001: /* Copyright 2004 The JA-SIG Collaborative. All rights reserved.
002: * See license distributed with this file and
003: * available online at http://www.uportal.org/license.html
004: */
005:
006: package org.jasig.portal.container.servlet;
007:
008: import java.security.Principal;
009: import java.util.Enumeration;
010: import java.util.Hashtable;
011: import java.util.Map;
012:
013: import javax.servlet.http.HttpServletRequest;
014: import javax.servlet.http.HttpServletRequestWrapper;
015:
016: import org.apache.pluto.om.common.SecurityRoleRef;
017: import org.apache.pluto.om.common.SecurityRoleRefSet;
018: import org.jasig.portal.groups.IEntityGroup;
019: import org.jasig.portal.groups.IGroupMember;
020: import org.jasig.portal.security.IPerson;
021: import org.jasig.portal.services.GroupService;
022:
023: import sun.security.acl.PrincipalImpl;
024:
025: /**
026: * A wrapper of the real HttpServletRequest that allows
027: * modification of the request parameters and a uPortal
028: * implementation of security methods.
029: * <p>
030: * uPortal's {@link IPerson} and {@link GroupService}
031: * are used to determine the remote user its role
032: * memberships in the case that the container does not know.
033: * @author Ken Weiner, kweiner@unicon.net
034: * @version $Revision: 36796 $
035: */
036: public class ServletRequestImpl extends AttributeRequestWrapper {
037:
038: protected Hashtable parameters;
039: protected IPerson person;
040: protected SecurityRoleRefSet securityRoleRefs;
041:
042: public ServletRequestImpl(HttpServletRequest request) {
043: super (request);
044: this .parameters = new Hashtable(request.getParameterMap());
045: }
046:
047: public ServletRequestImpl(HttpServletRequest request,
048: IPerson person, SecurityRoleRefSet securityRoleRefs) {
049: super (request);
050: this .parameters = new Hashtable(request.getParameterMap());
051: this .person = person;
052: this .securityRoleRefs = securityRoleRefs;
053: }
054:
055: public String getParameter(String name) {
056: String[] values = (String[]) this .getParameterMap().get(name);
057:
058: if (values == null || values.length <= 0)
059: return null;
060: else
061: return values[0];
062: }
063:
064: public Map getParameterMap() {
065: return getRequest().getParameterMap();
066: }
067:
068: public Enumeration getParameterNames() {
069: return parameters.keys();
070: }
071:
072: public String[] getParameterValues(String name) {
073: return (String[]) this .getParameterMap().get(name);
074: }
075:
076: /**
077: * Replaces the existing request parameters with a new set
078: * of parameters.
079: * @param parameters the new parameters
080: */
081: public void setParameters(Map parameters) {
082: this .parameters.clear();
083: this .parameters.putAll(parameters);
084: }
085:
086: /**
087: * Returns the remote user from the real HttpServletRequest
088: * if it is available. If it is not available, the username
089: * of the user will be returned provided that the user is
090: * authenticated. If not authenticated, then <code>null</code>
091: * will be returned.
092: * @return the name of the remote user or <code>null</code>
093: */
094: public String getRemoteUser() {
095: String userName = super .getRemoteUser();
096: if (userName == null && person != null
097: && person.getSecurityContext().isAuthenticated()) {
098: userName = (String) person.getAttribute(IPerson.USERNAME);
099: }
100: return userName;
101: }
102:
103: /**
104: * Returns the user principal from the real HttpServletRequest
105: * if it is available. If it is not available, the principal
106: * representing the user will be returned provided that the user is
107: * authenticated. If not authenticated, then <code>null</code>
108: * will be returned.
109: * @return the user principal or <code>null</code>
110: */
111: public Principal getUserPrincipal() {
112: Principal principal = super .getUserPrincipal();
113: if (principal == null && person != null) {
114: principal = new PrincipalImpl(getRemoteUser());
115: }
116: return principal;
117: }
118:
119: /**
120: * Determines whether or not the user is in the given role.
121: * The uPortal <code>GroupService</code> shall be used to
122: * represent the given role as a uPortal <code>IGroupMember</code>.
123: * Therefore, the role must be in the form of a uPortal group key such as
124: * <code>local.0</code> or <code>pags.students</code>.
125: * @param role the role of the user
126: * @return <code>true</code> is the user is in the given role, otherwise <code>false</code>
127: */
128: public boolean isUserInRole(String role) {
129: boolean isUserInRole = super .isUserInRole(role);
130: try {
131: if (!isUserInRole && person != null) {
132: IGroupMember user = GroupService.getGroupMember(person
133: .getEntityIdentifier());
134: IGroupMember groupForRole = GroupService
135: .getGroupMember(role, IEntityGroup.class);
136: if (groupForRole != null) {
137: isUserInRole = user.isDeepMemberOf(groupForRole);
138: if (!isUserInRole) {
139: SecurityRoleRef securityRoleRef = securityRoleRefs
140: .get(role);
141: if (securityRoleRef != null) {
142: String roleLink = securityRoleRef
143: .getRoleLink();
144: IGroupMember groupForRoleLink = GroupService
145: .getGroupMember(roleLink,
146: IEntityGroup.class);
147: if (groupForRoleLink != null) {
148: isUserInRole = user
149: .isDeepMemberOf(groupForRoleLink);
150: }
151: }
152: }
153: }
154: }
155: } catch (Exception e) {
156: isUserInRole = false;
157: }
158: return isUserInRole;
159: }
160: }
|