String CABASE = "/ca"; public static final String CAPREFIX = "/ca/"; public static final String ROLE_PUBLICWEBUSER = "/public_web_user"; public static final String ROLE_ADMINISTRATOR = "/administrator"; public static final String ROLE_SUPERADMINISTRATOR = "/super_administrator"; public static final String REGULAR_CAFUNCTIONALTY = "/ca_functionality"; public static final String REGULAR_CABASICFUNCTIONS = "/ca_functionality/basic_functions"; public static final String REGULAR_VIEWCERTIFICATE = "/ca_functionality/view_certificate"; public static final String REGULAR_CREATECRL = "/ca_functionality/create_crl"; public static final String REGULAR_EDITCERTIFICATEPROFILES = "/ca_functionality/edit_certificate_profiles"; public static final String REGULAR_CREATECERTIFICATE = "/ca_functionality/create_certificate"; public static final String REGULAR_STORECERTIFICATE = "/ca_functionality/store_certificate"; public static final String REGULAR_RAFUNCTIONALITY = "/ra_functionality"; public static final String REGULAR_EDITENDENTITYPROFILES = "/ra_functionality/edit_end_entity_profiles"; public static final String REGULAR_VIEWENDENTITY = "/ra_functionality/view_end_entity"; public static final String REGULAR_CREATEENDENTITY = "/ra_functionality/create_end_entity"; public static final String REGULAR_EDITENDENTITY = "/ra_functionality/edit_end_entity"; public static final String REGULAR_DELETEENDENTITY = "/ra_functionality/delete_end_entity"; public static final String REGULAR_REVOKEENDENTITY = "/ra_functionality/revoke_end_entity"; public static final String REGULAR_VIEWENDENTITYHISTORY = "/ra_functionality/view_end_entity_history"; public static final String REGULAR_LOGFUNCTIONALITY = "/log_functionality"; public static final String REGULAR_VIEWLOG = "/log_functionality/view_log"; public static final String REGULAR_LOGCONFIGURATION = "/log_functionality/edit_log_configuration"; public static final String REGULAR_SYSTEMFUNCTIONALITY = "/system_functionality"; public static final String REGULAR_EDITADMINISTRATORPRIVILEDGES = "/system_functionality/edit_administrator_privileges"; public static final String REGULAR_VIEWHARDTOKENS = "/ra_functionality" + HARDTOKEN_RIGHTS; public static final String REGULAR_KEYRECOVERY = "/ra_functionality" + KEYRECOVERY_RIGHTS; public static final String HARDTOKEN_HARDTOKENFUNCTIONALITY = "/hardtoken_functionality"; public static final String HARDTOKEN_EDITHARDTOKENISSUERS = "/hardtoken_functionality/edit_hardtoken_issuers"; public static final String HARDTOKEN_EDITHARDTOKENPROFILES = "/hardtoken_functionality/edit_hardtoken_profiles"; public static final String HARDTOKEN_ISSUEHARDTOKENS = "/hardtoken_functionality/issue_hardtokens"; public static final String HARDTOKEN_ISSUEHARDTOKENADMINISTRATORS = "/hardtoken_functionality/issue_hardtoken_administrators"; // Standard Regular Access Rules private final String[] STANDARDREGULARACCESSRULES = {REGULAR_CAFUNCTIONALTY, REGULAR_CABASICFUNCTIONS, REGULAR_VIEWCERTIFICATE, REGULAR_CREATECRL, REGULAR_EDITCERTIFICATEPROFILES, REGULAR_CREATECERTIFICATE, REGULAR_STORECERTIFICATE, REGULAR_RAFUNCTIONALITY, REGULAR_EDITENDENTITYPROFILES, REGULAR_VIEWENDENTITY, REGULAR_CREATEENDENTITY, REGULAR_EDITENDENTITY, REGULAR_DELETEENDENTITY, REGULAR_REVOKEENDENTITY, REGULAR_VIEWENDENTITYHISTORY, REGULAR_LOGFUNCTIONALITY, REGULAR_VIEWLOG, REGULAR_LOGCONFIGURATION, REGULAR_SYSTEMFUNCTIONALITY, REGULAR_EDITADMINISTRATORPRIVILEDGES}; // Role Access Rules public static final String[] ROLEACCESSRULES = { ROLE_PUBLICWEBUSER, ROLE_ADMINISTRATOR, ROLE_SUPERADMINISTRATOR}; public static final String[] VIEWLOGACCESSRULES = { "/log_functionality/view_log/ca_entries", "/log_functionality/view_log/ra_entries", "/log_functionality/view_log/log_entries", "/log_functionality/view_log/publicweb_entries", "/log_functionality/view_log/adminweb_entries", "/log_functionality/view_log/hardtoken_entries", "/log_functionality/view_log/keyrecovery_entries", "/log_functionality/view_log/authorization_entries"}; // Hard Token specific accessrules used in authorization module. public static final String[] HARDTOKENACCESSRULES = {HARDTOKEN_HARDTOKENFUNCTIONALITY, HARDTOKEN_EDITHARDTOKENISSUERS, HARDTOKEN_EDITHARDTOKENPROFILES, HARDTOKEN_ISSUEHARDTOKENS, HARDTOKEN_ISSUEHARDTOKENADMINISTRATORS}; /** Creates a new instance of AvailableAccessRules */ public AvailableAccessRules(Admin admin, Authorizer authorizer, IRaAdminSessionLocal raadminsession, String[] customaccessrules) throws NamingException, CreateException { // Initialize this.raadminsession = raadminsession; this.authorizer = authorizer; // Get Global Configuration GlobalConfiguration globalconfiguration = raadminsession.loadGlobalConfiguration(admin); enableendentityprofilelimitations = globalconfiguration.getEnableEndEntityProfileLimitations(); usehardtokenissuing = globalconfiguration.getIssueHardwareTokens(); usekeyrecovery = globalconfiguration.getEnableKeyRecovery(); // Is Admin SuperAdministrator. try{ issuperadministrator = authorizer.isAuthorizedNoLog(admin, "/super_administrator"); }catch(AuthorizationDeniedException e){ issuperadministrator=false; } // Get End Entity Profiles endentityprofiles = raadminsession.getEndEntityProfileIdToNameMap(admin);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -