package com.ibm.ws.batch.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.longrun.InvalidJobIDException;
import com.ibm.websphere.longrun.InvalidJobNameException;
import com.ibm.websphere.longrun.InvalidOperationException;
import com.ibm.websphere.longrun.SchedulerException;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.websphere.wim.SchemaConstants;
import com.ibm.websphere.wim.client.LocalServiceProvider;
import com.ibm.websphere.wim.exception.WIMApplicationException;
import com.ibm.websphere.wim.exception.WIMException;
import com.ibm.ws.batch.BatchFileLoggerInfo;
import com.ibm.ws.batch.GridSchedulerConfigFileHelper;
import com.ibm.ws.batch.SchedulerSingleton;
import com.ibm.ws.batch.util.BatchRuntimeResourceBundle;
import com.ibm.ws.grid.spi.PJMSPIManagerFactory;
import com.ibm.ws.grid.spi.SPIManager;
import com.ibm.ws.wim.management.AttrHelpers.PersonAccountAttrHolder;
import com.ibm.ws.wim.management.helpers.GenericHelper;
import com.ibm.ws.wim.management.helpers.entityHelpers.EntityHelperFactory;
import com.ibm.ws.wim.management.repositoryhelpers.UMAssistant;
import com.ibm.wsspi.batch.BatchSPIConstants;
import com.ibm.wsspi.batch.repository.AuditStringValidator;
import com.ibm.wsspi.batch.security.JobOperationAuthorizer;
import com.ibm.wsspi.batch.usergroup.GroupMembershipManager;
import com.ibm.wsspi.grid.classify.ClassificationDictionary;
import java.rmi.RemoteException;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
import java.util.logging.Level;
import javax.ejb.CreateException;
import javax.ejb.SessionContext;
import javax.naming.InitialContext;
import javax.naming.NamingException;

/* loaded from: input_file:com/ibm/ws/batch/security/BatchSecurity.class */
public class BatchSecurity implements SchemaConstants {
    public static final String JOB_SECURITY_POLICY_PROPERTY = "JOB_SECURITY_POLICY";
    public static final String ROLE_PROPERTY = "ROLE";
    public static final String GROUP_PROPERTY = "GROUP";
    public static final String GROUPROLE_PROPERTY = "GROUPROLE";
    public static final String JOB_SECURITY_DEFAULT_GROUP_PROPERTY = "JOB_SECURITY_DEFAULT_GROUP";
    public static final String JOB_SECURITY_ADMIN_GROUP_PROPERTY = "JOB_SECURITY_ADMIN_GROUP";
    public static final String JOB_SECURITY_DEFAULT_GROUP_VALUE = "JSYSDFLT";
    public static final String JOB_SECURITY_ADMIN_GROUP_DEFAULT_VALUE = "JSYSADMN";
    private static final String CLASSNAME = BatchSecurity.class.getName();
    private static final TraceComponent tc = Tr.register(CLASSNAME, "Batch_Container", BatchRuntimeResourceBundle.getBundleName());
    private static JOB_SECURITY_POLICY currentSecurityPolicy = null;
    private static String currentUserGroup = null;
    private static String currentAdminGroup = null;
    private static AuditStringValidator auditStrValidatorSPI = null;
    private static JobOperationAuthorizer jobOperationAuthorizerSPI = null;
    private static GroupMembershipManager grpMembershipSPI = null;

    /* loaded from: input_file:com/ibm/ws/batch/security/BatchSecurity$JOB_SECURITY_POLICY.class */
    public enum JOB_SECURITY_POLICY {
        ROLE,
        GROUP,
        GROUPROLE;

        static JOB_SECURITY_POLICY getBatchDefaultSecurityPolicy() {
            return ROLE;
        }
    }

    private static synchronized void initSPIs() {
        SPIManager sPIManager = (SPIManager) PJMSPIManagerFactory.getInstance(null);
        if (grpMembershipSPI == null) {
            grpMembershipSPI = (GroupMembershipManager) sPIManager.getSPI(BatchSPIConstants.GROUP_MEMBERSHIP_MANAGER_SPI);
        }
        if (auditStrValidatorSPI == null) {
            auditStrValidatorSPI = (AuditStringValidator) sPIManager.getSPI(BatchSPIConstants.AUDIT_STRING_VALIDATOR_SPI);
        }
        if (jobOperationAuthorizerSPI == null) {
            jobOperationAuthorizerSPI = (JobOperationAuthorizer) sPIManager.getSPI(BatchSPIConstants.JOB_OPERATION_AUTHORIZER_SPI);
        }
    }

    private static synchronized void initVIM() {
        try {
            new LocalServiceProvider((Hashtable) null);
        } catch (WIMException e) {
            e.printStackTrace();
        } catch (CreateException e2) {
            e2.printStackTrace();
        } catch (RemoteException e3) {
            e3.printStackTrace();
        } catch (NamingException e4) {
            e4.printStackTrace();
        }
    }

    public static synchronized String getCurrentUserGroup() {
        if (currentUserGroup == null) {
            String customPropertyValue = GridSchedulerConfigFileHelper.getInstance().getCustomPropertyValue(JOB_SECURITY_DEFAULT_GROUP_PROPERTY);
            if (customPropertyValue == null || customPropertyValue.trim().equals(SchedulerSingleton.NO_DATA)) {
                currentUserGroup = JOB_SECURITY_DEFAULT_GROUP_VALUE;
            } else {
                currentUserGroup = customPropertyValue.trim();
            }
        }
        return currentUserGroup;
    }

    public static synchronized String getCurrentAdminGroup() {
        if (currentAdminGroup == null) {
            String customPropertyValue = GridSchedulerConfigFileHelper.getInstance().getCustomPropertyValue(JOB_SECURITY_ADMIN_GROUP_PROPERTY);
            if (customPropertyValue == null || customPropertyValue.trim().equals(SchedulerSingleton.NO_DATA)) {
                currentAdminGroup = JOB_SECURITY_ADMIN_GROUP_DEFAULT_VALUE;
            } else {
                currentAdminGroup = customPropertyValue.trim();
            }
        }
        return currentAdminGroup;
    }

    public static synchronized JOB_SECURITY_POLICY getCurrentBatchSecurityPolicy() {
        if (currentSecurityPolicy == null) {
            String customPropertyValue = GridSchedulerConfigFileHelper.getInstance().getCustomPropertyValue(JOB_SECURITY_POLICY_PROPERTY);
            if (customPropertyValue == null) {
                currentSecurityPolicy = JOB_SECURITY_POLICY.getBatchDefaultSecurityPolicy();
            } else if (customPropertyValue.equalsIgnoreCase(ROLE_PROPERTY)) {
                currentSecurityPolicy = JOB_SECURITY_POLICY.ROLE;
            } else if (customPropertyValue.equalsIgnoreCase(GROUP_PROPERTY)) {
                currentSecurityPolicy = JOB_SECURITY_POLICY.GROUP;
            } else if (customPropertyValue.equalsIgnoreCase(GROUPROLE_PROPERTY)) {
                currentSecurityPolicy = JOB_SECURITY_POLICY.GROUPROLE;
            } else {
                Tr.info(tc, "custom.prop.not.valid", new Object[]{customPropertyValue, JOB_SECURITY_POLICY_PROPERTY});
                currentSecurityPolicy = JOB_SECURITY_POLICY.getBatchDefaultSecurityPolicy();
            }
            Tr.info(tc, BatchRuntimeResourceBundle.getFormattedMessage("batch.security.policy.[{0}]", new Object[]{currentSecurityPolicy}));
        }
        return currentSecurityPolicy;
    }

    public static List getListOfGroupsThatUserBelongsTo(String str) {
        List list = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getListOfGroupsThatUserBelongsTo for user " + str);
        }
        try {
        } catch (WIMApplicationException e) {
            e.printStackTrace();
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        if (!GenericHelper.isWASUserRegistry("PersonAccount")) {
            throw new WIMApplicationException("WAS_USER_REGISTRY_NOT_SUPPORTED", Level.SEVERE, CLASSNAME, "getListOfGroupsThatUserBelongsTo");
        }
        String callerUniqueName = GenericHelper.getCallerUniqueName();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "uniqueName of caller = " + callerUniqueName);
        }
        PersonAccountAttrHolder personAccountAttrHolder = new PersonAccountAttrHolder(callerUniqueName);
        EntityHelperFactory.create(personAccountAttrHolder.getAttrHolderType()).verifyType(personAccountAttrHolder);
        list = GenericHelper.extractUniqueNames(new UMAssistant().getMembership(personAccountAttrHolder));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "the groups that user " + str + " belongs to is " + list.toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getListOfGroupsThatUserBelongsTo group for user " + str + ClassificationDictionary.EQUAL + Arrays.toString(list.toArray()));
        }
        return list;
    }

    public static String[] getMembershipList(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getMembershipList");
        }
        String uniqueName = getUniqueName(str);
        if (uniqueName == null) {
            Tr.info(tc, "uid.not.found", new Object[]{str});
            return null;
        }
        String[] strArr = (String[]) SchedulerSingleton.getSingleton().getListOfGroupsThatUserBelongsTo(uniqueName).toArray(new String[0]);
        String[] strArr2 = strArr;
        if (grpMembershipSPI != null && !grpMembershipSPI.getGroupMembershipFromRuntime()) {
            strArr2 = grpMembershipSPI.getFinalMembershipList(str, strArr);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getMembershipList", strArr2);
        }
        return strArr2;
    }

    private static String getUniqueName(String str) {
        String str2 = null;
        try {
            str2 = ((UserRegistry) new InitialContext().lookup("UserRegistry")).getUniqueUserId(str);
        } catch (Exception e) {
            Tr.debug(tc, "Exception thrown while getting uniqueID: " + e.toString());
        }
        return stripRealm(str2);
    }

    private static String stripRealm(String str) {
        String substring;
        int indexOf = str.indexOf(BatchFileLoggerInfo.CLASS_FILE_INFO_SEP) + 1;
        if (indexOf >= str.length()) {
            substring = str.substring(0, indexOf - 1);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Stripping trailing / from unique name");
            }
        } else {
            substring = str.substring(indexOf);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "stripRealm return[" + substring);
        }
        return substring;
    }

    public static AuditStringValidator getAuditStringValidator() {
        return auditStrValidatorSPI;
    }

    private static boolean isNoJobIdOperation(String str) {
        boolean z = false;
        if (str.equals("getJobsId")) {
            z = true;
        } else if (str.equals("submitJob")) {
            z = true;
        } else if (str.equals("getJobsName")) {
            z = true;
        } else if (str.equals("submitRecurringRequest")) {
            z = true;
        } else if (str.equalsIgnoreCase("saveJobToRepository")) {
            z = true;
        }
        return z;
    }

    private static void doRoleCheck(SessionContext sessionContext, String str, String str2) throws SchedulerException {
        String name = sessionContext.getCallerPrincipal().getName();
        if (sessionContext.isCallerInRole("lradmin-ref")) {
            return;
        }
        if (sessionContext.isCallerInRole("lrmonitor-ref") && (str2.equalsIgnoreCase("output") || str2.equalsIgnoreCase("getJobsId") || str2.equalsIgnoreCase("getJobsName") || str2.equalsIgnoreCase("showJobFromRepository"))) {
            return;
        }
        if (sessionContext.isCallerInRole("lrsubmitter-ref")) {
            if (str == null || str2.equals("showJobFromRepository")) {
                return;
            }
            try {
                String submitter = SchedulerSingleton.getSingleton().getSubmitter(str);
                if (submitter != null && name != null) {
                    if (SchedulerSingleton.getSingleton().isSAF()) {
                        if (submitter.equalsIgnoreCase(name)) {
                            return;
                        }
                    } else if (submitter.equals(name)) {
                        return;
                    }
                }
            } catch (InvalidJobIDException e) {
                throw new SchedulerException(e.getMessage());
            } catch (InvalidOperationException e2) {
                throw new SchedulerException(e2.getMessage());
            }
        }
        String formattedMessage = BatchRuntimeResourceBundle.getFormattedMessage("Unauthorized.user.{0}.job.{1}.failed.{2}", new Object[]{name, str, str2});
        Tr.error(tc, formattedMessage);
        throw new SecurityException(formattedMessage);
    }

    private static void doGroupCheck(SessionContext sessionContext, String str, String str2, BatchSecurityData batchSecurityData) throws SchedulerException {
        String name = sessionContext.getCallerPrincipal().getName();
        if (sessionContext.isCallerInRole("lradmin-ref")) {
            String[] membershipList = getMembershipList(name);
            batchSecurityData.setUserGroup(membershipList);
            String str3 = null;
            String currentAdminGroup2 = getCurrentAdminGroup();
            if (str == null && isNoJobIdOperation(str2)) {
                return;
            }
            if (str != null && isRepositoryOperation(str2)) {
                try {
                    str3 = SchedulerSingleton.getSingleton().getGroupOfRepositoryJob(str)[0];
                } catch (InvalidJobNameException e) {
                    throw new SchedulerException(e.getMessage());
                }
            } else if (str != null) {
                try {
                    str3 = SchedulerSingleton.getSingleton().getUserGroupOfJob(str);
                } catch (InvalidJobIDException e2) {
                    throw new SchedulerException(e2.getMessage());
                } catch (InvalidOperationException e3) {
                    throw new SchedulerException(e3.getMessage());
                }
            }
            if (str3 != null && currentAdminGroup2 != null && membershipList != null) {
                for (int i = 0; i < membershipList.length; i++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "checking if [" + name + "] is in [" + membershipList[i] + "] group");
                    }
                    if (membershipList[i].equalsIgnoreCase(str3) || membershipList[i].equalsIgnoreCase(currentAdminGroup2)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, membershipList[i] + " is matched to[" + str3 + BatchFileLoggerInfo.CLASS_FILE_INFO_SEP + currentAdminGroup2 + "]");
                        }
                        batchSecurityData.setJobAdminGroup(currentAdminGroup2);
                        batchSecurityData.setJobUserGroup(str3);
                        return;
                    }
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "can not match user: " + name + " to any existing authorized group");
            }
        }
        String formattedMessage = BatchRuntimeResourceBundle.getFormattedMessage("Unauthorized.user.{0}.job.{1}.failed.{2}", new Object[]{name, str, str2});
        Tr.error(tc, formattedMessage);
        throw new SecurityException(formattedMessage);
    }

    private static void doGroupRoleCheck(SessionContext sessionContext, String str, String str2, BatchSecurityData batchSecurityData) throws SchedulerException {
        String name = sessionContext.getCallerPrincipal().getName();
        String[] membershipList = getMembershipList(name);
        batchSecurityData.setUserGroup(membershipList);
        String str3 = null;
        String currentAdminGroup2 = getCurrentAdminGroup();
        boolean z = false;
        if (str == null && isNoJobIdOperation(str2)) {
            z = true;
        } else if (str != null && isRepositoryOperation(str2)) {
            try {
                str3 = SchedulerSingleton.getSingleton().getGroupOfRepositoryJob(str)[0];
            } catch (InvalidJobNameException e) {
                throw new SchedulerException(e.getMessage());
            }
        } else if (str != null) {
            try {
                str3 = SchedulerSingleton.getSingleton().getUserGroupOfJob(str);
            } catch (InvalidJobIDException e2) {
                throw new SchedulerException(e2.getMessage());
            } catch (InvalidOperationException e3) {
                throw new SchedulerException(e3.getMessage());
            }
        }
        if (str3 != null && currentAdminGroup2 != null && membershipList != null) {
            for (int i = 0; i < membershipList.length; i++) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "checking if [" + name + "] is in [" + membershipList[i] + "] group");
                }
                if (membershipList[i].equalsIgnoreCase(str3) || membershipList[i].equalsIgnoreCase(currentAdminGroup2)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, membershipList[i] + " is matched to[" + str3 + BatchFileLoggerInfo.CLASS_FILE_INFO_SEP + currentAdminGroup2 + "]");
                    }
                    batchSecurityData.setJobAdminGroup(currentAdminGroup2);
                    batchSecurityData.setJobUserGroup(str3);
                    z = true;
                }
            }
        }
        if (sessionContext.isCallerInRole("lradmin-ref") && z) {
            return;
        }
        if (sessionContext.isCallerInRole("lrmonitor-ref") && ((str2.equalsIgnoreCase("output") || str2.equalsIgnoreCase("getJobsId") || str2.equalsIgnoreCase("getJobsName") || str2.equalsIgnoreCase("showJobFromRepository")) && z)) {
            return;
        }
        if (sessionContext.isCallerInRole("lrsubmitter-ref") && z) {
            if (str == null || str2.equals("showJobFromRepository")) {
                return;
            }
            try {
                String submitter = SchedulerSingleton.getSingleton().getSubmitter(str);
                if (submitter != null && name != null) {
                    if (SchedulerSingleton.getSingleton().isSAF()) {
                        if (submitter.equalsIgnoreCase(name)) {
                            return;
                        }
                    } else if (submitter.equals(name)) {
                        return;
                    }
                }
            } catch (InvalidJobIDException e4) {
                throw new SchedulerException(e4.getMessage());
            } catch (InvalidOperationException e5) {
                throw new SchedulerException(e5.getMessage());
            }
        }
        String formattedMessage = BatchRuntimeResourceBundle.getFormattedMessage("Unauthorized.user.{0}.job.{1}.failed.{2}", new Object[]{name, str, str2});
        Tr.error(tc, formattedMessage);
        throw new SecurityException(formattedMessage);
    }

    private static void doRRRoleCheck(SessionContext sessionContext, String str, String str2) throws SchedulerException {
        String name = sessionContext.getCallerPrincipal().getName();
        if (sessionContext.isCallerInRole("lradmin-ref")) {
            return;
        }
        if (sessionContext.isCallerInRole("lrsubmitter-ref")) {
            if (str == null && str2.equals("getRequestsId")) {
                return;
            }
            String rRSubmitter = SchedulerSingleton.getSingleton().getRRSubmitter(str);
            if (rRSubmitter != null && name != null) {
                if (SchedulerSingleton.getSingleton().isSAF()) {
                    if (rRSubmitter.equalsIgnoreCase(name)) {
                        return;
                    }
                } else if (rRSubmitter.equals(name)) {
                    return;
                }
            }
        }
        String formattedMessage = BatchRuntimeResourceBundle.getFormattedMessage("Unauthorized.user.{0}.job.{1}.failed.{2}", new Object[]{name, str, str2});
        Tr.error(tc, formattedMessage);
        throw new SecurityException(formattedMessage);
    }

    private static void doRRGroupCheck(SessionContext sessionContext, String str, String str2, BatchSecurityData batchSecurityData) throws SchedulerException {
        String name = sessionContext.getCallerPrincipal().getName();
        if (sessionContext.isCallerInRole("lradmin-ref")) {
            String[] membershipList = getMembershipList(name);
            batchSecurityData.setUserGroup(membershipList);
            String currentAdminGroup2 = getCurrentAdminGroup();
            if (str == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Method " + str2 + "does not have existing entry in db.");
                    return;
                }
                return;
            }
            String rRUserGroup = SchedulerSingleton.getSingleton().getRRUserGroup(str);
            if (membershipList != null) {
                for (int i = 0; i < membershipList.length; i++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "checking if [" + str + "] is in [" + membershipList[i] + "] group");
                    }
                    if (membershipList[i].equalsIgnoreCase(rRUserGroup) || membershipList[i].equalsIgnoreCase(currentAdminGroup2)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, membershipList[i] + " is matched to[" + rRUserGroup + BatchFileLoggerInfo.CLASS_FILE_INFO_SEP + currentAdminGroup2 + "]");
                        }
                        batchSecurityData.setJobAdminGroup(currentAdminGroup2);
                        batchSecurityData.setJobUserGroup(rRUserGroup);
                        return;
                    }
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "can not match request: " + str + " to any existing authorized group");
            }
        }
        String formattedMessage = BatchRuntimeResourceBundle.getFormattedMessage("Unauthorized.user.{0}.request.{1}.failed.{2}", new Object[]{name, str, str2});
        Tr.error(tc, formattedMessage);
        throw new SecurityException(formattedMessage);
    }

    private static void doRRGroupRoleCheck(SessionContext sessionContext, String str, String str2, BatchSecurityData batchSecurityData) throws SchedulerException {
        String rRSubmitter;
        String name = sessionContext.getCallerPrincipal().getName();
        String[] membershipList = getMembershipList(name);
        batchSecurityData.setUserGroup(membershipList);
        String currentAdminGroup2 = getCurrentAdminGroup();
        boolean z = false;
        if (str == null) {
            z = true;
        } else {
            String rRUserGroup = SchedulerSingleton.getSingleton().getRRUserGroup(str);
            if (rRUserGroup != null && currentAdminGroup2 != null && membershipList != null) {
                for (int i = 0; i < membershipList.length; i++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "checking if [" + str + "] is in [" + membershipList[i] + "] group");
                    }
                    if (membershipList[i].equalsIgnoreCase(rRUserGroup) || membershipList[i].equalsIgnoreCase(currentAdminGroup2)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, membershipList[i] + " is matched to[" + rRUserGroup + BatchFileLoggerInfo.CLASS_FILE_INFO_SEP + currentAdminGroup2 + "]");
                        }
                        batchSecurityData.setJobAdminGroup(currentAdminGroup2);
                        batchSecurityData.setJobUserGroup(rRUserGroup);
                        z = true;
                    }
                }
            }
        }
        if (tc.isDebugEnabled() && !z) {
            Tr.debug(tc, "Group authorization failed for user[" + name + "]");
        }
        if (sessionContext.isCallerInRole("lradmin-ref") && z) {
            return;
        }
        if (sessionContext.isCallerInRole("lrmonitor-ref") && ((str2.equalsIgnoreCase("output") || str2.equalsIgnoreCase("getJobsId") || str2.equalsIgnoreCase("getJobsName") || str2.equalsIgnoreCase("showJobFromRepository")) && z)) {
            return;
        }
        if (sessionContext.isCallerInRole("lrsubmitter-ref") && z && (rRSubmitter = SchedulerSingleton.getSingleton().getRRSubmitter(str)) != null && name != null) {
            if (SchedulerSingleton.getSingleton().isSAF()) {
                if (rRSubmitter.equalsIgnoreCase(name)) {
                    return;
                }
            } else if (rRSubmitter.equals(name)) {
                return;
            }
        }
        String formattedMessage = BatchRuntimeResourceBundle.getFormattedMessage("Unauthorized.user.{0}.job.{1}.failed.{2}", new Object[]{name, str, str2});
        Tr.error(tc, formattedMessage);
        throw new SecurityException(formattedMessage);
    }

    public static void checkPolicyAuthorized(SessionContext sessionContext, String str, String str2, BatchSecurityData batchSecurityData) throws SchedulerException {
        if (!WSSecurityHelper.isGlobalSecurityEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "checkCallerAuthorized: [isGlobalSecurityEnabled() " + WSSecurityHelper.isGlobalSecurityEnabled() + "]");
                return;
            }
            return;
        }
        switch (getCurrentBatchSecurityPolicy()) {
            case ROLE:
                doRoleCheck(sessionContext, str, str2);
                return;
            case GROUP:
                doGroupCheck(sessionContext, str, str2, batchSecurityData);
                return;
            case GROUPROLE:
                doGroupRoleCheck(sessionContext, str, str2, batchSecurityData);
                return;
            default:
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "security policy[" + getCurrentBatchSecurityPolicy() + "] is invalid");
                    return;
                }
                return;
        }
    }

    public static void checkRRPolicyAuthorized(SessionContext sessionContext, String str, String str2, BatchSecurityData batchSecurityData) throws SchedulerException {
        if (!WSSecurityHelper.isGlobalSecurityEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "checkCallerAuthorized: [isGlobalSecurityEnabled() " + WSSecurityHelper.isGlobalSecurityEnabled() + "]");
                return;
            }
            return;
        }
        switch (getCurrentBatchSecurityPolicy()) {
            case ROLE:
                doRRRoleCheck(sessionContext, str, str2);
                return;
            case GROUP:
                doRRGroupCheck(sessionContext, str, str2, batchSecurityData);
                return;
            case GROUPROLE:
                doRRGroupRoleCheck(sessionContext, str, str2, batchSecurityData);
                return;
            default:
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "security policy[" + getCurrentBatchSecurityPolicy() + "] is invalid");
                    return;
                }
                return;
        }
    }

    public static void checkSPIAuthorized(BatchSecurityData batchSecurityData, String str, JobOperationAuthorizer.JOB_OPERATION job_operation, JobOperationAuthorizer.JOB_TYPE job_type) throws SchedulerException {
        if (getCurrentBatchSecurityPolicy() == JOB_SECURITY_POLICY.ROLE || jobOperationAuthorizerSPI == null) {
            return;
        }
        String[] strArr = null;
        String str2 = null;
        switch (job_type) {
            case XJCL:
                strArr = new String[]{batchSecurityData.jobAdminGroup, batchSecurityData.jobUserGroup};
                str2 = BatchRuntimeResourceBundle.getFormattedMessage("job.operation.[{0}].user.[{1}].unauthorized", new Object[]{job_operation, batchSecurityData.userId});
                break;
            case JOBID:
                strArr = new String[]{batchSecurityData.jobAdminGroup, batchSecurityData.jobUserGroup};
                str2 = BatchRuntimeResourceBundle.getFormattedMessage("job.operation.[{0}].user.[{1}].for.job.[{2}].unauthorized", new Object[]{job_operation, batchSecurityData.userId, str});
                break;
            case NA:
                strArr = null;
                str2 = BatchRuntimeResourceBundle.getFormattedMessage("job.operation.[{0}].user.[{1}].unauthorized", new Object[]{job_operation, batchSecurityData.userId});
                break;
            case REPOSITORY:
                strArr = null;
                str2 = BatchRuntimeResourceBundle.getFormattedMessage("job.operation.[{0}].user.[{1}].unauthorized", new Object[]{job_operation, batchSecurityData.userId});
                break;
        }
        if (!jobOperationAuthorizerSPI.authorized(batchSecurityData.userId, batchSecurityData.userGroup, job_operation, str, strArr, job_type).booleanValue()) {
            Tr.error(tc, str2);
            throw new SchedulerException(str2);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "jobOperationAuthorizerSPI.authorize() return true");
        }
    }

    private static boolean isRepositoryOperation(String str) {
        boolean z = str.equalsIgnoreCase("getJobsName") || str.equalsIgnoreCase("showJobFromRepository") || str.equalsIgnoreCase("removeJobFromRepository");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isRepositoryOperation(" + str + ")" + z);
        }
        return z;
    }

    public static void main(String[] strArr) {
    }

    static {
        initSPIs();
        initVIM();
    }
}
