001: /*
002: * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
003: *
004: * Redistribution and use in source and binary forms, with or without
005: * modification, are permitted provided that the following conditions
006: * are met:
007: *
008: * - Redistributions of source code must retain the above copyright
009: * notice, this list of conditions and the following disclaimer.
010: *
011: * - Redistribution in binary form must reproduce the above copyright
012: * notice, this list of conditions and the following disclaimer in
013: * the documentation and/or other materials provided with the
014: * distribution.
015: *
016: * Neither the name of Sun Microsystems, Inc. or the names of
017: * contributors may be used to endorse or promote products derived
018: * from this software without specific prior written permission.
019: *
020: * This software is provided "AS IS," without a warranty of any
021: * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
022: * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
023: * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
024: * EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES
025: * SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
026: * DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN
027: * OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR
028: * FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
029: * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
030: * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE,
031: * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
032: *
033: * You acknowledge that Software is not designed, licensed or intended
034: * any nuclear facility.
035: */
036:
037: package com.sun.portal.app.filesharing.util;
038:
039: import com.iplanet.sso.SSOToken;
040: import com.iplanet.sso.SSOTokenManager;
041: import com.iplanet.sso.SSOException;
042: import com.sun.portal.community.Community;
043: import javax.servlet.http.HttpServletRequest;
044: import javax.portlet.PortletRequest;
045:
046: import com.sun.portal.community.CommunityFactory;
047: import com.sun.portal.community.CommunityUser;
048: import com.sun.portal.community.RoleId;
049: import com.sun.portal.community.CommunityId;
050: import javax.servlet.http.HttpServletResponse;
051:
052: /**
053: *
054: * @author ac120954
055: */
056: public class CommunityInfoResolver implements InfoResolver {
057: private boolean _unprovision;
058:
059: private String _userId = null;
060: private String _sessionId = null;
061: private String _commId = null;
062: private String _searchURL = null;
063: private String _searchDatabase = null;
064: private Object _req = null;
065: private Object _res = null;
066:
067: protected CommunityInfoResolver(Object req, boolean unprovision) {
068: _req = req;
069: _unprovision = unprovision;
070: }
071:
072: protected CommunityInfoResolver(Object req, Object res,
073: boolean unprovision) {
074: _req = req;
075: _res = res;
076: _unprovision = unprovision;
077: }
078:
079: private void _obtainUserInfo() throws SecurityException {
080: try {
081: SSOToken ssoToken;
082: if (_req instanceof HttpServletRequest) {
083: HttpServletRequest sReq = (HttpServletRequest) _req;
084: ssoToken = SSOTokenManager.getInstance()
085: .createSSOToken(sReq);
086: } else {
087: PortletRequest pReq = (PortletRequest) _req;
088: ssoToken = (SSOToken) pReq
089: .getAttribute("javax.portlet.portletc.ssotoken");
090: }
091: _sessionId = ssoToken.getTokenID().toString();
092: String userDN = ssoToken.getPrincipal().getName();
093: _userId = userDN;//userDN.substring((userDN.indexOf("=") + 1), userDN.indexOf(","));
094: } catch (SSOException ssoEx) {
095: throw new SecurityException(ssoEx.getMessage());
096: }
097:
098: }
099:
100: private String _getUserId() throws SecurityException {
101: if (_userId != null)
102: return _userId;
103: _obtainUserInfo();
104: return _userId;
105: }
106:
107: private String _getSessionId() throws SecurityException {
108: if (_sessionId != null)
109: return _sessionId;
110: _obtainUserInfo();
111: return _sessionId;
112: }
113:
114: private String _getPreference(String name) throws SecurityException {
115: String value;
116: if (_req instanceof HttpServletRequest) {
117: HttpServletRequest sReq = (HttpServletRequest) _req;
118: value = sReq.getParameter(name);
119: } else {
120: PortletRequest pReq = (PortletRequest) _req;
121: value = pReq.getPreferences().getValue(name, null);
122: }
123: return value;
124: }
125:
126: public String getUserId() {
127: return _getUserId();
128: }
129:
130: public String getSessionId() {
131: return _getSessionId();
132: }
133:
134: public boolean getUnprovision() {
135: return _unprovision;
136: }
137:
138: public String getSearchServerURL() {
139: return _getPreference(InfoResolverFactory.SEARCH_SERVER_URL_PARAM);
140: }
141:
142: public String getSearchDatabase() {
143: return _getPreference(InfoResolverFactory.SEARCH_DB_PARAM);
144: }
145:
146: public String getPreference(String name) {
147: return _getPreference(name);
148: }
149:
150: public boolean isRepositoryOwner() {
151: CommunityUser cuser;
152: try {
153: if (_req instanceof HttpServletRequest) {
154: HttpServletRequest sReq = (HttpServletRequest) _req;
155: cuser = CommunityFactory.getInstance()
156: .getCommunityUser(sReq, _getUserId());
157: } else {
158: PortletRequest pReq = (PortletRequest) _req;
159: cuser = CommunityFactory.getInstance()
160: .getCommunityUser(pReq);
161: }
162: return cuser.hasRole(new CommunityId(getCommunityId()),
163: RoleId.OWNER_ROLE);
164: } catch (Exception e) {
165: return false;
166: }
167:
168: }
169:
170: public boolean isDownloadAllow() {
171: try {
172: SSOToken ssoToken;
173: Community c = null;
174: if (_req instanceof HttpServletRequest) {
175: HttpServletRequest sReq = (HttpServletRequest) _req;
176: HttpServletResponse sRes = (HttpServletResponse) _res;
177: ssoToken = SSOTokenManager.getInstance()
178: .createSSOToken(sReq);
179: c = CommunityFactory.getInstance().getCommunity(sReq,
180: sRes, ssoToken,
181: new CommunityId(getCommunityId()));
182: } else {
183: PortletRequest pReq = (PortletRequest) _req;
184: ssoToken = (SSOToken) pReq
185: .getAttribute("javax.portlet.portletc.ssotoken");
186: c = CommunityFactory.getInstance().getCommunity(pReq);
187: }
188: if (c.isDisabled()) {
189: return false;
190: }
191: if (!c.isSecure()) {
192: return true;
193: }
194:
195: CommunityUser cuser;
196:
197: if (_req instanceof HttpServletRequest) {
198: HttpServletRequest sReq = (HttpServletRequest) _req;
199: cuser = CommunityFactory.getInstance()
200: .getCommunityUser(sReq, _getUserId());
201: } else {
202: PortletRequest pReq = (PortletRequest) _req;
203: cuser = CommunityFactory.getInstance()
204: .getCommunityUser(pReq);
205: }
206: CommunityId cid = c.getCommunityId();
207: if ((cuser.hasRole(cid, RoleId.OWNER_ROLE) || cuser
208: .hasRole(cid, RoleId.MEMBER_ROLE))
209: && !cuser.hasRole(cid, RoleId.BANNED_ROLE)) {
210: return true;
211: }
212:
213: } catch (Exception e) {
214:
215: }
216: return false;
217:
218: }
219:
220: private String getCommunityId() {
221: String repoId = _getPreference(InfoResolverFactory.REPOSITORY_ID_PARAM);
222: // REPOSITORY_ID_PARAM in portlet properties was made of Community ID
223: // TODO: if it was not useing the community ID directly, a parser will be needed here.
224: return repoId;
225: }
226:
227: public String getRepositoryId() {
228: return _getPreference(InfoResolverFactory.REPOSITORY_ID_PARAM);
229: }
230:
231: }
|