001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.intercept.web;
017:
018: import org.acegisecurity.AccessDeniedException;
019: import org.acegisecurity.Authentication;
020: import org.acegisecurity.ConfigAttributeDefinition;
021:
022: import org.acegisecurity.intercept.AbstractSecurityInterceptor;
023:
024: import org.apache.commons.logging.Log;
025: import org.apache.commons.logging.LogFactory;
026:
027: import org.springframework.beans.factory.InitializingBean;
028:
029: import org.springframework.util.Assert;
030:
031: /**
032: * Allows users to determine whether they have privileges for a given web URI.
033: *
034: * @author Ben Alex
035: * @version $Id: WebInvocationPrivilegeEvaluator.java 1496 2006-05-23 13:38:33Z benalex $
036: */
037: public class WebInvocationPrivilegeEvaluator implements
038: InitializingBean {
039: //~ Static fields/initializers =====================================================================================
040:
041: protected static final Log logger = LogFactory
042: .getLog(WebInvocationPrivilegeEvaluator.class);
043:
044: //~ Instance fields ================================================================================================
045:
046: private AbstractSecurityInterceptor securityInterceptor;
047:
048: //~ Methods ========================================================================================================
049:
050: public void afterPropertiesSet() throws Exception {
051: Assert.notNull(securityInterceptor,
052: "SecurityInterceptor required");
053: }
054:
055: public boolean isAllowed(FilterInvocation fi,
056: Authentication authentication) {
057: Assert.notNull(fi, "FilterInvocation required");
058:
059: ConfigAttributeDefinition attrs = securityInterceptor
060: .obtainObjectDefinitionSource().getAttributes(fi);
061:
062: if (attrs == null) {
063: if (securityInterceptor.isRejectPublicInvocations()) {
064: return false;
065: }
066:
067: return true;
068: }
069:
070: if ((authentication == null)
071: || (authentication.getAuthorities() == null)
072: || (authentication.getAuthorities().length == 0)) {
073: return false;
074: }
075:
076: try {
077: securityInterceptor.getAccessDecisionManager().decide(
078: authentication, fi, attrs);
079: } catch (AccessDeniedException unauthorized) {
080: if (logger.isDebugEnabled()) {
081: logger.debug(fi.toString() + " denied for "
082: + authentication.toString(), unauthorized);
083: }
084:
085: return false;
086: }
087:
088: return true;
089: }
090:
091: public void setSecurityInterceptor(
092: AbstractSecurityInterceptor securityInterceptor) {
093: Assert.notNull(securityInterceptor,
094: "AbstractSecurityInterceptor cannot be null");
095: Assert
096: .isTrue(FilterInvocation.class
097: .equals(securityInterceptor
098: .getSecureObjectClass()),
099: "AbstractSecurityInterceptor does not support FilterInvocations");
100: Assert
101: .notNull(
102: securityInterceptor.getAccessDecisionManager(),
103: "AbstractSecurityInterceptor must provide a non-null AccessDecisionManager");
104: this.securityInterceptor = securityInterceptor;
105: }
106: }
|