001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.core.model.authorization;
013:
014: import java.io.Serializable;
015: import java.util.HashMap;
016:
017: import javax.ejb.FinderException;
018:
019: import org.ejbca.core.ejb.authorization.AdminGroupDataLocalHome;
020:
021: /**
022: * A class used to improve performance by proxying administrator authorization request by minimizing the need of traversing
023: * trough the authorization tree and rmi lookups.
024: *
025: * @author TomSelleck
026: * @version $Id: AuthorizationProxy.java,v 1.1 2006/01/17 20:30:56 anatom Exp $
027: */
028: public class AuthorizationProxy implements Serializable {
029:
030: // Public Constants.
031:
032: /** Creates a new instance of AuthorizationProxy. */
033: public AuthorizationProxy(AdminGroupDataLocalHome admingrouphome,
034: AccessTree accesstree) {
035: // Get the RaAdminSession instance.
036: authstore = new HashMap();
037: groupstore = new HashMap();
038: this .accesstree = accesstree;
039: this .admingrouphome = admingrouphome;
040: }
041:
042: /**
043: * Method that first checks in hashmap if administrator already have been checked in accesstree.
044: * If not it looks in the accesstree.
045: */
046:
047: public boolean isAuthorized(AdminInformation admin, String resource) {
048: Boolean returnval = null;
049: int adm = 0;
050:
051: if (admin.isSpecialUser()) {
052: adm = admin.getSpecialUser();
053: } else
054: adm = admin.getX509Certificate().getSerialNumber()
055: .hashCode();
056: int tmp = adm ^ resource.hashCode();
057: // Check if name is in hashmap
058: returnval = (Boolean) authstore.get(new Integer(tmp));
059:
060: if (returnval == null) {
061: // Get authorization from access tree
062: returnval = new Boolean(accesstree.isAuthorized(admin,
063: resource));
064: authstore.put(new Integer(tmp), returnval);
065: }
066:
067: return returnval.booleanValue();
068: }
069:
070: public boolean isGroupAuthorized(AdminInformation admin,
071: int admingrouppk, String resource) {
072: Boolean returnval = null;
073:
074: int tmp = admingrouppk ^ resource.hashCode();
075: // Check if name is in hashmap
076: returnval = (Boolean) groupstore.get(new Integer(tmp));
077:
078: if (returnval == null) {
079: // Get authorization from access tree
080: try {
081: AdminInformation admgroup = new AdminInformation(
082: admingrouphome.findByPrimaryKey(
083: new Integer(admingrouppk))
084: .getAdminGroupNames());
085: returnval = new Boolean(accesstree.isAuthorized(
086: admgroup, resource)
087: || accesstree.isAuthorized(admgroup,
088: "/super_administrator"));
089:
090: } catch (FinderException e) {
091: returnval = Boolean.FALSE;
092: }
093: groupstore.put(new Integer(tmp), returnval);
094: }
095:
096: return returnval.booleanValue();
097:
098: }
099:
100: /**
101: * Method used to clear the proxy, should be called every time administrator priviledges have been
102: * changed.
103: */
104: public void clear() {
105: this .authstore.clear();
106: this .groupstore.clear();
107: }
108:
109: // Private fields.
110: private HashMap authstore;
111: private HashMap groupstore;
112: private AccessTree accesstree;
113: private AdminGroupDataLocalHome admingrouphome;
114:
115: }
|