📄 localauthorizationsessionbean.java
字号:
} } // addAdminGroup /** * Method to remove a admingroup. * * @ejb.interface-method view-type="both" */ public void removeAdminGroup(Admin admin, String admingroupname, int caid) { if (log.isDebugEnabled()) { debug("Removing admin group "+admingroupname+" for caid "+caid); } if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { AdminGroupDataLocal agl = admingrouphome.findByGroupNameAndCAId(admingroupname, caid); removeEntitiesAndRulesFromGroup(agl); agl.remove(); signalForAuthorizationTreeUpdate(); String msg = intres.getLocalizedMessage("authorization.admingroupremoved", admingroupname); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, msg); } catch (Exception e) { String msg = intres.getLocalizedMessage("authorization.errorremoveadmingroup", admingroupname); error(msg, e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES, msg); } } } // removeAdminGroup private void removeEntitiesAndRulesFromGroup(AdminGroupDataLocal agl) { debug("removing entities and rules for caid "+agl.getCaId()); // Remove groups user entities. agl.removeAdminEntities(agl.getAdminEntityObjects()); // Remove groups accessrules. Iterator iter = agl.getAccessRuleObjects().iterator(); ArrayList remove = new ArrayList(); while (iter.hasNext()) { remove.add(((AccessRule) iter.next()).getAccessRule()); } agl.removeAccessRules(remove); } /** * Metod to rename a admingroup * * @throws AdminGroupExistsException if admingroup already exists. * @ejb.interface-method view-type="both" */ public void renameAdminGroup(Admin admin, String oldname, int caid, String newname) throws AdminGroupExistsException { if (!(oldname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { boolean success = false; AdminGroupDataLocal agl = null; try { agl = admingrouphome.findByGroupNameAndCAId(newname, caid); throw new AdminGroupExistsException(); } catch (FinderException e) { success = true; } if (success) { try { agl = admingrouphome.findByGroupNameAndCAId(oldname, caid); agl.setAdminGroupName(newname); agl.setCaId(caid); signalForAuthorizationTreeUpdate(); } catch (Exception e) { error("Can't rename admingroup: ", e); success = false; } } if (success) { String msg = intres.getLocalizedMessage("authorization.admingrouprenamed", oldname, newname); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, msg); } else { String msg = intres.getLocalizedMessage("authorization.errorrenameadmingroup", oldname, newname); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES, msg); } } } // renameAdminGroup /** * Method to get a reference to a admingroup. * * @ejb.interface-method view-type="both" * @ejb.transaction type="Supports" */ public AdminGroup getAdminGroup(Admin admin, String admingroupname, int caid) { AdminGroup returnval = null; try { returnval = (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).getAdminGroup(); } catch (Exception e) { error("Can't get admingroup: ", e); } return returnval; } // getAdminGroup /** * Returns the total number of admingroups */ private Collection getAdminGroups() { ArrayList returnval = new ArrayList(); try { Iterator iter = admingrouphome.findAll().iterator(); while (iter.hasNext()) returnval.add(((AdminGroupDataLocal) iter.next()).getAdminGroup()); } catch (FinderException e) { } return returnval; } // getAdminGroups /** * Returns a Collection of AdminGroup the administrator is authorized to. * <p/> * SuperAdmin is autorized to all groups * Other admins are only authorized to the groups cointaining a subset of authorized CA that the admin * himself is authorized to. * <p/> * The AdminGroup objects only contains only name and caid and no accessdata * * @ejb.interface-method view-type="both" * @ejb.transaction type="Supports" */ public Collection getAuthorizedAdminGroupNames(Admin admin) { ArrayList returnval = new ArrayList(); boolean issuperadmin = false; try { issuperadmin = this.isAuthorizedNoLog(admin, AvailableAccessRules.ROLE_SUPERADMINISTRATOR); } catch (AuthorizationDeniedException e1) { } HashSet authorizedcaids = new HashSet(); HashSet allcaids = new HashSet(); if (!issuperadmin) { authorizedcaids.addAll(authorizer.getAuthorizedCAIds(admin)); allcaids.addAll(getCAAdminSession().getAvailableCAs(admin)); } try { Collection result = admingrouphome.findAll(); Iterator i = result.iterator(); while (i.hasNext()) { AdminGroupDataLocal agdl = (AdminGroupDataLocal) i.next(); boolean allauthorized = false; boolean carecursive = false; boolean superadmingroup = false; boolean authtogroup = false; ArrayList groupcaids = new ArrayList(); if (!issuperadmin) { // Is admin authorized to group caid. if (authorizedcaids.contains(new Integer(agdl.getCaId()))) { authtogroup = true; // check access rules Iterator iter = agdl.getAccessRuleObjects().iterator(); while (iter.hasNext()) { AccessRule accessrule = ((AccessRule) iter.next()); String rule = accessrule.getAccessRule(); if (rule.equals(AvailableAccessRules.ROLE_SUPERADMINISTRATOR) && accessrule.getRule() == AccessRule.RULE_ACCEPT) { superadmingroup = true; break; } if (rule.equals(AvailableAccessRules.CABASE)) { if (accessrule.getRule() == AccessRule.RULE_ACCEPT && accessrule.isRecursive()) { if (authorizedcaids.containsAll(allcaids)) { carecursive = true; } } } else { if (rule.startsWith(AvailableAccessRules.CAPREFIX) && accessrule.getRule() == AccessRule.RULE_ACCEPT) { groupcaids.add(new Integer(rule.substring(AvailableAccessRules.CAPREFIX.length()))); } } } } } allauthorized = authorizedcaids.containsAll(groupcaids); if (issuperadmin || ((allauthorized || carecursive) && authtogroup && !superadmingroup)) { if (!agdl.getAdminGroupName().equals(PUBLICWEBGROUPNAME) && !(agdl.getAdminGroupName().equals(DEFAULTGROUPNAME) && agdl.getCaId() == LogConstants.INTERNALCAID)) returnval.add(agdl.getAdminGroupNames()); } } } catch (FinderException e) { } return returnval; } // getAuthorizedAdminGroupNames /** * Adds a Collection of AccessRule to an an admin group. * * @ejb.interface-method view-type="both" */ public void addAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules) { if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).addAccessRules(accessrules); signalForAuthorizationTreeUpdate(); String msg = intres.getLocalizedMessage("authorization.accessrulesadded", admingroupname); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, msg); } catch (Exception e) { String msg = intres.getLocalizedMessage("authorization.erroraddaccessrules", admingroupname); error(msg, e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES, msg); } } } // addAccessRules /** * Removes a Collection of (String) containing accessrules to remove from admin group. * * @ejb.interface-method view-type="both" */ public void removeAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules) { if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).removeAccessRules(accessrules); signalForAuthorizationTreeUpdate(); String msg = intres.getLocalizedMessage("authorization.accessrulesremoved", admingroupname); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, msg); } catch (Exception e) { String msg = intres.getLocalizedMessage("authorization.errorremoveaccessrules", admingroupname); error(msg, e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, msg); } } } // removeAccessRules /** * Replaces a groups accessrules with a new set of rules * * @ejb.interface-method view-type="both" */ public void replaceAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules) { if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { AdminGroupDataLocal agdl = admingrouphome.findByGroupNameAndCAId(admingroupname, caid); Collection currentrules = agdl.getAdminGroup().getAccessRules(); ArrayList removerules = new ArrayList(); Iterator iter = currentrules.iterator(); while (iter.hasNext()) { removerules.add(((AccessRule) iter.next()).getAccessRule()); } agdl.removeAccessRules(removerules); agdl.addAccessRules(accessrules); signalForAuthorizationTreeUpdate(); String msg = intres.getLocalizedMessage("authorization.accessrulesreplaced", admingroupname); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, msg); } catch (Exception e) { String msg = intres.getLocalizedMessage("authorization.errorreplaceaccessrules", admingroupname); error(msg, e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, msg); } } } // replaceAccessRules /** * Adds a Collection of AdminEnity to the admingroup. Changes their values if they already exists. * * @ejb.interface-method view-type="both" */ public void addAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities) { if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) { try { (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).addAdminEntities(adminentities);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -