📄 jdbcpolicydatabase.java
字号:
List l = buildResourcePermission(rs);
if (l.size() > 0) {
resourcePermission = (ResourcePermission) l.get(0);
}
} finally {
ps.releasePreparedStatement();
}
if (resourcePermission != null) {
storeToCache(cacheKey, resourcePermission);
}
}
return resourcePermission;
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#isAnyResourcePermissionAllowed(com.sslexplorer.security.User,
* boolean, boolean, boolean)
*/
public boolean isAnyResourcePermissionAllowed(User user,
boolean delegation, boolean system, boolean personal)
throws Exception {
String cacheKey = "anyResourcePermissionAllowed-"
+ (user == null ? "" : user.getPrincipalName()) + "-"
+ delegation + "-" + system + "-" + personal;
Boolean val = (Boolean) policyCache.retrieve(cacheKey);
if (val == null) {
if (CoreServlet.getServlet().getLogonController().isAdministrator(
user)) {
val = Boolean.TRUE;
} else {
List resourcePermissions = getResourcePermissions();
ResourcePermission resourcePermission = null;
for (Iterator i = resourcePermissions.iterator(); val == null
&& i.hasNext();) {
resourcePermission = (ResourcePermission) i.next();
if (system
&& resourcePermission.getPermissionClass().equals(
PolicyConstants.SYSTEM_CLASS)
|| delegation
&& resourcePermission.getPermissionClass().equals(
PolicyConstants.DELEGATION_CLASS)
|| personal
&& resourcePermission.getPermissionClass().equals(
PolicyConstants.PERSONAL_CLASS))
if (isPrincipalAllowed(user, resourcePermission, true)) {
val = Boolean.TRUE;
}
}
if (val == null) {
val = Boolean.FALSE;
}
}
storeToCache(cacheKey, val);
}
return val.booleanValue();
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#isResourcePermissionAllowed(com.sslexplorer.boot.policyframework.ResourceType,
* com.sslexplorer.boot.policyframework.Permission[],
* com.sslexplorer.security.User, boolean)
*/
public boolean isResourcePermissionAllowed(ResourceType resourceType,
Permission[] requiredPermissions, User user, boolean all)
throws Exception {
StringBuffer buf = new StringBuffer("resourcePermissionAllowed-");
buf.append(resourceType.getResourceTypeId());
buf.append("-");
for (int i = 0; i < requiredPermissions.length; i++) {
buf.append(requiredPermissions[i].getId());
buf.append("-");
}
buf.append(user == null ? "" : user.getPrincipalName());
buf.append("-");
buf.append(String.valueOf(all));
String cacheKey = buf.toString();
Boolean val = (Boolean) policyCache.retrieve(cacheKey);
if (val == null) {
if (CoreServlet.getServlet().getLogonController().isAdministrator(
user)) {
val = Boolean.TRUE;
} else {
List resourcePermissions = getResourcePermissions();
ResourcePermission resourcePermission = null;
ResourceTypeResourcePermission permission = null;
// Iterator through all resource permissions
Map matched = new HashMap();
for (Iterator i = resourcePermissions.iterator(); val == null
&& i.hasNext();) {
resourcePermission = (ResourcePermission) i.next();
// Iterator through all permissions in the resource
for (Iterator j = resourcePermission.getPermissions()
.iterator(); val == null && j.hasNext();) {
permission = (ResourceTypeResourcePermission) j.next();
// Until the resource type matches
if (resourceType.equals(permission.getResourceType())) {
// Check the mask, at least one must match
for (int x = 0; x < requiredPermissions.length; x++) {
if (permission.getResourcePermission().getId() == requiredPermissions[x]
.getId()) {
// Check if the user in a policy
if (isPrincipalAllowed(user,
resourcePermission, true)) {
String key = String
.valueOf(requiredPermissions[x]
.getId());
matched.put(key, Boolean.TRUE);
if (!all
|| matched.size() == requiredPermissions.length) {
break;
}
}
}
}
}
}
}
if (all && matched.size() == requiredPermissions.length) {
val = Boolean.TRUE;
} else if (!all && matched.size() > 0) {
val = Boolean.TRUE;
} else {
val = Boolean.FALSE;
}
}
storeToCache(cacheKey, val);
}
return val.booleanValue();
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#deleteResourcePermission(int)
*/
public ResourcePermission deleteResourcePermission(int id) throws Exception {
policyCache.clear();
ResourcePermission dr = getResourcePermission(id);
if (dr == null) {
throw new Exception(
"Cannot delete a resource permission that doesnt exist");
}
JDBCPreparedStatement ps = db
.getStatement("deleteResourcePermission.delete");
ps.startTransaction();
ps.setInt(1, id);
try {
try {
ps.execute();
deleteResourcePermissionRelationships(ps, id);
ps = db.getStatement(ps,
"deleteResourcePermission.policyRelationship");
ps.setInt(1, id);
ps.execute();
ps = db.getStatement(ps, "deleteResourcePermission.delegation");
ps.setInt(1, id);
ps.execute();
ps.commit();
} finally {
ps.releasePreparedStatement();
}
} catch (Exception e) {
ps.rollback();
throw e;
} finally {
ps.endTransaction();
}
return dr;
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#updateResourcePermission(com.sslexplorer.policyframework.ResourcePermission)
*/
public void updateResourcePermission(ResourcePermission resourcePermission)
throws Exception {
policyCache.clear();
JDBCPreparedStatement ps = db
.getStatement("updateResourcePermission.update");
ps.startTransaction();
ps.setString(1, resourcePermission.getResourceName());
ps.setString(2, resourcePermission.getResourceDescription());
ps.setInt(3, resourcePermission.getOnwardDelegatable() ? 1 : 0);
ps.setInt(4, resourcePermission.getParentResourcePermission());
Calendar c = Calendar.getInstance();
ps.setString(5, db.formatTimestamp(c));
ps.setInt(6, resourcePermission.getResourceId());
try {
try {
ps.execute();
updateResourcePermissionRelationships(ps, resourcePermission);
} finally {
ps.releasePreparedStatement();
}
ps.commit();
resourcePermission.setDateAmended(c);
} catch (Exception e) {
ps.rollback();
throw e;
} finally {
ps.endTransaction();
}
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#getResourcePermissionDelegatedPolicies(com.sslexplorer.policyframework.ResourcePermission)
*/
public List getResourcePermissionDelegatedPolicies(
ResourcePermission resourcePermission) throws Exception {
String cacheKey = "resourcePermissionDelegatedPolicies-"
+ resourcePermission.getResourceId();
List l = (List) policyCache.retrieve(cacheKey);
if (l == null) {
JDBCPreparedStatement ps = db
.getStatement("getResourcePermissionDelegatedPolicies.select");
ps.setInt(1, resourcePermission.getResourceId());
l = new ArrayList();
try {
ResultSet rs = ps.executeQuery();
while (rs.next()) {
Policy p = buildPolicy(rs);
l.add(p);
}
} finally {
ps.releasePreparedStatement();
}
storeToCache(cacheKey, (Serializable) l);
}
return l;
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#addResourcePermissionDelegationToPolicy(com.sslexplorer.policyframework.ResourcePermission,
* com.sslexplorer.policyframework.Policy)
*/
public void addResourcePermissionDelegationToPolicy(
ResourcePermission resourcePermission, Policy policy)
throws Exception {
policyCache.clear();
JDBCPreparedStatement ps = db
.getStatement("addResourcePermissionDelegationToPolicy.insert");
ps.setInt(1, resourcePermission.getResourceId());
ps.setInt(2, policy.getResourceId());
try {
ps.execute();
} finally {
ps.releasePreparedStatement();
}
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#removeResourcePermissionDelegationFromPolicy(com.sslexplorer.policyframework.ResourcePermission,
* com.sslexplorer.policyframework.Policy)
*/
public void removeResourcePermissionDelegationFromPolicy(
ResourcePermission resourcePermission, Policy policy)
throws Exception {
policyCache.clear();
JDBCPreparedStatement ps = db
.getStatement("removeResourcePermissionDelegationFromPolicy.delete");
ps.setInt(1, resourcePermission.getResourceId());
ps.setInt(2, policy.getResourceId());
try {
ps.execute();
} finally {
ps.releasePreparedStatement();
}
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#clearResourcePermissionDelegation(com.sslexplorer.policyframework.ResourcePermission)
*/
public void clearResourcePermissionDelegation(
ResourcePermission resourcePermission) throws Exception {
policyCache.clear();
JDBCPreparedStatement ps = db
.getStatement("clearResourcePermissionDelegation.delete");
ps.setInt(1, resourcePermission.getResourceId());
try {
ps.execute();
} finally {
ps.releasePreparedStatement();
}
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#initResourcePermissions()
*/
public void initResourcePermissions() throws Exception {
// Has no permission
registerResourceType(PolicyConstants.RESOURCE_PERMISSION_RESOURCE_TYPE);
// -- Delegation Resource Permissions
// Application Shortcut
registerResourceType(PolicyConstants.APPLICATION_SHORTCUT_RESOURCE_TYPE);
PolicyConstants.APPLICATION_SHORTCUT_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN);
PolicyConstants.APPLICATION_SHORTCUT_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_EDIT_AND_ASSIGN);
PolicyConstants.APPLICATION_SHORTCUT_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_ASSIGN);
PolicyConstants.APPLICATION_SHORTCUT_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
// Network Place
registerResourceType(PolicyConstants.NETWORK_PLACE_RESOURCE_TYPE);
PolicyConstants.NETWORK_PLACE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN);
PolicyConstants.NETWORK_PLACE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_EDIT_AND_ASSIGN);
PolicyConstants.NETWORK_PLACE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
PolicyConstants.NETWORK_PLACE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_ASSIGN);
// Policy
registerResourceType(PolicyConstants.POLICY_RESOURCE_TYPE);
PolicyConstants.POLICY_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN);
PolicyConstants.POLICY_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_EDIT_AND_ASSIGN);
PolicyConstants.POLICY_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
PolicyConstants.POLICY_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_ASSIGN);
// Profile
registerResourceType(PolicyConstants.PROFILE_RESOURCE_TYPE);
PolicyConstants.PROFILE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN);
PolicyConstants.PROFILE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_EDIT_AND_ASSIGN);
PolicyConstants.PROFILE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
PolicyConstants.PROFILE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_ASSIGN);
// SSL Tunnel
registerResourceType(PolicyConstants.SSL_TUNNEL_RESOURCE_TYPE);
PolicyConstants.SSL_TUNNEL_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN);
PolicyConstants.SSL_TUNNEL_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_EDIT_AND_ASSIGN);
PolicyConstants.SSL_TUNNEL_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
PolicyConstants.SSL_TUNNEL_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_ASSIGN);
// Web Forward
registerResourceType(PolicyConstants.WEBFORWARD_RESOURCE_TYPE);
PolicyConstants.WEBFORWARD_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN);
PolicyConstants.WEBFORWARD_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_EDIT_AND_ASSIGN);
PolicyConstants.WEBFORWARD_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
PolicyConstants.WEBFORWARD_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_ASSIGN);
// -- System Resource Permissions
// Shutdown
registerResourceType(PolicyConstants.SERVICE_CONTROL_RESOURCE_TYPE);
PolicyConstants.SERVICE_CONTROL_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_SHUTDOWN);
PolicyConstants.SERVICE_CONTROL_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_RESTART);
// System Configuration
registerResourceType(PolicyConstants.SYSTEM_CONFIGURATION_RESOURCE_TYPE);
PolicyConstants.SYSTEM_CONFIGURATION_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CHANGE);
// Keystore
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -