001package org.apache.turbine.util.template; 002 003 004/* 005 * Licensed to the Apache Software Foundation (ASF) under one 006 * or more contributor license agreements. See the NOTICE file 007 * distributed with this work for additional information 008 * regarding copyright ownership. The ASF licenses this file 009 * to you under the Apache License, Version 2.0 (the 010 * "License"); you may not use this file except in compliance 011 * with the License. You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, 016 * software distributed under the License is distributed on an 017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 018 * KIND, either express or implied. See the License for the 019 * specific language governing permissions and limitations 020 * under the License. 021 */ 022 023 024import org.apache.fulcrum.security.entity.Permission; 025import org.apache.fulcrum.security.entity.Role; 026import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList; 027import org.apache.fulcrum.security.model.turbine.TurbineUserManager; 028import org.apache.turbine.Turbine; 029import org.apache.turbine.TurbineConstants; 030import org.apache.turbine.services.TurbineServices; 031import org.apache.turbine.services.template.TemplateService; 032import org.apache.turbine.util.RunData; 033 034/** 035 * Utility class to help check for proper authorization when using 036 * template screens. Sample usages: 037 * 038 * <p><pre> 039 * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data ); 040 * secCheck.setMessage( "Sorry, you do not have permission to " + 041 * "access this area." ); 042 * secCheck.setFailTemplate("login.wm"); 043 * if ( !secCheck.hasRole("ADMIN") ) 044 * return; 045 * </pre> 046 * 047 * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a> 048 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 049 * @version $Id: TemplateSecurityCheck.java 1773378 2016-12-09 13:19:59Z tv $ 050 */ 051public class TemplateSecurityCheck 052{ 053 private String message = "Sorry, you do not have permission to access this area."; 054 private String failScreen; 055 private String failTemplate; 056 private RunData data = null; 057 058 /** 059 * Constructor. 060 * 061 * @param data A Turbine RunData object. 062 * @param message A String with the message to display upon 063 * failure. 064 */ 065 public TemplateSecurityCheck(RunData data, String message) 066 { 067 this(data); 068 this.message = message; 069 } 070 071 /** 072 * Generic Constructor. 073 * 074 * @param data A Turbine RunData object. 075 */ 076 public TemplateSecurityCheck(RunData data) 077 { 078 this.data = data; 079 TemplateService templateService = (TemplateService)TurbineServices.getInstance().getService(TemplateService.SERVICE_NAME); 080 this.failScreen = templateService.getDefaultScreen(); 081 } 082 083 /** 084 * Does the User have this role? 085 * 086 * @param role The role to be checked. 087 * @return Whether the user has the role. 088 * @throws Exception Trouble validating. 089 */ 090 public boolean hasRole(Role role) 091 throws Exception 092 { 093 if (!checkLogin()) 094 { 095 return false; 096 } 097 098 TurbineAccessControlList acl = data.getACL(); 099 if (acl == null || !acl.hasRole(role)) 100 { 101 data.setScreen(getFailScreen()); 102 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 103 data.setMessage(getMessage()); 104 return false; 105 } 106 107 return true; 108 } 109 110 /** 111 * Does the User have this permission? 112 * 113 * @param permission The permission to be checked. 114 * @return Whether the user has the permission. 115 * @throws Exception Trouble validating. 116 */ 117 public boolean hasPermission(Permission permission) 118 throws Exception 119 { 120 boolean value = true; 121 TurbineAccessControlList acl = data.getACL(); 122 if (acl == null || !acl.hasPermission(permission)) 123 { 124 data.setScreen(getFailScreen()); 125 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 126 data.setMessage(getMessage()); 127 value = false; 128 } 129 130 return value; 131 } 132 133 /** 134 * Check that the user has logged in. 135 * 136 * @return True if user has logged in. 137 * @throws Exception a generic exception. 138 */ 139 public boolean checkLogin() 140 throws Exception 141 { 142 boolean value = true; 143 144 // Do it like the AccessController 145 TurbineUserManager userManager = 146 (TurbineUserManager)TurbineServices 147 .getInstance() 148 .getService(TurbineUserManager.ROLE); 149 150 if (!userManager.isAnonymousUser(data.getUser()) 151 && !data.getUser().hasLoggedIn()) 152 { 153 data.setMessage(Turbine.getConfiguration() 154 .getString(TurbineConstants.LOGIN_MESSAGE)); 155 156 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 157 value = false; 158 } 159 160 return value; 161 } 162 163 /** 164 * Set the message that should be displayed. This is initialized 165 * in the constructor. 166 * 167 * @param v A String with the message that should be displayed. 168 */ 169 public void setMessage(String v) 170 { 171 this.message = v; 172 } 173 174 /** 175 * Get the message that should be displayed. This is initialized 176 * in the constructor. 177 * 178 * @return A String with the message that should be displayed. 179 */ 180 public String getMessage() 181 { 182 return message; 183 } 184 185 /** 186 * Get the value of failScreen. 187 * 188 * @return A String with the value of failScreen. 189 */ 190 public String getFailScreen() 191 { 192 return failScreen; 193 } 194 195 /** 196 * Set the value of failScreen. 197 * 198 * @param v A String with the value of failScreen. 199 */ 200 public void setFailScreen(String v) 201 { 202 this.failScreen = v; 203 } 204 205 /** 206 * Get the value of failTemplate. 207 * 208 * @return A String with the value of failTemplate. 209 */ 210 public String getFailTemplate() 211 { 212 return failTemplate; 213 } 214 215 /** 216 * Set the value of failTemplate. 217 * 218 * @param v A String with the value of failTemplate. 219 */ 220 public void setFailTemplate(String v) 221 { 222 this.failTemplate = v; 223 } 224}