001: /* ***** BEGIN LICENSE BLOCK *****
002: * Version: MPL 1.1
003: * The contents of this file are subject to the Mozilla Public License Version
004: * 1.1 (the "License"); you may not use this file except in compliance with
005: * the License. You may obtain a copy of the License at
006: * http://www.mozilla.org/MPL/
007: *
008: * Software distributed under the License is distributed on an "AS IS" basis,
009: * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
010: * for the specific language governing rights and limitations under the
011: * License.
012: *
013: * The Original Code is Riot.
014: *
015: * The Initial Developer of the Original Code is
016: * Neteye GmbH.
017: * Portions created by the Initial Developer are Copyright (C) 2006
018: * the Initial Developer. All Rights Reserved.
019: *
020: * Contributor(s):
021: * Felix Gnass [fgnass at neteye dot de]
022: *
023: * ***** END LICENSE BLOCK ***** */
024: package org.riotfamily.riot.security;
025:
026: import java.util.Iterator;
027: import java.util.List;
028:
029: import org.riotfamily.riot.security.auth.RiotUser;
030: import org.riotfamily.riot.security.policy.AuthorizationPolicy;
031: import org.riotfamily.riot.security.session.AccessControlFilterPlugin;
032: import org.riotfamily.riot.security.session.AccessControlInterceptor;
033: import org.riotfamily.riot.security.session.SecurityContext;
034:
035: /**
036: * Provides static methods to check permissions and associate a user
037: * with the current Thread.
038: * <p>
039: * This class is only usable if an {@link AccessControlFilterPlugin} or
040: * {@link AccessControlInterceptor} is configured.
041: */
042: public final class AccessController {
043:
044: private AccessController() {
045: }
046:
047: private static List policies;
048:
049: /**
050: * The {@link AccessControlInitializer} sets a list of
051: * {@link AuthorizationPolicy policies} so that they can be accessed
052: * from a static context.
053: */
054: static void setPolicies(List policies) {
055: AccessController.policies = policies;
056: }
057:
058: public static RiotUser getCurrentUser() {
059: return SecurityContext.getCurrentUser();
060: }
061:
062: public static boolean isAuthenticatedUser() {
063: return getCurrentUser() != null;
064: }
065:
066: public static boolean isGranted(String action, Object object) {
067: return isGranted(getCurrentUser(), action, object);
068: }
069:
070: public static void checkPermission(String action, Object object) {
071: RiotUser subject = getCurrentUser();
072: if (subject != null) {
073: Iterator it = policies.iterator();
074: while (it.hasNext()) {
075: AuthorizationPolicy policy = (AuthorizationPolicy) it
076: .next();
077: int access = policy.checkPermission(subject, action,
078: object);
079: if (access == AuthorizationPolicy.ACCESS_GRANTED) {
080: return;
081: } else if (access == AuthorizationPolicy.ACCESS_DENIED) {
082: throw new AccessDeniedException(subject, action,
083: object, policy);
084: }
085: }
086: }
087: throw new AccessDeniedException(subject, action, object, null);
088: }
089:
090: public static boolean isGranted(RiotUser user, String action,
091: Object object) {
092: if (user != null) {
093: Iterator it = policies.iterator();
094: while (it.hasNext()) {
095: AuthorizationPolicy policy = (AuthorizationPolicy) it
096: .next();
097: int access = policy.checkPermission(user, action,
098: object);
099: if (access == AuthorizationPolicy.ACCESS_GRANTED) {
100: return true;
101: } else if (access == AuthorizationPolicy.ACCESS_DENIED) {
102: return false;
103: }
104: }
105: }
106: return false;
107: }
108:
109: }
|