%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.turbine.util.template.TemplateSecurityCheck |
|
|
1 | package org.apache.turbine.util.template; |
|
2 | ||
3 | /* |
|
4 | * Copyright 2001-2005 The Apache Software Foundation. |
|
5 | * |
|
6 | * Licensed under the Apache License, Version 2.0 (the "License") |
|
7 | * you may not use this file except in compliance with the License. |
|
8 | * You may obtain a copy of the License at |
|
9 | * |
|
10 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
11 | * |
|
12 | * Unless required by applicable law or agreed to in writing, software |
|
13 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15 | * See the License for the specific language governing permissions and |
|
16 | * limitations under the License. |
|
17 | */ |
|
18 | ||
19 | import org.apache.turbine.Turbine; |
|
20 | import org.apache.turbine.TurbineConstants; |
|
21 | import org.apache.turbine.om.security.Permission; |
|
22 | import org.apache.turbine.om.security.Role; |
|
23 | import org.apache.turbine.services.security.TurbineSecurity; |
|
24 | import org.apache.turbine.services.template.TurbineTemplate; |
|
25 | import org.apache.turbine.util.RunData; |
|
26 | ||
27 | /** |
|
28 | * Utility class to help check for proper authorization when using |
|
29 | * template screens. Sample usages: |
|
30 | * |
|
31 | * <p><pre><code> |
|
32 | * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data ); |
|
33 | * secCheck.setMessage( "Sorry, you do not have permission to " + |
|
34 | * "access this area." ); |
|
35 | * secCheck.setFailTemplate("login.wm"); |
|
36 | * if ( !secCheck.hasRole("ADMIN") ) |
|
37 | * return; |
|
38 | * </pre></code> |
|
39 | * |
|
40 | * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a> |
|
41 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> |
|
42 | * @version $Id: TemplateSecurityCheck.java 264148 2005-08-29 14:21:04Z henning $ |
|
43 | */ |
|
44 | public class TemplateSecurityCheck |
|
45 | { |
|
46 | 0 | private String message = |
47 | "Sorry, you do not have permission to access this area."; |
|
48 | 0 | private String failScreen = TurbineTemplate.getDefaultScreen(); |
49 | private String failTemplate; |
|
50 | 0 | private RunData data = null; |
51 | ||
52 | /** |
|
53 | * Constructor. |
|
54 | * |
|
55 | * @param data A Turbine RunData object. |
|
56 | * @param message A String with the message to display upon |
|
57 | * failure. |
|
58 | */ |
|
59 | public TemplateSecurityCheck(RunData data, String message) |
|
60 | 0 | { |
61 | 0 | this.data = data; |
62 | 0 | this.message = message; |
63 | 0 | } |
64 | ||
65 | /** |
|
66 | * Generic Constructor. |
|
67 | * |
|
68 | * @param data A Turbine RunData object. |
|
69 | */ |
|
70 | public TemplateSecurityCheck(RunData data) |
|
71 | 0 | { |
72 | 0 | this.data = data; |
73 | 0 | } |
74 | ||
75 | /** |
|
76 | * Does the User have this role? |
|
77 | * |
|
78 | * @param role The role to be checked. |
|
79 | * @return Whether the user has the role. |
|
80 | * @exception Exception Trouble validating. |
|
81 | */ |
|
82 | public boolean hasRole(Role role) |
|
83 | throws Exception |
|
84 | { |
|
85 | 0 | if (!checkLogin()) |
86 | { |
|
87 | 0 | return false; |
88 | } |
|
89 | ||
90 | 0 | if (data.getACL() == null || !data.getACL().hasRole(role)) |
91 | { |
|
92 | 0 | data.setScreen(getFailScreen()); |
93 | 0 | data.getTemplateInfo().setScreenTemplate(getFailTemplate()); |
94 | 0 | data.setMessage(getMessage()); |
95 | 0 | return false; |
96 | } |
|
97 | ||
98 | 0 | return true; |
99 | } |
|
100 | ||
101 | /** |
|
102 | * Does the User have this permission? |
|
103 | * |
|
104 | * @param permission The permission to be checked. |
|
105 | * @return Whether the user has the permission. |
|
106 | * @exception Exception Trouble validating. |
|
107 | */ |
|
108 | public boolean hasPermission(Permission permission) |
|
109 | throws Exception |
|
110 | { |
|
111 | 0 | boolean value = true; |
112 | 0 | if (data.getACL() == null || !data.getACL().hasPermission(permission)) |
113 | { |
|
114 | 0 | data.setScreen(getFailScreen()); |
115 | 0 | data.getTemplateInfo().setScreenTemplate(getFailTemplate()); |
116 | 0 | data.setMessage(getMessage()); |
117 | 0 | value = false; |
118 | } |
|
119 | ||
120 | 0 | return value; |
121 | } |
|
122 | ||
123 | /** |
|
124 | * Check that the user has logged in. |
|
125 | * |
|
126 | * @return True if user has logged in. |
|
127 | * @exception Exception, a generic exception. |
|
128 | */ |
|
129 | public boolean checkLogin() |
|
130 | throws Exception |
|
131 | { |
|
132 | 0 | boolean value = true; |
133 | ||
134 | // Do it like the AccessController |
|
135 | 0 | if (!TurbineSecurity.isAnonymousUser(data.getUser()) |
136 | && !data.getUser().hasLoggedIn()) |
|
137 | { |
|
138 | 0 | data.setMessage(Turbine.getConfiguration() |
139 | .getString(TurbineConstants.LOGIN_MESSAGE)); |
|
140 | ||
141 | 0 | data.getTemplateInfo().setScreenTemplate(getFailTemplate()); |
142 | 0 | value = false; |
143 | } |
|
144 | ||
145 | 0 | return value; |
146 | } |
|
147 | ||
148 | /** |
|
149 | * Set the message that should be displayed. This is initialized |
|
150 | * in the constructor. |
|
151 | * |
|
152 | * @param v A String with the message that should be displayed. |
|
153 | */ |
|
154 | public void setMessage(String v) |
|
155 | { |
|
156 | 0 | this.message = v; |
157 | 0 | } |
158 | ||
159 | /** |
|
160 | * Get the message that should be displayed. This is initialized |
|
161 | * in the constructor. |
|
162 | * |
|
163 | * @return A String with the message that should be displayed. |
|
164 | */ |
|
165 | public String getMessage() |
|
166 | { |
|
167 | 0 | return message; |
168 | } |
|
169 | ||
170 | /** |
|
171 | * Get the value of failScreen. |
|
172 | * |
|
173 | * @return A String with the value of failScreen. |
|
174 | */ |
|
175 | public String getFailScreen() |
|
176 | { |
|
177 | 0 | return failScreen; |
178 | } |
|
179 | ||
180 | /** |
|
181 | * Set the value of failScreen. |
|
182 | * |
|
183 | * @param v A String with the value of failScreen. |
|
184 | */ |
|
185 | public void setFailScreen(String v) |
|
186 | { |
|
187 | 0 | this.failScreen = v; |
188 | 0 | } |
189 | ||
190 | /** |
|
191 | * Get the value of failTemplate. |
|
192 | * |
|
193 | * @return A String with the value of failTemplate. |
|
194 | */ |
|
195 | public String getFailTemplate() |
|
196 | { |
|
197 | 0 | return failTemplate; |
198 | } |
|
199 | ||
200 | /** |
|
201 | * Set the value of failTemplate. |
|
202 | * |
|
203 | * @param v A String with the value of failTemplate. |
|
204 | */ |
|
205 | public void setFailTemplate(String v) |
|
206 | { |
|
207 | 0 | this.failTemplate = v; |
208 | 0 | } |
209 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |