001: package com.salmonllc.remote.server;
002:
003: import javax.servlet.http.HttpServletRequest;
004: import javax.servlet.http.HttpSession;
005:
006: import com.salmonllc.servlets.RemoteReflector;
007:
008: /**
009: * Created by IntelliJ IDEA. User: Fred Cahill Date: Oct 4, 2004 Time: 2:23:20
010: * PM To change this template use Options | File Templates.
011: */
012: /*
013: * This class is another example of a RemoteReflectionSecurityPolicy instance
014: * that can be assigned to RemoteReflector servlet. Use setAsSecurityManager to
015: * set this as the SecurityManager for a particular session. This class is given
016: * such that it can be extended to specify your own logic for allowing
017: * instantiation and methods based on some arbitrary security.
018: */
019: public class HttpRemoteReflectionSecurityManager extends
020: RemoteReflectionSecurityManager {
021: private HttpServletRequest _req;
022: private HttpSession _sess;
023: private String _reflectionallowedattribute;
024:
025: /**
026: * Creates an instance of HttpRemoteReflectionSecurityManager based on the
027: * passed HttpServletRequest.
028: *
029: * @param req
030: * HttpServletRequest The request to base security on.
031: */
032: public HttpRemoteReflectionSecurityManager(HttpServletRequest req) {
033: this (req, null);
034: }
035:
036: /**
037: * Creates an instance of HttpRemoteReflectionSecurityManager based on the
038: * passed HttpServletRequest.
039: *
040: * @param req
041: * HttpServletRequest The request to base security on.
042: * @param String
043: * the name of a Boolean Session Attribute to indicate whether
044: * reflection is allowed or not.
045: */
046: public HttpRemoteReflectionSecurityManager(HttpServletRequest req,
047: String sReflectionAllowed) {
048: super ();
049: _req = req;
050: _sess = _req.getSession();
051: _reflectionallowedattribute = sReflectionAllowed;
052: }
053:
054: /**
055: * No args constructor for the remote reflection security manager
056: */
057: public HttpRemoteReflectionSecurityManager() {
058: super ();
059: }
060:
061: /**
062: * Checks to see if Instantiation is allowed for the passed class, if the
063: * session is new then Instantiation is not allowed.
064: *
065: * @param cl
066: * java.lang.Class The class to check to see if allowed to
067: * instantiate.
068: * @return boolean indicates wheather the class is allowed to be
069: * instantiated by the RemoteReflector Servlet
070: */
071: public boolean isInstantiationAllowed(Class cl) {
072: if (_sess.isNew())
073: return false;
074: Boolean bAllowed = (Boolean) _sess
075: .getAttribute(_reflectionallowedattribute);
076: if (bAllowed != null && !bAllowed.booleanValue())
077: return false;
078: return super .isInstantiationAllowed(cl);
079: }
080:
081: /**
082: * Checks to see if Instantiation is allowed for the passed class, if the
083: * session is new then Method Call is not allowed.
084: *
085: * @param obj
086: * java.lang.Object The object for which you want to execute the
087: * method on.
088: * @param sMethod
089: * java.lang.String The method you want to check if you are
090: * allowed to execute.
091: * @return boolean indicates wheather the method is allowed to be executed
092: * on the passed object by the RemoteReflector Servlet
093: */
094: public boolean isMethodCallAllowed(Object obj, String sMethod) {
095: if (_sess.isNew())
096: return false;
097: Boolean bAllowed = (Boolean) _sess
098: .getAttribute(_reflectionallowedattribute);
099: if (bAllowed != null && !bAllowed.booleanValue())
100: return false;
101: return super .isMethodCallAllowed(obj, sMethod);
102: }
103:
104: /**
105: * Sets this instance as the RemoteReflectionPolicy for the current session.
106: */
107: public void setAsSecurityManager() {
108: RemoteReflector.setSecurityPolicy(_sess, this );
109: }
110:
111: /**
112: * Returns true if a security policy is set for this session
113: */
114: public static boolean isSecurityPolicySet(HttpSession sess) {
115: return RemoteReflector.isSecurityPolicySet(sess);
116: }
117:
118: /**
119: * @return Returns the current servlet request.
120: */
121: public HttpServletRequest getReq() {
122: return _req;
123: }
124:
125: /**
126: * @return Returns the current servlet session.
127: */
128: public HttpSession getSess() {
129: return _sess;
130: }
131:
132: /**
133: * Framework method, do not call directly.
134: */
135: public void setReq(HttpServletRequest req) {
136: _req = req;
137: }
138:
139: /**
140: * @Framework method, do not call directly
141: */
142: public void setSess(HttpSession sess) {
143: _sess = sess;
144: }
145: }
|