📄 localuseradminsessionbean.java
字号:
int oldstatus; EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, endentityprofileid); if(profile.useAutoGeneratedPasswd() && password != null){ // special case used to signal regeneraton of password newpassword = null; } // Check if user fulfills it's profile. if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ try{ profile.doesUserFullfillEndEntityProfileWithoutPassword(username, dn, subjectaltname, email, certificateprofileid, (type & SecConst.USER_ADMINISTRATOR) != 0, (type & SecConst.USER_KEYRECOVERABLE) != 0, (type & SecConst.USER_SENDNOTIFICATION) != 0, tokentype, hardwaretokenissuerid, caid); }catch(UserDoesntFullfillEndEntityProfile udfp){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Userdata didn'nt fullfill end entity profile. + " + udfp.getMessage()); throw new UserDoesntFullfillEndEntityProfile(udfp.getMessage()); } // Check if administrator is authorized to edit user. if(!authorizedToEndEntityProfile(admin, endentityprofileid, AvailableAccessRules.EDIT_RIGHTS)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Administrator not authorized"); throw new AuthorizationDeniedException("Administrator not authorized to edit user."); } } // Check if administrator is authorized to edit user to CA. if(!authorizedToCA(admin, caid)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Administrator not authorized to edit user with this CA."); throw new AuthorizationDeniedException("Administrator not authorized to edit user with given CA."); } try { UserDataPK pk = new UserDataPK(username); UserDataLocal data1= home.findByPrimaryKey(pk); if(password != null){ if(clearpwd){ setClearTextPassword(admin, username, newpassword); } else{ setPassword(admin, username, newpassword); } } data1.setDN(dn); if(subjectaltname != null ) data1.setSubjectAltName(subjectaltname); if(email != null) data1.setSubjectEmail(email); data1.setCAId(caid); data1.setType(type); data1.setEndEntityProfileId(endentityprofileid); data1.setCertificateProfileId(certificateprofileid); data1.setTokenType(tokentype); data1.setHardTokenIssuerId(hardwaretokenissuerid); oldstatus = data1.getStatus(); statuschanged = status != oldstatus; data1.setStatus(status); data1.setTimeModified((new java.util.Date()).getTime()); if((type & SecConst.USER_SENDNOTIFICATION) != 0 && statuschanged && (status == UserDataLocal.STATUS_NEW || status == UserDataLocal.STATUS_KEYRECOVERY)){ NotificationCreator notificationcreator = new NotificationCreator(profile.getNotificationSender(), profile.getNotificationSubject(), profile.getNotificationMessage()); sendNotification(admin, notificationcreator, username, newpassword, dn, subjectaltname, email, caid); } if(statuschanged) logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY,"New status: "+ status); else logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY,""); } catch (Exception e) { logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,""); error("ChangeUser:",e); throw new EJBException(e); } debug("<changeUser("+username+", password, "+dn+", "+email+")"); } // changeUser /** * Implements IUserAdminSession::deleteUser. * Implements a mechanism that uses UserData Entity Bean. */ public void deleteUser(Admin admin, String username) throws AuthorizationDeniedException, NotFoundException, RemoveException { debug(">deleteUser("+username+")"); // Check if administrator is authorized to delete user. int caid = ILogSessionLocal.INTERNALCAID; try{ UserDataPK pk = new UserDataPK(username); UserDataLocal data1 = home.findByPrimaryKey(pk); caid = data1.getCAId(); if(!authorizedToCA(admin, caid)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY,"Administrator not authorized to delete user with this CA."); throw new AuthorizationDeniedException("Administrator not authorized to delete user with given CA."); } if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ if(!authorizedToEndEntityProfile(admin, data1.getEndEntityProfileId(), AvailableAccessRules.DELETE_RIGHTS)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY,"Administrator not authorized"); throw new AuthorizationDeniedException("Administrator not authorized to delete user."); } } }catch(FinderException e){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY,"Could not find username in database"); throw new NotFoundException("Could not find '"+username+"' in database"); } try { UserDataPK pk = new UserDataPK(username); home.remove(pk); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_DELETEDENDENTITY,""); } catch(EJBException e) { logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_DELETEENDENTITY,"Could not remove user from database"); throw new RemoveException("Could not remove '"+username+"' from database"); } debug("<deleteUser("+username+")"); } // deleteUser /** * Implements IUserAdminSession::setUserStatus. * Implements a mechanism that uses UserData Entity Bean. */ public void setUserStatus(Admin admin, String username, int status) throws AuthorizationDeniedException, FinderException { debug(">setUserStatus("+username+", "+status+")"); // Check if administrator is authorized to edit user. int caid = ILogSessionLocal.INTERNALCAID; try{ UserDataPK pk = new UserDataPK(username); UserDataLocal data1 = home.findByPrimaryKey(pk); caid = data1.getCAId(); if(!authorizedToCA(admin, caid)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Administrator not authorized to change status of user with current CA."); throw new AuthorizationDeniedException("Administrator not authorized to set status to user with given CA."); } if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ if(!authorizedToEndEntityProfile(admin, data1.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Administrator not authorized to change status"); throw new AuthorizationDeniedException("Administrator not authorized to edit user."); } } data1.setStatus(status); data1.setTimeModified((new java.util.Date()).getTime()); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY,("New status : " + status)); } catch(FinderException e){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Couldn't find username in database."); throw e; } debug("<setUserStatus("+username+", "+status+")"); } // setUserStatus /** * Implements IUserAdminSession::setPassword. * Implements a mechanism that uses UserData Entity Bean. */ public void setPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException, FinderException{ debug(">setPassword("+username+", hiddenpwd)"); // Find user String newpasswd = password; UserDataPK pk = new UserDataPK(username); UserDataLocal data = home.findByPrimaryKey(pk); int caid = data.getCAId(); EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, data.getEndEntityProfileId()); if(profile.useAutoGeneratedPasswd()) newpasswd = profile.getAutoGeneratedPasswd(); if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ // Check if user fulfills it's profile. try{ profile.doesPasswordFulfillEndEntityProfile(password,false); }catch(UserDoesntFullfillEndEntityProfile ufe){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Password didn't fullfill end entity profile."); throw ufe; } // Check if administrator is authorized to edit user. if(!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Administrator isn't authorized to change password."); throw new AuthorizationDeniedException("Administrator not authorized to edit user."); } } if(!authorizedToCA(admin, caid)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Administrator not authorized to change password of user with current CA."); throw new AuthorizationDeniedException("Administrator not authorized to set password to user with given CA."); } try { data.setPassword(newpasswd); data.setTimeModified((new java.util.Date()).getTime()); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY,"Password changed."); }catch (java.security.NoSuchAlgorithmException nsae) { debug("NoSuchAlgorithmException while setting password for user "+username); throw new EJBException(nsae); } debug("<setPassword("+username+", hiddenpwd)"); } // setPassword /** * Implements IUserAdminSession::setClearTextPassword. * Implements a mechanism that uses UserData Entity Bean. */ public void setClearTextPassword(Admin admin, String username, String password) throws UserDoesntFullfillEndEntityProfile, AuthorizationDeniedException,FinderException{ debug(">setClearTextPassword("+username+", hiddenpwd)"); // Find user String newpasswd = password; UserDataPK pk = new UserDataPK(username); UserDataLocal data = home.findByPrimaryKey(pk); int caid = data.getCAId(); EndEntityProfile profile = raadminsession.getEndEntityProfile(admin, data.getEndEntityProfileId()); if(profile.useAutoGeneratedPasswd()) newpasswd = profile.getAutoGeneratedPasswd(); if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ // Check if user fulfills it's profile. try{ profile.doesPasswordFulfillEndEntityProfile(password,true); }catch(UserDoesntFullfillEndEntityProfile ufe){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Clearpassword didn't fullfill end entity profile."); throw ufe; } // Check if administrator is authorized to edit user. if(!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.EDIT_RIGHTS)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Administrator isn't authorized to change clearpassword."); throw new AuthorizationDeniedException("Administrator not authorized to edit user."); } } if(!authorizedToCA(admin, caid)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_CHANGEDENDENTITY,"Administrator not authorized to change password of user with current CA."); throw new AuthorizationDeniedException("Administrator not authorized to set cleartext password to user with given CA."); } try { if (newpasswd == null){ data.setClearPassword(""); data.setTimeModified((new java.util.Date()).getTime()); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY,"Clearpassword changed."); } else{ data.setOpenPassword(newpasswd); data.setTimeModified((new java.util.Date()).getTime()); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_CHANGEDENDENTITY,"Clearpassword changed."); } } catch (java.security.NoSuchAlgorithmException nsae) { debug("NoSuchAlgorithmException while setting password for user "+username); throw new EJBException(nsae); } debug("<setClearTextPassword("+username+", hiddenpwd)"); } // setClearTextPassword /** * Method that revokes a user. * * @param username, the username to revoke. */ public void revokeUser(Admin admin, String username, int reason) throws AuthorizationDeniedException,FinderException{ debug(">revokeUser("+username+")"); UserDataPK pk = new UserDataPK(username); UserDataLocal data; try { data = home.findByPrimaryKey(pk); } catch (ObjectNotFoundException oe) { throw new EJBException(oe); } int caid = data.getCAId(); if(!authorizedToCA(admin, caid)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY,"Administrator not authorized to revoke user with given CA."); throw new AuthorizationDeniedException("Administrator not authorized to revoke user with given CA."); } if(getGlobalConfiguration(admin).getEnableEndEntityProfileLimitations()){ if(!authorizedToEndEntityProfile(admin, data.getEndEntityProfileId(), AvailableAccessRules.REVOKE_RIGHTS)){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_ERROR_REVOKEDENDENTITY,"Administrator not authorized"); throw new AuthorizationDeniedException("Not authorized to revoke user : " + username + "."); } } Collection publishers = this.certificatesession.getCertificateProfile(admin, data.getCertificateProfileId()).getPublisherList(); setUserStatus(admin, username, UserDataRemote.STATUS_REVOKED); certificatesession.setRevokeStatus(admin, username, publishers, reason); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),username, null, LogEntry.EVENT_INFO_REVOKEDENDENTITY,""); debug("<revokeUser()"); } // revokeUser⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -