View Javadoc

1   package org.apache.turbine.util.template;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import org.apache.turbine.Turbine;
20  import org.apache.turbine.TurbineConstants;
21  import org.apache.turbine.om.security.Permission;
22  import org.apache.turbine.om.security.Role;
23  import org.apache.turbine.services.security.TurbineSecurity;
24  import org.apache.turbine.services.template.TurbineTemplate;
25  import org.apache.turbine.util.RunData;
26  
27  /***
28   * Utility class to help check for proper authorization when using
29   * template screens.  Sample usages:
30   *
31   * <p><pre><code>
32   * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
33   * secCheck.setMessage( "Sorry, you do not have permission to " +
34   *                      "access this area." );
35   * secCheck.setFailTemplate("login.wm");
36   * if ( !secCheck.hasRole("ADMIN") )
37   *     return;
38   * </pre></code>
39   *
40   * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
41   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
42   * @version $Id: TemplateSecurityCheck.java 264148 2005-08-29 14:21:04Z henning $
43   */
44  public class TemplateSecurityCheck
45  {
46      private String message =
47              "Sorry, you do not have permission to access this area.";
48      private String failScreen = TurbineTemplate.getDefaultScreen();
49      private String failTemplate;
50      private RunData data = null;
51  
52      /***
53       * Constructor.
54       *
55       * @param data A Turbine RunData object.
56       * @param message A String with the message to display upon
57       * failure.
58       */
59      public TemplateSecurityCheck(RunData data, String message)
60      {
61          this.data = data;
62          this.message = message;
63      }
64  
65      /***
66       * Generic Constructor.
67       *
68       * @param data A Turbine RunData object.
69       */
70      public TemplateSecurityCheck(RunData data)
71      {
72          this.data = data;
73      }
74  
75      /***
76       * Does the User have this role?
77       *
78       * @param role The role to be checked.
79       * @return Whether the user has the role.
80       * @exception Exception Trouble validating.
81       */
82      public boolean hasRole(Role role)
83          throws Exception
84      {
85          if (!checkLogin())
86          {
87              return false;
88          }
89  
90          if (data.getACL() == null || !data.getACL().hasRole(role))
91          {
92              data.setScreen(getFailScreen());
93              data.getTemplateInfo().setScreenTemplate(getFailTemplate());
94              data.setMessage(getMessage());
95              return false;
96          }
97  
98          return true;
99      }
100 
101     /***
102      * Does the User have this permission?
103      *
104      * @param permission The permission to be checked.
105      * @return Whether the user has the permission.
106      * @exception Exception Trouble validating.
107      */
108     public boolean hasPermission(Permission permission)
109         throws Exception
110     {
111         boolean value = true;
112         if (data.getACL() == null || !data.getACL().hasPermission(permission))
113         {
114             data.setScreen(getFailScreen());
115             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
116             data.setMessage(getMessage());
117             value = false;
118         }
119 
120         return value;
121     }
122 
123     /***
124      * Check that the user has logged in.
125      *
126      * @return True if user has logged in.
127      * @exception Exception, a generic exception.
128      */
129     public boolean checkLogin()
130         throws Exception
131     {
132         boolean value = true;
133 
134         // Do it like the AccessController
135         if (!TurbineSecurity.isAnonymousUser(data.getUser())
136             && !data.getUser().hasLoggedIn())
137         {
138             data.setMessage(Turbine.getConfiguration()
139                 .getString(TurbineConstants.LOGIN_MESSAGE));
140 
141             data.getTemplateInfo().setScreenTemplate(getFailTemplate());
142             value = false;
143         }
144 
145         return value;
146     }
147 
148     /***
149      * Set the message that should be displayed.  This is initialized
150      * in the constructor.
151      *
152      * @param v A String with the message that should be displayed.
153      */
154     public void setMessage(String v)
155     {
156         this.message = v;
157     }
158 
159     /***
160      * Get the message that should be displayed.  This is initialized
161      * in the constructor.
162      *
163      * @return A String with the message that should be displayed.
164      */
165     public String getMessage()
166     {
167         return message;
168     }
169 
170     /***
171      * Get the value of failScreen.
172      *
173      * @return A String with the value of failScreen.
174      */
175     public String getFailScreen()
176     {
177         return failScreen;
178     }
179 
180     /***
181      * Set the value of failScreen.
182      *
183      * @param v A String with the value of failScreen.
184      */
185     public void setFailScreen(String v)
186     {
187         this.failScreen = v;
188     }
189 
190     /***
191      * Get the value of failTemplate.
192      *
193      * @return A String with the value of failTemplate.
194      */
195     public String getFailTemplate()
196     {
197         return failTemplate;
198     }
199 
200     /***
201      * Set the value of failTemplate.
202      *
203      * @param v A String with the value of failTemplate.
204      */
205     public void setFailTemplate(String v)
206     {
207         this.failTemplate = v;
208     }
209 }