001: package org.apache.turbine.util;
002:
003: /*
004: * Licensed to the Apache Software Foundation (ASF) under one
005: * or more contributor license agreements. See the NOTICE file
006: * distributed with this work for additional information
007: * regarding copyright ownership. The ASF licenses this file
008: * to you under the Apache License, Version 2.0 (the
009: * "License"); you may not use this file except in compliance
010: * with the License. You may obtain a copy of the License at
011: *
012: * http://www.apache.org/licenses/LICENSE-2.0
013: *
014: * Unless required by applicable law or agreed to in writing,
015: * software distributed under the License is distributed on an
016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017: * KIND, either express or implied. See the License for the
018: * specific language governing permissions and limitations
019: * under the License.
020: */
021:
022: import org.apache.turbine.om.security.Permission;
023: import org.apache.turbine.om.security.Role;
024: import org.apache.turbine.services.security.TurbineSecurity;
025: import org.apache.turbine.util.security.RoleSet;
026: import org.apache.turbine.util.security.UnknownEntityException;
027:
028: /**
029: * Utility for doing security checks in Screens and Actions.
030: *
031: * Sample usage:<br>
032: *
033: * <pre><code>
034: * SecurityCheck mycheck =
035: * new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
036: * if (!mycheck.hasPermission("add_user");
037: * return;
038: * </code></pre>
039: *
040: * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
041: * @author <a href="jh@byteaction.de">Jürgen Hoffmann</a>
042: * @version $Id: SecurityCheck.java 534527 2007-05-02 16:10:59Z tv $
043: */
044: public class SecurityCheck {
045: private String message;
046:
047: private String failScreen;
048:
049: private RunData data = null;
050:
051: /**
052: * Holds information if a missing Permission or Role should be created and granted on-the-fly.
053: * This is good behaviour, if these change a lot.
054: */
055: private boolean initialize;
056:
057: /**
058: * Constructor.
059: *
060: * @param data
061: * A Turbine RunData object.
062: * @param message
063: * The message to display upon failure.
064: * @param failedScreen
065: * The screen to redirect to upon failure.
066: */
067: public SecurityCheck(RunData data, String message,
068: String failedScreen) {
069: this (data, message, failedScreen, false);
070: }
071:
072: /**
073: * Constructor.
074: *
075: * @param data
076: * A Turbine RunData object.
077: * @param message
078: * The message to display upon failure.
079: * @param failedScreen
080: * The screen to redirect to upon failure.
081: * @param initialize
082: * if a non-existing Permission or Role should be created.
083: */
084: public SecurityCheck(RunData data, String message,
085: String failedScreen, boolean initialize) {
086: this .data = data;
087: this .message = message;
088: this .failScreen = failedScreen;
089: this .initialize = initialize;
090: }
091:
092: /**
093: * Does the user have this role?
094: *
095: * @param role
096: * A Role.
097: * @return True if the user has this role.
098: * @exception Exception,
099: * a generic exception.
100: */
101: public boolean hasRole(Role role) throws Exception {
102: boolean value = false;
103: if (data.getACL() == null || !data.getACL().hasRole(role)) {
104: data.setScreen(failScreen);
105: data.setMessage(message);
106: } else {
107: value = true;
108: }
109: return value;
110: }
111:
112: /**
113: * Does the user have this role?
114: *
115: * @param role
116: * A String.
117: * @return True if the user has this role.
118: * @exception Exception,
119: * a generic exception.
120: */
121: public boolean hasRole(String role) throws Exception {
122: Role roleObject = null;
123: try {
124: roleObject = TurbineSecurity.getRoleByName(role);
125: } catch (UnknownEntityException e) {
126: if (initialize) {
127: roleObject = TurbineSecurity.createRole(role);
128: TurbineSecurity.grant(data.getUser(), TurbineSecurity
129: .getGlobalGroup(), roleObject);
130: } else {
131: throw (e);
132: }
133: }
134: return hasRole(TurbineSecurity.getRoleByName(role));
135: }
136:
137: /**
138: * Does the user have this permission?
139: *
140: * @param permission
141: * A Permission.
142: * @return True if the user has this permission.
143: * @exception Exception,
144: * a generic exception.
145: */
146: public boolean hasPermission(Permission permission)
147: throws Exception {
148: boolean value = false;
149: if (data.getACL() == null
150: || !data.getACL().hasPermission(permission)) {
151: data.setScreen(failScreen);
152: data.setMessage(message);
153: } else {
154: value = true;
155: }
156: return value;
157: }
158:
159: /**
160: * Does the user have this permission? If initialze is set to <code>true</code>
161: * The permission will be created and granted to the first available Role of
162: * the user, that the SecurityCheck is running against.
163: *
164: * If the User has no Roles, the first Role via TurbineSecurity is granted the
165: * permission.
166: *
167: * @param permission
168: * A String.
169: * @return True if the user has this permission.
170: * @exception Exception,
171: * a generic exception.
172: */
173: public boolean hasPermission(String permission) throws Exception {
174: Permission permissionObject = null;
175: try {
176: permissionObject = TurbineSecurity
177: .getPermissionByName(permission);
178: } catch (UnknownEntityException e) {
179: if (initialize) {
180: permissionObject = TurbineSecurity
181: .createPermission(permission);
182:
183: Role role = null;
184: RoleSet roles = data.getACL().getRoles();
185: if (roles.size() > 0)
186: role = roles.getRolesArray()[0];
187:
188: if (role == null) {
189: /*
190: * The User within data has no roles yet, let us grant the permission
191: * to the first role available through TurbineSecurity.
192: */
193: roles = TurbineSecurity.getAllRoles();
194: if (roles.size() > 0)
195: role = roles.getRolesArray()[0];
196: }
197:
198: if (role != null) {
199: /*
200: * If we have no role, there is nothing we can do about it. So only grant it,
201: * if we have a role to grant it to.
202: */
203: TurbineSecurity.grant(data.getACL().getRoles()
204: .getRolesArray()[0], permissionObject);
205: }
206: } else {
207: throw (e);
208: }
209: }
210: return hasPermission(permissionObject);
211: }
212:
213: /**
214: * Get the message that should be displayed. This is initialized in the
215: * constructor.
216: *
217: * @return A String.
218: */
219: public String getMessage() {
220: return message;
221: }
222:
223: /**
224: * Get the screen that should be displayed. This is initialized in the
225: * constructor.
226: *
227: * @return A String.
228: */
229: public String getFailScreen() {
230: return failScreen;
231: }
232: }
|