Package org.ejbca.core.model.authorization

Examples of org.ejbca.core.model.authorization.AccessRule


            addAdminGroup(admin, AdminGroup.TEMPSUPERADMINGROUP);
            final ArrayList<AdminEntity> adminentities = new ArrayList<AdminEntity>();
            adminentities.add(new AdminEntity(AdminEntity.WITH_COMMONNAME, AdminEntity.TYPE_EQUALCASEINS, superAdminCN, caid));
            admEntitySession.addAdminEntities(admin, AdminGroup.TEMPSUPERADMINGROUP, adminentities);
            final ArrayList<AccessRule> accessrules = new ArrayList<AccessRule>();
            accessrules.add(new AccessRule(AccessRulesConstants.ROLE_SUPERADMINISTRATOR, AccessRule.RULE_ACCEPT, false));
            addAccessRules(admin, AdminGroup.TEMPSUPERADMINGROUP, accessrules);
    
        }
        // Add Special Admin Group
        // Special admin group is a group that is not authenticated with client
        // certificate, such as batch tool etc
        if (AdminGroupData.findByGroupName(entityManager, AdminGroup.DEFAULTGROUPNAME) == null) {
            LOG.debug("initialize: FinderEx, add default group.");
            // Add Default Special Admin Group
            try {
                final AdminGroupData agdl = new AdminGroupData(Integer.valueOf(findFreeAdminGroupId()), AdminGroup.DEFAULTGROUPNAME);
                entityManager.persist(agdl);

                final ArrayList<AdminEntity> adminentities = new ArrayList<AdminEntity>();
                adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_BATCHCOMMANDLINEADMIN));
                adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_CACOMMANDLINEADMIN));
                adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_RAADMIN));
                adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_INTERNALUSER));
                agdl.addAdminEntities(entityManager, adminentities);

                final ArrayList<AccessRule> accessrules = new ArrayList<AccessRule>();
                accessrules.add(new AccessRule(AccessRulesConstants.ROLE_ADMINISTRATOR, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.ROLE_SUPERADMINISTRATOR, AccessRule.RULE_ACCEPT, false));

                accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_CAFUNCTIONALTY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_RAFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_LOGFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_SYSTEMFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.HARDTOKEN_HARDTOKENFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.CABASE, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.ENDENTITYPROFILEBASE, AccessRule.RULE_ACCEPT, true));

                agdl.addAccessRules(entityManager, accessrules);

                authTreeSession.signalForAuthorizationTreeUpdate();
            } catch (Exception ce) {
View Full Code Here


                if (onlyAuthCAIds) {
                    authtogroup = true;
                    // check access rules
                    final Iterator<AccessRule> iter = agdl.getAccessRuleObjects().iterator();
                    while (iter.hasNext()) {
                        final AccessRule accessrule = iter.next();
                        final String rule = accessrule.getAccessRule();
                        if (rule.equals(AccessRulesConstants.ROLE_SUPERADMINISTRATOR) && accessrule.getRule() == AccessRule.RULE_ACCEPT) {
                            superadmingroup = true;
                            break;
                        }
                        if (rule.equals(AccessRulesConstants.CABASE)) {
                            if (accessrule.getRule() == AccessRule.RULE_ACCEPT && accessrule.isRecursive() && authorizedcaids.containsAll(allcaids)) {
                              carecursive = true;
                            }
                        } else {
                            if (rule.startsWith(AccessRulesConstants.CAPREFIX) && accessrule.getRule() == AccessRule.RULE_ACCEPT) {
                                groupcaids.add(Integer.valueOf(rule.substring(AccessRulesConstants.CAPREFIX.length())));
                            }
                        }
                    }
                }
View Full Code Here

        final ArrayList<AdminEntity> adminentities = new ArrayList<AdminEntity>();
        adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_PUBLICWEBUSER));
        agdl.addAdminEntities(entityManager, adminentities);

        final ArrayList<AccessRule> accessrules = new ArrayList<AccessRule>();
        accessrules.add(new AccessRule(AccessRulesConstants.ROLE_PUBLICWEBUSER, AccessRule.RULE_ACCEPT, false));

        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_CABASICFUNCTIONS, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_VIEWCERTIFICATE, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_CREATECERTIFICATE, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_STORECERTIFICATE, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_VIEWENDENTITY, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.CABASE, AccessRule.RULE_ACCEPT, true));
        accessrules.add(new AccessRule(AccessRulesConstants.ENDENTITYPROFILEBASE, AccessRule.RULE_ACCEPT, true));

        agdl.addAccessRules(entityManager, accessrules);
    }
View Full Code Here

      accessRuleStrings.add(accessRule);
      if (rule == AccessRule.RULE_NOTUSED) {
          ejb.getAdminGroupSession().removeAccessRules(getAdmin(), groupName, accessRuleStrings);
      } else {
          ejb.getAdminGroupSession().removeAccessRules(getAdmin(), groupName, accessRuleStrings);
        AccessRule accessRuleObject = new AccessRule(accessRule, rule, recursive);
        Collection<AccessRule> accessRules = new ArrayList<AccessRule>();
        accessRules.add(accessRuleObject);
        ejb.getAdminGroupSession().addAccessRules(getAdmin(), groupName, accessRules);
      }
    } catch (Exception e) {
View Full Code Here

   * Adds a Collection of AccessRule to the database. Changing their values if they already exists
   */
  public void addAccessRules(final EntityManager entityManager, final Collection<AccessRule> accessrules) {
    final Iterator<AccessRule> iter = accessrules.iterator();
    while (iter.hasNext()) {
      final AccessRule accessrule = iter.next();
      try {
        final AccessRulesData data = new AccessRulesData(getAdminGroupName(), 0, accessrule.getAccessRule(), accessrule.getRule(), accessrule.isRecursive());
        entityManager.persist(data);
        final Iterator<AccessRulesData> i = getAccessRules().iterator();
        while (i.hasNext()) {
          final AccessRulesData ar = i.next();
          if (ar.getAccessRuleObject().getAccessRule().equals(accessrule.getAccessRule())) {
            getAccessRules().remove(ar);
            entityManager.remove(ar);
            break;
          }
        }
View Full Code Here

     * Only used during upgrade.
     */
    public void removeAccessRulesObjects(final EntityManager entityManager, final Collection<AccessRule> accessrules) {
      final Iterator<AccessRule> iter = accessrules.iterator();
    while (iter.hasNext()) {
      final AccessRule accessrule = iter.next();
      final Iterator<AccessRulesData> i = getAccessRules().iterator();
            while (i.hasNext()) {
              final AccessRulesData ar = i.next();
                if (accessrule.getAccessRule().equals(ar.getAccessRule()) && accessrule.getRule() == ar.getRule() && accessrule.isRecursive() == ar.getIsRecursive()) {
                    getAccessRules().remove(ar);
          entityManager.remove(ar);
          break;
                }
            }
View Full Code Here

    private Integer isRecursiveInt;
    private int rowVersion = 0;
    private String rowProtection;

    public AccessRulesData(final String admingroupname, final int caid, final String accessrule, final int rule, final boolean isrecursive) {
        setPrimKey(generatePrimaryKey(admingroupname, caid, new AccessRule(accessrule, rule, isrecursive)));
        setAccessRule(accessrule);
        setRule(rule);
        setIsRecursive(isrecursive);
        if (log.isDebugEnabled()) {
            log.debug("Created accessrule : " + accessrule);
View Full Code Here

     *
     * @return the access rule transfer object
     */
    @Transient
    public AccessRule getAccessRuleObject() {
        return new AccessRule(getAccessRule(), getRule(), getIsRecursive());
    }
View Full Code Here

    return result;
  }

  /** @return a parsed version of the accessrule for the current row in the datatable. CAs, End Entity Profiles and UserDataSources are given their cleartext name. */
  public String getParsedAccessRule() {
    AccessRule accessRule =  (AccessRule) FacesContext.getCurrentInstance().getExternalContext().getRequestMap().get("accessRule");
    String resource = accessRule.getAccessRule();
    // Check if it is a profile rule, then replace profile id with profile name.
    if (resource.startsWith(AccessRulesConstants.ENDENTITYPROFILEPREFIX)) {
      if (resource.lastIndexOf('/') < AccessRulesConstants.ENDENTITYPROFILEPREFIX.length()) {
        return AccessRulesConstants.ENDENTITYPROFILEPREFIX + ejb.getEndEntityProfileSession().getEndEntityProfileName(
            getAdmin(), Integer.parseInt(resource.substring(AccessRulesConstants.ENDENTITYPROFILEPREFIX.length())));
View Full Code Here

        Collection<AccessRule> rules = ag.getAccessRules();
        assertEquals("Number of available access rules for AdminGroup.PUBLICWEBGROUPNAME was not the expected.", 8, rules.size());

        // Add some new strange access rules
        ArrayList<AccessRule> accessrules = new ArrayList<AccessRule>();
        accessrules.add(new AccessRule("/public_foo_user", AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule("/foo_functionality/basic_functions", AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule("/foo_functionality/view_certificate", AccessRule.RULE_ACCEPT, false));
        adminGroupSession.addAccessRules(admin, AdminGroup.PUBLICWEBGROUPNAME, accessrules);

        // Retrieve the access rules and check that they were added
        ag = adminGroupSession.getAdminGroup(admin, AdminGroup.PUBLICWEBGROUPNAME);
        assertNotNull(ag);
        rules = ag.getAccessRules();
        assertEquals(11, rules.size()); // We have added three rules
        Iterator<AccessRule> iter = rules.iterator();
        boolean found = false;
        while (iter.hasNext()) {
            AccessRule rule = iter.next();
            if (rule.getAccessRule().equals("/foo_functionality/view_certificate")) {
                found = true;
            }
        }
        assertTrue(found);

        // Initialize the same CA again, this will remove old default Public Web
        // rules and create new ones.
        // This had some troubles with glassfish before, hence the creation of
        // this test
        adminGroupSession.init(admin, caid, DEFAULT_SUPERADMIN_CN);
        // Retrieve access rules and check that we only have the default ones
        ag = adminGroupSession.getAdminGroup(admin, AdminGroup.PUBLICWEBGROUPNAME);
        assertNotNull(ag);
        rules = ag.getAccessRules();
        assertEquals(8, rules.size());
        iter = rules.iterator();
        found = false;
        while (iter.hasNext()) {
            AccessRule rule = (AccessRule) iter.next();
            if (rule.getAccessRule().equals("/foo_functionality/view_certificate")) {
                found = true;
            }
        }
        assertFalse(found);
View Full Code Here

TOP

Related Classes of org.ejbca.core.model.authorization.AccessRule

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.