📄 localauthorizationsessionbean.java
字号:
} } } } allauthorized = authorizedcaids.containsAll(groupcaids); if (issuperadmin || ((allauthorized || carecursive) && authtogroup && !superadmingroup)) { if (!agdl.getAdminGroupName().equals(PUBLICWEBGROUPNAME) && !(agdl.getAdminGroupName().equals(DEFAULTGROUPNAME) && agdl.getCaId() == LogConstants.INTERNALCAID)) returnval.add(agdl.getAdminGroupNames()); } } } catch (FinderException e) { } return returnval; } // getAuthorizedAdminGroupNames /** * Adds a Collection of AccessRule to an an admin group. * * @ejb.interface-method view-type="both" */ public void addAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules) { if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).addAccessRules(accessrules); signalForAuthorizationTreeUpdate(); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, "Added accessrules to admingroup : " + admingroupname); } catch (Exception e) { error("Can't add access rule: ", e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES, "Error adding accessrules to admingroup : " + admingroupname); } } } // addAccessRules /** * Removes a Collection of (String) containing accessrules to remove from admin group. * * @ejb.interface-method view-type="both" */ public void removeAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules) { if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).removeAccessRules(accessrules); signalForAuthorizationTreeUpdate(); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, "Removed accessrules from admingroup : " + admingroupname); } catch (Exception e) { error("Can't remove access rules: ", e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, "Error removing accessrules from admingroup : " + admingroupname); } } } // removeAccessRules /** * Replaces a groups accessrules with a new set of rules * * @ejb.interface-method view-type="both" */ public void replaceAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules) { if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { AdminGroupDataLocal agdl = admingrouphome.findByGroupNameAndCAId(admingroupname, caid); Collection currentrules = agdl.getAdminGroup().getAccessRules(); ArrayList removerules = new ArrayList(); Iterator iter = currentrules.iterator(); while (iter.hasNext()) { removerules.add(((AccessRule) iter.next()).getAccessRule()); } agdl.removeAccessRules(removerules); agdl.addAccessRules(accessrules); signalForAuthorizationTreeUpdate(); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, "Replaced accessrules from admingroup : " + admingroupname); } catch (Exception e) { error("Can't replace access rules: ", e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, "Error replacing accessrules from admingroup : " + admingroupname); } } } // replaceAccessRules /** * Adds a Collection of AdminEnity to the admingroup. Changes their values if they already exists. * * @ejb.interface-method view-type="both" */ public void addAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities) { if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).addAdminEntities(adminentities); signalForAuthorizationTreeUpdate(); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, "Added administrator entities to administratorgroup " + admingroupname); } catch (Exception e) { error("Can't add admin entities: ", e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES, "Error adding administrator entities to administratorgroup " + admingroupname); } } } // addAdminEntity /** * Removes a Collection of AdminEntity from the administrator group. * * @ejb.interface-method view-type="both" */ public void removeAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities) { if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).removeAdminEntities(adminentities); signalForAuthorizationTreeUpdate(); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, "Removed administrator entities from administratorgroup " + admingroupname); } catch (Exception e) { error("Can't remove admin entities: ", e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES, "Error removing administrator entities from administratorgroup " + admingroupname); } } } // removeAdminEntity /** * Method used to collect an administrators available access rules based on which rule * he himself is authorized to. * * @param admin is the administrator calling the method. * @return a Collection of String containing available accessrules. * @ejb.interface-method view-type="both" * @ejb.transaction type="Supports" */ public Collection getAuthorizedAvailableAccessRules(Admin admin) { AvailableAccessRules aar = null; try { aar = new AvailableAccessRules(admin, authorizer, getRaAdminSession(), customaccessrules); } catch (Exception e) { throw new EJBException(e); } return aar.getAvailableAccessRules(admin); } /** * Method used to return an Collection of Integers indicating which CAids a administrator * is authorized to access. * * @ejb.interface-method view-type="both" * @ejb.transaction type="Supports" */ public Collection getAuthorizedCAIds(Admin admin) { return authorizer.getAuthorizedCAIds(admin); } /** * Method used to return an Collection of Integers indicating which end entity profiles * the administrator is authorized to view. * * @param admin the administrator * @param rapriviledge should be one of the end entity profile authorization constans defined in AvailableAccessRules. * @ejb.interface-method view-type="both" * @ejb.transaction type="Supports" */ public Collection getAuthorizedEndEntityProfileIds(Admin admin, String rapriviledge) { return authorizer.getAuthorizedEndEntityProfileIds(admin, rapriviledge); } /** * Method to check if an end entity profile exists in any end entity profile rules. Used to avoid desyncronization of profilerules. * * @param profileid the profile id to search for. * @return true if profile exists in any of the accessrules. * @ejb.interface-method view-type="both" * @ejb.transaction type="Supports" */ public boolean existsEndEntityProfileInRules(Admin admin, int profileid) { debug(">existsEndEntityProfileInRules()"); Connection con = null; PreparedStatement ps = null; ResultSet rs = null; int count = 1; // return true as default. String whereclause = "accessRule LIKE '" + AvailableAccessRules.ENDENTITYPROFILEPREFIX + profileid + "%'"; try { // Construct SQL query. con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); ps = con.prepareStatement("select COUNT(*) from AccessRulesData where " + whereclause); // Execute query. rs = ps.executeQuery(); // Assemble result. if (rs.next()) { count = rs.getInt(1); } debug("<existsEndEntityProfileInRules()"); return count > 0; } catch (Exception e) { throw new EJBException(e); } finally { JDBCUtil.close(con, ps, rs); } } // existsEndEntityProfileInRules /** * Method to check if a ca exists in any ca specific rules. Used to avoid desyncronization of CA rules when ca is removed * * @param caid the ca id to search for. * @return true if ca exists in any of the accessrules. * @ejb.interface-method view-type="both" * @ejb.transaction type="Supports" */ public boolean existsCAInRules(Admin admin, int caid) { return existsCAInAdminGroups(caid) && existsCAInAccessRules(caid); } // existsCAInRules /** * Help function to existsCAInRules, checks if caid axists among admingroups. */ private boolean existsCAInAdminGroups(int caid) { debug(">existsCAInAdminGroups()"); Connection con = null; PreparedStatement ps = null; ResultSet rs = null; int count = 1; // return true as default. String whereclause = "cAId = '" + caid + "'"; try { // Construct SQL query. con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); ps = con.prepareStatement("select COUNT(*) from AdminGroupData where " + whereclause); // Execute query. rs = ps.executeQuery(); // Assemble result. if (rs.next()) { count = rs.getInt(1); } debug("<existsCAInAdminGroupss()"); return count > 0; } catch (Exception e) { throw new EJBException(e); } finally { JDBCUtil.close(con, ps, rs); } } /** * Help function to existsCAInRules, checks if caid axists among accessrules. */ private boolean existsCAInAccessRules(int caid) { debug(">existsCAInAccessRules()"); Connection con = null; PreparedStatement ps = null; ResultSet rs = null; int count = 1; // return true as default. String whereclause = "accessRule LIKE '" + AvailableAccessRules.CABASE + "/" + caid + "%'"; try { // Construct SQL query. con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE); ps = con.prepareStatement("select COUNT(*) from AccessRulesData where " + whereclause); // Execute query. rs = ps.executeQuery(); // Assemble result. if (rs.next()) { count = rs.getInt(1); } debug("<existsCAInAccessRules()"); return count > 0; } catch (Exception e) { throw new EJBException(e); } finally { JDBCUtil.close(con, ps, rs); } } // existsCAInAccessRules /** * Returns a reference to the AuthorizationTreeUpdateDataBean */ private AuthorizationTreeUpdateDataLocal getAuthorizationTreeUpdateData() { AuthorizationTreeUpdateDataLocal atu = null; try { atu = authorizationtreeupdatehome.findByPrimaryKey(AuthorizationTreeUpdateDataBean.AUTHORIZATIONTREEUPDATEDATA); } catch (FinderException e) { try { atu = authorizationtreeupdatehome.create(); } catch (CreateException ce) { error("Error creating AuthorizationTreeUpdateDataBean :", ce); throw new EJBException(ce); } } return atu; } /** * Method used check if a reconstruction of authorization tree is needed in the * authorization beans. * * @return true if update is needed. */ private boolean updateNeccessary() { return getAuthorizationTreeUpdateData().updateNeccessary(this.authorizationtreeupdate) && lastupdatetime < ((new java.util.Date()).getTime() - MIN_TIME_BETWEEN_UPDATES); } // updateNeccessary /** * method updating authorization tree. */ private void updateAuthorizationTree() { authorizer.buildAccessTree(getAdminGroups()); this.authorizationtreeupdate = getAuthorizationTreeUpdateData().getAuthorizationTreeUpdateNumber(); this.lastupdatetime = (new java.util.Date()).getTime(); } /** * Method incrementing the authorizationtreeupdatenumber and thereby signaling * to other beans that they should reconstruct their accesstrees. */ private void signalForAuthorizationTreeUpdate() { getAuthorizationTreeUpdateData().incrementAuthorizationTreeUpdateNumber(); } private int findFreeAdminGroupId() { Random random = new Random(); int id = random.nextInt(); boolean foundfree = false; while (!foundfree) { try { this.admingrouphome.findByPrimaryKey(new Integer(id)); id = random.nextInt(); } catch (FinderException e) { foundfree = true; } } return id; } // findFreeCertificateProfileId} // LocalAuthorizationSessionBean⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -