Package org.ejbca.core.model.authorization

Examples of org.ejbca.core.model.authorization.AccessRule

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
            addAdminGroup(admin, AdminGroup.TEMPSUPERADMINGROUP);
            final ArrayList<AdminEntity> adminentities = new ArrayList<AdminEntity>();
            adminentities.add(new AdminEntity(AdminEntity.WITH_COMMONNAME, AdminEntity.TYPE_EQUALCASEINS, superAdminCN, caid));
            admEntitySession.addAdminEntities(admin, AdminGroup.TEMPSUPERADMINGROUP, adminentities);
            final ArrayList<AccessRule> accessrules = new ArrayList<AccessRule>();
            accessrules.add(new AccessRule(AccessRulesConstants.ROLE_SUPERADMINISTRATOR, AccessRule.RULE_ACCEPT, false));
            addAccessRules(admin, AdminGroup.TEMPSUPERADMINGROUP, accessrules);
    
        }
        // Add Special Admin Group
        // Special admin group is a group that is not authenticated with client
        // certificate, such as batch tool etc
        if (AdminGroupData.findByGroupName(entityManager, AdminGroup.DEFAULTGROUPNAME) == null) {
            LOG.debug("initialize: FinderEx, add default group.");
            // Add Default Special Admin Group
            try {
                final AdminGroupData agdl = new AdminGroupData(Integer.valueOf(findFreeAdminGroupId()), AdminGroup.DEFAULTGROUPNAME);
                entityManager.persist(agdl);

                final ArrayList<AdminEntity> adminentities = new ArrayList<AdminEntity>();
                adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_BATCHCOMMANDLINEADMIN));
                adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_CACOMMANDLINEADMIN));
                adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_RAADMIN));
                adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_INTERNALUSER));
                agdl.addAdminEntities(entityManager, adminentities);

                final ArrayList<AccessRule> accessrules = new ArrayList<AccessRule>();
                accessrules.add(new AccessRule(AccessRulesConstants.ROLE_ADMINISTRATOR, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.ROLE_SUPERADMINISTRATOR, AccessRule.RULE_ACCEPT, false));

                accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_CAFUNCTIONALTY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_RAFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_LOGFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_SYSTEMFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.HARDTOKEN_HARDTOKENFUNCTIONALITY, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.CABASE, AccessRule.RULE_ACCEPT, true));
                accessrules.add(new AccessRule(AccessRulesConstants.ENDENTITYPROFILEBASE, AccessRule.RULE_ACCEPT, true));

                agdl.addAccessRules(entityManager, accessrules);

                authTreeSession.signalForAuthorizationTreeUpdate();
            } catch (Exception ce) {
View Full Code Here
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
                if (onlyAuthCAIds) {
                    authtogroup = true;
                    // check access rules
                    final Iterator<AccessRule> iter = agdl.getAccessRuleObjects().iterator();
                    while (iter.hasNext()) {
                        final AccessRule accessrule = iter.next();
                        final String rule = accessrule.getAccessRule();
                        if (rule.equals(AccessRulesConstants.ROLE_SUPERADMINISTRATOR) && accessrule.getRule() == AccessRule.RULE_ACCEPT) {
                            superadmingroup = true;
                            break;
                        }
                        if (rule.equals(AccessRulesConstants.CABASE)) {
                            if (accessrule.getRule() == AccessRule.RULE_ACCEPT && accessrule.isRecursive() && authorizedcaids.containsAll(allcaids)) {
                              carecursive = true;
                            }
                        } else {
                            if (rule.startsWith(AccessRulesConstants.CAPREFIX) && accessrule.getRule() == AccessRule.RULE_ACCEPT) {
                                groupcaids.add(Integer.valueOf(rule.substring(AccessRulesConstants.CAPREFIX.length())));
                            }
                        }
                    }
                }
View Full Code Here
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
        final ArrayList<AdminEntity> adminentities = new ArrayList<AdminEntity>();
        adminentities.add(new AdminEntity(AdminEntity.SPECIALADMIN_PUBLICWEBUSER));
        agdl.addAdminEntities(entityManager, adminentities);

        final ArrayList<AccessRule> accessrules = new ArrayList<AccessRule>();
        accessrules.add(new AccessRule(AccessRulesConstants.ROLE_PUBLICWEBUSER, AccessRule.RULE_ACCEPT, false));

        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_CABASICFUNCTIONS, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_VIEWCERTIFICATE, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_CREATECERTIFICATE, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_STORECERTIFICATE, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.REGULAR_VIEWENDENTITY, AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule(AccessRulesConstants.CABASE, AccessRule.RULE_ACCEPT, true));
        accessrules.add(new AccessRule(AccessRulesConstants.ENDENTITYPROFILEBASE, AccessRule.RULE_ACCEPT, true));

        agdl.addAccessRules(entityManager, accessrules);
    }
View Full Code Here
83
84
85
86
87
88
89
90
91
92
93
      accessRuleStrings.add(accessRule);
      if (rule == AccessRule.RULE_NOTUSED) {
          ejb.getAdminGroupSession().removeAccessRules(getAdmin(), groupName, accessRuleStrings);
      } else {
          ejb.getAdminGroupSession().removeAccessRules(getAdmin(), groupName, accessRuleStrings);
        AccessRule accessRuleObject = new AccessRule(accessRule, rule, recursive);
        Collection<AccessRule> accessRules = new ArrayList<AccessRule>();
        accessRules.add(accessRuleObject);
        ejb.getAdminGroupSession().addAccessRules(getAdmin(), groupName, accessRules);
      }
    } catch (Exception e) {
View Full Code Here
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
   * Adds a Collection of AccessRule to the database. Changing their values if they already exists
   */
  public void addAccessRules(final EntityManager entityManager, final Collection<AccessRule> accessrules) {
    final Iterator<AccessRule> iter = accessrules.iterator();
    while (iter.hasNext()) {
      final AccessRule accessrule = iter.next();
      try {
        final AccessRulesData data = new AccessRulesData(getAdminGroupName(), 0, accessrule.getAccessRule(), accessrule.getRule(), accessrule.isRecursive());
        entityManager.persist(data);
        final Iterator<AccessRulesData> i = getAccessRules().iterator();
        while (i.hasNext()) {
          final AccessRulesData ar = i.next();
          if (ar.getAccessRuleObject().getAccessRule().equals(accessrule.getAccessRule())) {
            getAccessRules().remove(ar);
            entityManager.remove(ar);
            break;
          }
        }
View Full Code Here
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
     * Only used during upgrade.
     */
    public void removeAccessRulesObjects(final EntityManager entityManager, final Collection<AccessRule> accessrules) {
      final Iterator<AccessRule> iter = accessrules.iterator();
    while (iter.hasNext()) {
      final AccessRule accessrule = iter.next();
      final Iterator<AccessRulesData> i = getAccessRules().iterator();
            while (i.hasNext()) {
              final AccessRulesData ar = i.next();
                if (accessrule.getAccessRule().equals(ar.getAccessRule()) && accessrule.getRule() == ar.getRule() && accessrule.isRecursive() == ar.getIsRecursive()) {
                    getAccessRules().remove(ar);
          entityManager.remove(ar);
          break;
                }
            }
View Full Code Here
44
45
46
47
48
49
50
51
52
53
54
    private Integer isRecursiveInt;
    private int rowVersion = 0;
    private String rowProtection;

    public AccessRulesData(final String admingroupname, final int caid, final String accessrule, final int rule, final boolean isrecursive) {
        setPrimKey(generatePrimaryKey(admingroupname, caid, new AccessRule(accessrule, rule, isrecursive)));
        setAccessRule(accessrule);
        setRule(rule);
        setIsRecursive(isrecursive);
        if (log.isDebugEnabled()) {
            log.debug("Created accessrule : " + accessrule);
View Full Code Here
163
164
165
166
167
168
169
     *
     * @return the access rule transfer object
     */
    @Transient
    public AccessRule getAccessRuleObject() {
        return new AccessRule(getAccessRule(), getRule(), getIsRecursive());
    }
View Full Code Here
409
410
411
412
413
414
415
416
417
418
419
420
    return result;
  }

  /** @return a parsed version of the accessrule for the current row in the datatable. CAs, End Entity Profiles and UserDataSources are given their cleartext name. */
  public String getParsedAccessRule() {
    AccessRule accessRule =  (AccessRule) FacesContext.getCurrentInstance().getExternalContext().getRequestMap().get("accessRule");
    String resource = accessRule.getAccessRule();
    // Check if it is a profile rule, then replace profile id with profile name.
    if (resource.startsWith(AccessRulesConstants.ENDENTITYPROFILEPREFIX)) {
      if (resource.lastIndexOf('/') < AccessRulesConstants.ENDENTITYPROFILEPREFIX.length()) {
        return AccessRulesConstants.ENDENTITYPROFILEPREFIX + ejb.getEndEntityProfileSession().getEndEntityProfileName(
            getAdmin(), Integer.parseInt(resource.substring(AccessRulesConstants.ENDENTITYPROFILEPREFIX.length())));
View Full Code Here
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
        Collection<AccessRule> rules = ag.getAccessRules();
        assertEquals("Number of available access rules for AdminGroup.PUBLICWEBGROUPNAME was not the expected.", 8, rules.size());

        // Add some new strange access rules
        ArrayList<AccessRule> accessrules = new ArrayList<AccessRule>();
        accessrules.add(new AccessRule("/public_foo_user", AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule("/foo_functionality/basic_functions", AccessRule.RULE_ACCEPT, false));
        accessrules.add(new AccessRule("/foo_functionality/view_certificate", AccessRule.RULE_ACCEPT, false));
        adminGroupSession.addAccessRules(admin, AdminGroup.PUBLICWEBGROUPNAME, accessrules);

        // Retrieve the access rules and check that they were added
        ag = adminGroupSession.getAdminGroup(admin, AdminGroup.PUBLICWEBGROUPNAME);
        assertNotNull(ag);
        rules = ag.getAccessRules();
        assertEquals(11, rules.size()); // We have added three rules
        Iterator<AccessRule> iter = rules.iterator();
        boolean found = false;
        while (iter.hasNext()) {
            AccessRule rule = iter.next();
            if (rule.getAccessRule().equals("/foo_functionality/view_certificate")) {
                found = true;
            }
        }
        assertTrue(found);

        // Initialize the same CA again, this will remove old default Public Web
        // rules and create new ones.
        // This had some troubles with glassfish before, hence the creation of
        // this test
        adminGroupSession.init(admin, caid, DEFAULT_SUPERADMIN_CN);
        // Retrieve access rules and check that we only have the default ones
        ag = adminGroupSession.getAdminGroup(admin, AdminGroup.PUBLICWEBGROUPNAME);
        assertNotNull(ag);
        rules = ag.getAccessRules();
        assertEquals(8, rules.size());
        iter = rules.iterator();
        found = false;
        while (iter.hasNext()) {
            AccessRule rule = (AccessRule) iter.next();
            if (rule.getAccessRule().equals("/foo_functionality/view_certificate")) {
                found = true;
            }
        }
        assertFalse(found);
View Full Code Here
TOP

Related Classes of org.ejbca.core.model.authorization.AccessRule

  • org.cesecore.core.ejb.authorization.AdminGroupSessionBean
  • org.ejbca.core.ejb.authorization.AccessRulesData
  • org.ejbca.core.ejb.authorization.AdminGroupData
  • org.ejbca.core.ejb.authorization.AuthorizationSessionTest
  • org.ejbca.ui.cli.admins.AdminsChangeRuleCommand
  • org.ejbca.ui.web.admin.administratorprivileges.AdminGroupsManagedBean
  • org.ejbca.ui.web.admin.configuration.AccessRulesView
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.