📄 localuseradminsessionbean.java
字号:
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/ package se.anatom.ejbca.ra;import java.math.BigInteger;import java.security.cert.Certificate;import java.sql.Connection;import java.sql.PreparedStatement;import java.sql.ResultSet;import java.sql.SQLException;import java.util.ArrayList;import java.util.Collection;import java.util.Iterator;import javax.ejb.CreateException;import javax.ejb.DuplicateKeyException;import javax.ejb.EJBException;import javax.ejb.FinderException;import javax.ejb.ObjectNotFoundException;import javax.ejb.RemoveException;import javax.mail.Transport;import javax.mail.internet.InternetAddress;import javax.mail.internet.MimeMessage;import javax.naming.InitialContext;import javax.naming.NamingException;import javax.sql.DataSource;import se.anatom.ejbca.BaseSessionBean;import se.anatom.ejbca.SecConst;import se.anatom.ejbca.authorization.AuthorizationDeniedException;import se.anatom.ejbca.authorization.AvailableAccessRules;import se.anatom.ejbca.authorization.IAuthorizationSessionLocal;import se.anatom.ejbca.authorization.IAuthorizationSessionLocalHome;import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocal;import se.anatom.ejbca.ca.store.ICertificateStoreSessionLocalHome;import se.anatom.ejbca.log.Admin;import se.anatom.ejbca.log.ILogSessionLocal;import se.anatom.ejbca.log.ILogSessionLocalHome;import se.anatom.ejbca.log.LogEntry;import se.anatom.ejbca.ra.exception.NotFoundException;import se.anatom.ejbca.ra.raadmin.EndEntityProfile;import se.anatom.ejbca.ra.raadmin.GlobalConfiguration;import se.anatom.ejbca.ra.raadmin.IRaAdminSessionLocal;import se.anatom.ejbca.ra.raadmin.IRaAdminSessionLocalHome;import se.anatom.ejbca.ra.raadmin.UserDoesntFullfillEndEntityProfile;import se.anatom.ejbca.util.CertTools;import se.anatom.ejbca.util.StringTools;import se.anatom.ejbca.util.query.BasicMatch;import se.anatom.ejbca.util.query.IllegalQueryException;import se.anatom.ejbca.util.query.Query;import se.anatom.ejbca.util.query.UserMatch;/** * Administrates users in the database using UserData Entity Bean. * Uses JNDI name for datasource as defined in env 'Datasource' in ejb-jar.xml. * * @version $Id: LocalUserAdminSessionBean.java,v 1.77 2004/05/30 17:44:33 herrvendil Exp $ */public class LocalUserAdminSessionBean extends BaseSessionBean { /** The local interface of RaAdmin Session Bean. */ private IRaAdminSessionLocal raadminsession; /** The local interface of the certificate store session bean */ private ICertificateStoreSessionLocal certificatesession; /** The local interface of the authorization session bean */ private IAuthorizationSessionLocal authorizationsession; /** The remote interface of the log session bean */ private ILogSessionLocal logsession; private UserDataLocalHome home = null; /** Columns in the database used in select */ private final String USERDATA_COL = "username, subjectDN, subjectAltName, subjectEmail, status, type, clearpassword, timeCreated, timeModified, endEntityprofileId, certificateProfileId, tokenType, hardTokenIssuerId, cAId"; /** Var holding JNDI name of datasource */ private String dataSource = ""; /** * Default create for SessionBean. * @param administrator information about the administrator using this sessionbean. * @throws CreateException if bean instance can't be created * @see se.anatom.ejbca.log.Admin */ public void ejbCreate () throws CreateException { debug(">ejbCreate()"); try{ home = (UserDataLocalHome) lookup("java:comp/env/ejb/UserDataLocal", UserDataLocalHome.class); dataSource = (String)lookup("java:comp/env/DataSource", java.lang.String.class); debug("DataSource=" + dataSource); ILogSessionLocalHome logsessionhome = (ILogSessionLocalHome) lookup("java:comp/env/ejb/LogSessionLocal",ILogSessionLocalHome.class); logsession = logsessionhome.create(); IAuthorizationSessionLocalHome authorizationsessionhome = (IAuthorizationSessionLocalHome) lookup("java:comp/env/ejb/AuthorizationSessionLocal",IAuthorizationSessionLocalHome.class); authorizationsession = authorizationsessionhome.create(); IRaAdminSessionLocalHome raadminsessionhome = (IRaAdminSessionLocalHome) lookup("java:comp/env/ejb/RaAdminSessionLocal", IRaAdminSessionLocalHome.class); raadminsession = raadminsessionhome.create(); ICertificateStoreSessionLocalHome certificatesessionhome = (ICertificateStoreSessionLocalHome) lookup("java:comp/env/ejb/CertificateStoreSessionLocal", ICertificateStoreSessionLocalHome.class); certificatesession = certificatesessionhome.create(); }catch(Exception e){ error("Error creating session bean:",e); throw new EJBException(e); } } /** Gets connection to Datasource used for manual SQL searches * @return Connection */ private Connection getConnection() throws SQLException, NamingException { DataSource ds = (DataSource)getInitialContext().lookup(dataSource); return ds.getConnection(); } //getConnection /** Gets the Global Configuration from ra admin session bean- */ private GlobalConfiguration getGlobalConfiguration(Admin admin){ return raadminsession.loadGlobalConfiguration(admin); } private boolean authorizedToCA(Admin admin, int caid){ boolean returnval = false; try{ returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.CAPREFIX + caid); }catch(AuthorizationDeniedException e){} return returnval; } private boolean authorizedToEndEntityProfile(Admin admin, int profileid, String rights){ boolean returnval = false; try{ if(profileid == SecConst.EMPTY_ENDENTITYPROFILE && (rights.equals(AvailableAccessRules.CREATE_RIGHTS) || rights.equals(AvailableAccessRules.EDIT_RIGHTS))) returnval = authorizationsession.isAuthorizedNoLog(admin, "/super_administrator"); else returnval = authorizationsession.isAuthorizedNoLog(admin, AvailableAccessRules.ENDENTITYPROFILEPREFIX + profileid + rights); }catch(AuthorizationDeniedException e){} return returnval; } /** * Implements IUserAdminSession::addUser. * Implements a mechanism that uses UserDataEntity Bean. * @param admin the administrator pwrforming the action * @param username the unique username. * @param password the password used for authentication. * @param subjectdn the DN the subject is given in his certificate. * @param subjectaltname the Subject Alternative Name to be used. * @param email the email of the subject or null. * @param clearpwd true if the password will be stored in clear form in the db, otherwise it is * hashed. * @param endentityprofileid the id number of the end entity profile bound to this user. * @param certificateprofileid the id number of the certificate profile that should be * generated for the user. * @param type of user i.e administrator, keyrecoverable and/or sendnotification * @param tokentype the type of token to be generated, one of SecConst.TOKEN constants * @param hardwaretokenissuerid , if token should be hard, the id of the hard token issuer, * else 0. */ public void addUser(Admin admin, String username, String password, String subjectdn, String subjectaltname, String email, boolean clearpwd, int endentityprofileid, int certificateprofileid, int type, int tokentype, int hardwaretokenissuerid, int caid) throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile, DuplicateKeyException { // String used in SQL so strip it String dn = CertTools.stringToBCDNString(subjectdn); dn = StringTools.strip(dn); String newpassword = password; debug(">addUser("+username+", password, "+dn+", "+email+")"); EndEntityProfile profile = raadminsession.getEndEntityProfile(admin,endentityprofileid); if(profile.useAutoGeneratedPasswd() && password == null){ // special case used to signal regeneraton of password newpassword = profile.getAutoGeneratedPasswd(); } if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ // Check if user fulfills it's profile. try{ profile.doesUserFullfillEndEntityProfile(username, password, dn, subjectaltname, email, certificateprofileid, clearpwd, (type & SecConst.USER_ADMINISTRATOR) != 0, (type & SecConst.USER_KEYRECOVERABLE) != 0, (type & SecConst.USER_SENDNOTIFICATION) != 0, tokentype, hardwaretokenissuerid, caid); }catch( UserDoesntFullfillEndEntityProfile udfp){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_ADDEDENDENTITY,"Userdata did not fullfill end entity profile. " + udfp.getMessage() ); throw new UserDoesntFullfillEndEntityProfile(udfp.getMessage()); } // Check if administrator is authorized to add user. if(!authorizedToEndEntityProfile(admin, endentityprofileid, AvailableAccessRules.CREATE_RIGHTS)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_ADDEDENDENTITY,"Administrator not authorized."); throw new AuthorizationDeniedException("Administrator not authorized to create user."); } } // Check if administrator is authorized to add user to CA. if(!authorizedToCA(admin, caid)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_ADDEDENDENTITY,"Administrator not authorized to add user to CA."); throw new AuthorizationDeniedException("Administrator not authorized to create user with given CA."); } try{ UserDataPK pk = new UserDataPK(username); UserDataLocal data1=null; data1 = home.create(pk.toString(), newpassword, dn, caid); if(subjectaltname != null ) data1.setSubjectAltName(subjectaltname); if(email != null) data1.setSubjectEmail(email); data1.setType(type); data1.setEndEntityProfileId(endentityprofileid); data1.setCertificateProfileId(certificateprofileid); data1.setTokenType(tokentype); data1.setHardTokenIssuerId(hardwaretokenissuerid); if(clearpwd){ try { if (newpassword == null){ data1.setClearPassword(""); } else{ data1.setOpenPassword(newpassword); } } catch (java.security.NoSuchAlgorithmException nsae) { debug("NoSuchAlgorithmException while setting password for user "+username); throw new EJBException(nsae); } } if((type & SecConst.USER_SENDNOTIFICATION) != 0) { NotificationCreator notificationcreator = new NotificationCreator(profile.getNotificationSender(), profile.getNotificationSubject(), profile.getNotificationMessage()); sendNotification(admin, notificationcreator, username, newpassword, dn, subjectaltname, email, caid); } logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_ADDEDENDENTITY,""); } catch (DuplicateKeyException e) { logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_ADDEDENDENTITY,"Entity already exists."); throw e; } catch (Exception e) { logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_ADDEDENDENTITY,e.getMessage()); error("AddUser:",e); throw new EJBException(e); } debug("<addUser("+username+", password, "+dn+", "+email+")"); } // addUser /** * Implements IUserAdminSession::changeUser. * Implements a mechanism that uses UserDataEntity Bean. * * @param admin DOCUMENT ME! * @param username DOCUMENT ME! * @param password DOCUMENT ME! * @param subjectdn DOCUMENT ME! * @param subjectaltname DOCUMENT ME! * @param email DOCUMENT ME! * @param clearpwd DOCUMENT ME! * @param endentityprofileid DOCUMENT ME! * @param certificateprofileid DOCUMENT ME! * @param type DOCUMENT ME! * @param tokentype DOCUMENT ME! * @param hardwaretokenissuerid DOCUMENT ME! * @param status DOCUMENT ME! */ public void changeUser(Admin admin, String username, String password, String subjectdn, String subjectaltname, String email, boolean clearpwd, int endentityprofileid, int certificateprofileid, int type, int tokentype, int hardwaretokenissuerid, int status, int caid) throws AuthorizationDeniedException, UserDoesntFullfillEndEntityProfile { // String used in SQL so strip it String dn = CertTools.stringToBCDNString(subjectdn); dn = StringTools.strip(dn); String newpassword = password; boolean statuschanged = false; debug(">changeUser("+username+", "+dn+", "+email+")");⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -