View Javadoc

1   package org.apache.turbine.util;
2   
3   
4   /*
5    * Licensed to the Apache Software Foundation (ASF) under one
6    * or more contributor license agreements.  See the NOTICE file
7    * distributed with this work for additional information
8    * regarding copyright ownership.  The ASF licenses this file
9    * to you under the Apache License, Version 2.0 (the
10   * "License"); you may not use this file except in compliance
11   * with the License.  You may obtain a copy of the License at
12   *
13   *   http://www.apache.org/licenses/LICENSE-2.0
14   *
15   * Unless required by applicable law or agreed to in writing,
16   * software distributed under the License is distributed on an
17   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18   * KIND, either express or implied.  See the License for the
19   * specific language governing permissions and limitations
20   * under the License.
21   */
22  
23  
24  import org.apache.turbine.om.security.Permission;
25  import org.apache.turbine.om.security.Role;
26  import org.apache.turbine.services.security.TurbineSecurity;
27  import org.apache.turbine.util.security.RoleSet;
28  import org.apache.turbine.util.security.UnknownEntityException;
29  
30  /**
31   * Utility for doing security checks in Screens and Actions.
32   *
33   * Sample usage:<br>
34   *
35   * <pre><code>
36   * SecurityCheck mycheck =
37   *   new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
38   * if (!mycheck.hasPermission("add_user");
39   *   return;
40   *</code></pre>
41   *
42   * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
43   * @author <a href="jh@byteaction.de">J&#252;rgen Hoffmann</a>
44   * @version $Id: SecurityCheck.java 615328 2008-01-25 20:25:05Z tv $
45   */
46  public class SecurityCheck
47  {
48      private String message;
49  
50      private String failScreen;
51  
52      private RunData data = null;
53  
54      /**
55       * Holds information if a missing Permission or Role should be created and granted on-the-fly.
56       * This is good behaviour, if these change a lot.
57       */
58      private boolean initialize;
59  
60      /**
61       * Constructor.
62       *
63       * @param data A Turbine RunData object.
64       * @param message The message to display upon failure.
65       * @param failedScreen The screen to redirect to upon failure.
66       */
67      public SecurityCheck(RunData data,
68                           String message,
69                           String failedScreen)
70      {
71          this(data, message, failedScreen, false);
72      }
73  
74      /**
75       * Constructor.
76       *
77       * @param data
78       *            A Turbine RunData object.
79       * @param message
80       *            The message to display upon failure.
81       * @param failedScreen
82       *            The screen to redirect to upon failure.
83       * @param initialize
84       *            if a non-existing Permission or Role should be created.
85       */
86      public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
87      {
88          this.data = data;
89          this.message = message;
90          this.failScreen = failedScreen;
91          this.initialize = initialize;
92      }
93  
94      /**
95       * Does the user have this role?
96       *
97       * @param role A Role.
98       * @return True if the user has this role.
99       * @exception Exception, a generic exception.
100      */
101     public boolean hasRole(Role role)
102             throws Exception
103     {
104         boolean value = false;
105         if (data.getACL() == null ||
106                 !data.getACL().hasRole(role))
107         {
108             data.setScreen(failScreen);
109             data.setMessage(message);
110         }
111         else
112         {
113             value = true;
114         }
115         return value;
116     }
117 
118     /**
119      * Does the user have this role?
120      *
121      * @param role
122      *            A String.
123      * @return True if the user has this role.
124      * @exception Exception,
125      *                a generic exception.
126      */
127     public boolean hasRole(String role) throws Exception
128     {
129         Role roleObject = null;
130         try
131         {
132             roleObject = TurbineSecurity.getRoleByName(role);
133         }
134         catch (UnknownEntityException e)
135         {
136             if(initialize)
137             {
138                 roleObject = TurbineSecurity.createRole(role);
139                 TurbineSecurity.grant(data.getUser(), TurbineSecurity.getGlobalGroup(), roleObject);
140             }
141             else
142             {
143                 throw(e);
144             }
145         }
146         return hasRole(TurbineSecurity.getRoleByName(role));
147     }
148 
149     /**
150      * Does the user have this permission?
151      *
152      * @param permission A Permission.
153      * @return True if the user has this permission.
154      * @exception Exception, a generic exception.
155      */
156     public boolean hasPermission(Permission permission)
157             throws Exception
158     {
159         boolean value = false;
160         if (data.getACL() == null ||
161                 !data.getACL().hasPermission(permission))
162         {
163             data.setScreen(failScreen);
164             data.setMessage(message);
165         }
166         else
167         {
168             value = true;
169         }
170         return value;
171     }
172 
173     /**
174      * Does the user have this permission? If initialze is set to <code>true</code>
175      * The permission will be created and granted to the first available Role of
176      * the user, that the SecurityCheck is running against.
177      *
178      * If the User has no Roles, the first Role via TurbineSecurity is granted the
179      * permission.
180      *
181      * @param permission
182      *            A String.
183      * @return True if the user has this permission.
184      * @exception Exception,
185      *                a generic exception.
186      */
187     public boolean hasPermission(String permission)
188             throws Exception
189     {
190         Permission permissionObject = null;
191         try
192         {
193             permissionObject = TurbineSecurity.getPermissionByName(permission);
194         }
195         catch (UnknownEntityException e)
196         {
197             if(initialize)
198             {
199                 permissionObject = TurbineSecurity.createPermission(permission);
200 
201                 Role role = null;
202                 RoleSet roles = data.getACL().getRoles();
203                 if(roles.size() > 0) role = roles.getRolesArray()[0];
204 
205                 if(role == null)
206                 {
207                     /*
208                      * The User within data has no roles yet, let us grant the permission
209                      * to the first role available through TurbineSecurity.
210                      */
211                     roles = TurbineSecurity.getAllRoles();
212                     if(roles.size() > 0) role = roles.getRolesArray()[0];
213                 }
214 
215                 if(role != null)
216                 {
217                     /*
218                      * If we have no role, there is nothing we can do about it. So only grant it,
219                      * if we have a role to grant it to.
220                      */
221                     TurbineSecurity.grant(data.getACL().getRoles().getRolesArray()[0], permissionObject);
222                 }
223             }
224             else
225             {
226                 throw(e);
227             }
228         }
229         return hasPermission(permissionObject);
230     }
231 
232     /**
233      * Get the message that should be displayed.  This is initialized
234      * in the constructor.
235      *
236      * @return A String.
237      */
238     public String getMessage()
239     {
240         return message;
241     }
242 
243     /**
244      * Get the screen that should be displayed.  This is initialized
245      * in the constructor.
246      *
247      * @return A String.
248      */
249     public String getFailScreen()
250     {
251         return failScreen;
252     }
253 }