01: /*************************************************************************
02: * *
03: * EJBCA: The OpenSource Certificate Authority *
04: * *
05: * This software is free software; you can redistribute it and/or *
06: * modify it under the terms of the GNU Lesser General Public *
07: * License as published by the Free Software Foundation; either *
08: * version 2.1 of the License, or any later version. *
09: * *
10: * See terms of license at gnu.org. *
11: * *
12: *************************************************************************/package org.ejbca.core.model.authorization;
13:
14: import java.io.Serializable;
15: import java.util.Collection;
16: import java.util.Iterator;
17:
18: /**
19: * A class that builds and maintains an accesstree. It should be used to check if a
20: * client certificate has access rights to a resource or not. isAthorized metod is the one to use.
21: *
22: * @author Philip Vendil
23: * @version $Id: AccessTree.java,v 1.1 2006/01/17 20:30:56 anatom Exp $
24: */
25: public class AccessTree implements Serializable {
26: /** Creates a new instance of AccessTree */
27: public AccessTree() {
28: }
29:
30: // Public methods
31: /** Builds an accesstree out of the given admingroup data. */
32: public void buildTree(Collection admingroups) {
33: rootnode = new AccessTreeNode("/");
34:
35: Iterator iter = admingroups.iterator();
36: // Add all admingroups accessrules.
37: while (iter.hasNext()) {
38: AdminGroup admingroup = (AdminGroup) iter.next();
39: Iterator iter2 = admingroup.getAccessRules().iterator();
40: while (iter2.hasNext()) {
41: AccessRule accessrule = (AccessRule) iter2.next();
42: rootnode.addAccessRule(accessrule.getAccessRule(),
43: accessrule, admingroup); // Without heading '/'
44: }
45: }
46: }
47:
48: /** A method to check if someone is athorized to view the given resource */
49: public boolean isAuthorized(AdminInformation admininformation,
50: String resource) {
51: String checkresource = resource;
52: // Must begin with '/'.
53: if ((checkresource.toCharArray())[0] != '/')
54: checkresource = "/" + checkresource;
55:
56: // Check if user is athorized in the tree.
57: boolean retval = rootnode.isAuthorized(admininformation,
58: checkresource);
59: return retval;
60: }
61:
62: // Private fields
63: private AccessTreeNode rootnode = null;
64:
65: }
|