01: /**
02: * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE, version 2.1, dated February 1999.
03: *
04: * This program is free software; you can redistribute it and/or modify
05: * it under the terms of the latest version of the GNU Lesser General
06: * Public License as published by the Free Software Foundation;
07: *
08: * This program is distributed in the hope that it will be useful,
09: * but WITHOUT ANY WARRANTY; without even the implied warranty of
10: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11: * GNU Lesser General Public License for more details.
12: *
13: * You should have received a copy of the GNU Lesser General Public License
14: * along with this program (LICENSE.txt); if not, write to the Free Software
15: * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
16: */package org.jamwiki.authentication;
17:
18: import java.io.IOException;
19: import javax.servlet.RequestDispatcher;
20: import javax.servlet.ServletException;
21: import javax.servlet.ServletRequest;
22: import javax.servlet.ServletResponse;
23: import javax.servlet.http.HttpServletRequest;
24: import javax.servlet.http.HttpServletResponse;
25: import org.acegisecurity.AccessDeniedException;
26: import org.acegisecurity.ui.AccessDeniedHandler;
27: import org.jamwiki.utils.WikiLogger;
28: import org.jamwiki.utils.WikiUtil;
29:
30: /**
31: * Handle AccessDeniedExceptions thrown by the Acegi security framework. This
32: * class is based on the org.acegisecurity.ui.AccessDeniedHandler class.
33: */
34: public class JAMWikiAccessDeniedHandler implements AccessDeniedHandler {
35:
36: private static final WikiLogger logger = WikiLogger
37: .getLogger(JAMWikiAccessDeniedHandler.class.getName());
38: private String errorPage;
39:
40: /**
41: *
42: */
43: public void handle(ServletRequest servletRequest,
44: ServletResponse servletResponse,
45: AccessDeniedException accessDeniedException)
46: throws IOException, ServletException {
47: HttpServletRequest request = (HttpServletRequest) servletRequest;
48: HttpServletResponse response = (HttpServletResponse) servletResponse;
49: if (this .errorPage != null) {
50: String uri = request.getRequestURI();
51: // FIXME - move the "strip after semicolon" code to WikiUtil
52: int pathParamIndex = uri.indexOf(';');
53: if (pathParamIndex > 0) {
54: // strip everything after the first semi-colon
55: uri = uri.substring(0, pathParamIndex);
56: }
57: String virtualWiki = WikiUtil
58: .getVirtualWikiFromURI(request);
59: RequestDispatcher rd = request.getRequestDispatcher("/"
60: + virtualWiki + this .errorPage);
61: rd.forward(request, response);
62: }
63: if (!response.isCommitted()) {
64: // send 403 after response has been written
65: response.sendError(HttpServletResponse.SC_FORBIDDEN,
66: accessDeniedException.getMessage());
67: }
68: }
69:
70: /**
71: * The error page to use. Must begin with a "/" and is interpreted relative to
72: * the current context root.
73: *
74: * @param errorPage the dispatcher path to display
75: *
76: * @throws IllegalArgumentException if the argument doesn't comply with the above
77: * limitations
78: */
79: public void setErrorPage(String errorPage) {
80: if (errorPage != null && !errorPage.startsWith("/")) {
81: throw new IllegalArgumentException(
82: "ErrorPage must begin with '/'");
83: }
84: this.errorPage = errorPage;
85: }
86: }
|