localauthorizationsessionbean.java

一个免费的CA,基于EJB平台的,老师叫我们测试,现把之共享出来让大家参考

                signalForAuthorizationTreeUpdate();
        		String msg = intres.getLocalizedMessage("authorization.adminadded", admingroupname);            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, msg);
            } catch (Exception e) {
        		String msg = intres.getLocalizedMessage("authorization.erroraddadmin", admingroupname);            	
            	error(msg, e);
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES, msg);
            }
        }
    } // addAdminEntity


    /**
     * Removes a Collection of AdminEntity from the administrator group.
     *
     * @ejb.interface-method view-type="both"
     */
    public void removeAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities) {
        if (!(admingroupname.equals(DEFAULTGROUPNAME) && caid == LogConstants.INTERNALCAID)) {
            try {
                (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).removeAdminEntities(adminentities);
                signalForAuthorizationTreeUpdate();
        		String msg = intres.getLocalizedMessage("authorization.adminremoved", admingroupname);            	
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES, msg);
            } catch (Exception e) {
        		String msg = intres.getLocalizedMessage("authorization.errorremoveadmin", admingroupname);            	
            	error(msg, e);
                logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(), null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES, msg);
            }
        }
    } // removeAdminEntity


    /**
     * Method used to collect an administrators available access rules based on which rule
     * he himself is authorized to.
     *
     * @param admin is the administrator calling the method.
     * @return a Collection of String containing available accessrules.
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */

    public Collection getAuthorizedAvailableAccessRules(Admin admin) {
        AvailableAccessRules aar = null;
        try {
            aar = new AvailableAccessRules(admin, authorizer, getRaAdminSession(), customaccessrules);
        } catch (Exception e) {
            throw new EJBException(e);
        }

        return aar.getAvailableAccessRules(admin);
    }

    /**
     * Method used to return an Collection of Integers indicating which CAids a administrator
     * is authorized to access.
     *
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */
    public Collection getAuthorizedCAIds(Admin admin) {
        return authorizer.getAuthorizedCAIds(admin);
    }


    /**
     * Method used to return an Collection of Integers indicating which end entity profiles
     * the administrator is authorized to view.
     *
     * @param admin        the administrator
     * @param rapriviledge should be one of the end entity profile authorization constans defined in AvailableAccessRules.
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */
    public Collection getAuthorizedEndEntityProfileIds(Admin admin, String rapriviledge) {
        return authorizer.getAuthorizedEndEntityProfileIds(admin, rapriviledge);
    }

    /**
     * Method to check if an end entity profile exists in any end entity profile rules. Used to avoid desyncronization of profilerules.
     *
     * @param profileid the profile id to search for.
     * @return true if profile exists in any of the accessrules.
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */
    public boolean existsEndEntityProfileInRules(Admin admin, int profileid) {
        debug(">existsEndEntityProfileInRules()");
        Connection con = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        int count = 1; // return true as default.

        String whereclause = "accessRule  LIKE '" + AvailableAccessRules.ENDENTITYPROFILEPREFIX + profileid + "%'";

        try {
            // Construct SQL query.
            con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE);
            ps = con.prepareStatement("select COUNT(*) from AccessRulesData where " + whereclause);
            // Execute query.
            rs = ps.executeQuery();
            // Assemble result.
            if (rs.next()) {
                count = rs.getInt(1);
            }
            debug("<existsEndEntityProfileInRules()");
            return count > 0;

        } catch (Exception e) {
            throw new EJBException(e);
        } finally {
            JDBCUtil.close(con, ps, rs);
        }
    } // existsEndEntityProfileInRules

    /**
     * Method to check if a ca exists in any ca specific rules. Used to avoid desyncronization of CA rules when ca is removed
     *
     * @param caid the ca id to search for.
     * @return true if ca exists in any of the accessrules.
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */

    public boolean existsCAInRules(Admin admin, int caid) {
        return existsCAInAdminGroups(caid) && existsCAInAccessRules(caid);
    } // existsCAInRules
    
    /**
     * Method  to force an update of the autorization rules without any wait.
     *
     * @ejb.interface-method view-type="both"
     * @ejb.transaction type="Supports"
     */

    public void forceRuleUpdate(Admin admin) {
        signalForAuthorizationTreeUpdate();
        updateAuthorizationTree();
    } // existsCAInRules


    /**
     * Help function to existsCAInRules, checks if caid axists among admingroups.
     */
    private boolean existsCAInAdminGroups(int caid) {
        debug(">existsCAInAdminGroups()");
        Connection con = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        int count = 1; // return true as default.

        String whereclause = "cAId = '" + caid + "'";

        try {
            // Construct SQL query.
            con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE);
            ps = con.prepareStatement("select COUNT(*) from AdminGroupData where " + whereclause);
            // Execute query.
            rs = ps.executeQuery();
            // Assemble result.
            if (rs.next()) {
                count = rs.getInt(1);
            }
            debug("<existsCAInAdminGroupss()");
            return count > 0;

        } catch (Exception e) {
            throw new EJBException(e);
        } finally {
            JDBCUtil.close(con, ps, rs);
        }
    }

    /**
     * Help function to existsCAInRules, checks if caid axists among accessrules.
     */
    private boolean existsCAInAccessRules(int caid) {
        debug(">existsCAInAccessRules()");
        Connection con = null;
        PreparedStatement ps = null;
        ResultSet rs = null;
        int count = 1; // return true as default.

        String whereclause = "accessRule  LIKE '" + AvailableAccessRules.CABASE + "/" + caid + "%'";

        try {
            // Construct SQL query.
            con = JDBCUtil.getDBConnection(JNDINames.DATASOURCE);
            ps = con.prepareStatement("select COUNT(*) from AccessRulesData where " + whereclause);
            // Execute query.
            rs = ps.executeQuery();
            // Assemble result.
            if (rs.next()) {
                count = rs.getInt(1);
            }
            debug("<existsCAInAccessRules()");
            return count > 0;

        } catch (Exception e) {
            throw new EJBException(e);
        } finally {
            JDBCUtil.close(con, ps, rs);
        }
    } // existsCAInAccessRules

    /**
     * Returns a reference to the AuthorizationTreeUpdateDataBean
     */
    private AuthorizationTreeUpdateDataLocal getAuthorizationTreeUpdateData() {
        AuthorizationTreeUpdateDataLocal atu = null;
        try {
            atu = authorizationtreeupdatehome.findByPrimaryKey(AuthorizationTreeUpdateDataBean.AUTHORIZATIONTREEUPDATEDATA);
        } catch (FinderException e) {
            try {
                atu = authorizationtreeupdatehome.create();
            } catch (CreateException ce) {
        		String msg = intres.getLocalizedMessage("authorization.errorcreateauthtree");            	
                error(msg, ce);
                throw new EJBException(ce);
            }
        }
        return atu;
    }


    /**
     * Method used check if a reconstruction of authorization tree is needed in the
     * authorization beans.
     *
     * @return true if update is needed.
     */

    private boolean updateNeccessary() {
        return getAuthorizationTreeUpdateData().updateNeccessary(this.authorizationtreeupdate) && lastupdatetime < ((new java.util.Date()).getTime() - MIN_TIME_BETWEEN_UPDATES);
    } // updateNeccessary

    /**
     * method updating authorization tree.
     */
    private void updateAuthorizationTree() {
        authorizer.buildAccessTree(getAdminGroups());
        this.authorizationtreeupdate = getAuthorizationTreeUpdateData().getAuthorizationTreeUpdateNumber();
        this.lastupdatetime = (new java.util.Date()).getTime();
    }

    /**
     * Method incrementing the authorizationtreeupdatenumber and thereby signaling
     * to other beans that they should reconstruct their accesstrees.
     */
    private void signalForAuthorizationTreeUpdate() {
    	if (log.isDebugEnabled()) {
    		log.debug(">signalForAuthorizationTreeUpdate");
    	}
        getAuthorizationTreeUpdateData().incrementAuthorizationTreeUpdateNumber();
    	if (log.isDebugEnabled()) {
    		log.debug("<signalForAuthorizationTreeUpdate");
    	}
    }

    private int findFreeAdminGroupId() {
        Random random = new Random();
        int id = random.nextInt();
        boolean foundfree = false;

        while (!foundfree) {
            try {
                this.admingrouphome.findByPrimaryKey(new Integer(id));
                id = random.nextInt();
            } catch (FinderException e) {
                foundfree = true;
            }
        }
        return id;
    } // findFreeCertificateProfileId

} // LocalAuthorizationSessionBean