Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
SecurityCheck |
|
| 2.75;2,75 |
1 | package org.apache.turbine.util; | |
2 | ||
3 | ||
4 | /* | |
5 | * Licensed to the Apache Software Foundation (ASF) under one | |
6 | * or more contributor license agreements. See the NOTICE file | |
7 | * distributed with this work for additional information | |
8 | * regarding copyright ownership. The ASF licenses this file | |
9 | * to you under the Apache License, Version 2.0 (the | |
10 | * "License"); you may not use this file except in compliance | |
11 | * with the License. You may obtain a copy of the License at | |
12 | * | |
13 | * http://www.apache.org/licenses/LICENSE-2.0 | |
14 | * | |
15 | * Unless required by applicable law or agreed to in writing, | |
16 | * software distributed under the License is distributed on an | |
17 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
18 | * KIND, either express or implied. See the License for the | |
19 | * specific language governing permissions and limitations | |
20 | * under the License. | |
21 | */ | |
22 | ||
23 | ||
24 | import org.apache.turbine.om.security.Permission; | |
25 | import org.apache.turbine.om.security.Role; | |
26 | import org.apache.turbine.services.security.TurbineSecurity; | |
27 | import org.apache.turbine.util.security.RoleSet; | |
28 | import org.apache.turbine.util.security.UnknownEntityException; | |
29 | ||
30 | /** | |
31 | * Utility for doing security checks in Screens and Actions. | |
32 | * | |
33 | * Sample usage:<br> | |
34 | * | |
35 | * <pre><code> | |
36 | * SecurityCheck mycheck = | |
37 | * new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission"); | |
38 | * if (!mycheck.hasPermission("add_user"); | |
39 | * return; | |
40 | *</code></pre> | |
41 | * | |
42 | * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a> | |
43 | * @author <a href="jh@byteaction.de">Jürgen Hoffmann</a> | |
44 | * @version $Id: SecurityCheck.java 615328 2008-01-25 20:25:05Z tv $ | |
45 | */ | |
46 | public class SecurityCheck | |
47 | { | |
48 | private String message; | |
49 | ||
50 | private String failScreen; | |
51 | ||
52 | 0 | private RunData data = null; |
53 | ||
54 | /** | |
55 | * Holds information if a missing Permission or Role should be created and granted on-the-fly. | |
56 | * This is good behaviour, if these change a lot. | |
57 | */ | |
58 | private boolean initialize; | |
59 | ||
60 | /** | |
61 | * Constructor. | |
62 | * | |
63 | * @param data A Turbine RunData object. | |
64 | * @param message The message to display upon failure. | |
65 | * @param failedScreen The screen to redirect to upon failure. | |
66 | */ | |
67 | public SecurityCheck(RunData data, | |
68 | String message, | |
69 | String failedScreen) | |
70 | { | |
71 | 0 | this(data, message, failedScreen, false); |
72 | 0 | } |
73 | ||
74 | /** | |
75 | * Constructor. | |
76 | * | |
77 | * @param data | |
78 | * A Turbine RunData object. | |
79 | * @param message | |
80 | * The message to display upon failure. | |
81 | * @param failedScreen | |
82 | * The screen to redirect to upon failure. | |
83 | * @param initialize | |
84 | * if a non-existing Permission or Role should be created. | |
85 | */ | |
86 | public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize) | |
87 | 0 | { |
88 | 0 | this.data = data; |
89 | 0 | this.message = message; |
90 | 0 | this.failScreen = failedScreen; |
91 | 0 | this.initialize = initialize; |
92 | 0 | } |
93 | ||
94 | /** | |
95 | * Does the user have this role? | |
96 | * | |
97 | * @param role A Role. | |
98 | * @return True if the user has this role. | |
99 | * @exception Exception, a generic exception. | |
100 | */ | |
101 | public boolean hasRole(Role role) | |
102 | throws Exception | |
103 | { | |
104 | 0 | boolean value = false; |
105 | 0 | if (data.getACL() == null || |
106 | !data.getACL().hasRole(role)) | |
107 | { | |
108 | 0 | data.setScreen(failScreen); |
109 | 0 | data.setMessage(message); |
110 | } | |
111 | else | |
112 | { | |
113 | 0 | value = true; |
114 | } | |
115 | 0 | return value; |
116 | } | |
117 | ||
118 | /** | |
119 | * Does the user have this role? | |
120 | * | |
121 | * @param role | |
122 | * A String. | |
123 | * @return True if the user has this role. | |
124 | * @exception Exception, | |
125 | * a generic exception. | |
126 | */ | |
127 | public boolean hasRole(String role) throws Exception | |
128 | { | |
129 | 0 | Role roleObject = null; |
130 | try | |
131 | { | |
132 | 0 | roleObject = TurbineSecurity.getRoleByName(role); |
133 | } | |
134 | 0 | catch (UnknownEntityException e) |
135 | { | |
136 | 0 | if(initialize) |
137 | { | |
138 | 0 | roleObject = TurbineSecurity.createRole(role); |
139 | 0 | TurbineSecurity.grant(data.getUser(), TurbineSecurity.getGlobalGroup(), roleObject); |
140 | } | |
141 | else | |
142 | { | |
143 | 0 | throw(e); |
144 | } | |
145 | 0 | } |
146 | 0 | return hasRole(TurbineSecurity.getRoleByName(role)); |
147 | } | |
148 | ||
149 | /** | |
150 | * Does the user have this permission? | |
151 | * | |
152 | * @param permission A Permission. | |
153 | * @return True if the user has this permission. | |
154 | * @exception Exception, a generic exception. | |
155 | */ | |
156 | public boolean hasPermission(Permission permission) | |
157 | throws Exception | |
158 | { | |
159 | 0 | boolean value = false; |
160 | 0 | if (data.getACL() == null || |
161 | !data.getACL().hasPermission(permission)) | |
162 | { | |
163 | 0 | data.setScreen(failScreen); |
164 | 0 | data.setMessage(message); |
165 | } | |
166 | else | |
167 | { | |
168 | 0 | value = true; |
169 | } | |
170 | 0 | return value; |
171 | } | |
172 | ||
173 | /** | |
174 | * Does the user have this permission? If initialze is set to <code>true</code> | |
175 | * The permission will be created and granted to the first available Role of | |
176 | * the user, that the SecurityCheck is running against. | |
177 | * | |
178 | * If the User has no Roles, the first Role via TurbineSecurity is granted the | |
179 | * permission. | |
180 | * | |
181 | * @param permission | |
182 | * A String. | |
183 | * @return True if the user has this permission. | |
184 | * @exception Exception, | |
185 | * a generic exception. | |
186 | */ | |
187 | public boolean hasPermission(String permission) | |
188 | throws Exception | |
189 | { | |
190 | 0 | Permission permissionObject = null; |
191 | try | |
192 | { | |
193 | 0 | permissionObject = TurbineSecurity.getPermissionByName(permission); |
194 | } | |
195 | 0 | catch (UnknownEntityException e) |
196 | { | |
197 | 0 | if(initialize) |
198 | { | |
199 | 0 | permissionObject = TurbineSecurity.createPermission(permission); |
200 | ||
201 | 0 | Role role = null; |
202 | 0 | RoleSet roles = data.getACL().getRoles(); |
203 | 0 | if(roles.size() > 0) role = roles.getRolesArray()[0]; |
204 | ||
205 | 0 | if(role == null) |
206 | { | |
207 | /* | |
208 | * The User within data has no roles yet, let us grant the permission | |
209 | * to the first role available through TurbineSecurity. | |
210 | */ | |
211 | 0 | roles = TurbineSecurity.getAllRoles(); |
212 | 0 | if(roles.size() > 0) role = roles.getRolesArray()[0]; |
213 | } | |
214 | ||
215 | 0 | if(role != null) |
216 | { | |
217 | /* | |
218 | * If we have no role, there is nothing we can do about it. So only grant it, | |
219 | * if we have a role to grant it to. | |
220 | */ | |
221 | 0 | TurbineSecurity.grant(data.getACL().getRoles().getRolesArray()[0], permissionObject); |
222 | } | |
223 | 0 | } |
224 | else | |
225 | { | |
226 | 0 | throw(e); |
227 | } | |
228 | 0 | } |
229 | 0 | return hasPermission(permissionObject); |
230 | } | |
231 | ||
232 | /** | |
233 | * Get the message that should be displayed. This is initialized | |
234 | * in the constructor. | |
235 | * | |
236 | * @return A String. | |
237 | */ | |
238 | public String getMessage() | |
239 | { | |
240 | 0 | return message; |
241 | } | |
242 | ||
243 | /** | |
244 | * Get the screen that should be displayed. This is initialized | |
245 | * in the constructor. | |
246 | * | |
247 | * @return A String. | |
248 | */ | |
249 | public String getFailScreen() | |
250 | { | |
251 | 0 | return failScreen; |
252 | } | |
253 | } |