01: /******************************************************************************
02: * JBoss, a division of Red Hat *
03: * Copyright 2006, Red Hat Middleware, LLC, and individual *
04: * contributors as indicated by the @authors tag. See the *
05: * copyright.txt in the distribution for a full listing of *
06: * individual contributors. *
07: * *
08: * This is free software; you can redistribute it and/or modify it *
09: * under the terms of the GNU Lesser General Public License as *
10: * published by the Free Software Foundation; either version 2.1 of *
11: * the License, or (at your option) any later version. *
12: * *
13: * This software is distributed in the hope that it will be useful, *
14: * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
16: * Lesser General Public License for more details. *
17: * *
18: * You should have received a copy of the GNU Lesser General Public *
19: * License along with this software; if not, write to the Free *
20: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
21: * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
22: ******************************************************************************/package org.jboss.portal.core.aspects.controller;
23:
24: import org.jboss.logging.Logger;
25: import org.jboss.portal.common.invocation.InvocationException;
26: import org.jboss.portal.core.controller.ControllerCommand;
27: import org.jboss.portal.core.controller.ControllerInterceptor;
28: import org.jboss.portal.core.controller.ControllerResponse;
29: import org.jboss.portal.core.controller.SecurityException;
30: import org.jboss.portal.core.controller.command.response.SecurityErrorResponse;
31: import org.jboss.portal.security.PortalSecurityException;
32: import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
33: import org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory;
34:
35: /**
36: * This aspect enforces security policy for all commands. <p/> <p>Portal resources should only be accessible to
37: * individuals that are entitled to do so. This interceptor makes sure that the requested resource is available to the
38: * requesting subject, by utilizing the configured JACC Policy.</p>
39: *
40: * @author <a href="mailto:mholzner@novell.com>Martin Holzner</a>
41: * @author julien@jboss.org
42: * @version $LastChangedRevision: 8786 $, $LastChangedDate: 2007-10-27 21:14:48 -0400 (Sat, 27 Oct 2007) $
43: */
44: public final class PolicyEnforcementInterceptor extends
45: ControllerInterceptor {
46:
47: /** Our logger. */
48: private static Logger log = Logger
49: .getLogger(PolicyEnforcementInterceptor.class);
50:
51: /** Trace . */
52: protected boolean isTrace = log.isTraceEnabled();
53:
54: /**
55: * @param cmd
56: * @throws org.jboss.portal.common.invocation.InvocationException
57: *
58: */
59: public ControllerResponse invoke(ControllerCommand cmd)
60: throws Exception, InvocationException {
61: try {
62: PortalAuthorizationManagerFactory pamf = cmd
63: .getControllerContext().getController()
64: .getPortalAuthorizationManagerFactory();
65: PortalAuthorizationManager pam = pamf.getManager();
66: cmd.enforceSecurity(pam);
67: } catch (PortalSecurityException e) {
68: return new SecurityErrorResponse(e,
69: SecurityErrorResponse.NOT_AUTHORIZED, true);
70: } catch (SecurityException e) {
71: return new SecurityErrorResponse(e,
72: SecurityErrorResponse.NOT_AUTHORIZED, false);
73: }
74:
75: //
76: return (ControllerResponse) cmd.invokeNext();
77: }
78: }
|