?? localauthorizationsessionbean.java
字號:
/** * Replaces a groups accessrules with a new set of rules * */ public void replaceAccessRules(Admin admin, String admingroupname, int caid, Collection accessrules){ if(!(admingroupname.equals(DEFAULTGROUPNAME) && caid == ILogSessionLocal.INTERNALCAID)){ try{ AdminGroupDataLocal agdl = admingrouphome.findByGroupNameAndCAId(admingroupname, caid); Collection currentrules = agdl.getAdminGroup().getAccessRules(); ArrayList removerules = new ArrayList(); Iterator iter = currentrules.iterator(); while(iter.hasNext()){ removerules.add(((AccessRule) iter.next()).getAccessRule()); } agdl.removeAccessRules(removerules); agdl.addAccessRules(accessrules); signalForAuthorizationTreeUpdate(); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES,"Replaced accessrules from admingroup : " + admingroupname ); }catch(Exception e){ logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES,"Error replacing accessrules from admingroup : " + admingroupname ); } } } // replaceAccessRules /** * Adds a Collection of AdminEnity to the admingroup. Changes their values if they already exists. * */ public void addAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities){ if(!(admingroupname.equals(DEFAULTGROUPNAME) && caid == ILogSessionLocal.INTERNALCAID)){ try{ (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).addAdminEntities(adminentities); signalForAuthorizationTreeUpdate(); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES,"Added administrator entities to administratorgroup " + admingroupname); }catch(Exception e){ error("Can't add admin entities: ",e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES,"Error adding administrator entities to administratorgroup " + admingroupname); } } } // addAdminEntity /** * Removes a Collection of AdminEntity from the administrator group. * */ public void removeAdminEntities(Admin admin, String admingroupname, int caid, Collection adminentities){ if(!(admingroupname.equals(DEFAULTGROUPNAME) && caid == ILogSessionLocal.INTERNALCAID)){ try{ (admingrouphome.findByGroupNameAndCAId(admingroupname, caid)).removeAdminEntities(adminentities); signalForAuthorizationTreeUpdate(); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_INFO_EDITEDADMINISTRATORPRIVILEGES,"Removed administrator entities from administratorgroup " + admingroupname); }catch(Exception e){ error("Can't add admin entities: ",e); logsession.log(admin, caid, LogEntry.MODULE_RA, new java.util.Date(),null, null, LogEntry.EVENT_ERROR_EDITEDADMINISTRATORPRIVILEGES,"Error removing administrator entities from administratorgroup " + admingroupname); } } } // removeAdminEntity /** * Method used to collect an administrators available access rules based on which rule * he himself is authorized to. * * @param admin is the administrator calling the method. * @return a Collection of String containing available accessrules. */ public Collection getAuthorizedAvailableAccessRules(Admin admin){ AvailableAccessRules aar = null; try{ aar = new AvailableAccessRules(admin, authorizer, getRaAdminSession(), customaccessrules); }catch(Exception e){ throw new EJBException(e); } return aar.getAvailableAccessRules(admin); } /** * Method used to return an Collection of Integers indicating which CAids a administrator * is authorized to access. */ public Collection getAuthorizedCAIds(Admin admin){ return authorizer.getAuthorizedCAIds(admin); } /** * Method used to return an Collection of Integers indicating which end entity profiles * the administrator is authorized to view. * * @param admin, the administrator * @rapriviledge should be one of the end entity profile authorization constans defined in AvailableAccessRules. */ public Collection getAuthorizedEndEntityProfileIds(Admin admin, String rapriviledge){ return authorizer.getAuthorizedEndEntityProfileIds(admin, rapriviledge); } /** * Method to check if an end entity profile exists in any end entity profile rules. Used to avoid desyncronization of profilerules. * * @param profileid the profile id to search for. * @return true if profile exists in any of the accessrules. */ public boolean existsEndEntityProfileInRules(Admin admin, int profileid){ debug(">existsEndEntityProfileInRules()"); Connection con = null; PreparedStatement ps = null; ResultSet rs = null; int count = 1; // return true as default. String whereclause = "accessRule LIKE '" + AvailableAccessRules.ENDENTITYPROFILEPREFIX + profileid + "%'"; try{ // Construct SQL query. con = getConnection(); ps = con.prepareStatement("select COUNT(*) from AccessRulesData where " + whereclause); // Execute query. rs = ps.executeQuery(); // Assemble result. if(rs.next()){ count = rs.getInt(1); } debug("<existsEndEntityProfileInRules()"); return count > 0; }catch(Exception e){ throw new EJBException(e); }finally{ try{ if(rs != null) rs.close(); if(ps != null) ps.close(); if(con!= null) con.close(); }catch(SQLException se){ error("Error when cleaning up: ", se); } } } /** * Method to check if a ca exists in any ca specific rules. Used to avoid desyncronization of CA rules when ca is removed * @param caid the ca id to search for. * @return true if ca exists in any of the accessrules. */ public boolean existsCAInRules(Admin admin, int caid){ return existsCAInAdminGroups(caid) && existsCAInAccessRules(caid); } // existsCAInRules /** * Help function to existsCAInRules, checks if caid axists among admingroups. */ private boolean existsCAInAdminGroups(int caid){ debug(">existsCAInAdminGroups()"); Connection con = null; PreparedStatement ps = null; ResultSet rs = null; int count = 1; // return true as default. String whereclause = "cAId = '" + caid +"'"; try{ // Construct SQL query. con = getConnection(); ps = con.prepareStatement("select COUNT(*) from AdminGroupData where " + whereclause); // Execute query. rs = ps.executeQuery(); // Assemble result. if(rs.next()){ count = rs.getInt(1); } debug("<existsCAInAdminGroupss()"); return count > 0; }catch(Exception e){ throw new EJBException(e); }finally{ try{ if(rs != null) rs.close(); if(ps != null) ps.close(); if(con!= null) con.close(); }catch(SQLException se){ error("Error when cleaning up: ", se); } } } /** * Help function to existsCAInRules, checks if caid axists among accessrules. */ private boolean existsCAInAccessRules(int caid){ debug(">existsCAInAccessRules()"); Connection con = null; PreparedStatement ps = null; ResultSet rs = null; int count = 1; // return true as default. String whereclause = "accessRule LIKE '" + AvailableAccessRules.CABASE + "/" + caid + "%'"; try{ // Construct SQL query. con = getConnection(); ps = con.prepareStatement("select COUNT(*) from AccessRulesData where " + whereclause); // Execute query. rs = ps.executeQuery(); // Assemble result. if(rs.next()){ count = rs.getInt(1); } debug("<existsCAInAccessRules()"); return count > 0; }catch(Exception e){ throw new EJBException(e); }finally{ try{ if(rs != null) rs.close(); if(ps != null) ps.close(); if(con!= null) con.close(); }catch(SQLException se){ error("Error when cleaning up: ", se); } } } /** * Returns a reference to the AuthorizationTreeUpdateDataBean */ private AuthorizationTreeUpdateDataLocal getAuthorizationTreeUpdateData(){ AuthorizationTreeUpdateDataLocal atu = null; try{ atu = authorizationtreeupdatehome.findByPrimaryKey(new Integer(AuthorizationTreeUpdateDataLocalHome.AUTHORIZATIONTREEUPDATEDATA)); }catch(FinderException e){ try{ atu = authorizationtreeupdatehome.create(); }catch(CreateException ce){ error("Error creating AuthorizationTreeUpdateDataBean :", ce); throw new EJBException(ce); } } return atu; } /** * Method used check if a reconstruction of authorization tree is needed in the * authorization beans. * * @returns true if update is needed. */ private boolean updateNeccessary(){ return getAuthorizationTreeUpdateData().updateNeccessary(this.authorizationtreeupdate) && lastupdatetime < ((new java.util.Date()).getTime() - IAuthorizationSessionRemote.MINTIMEBETWEENUPDATES); } // updateNeccessary /** * method updating authorization tree. */ private void updateAuthorizationTree(Admin admin){ authorizer.buildAccessTree(getAdminGroups(admin)); this.authorizationtreeupdate= getAuthorizationTreeUpdateData().getAuthorizationTreeUpdateNumber(); this.lastupdatetime = (new java.util.Date()).getTime(); } /** * Method incrementing the authorizationtreeupdatenumber and thereby signaling * to other beans that they should reconstruct their accesstrees. * */ private void signalForAuthorizationTreeUpdate(){ getAuthorizationTreeUpdateData().incrementAuthorizationTreeUpdateNumber(); } private int findFreeAdminGroupId(){ Random random = new Random((new Date()).getTime()); int id = random.nextInt(); boolean foundfree = false; while(!foundfree){ try{ this.admingrouphome.findByPrimaryKey(new Integer(id)); id = random.nextInt(); }catch(FinderException e){ foundfree = true; } } return id; } // findFreeCertificateProfileId } // LocalAvailableAccessRulesDataBean?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -