Coverage Report - org.apache.turbine.util.template.TemplateSecurityCheck
 
Classes in this File Line Coverage Branch Coverage Complexity
TemplateSecurityCheck
0%
0/40
0%
0/14
1,818
 
 1  
 package org.apache.turbine.util.template;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.turbine.Turbine;
 25  
 import org.apache.turbine.TurbineConstants;
 26  
 import org.apache.turbine.om.security.Permission;
 27  
 import org.apache.turbine.om.security.Role;
 28  
 import org.apache.turbine.services.security.TurbineSecurity;
 29  
 import org.apache.turbine.services.template.TurbineTemplate;
 30  
 import org.apache.turbine.util.RunData;
 31  
 
 32  
 /**
 33  
  * Utility class to help check for proper authorization when using
 34  
  * template screens.  Sample usages:
 35  
  *
 36  
  * <p><pre><code>
 37  
  * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
 38  
  * secCheck.setMessage( "Sorry, you do not have permission to " +
 39  
  *                      "access this area." );
 40  
  * secCheck.setFailTemplate("login.wm");
 41  
  * if ( !secCheck.hasRole("ADMIN") )
 42  
  *     return;
 43  
  * </pre></code>
 44  
  *
 45  
  * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
 46  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 47  
  * @version $Id: TemplateSecurityCheck.java 615328 2008-01-25 20:25:05Z tv $
 48  
  */
 49  
 public class TemplateSecurityCheck
 50  
 {
 51  0
     private String message =
 52  
             "Sorry, you do not have permission to access this area.";
 53  0
     private String failScreen = TurbineTemplate.getDefaultScreen();
 54  
     private String failTemplate;
 55  0
     private RunData data = null;
 56  
 
 57  
     /**
 58  
      * Constructor.
 59  
      *
 60  
      * @param data A Turbine RunData object.
 61  
      * @param message A String with the message to display upon
 62  
      * failure.
 63  
      */
 64  
     public TemplateSecurityCheck(RunData data, String message)
 65  0
     {
 66  0
         this.data = data;
 67  0
         this.message = message;
 68  0
     }
 69  
 
 70  
     /**
 71  
      * Generic Constructor.
 72  
      *
 73  
      * @param data A Turbine RunData object.
 74  
      */
 75  
     public TemplateSecurityCheck(RunData data)
 76  0
     {
 77  0
         this.data = data;
 78  0
     }
 79  
 
 80  
     /**
 81  
      * Does the User have this role?
 82  
      *
 83  
      * @param role The role to be checked.
 84  
      * @return Whether the user has the role.
 85  
      * @exception Exception Trouble validating.
 86  
      */
 87  
     public boolean hasRole(Role role)
 88  
         throws Exception
 89  
     {
 90  0
         if (!checkLogin())
 91  
         {
 92  0
             return false;
 93  
         }
 94  
 
 95  0
         if (data.getACL() == null || !data.getACL().hasRole(role))
 96  
         {
 97  0
             data.setScreen(getFailScreen());
 98  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 99  0
             data.setMessage(getMessage());
 100  0
             return false;
 101  
         }
 102  
 
 103  0
         return true;
 104  
     }
 105  
 
 106  
     /**
 107  
      * Does the User have this permission?
 108  
      *
 109  
      * @param permission The permission to be checked.
 110  
      * @return Whether the user has the permission.
 111  
      * @exception Exception Trouble validating.
 112  
      */
 113  
     public boolean hasPermission(Permission permission)
 114  
         throws Exception
 115  
     {
 116  0
         boolean value = true;
 117  0
         if (data.getACL() == null || !data.getACL().hasPermission(permission))
 118  
         {
 119  0
             data.setScreen(getFailScreen());
 120  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 121  0
             data.setMessage(getMessage());
 122  0
             value = false;
 123  
         }
 124  
 
 125  0
         return value;
 126  
     }
 127  
 
 128  
     /**
 129  
      * Check that the user has logged in.
 130  
      *
 131  
      * @return True if user has logged in.
 132  
      * @exception Exception, a generic exception.
 133  
      */
 134  
     public boolean checkLogin()
 135  
         throws Exception
 136  
     {
 137  0
         boolean value = true;
 138  
 
 139  
         // Do it like the AccessController
 140  0
         if (!TurbineSecurity.isAnonymousUser(data.getUser())
 141  
             && !data.getUser().hasLoggedIn())
 142  
         {
 143  0
             data.setMessage(Turbine.getConfiguration()
 144  
                 .getString(TurbineConstants.LOGIN_MESSAGE));
 145  
 
 146  0
             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
 147  0
             value = false;
 148  
         }
 149  
 
 150  0
         return value;
 151  
     }
 152  
 
 153  
     /**
 154  
      * Set the message that should be displayed.  This is initialized
 155  
      * in the constructor.
 156  
      *
 157  
      * @param v A String with the message that should be displayed.
 158  
      */
 159  
     public void setMessage(String v)
 160  
     {
 161  0
         this.message = v;
 162  0
     }
 163  
 
 164  
     /**
 165  
      * Get the message that should be displayed.  This is initialized
 166  
      * in the constructor.
 167  
      *
 168  
      * @return A String with the message that should be displayed.
 169  
      */
 170  
     public String getMessage()
 171  
     {
 172  0
         return message;
 173  
     }
 174  
 
 175  
     /**
 176  
      * Get the value of failScreen.
 177  
      *
 178  
      * @return A String with the value of failScreen.
 179  
      */
 180  
     public String getFailScreen()
 181  
     {
 182  0
         return failScreen;
 183  
     }
 184  
 
 185  
     /**
 186  
      * Set the value of failScreen.
 187  
      *
 188  
      * @param v A String with the value of failScreen.
 189  
      */
 190  
     public void setFailScreen(String v)
 191  
     {
 192  0
         this.failScreen = v;
 193  0
     }
 194  
 
 195  
     /**
 196  
      * Get the value of failTemplate.
 197  
      *
 198  
      * @return A String with the value of failTemplate.
 199  
      */
 200  
     public String getFailTemplate()
 201  
     {
 202  0
         return failTemplate;
 203  
     }
 204  
 
 205  
     /**
 206  
      * Set the value of failTemplate.
 207  
      *
 208  
      * @param v A String with the value of failTemplate.
 209  
      */
 210  
     public void setFailTemplate(String v)
 211  
     {
 212  0
         this.failTemplate = v;
 213  0
     }
 214  
 }