KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > jcorporate > expresso > ext > taglib > RestrictAccessTag


1 /* ====================================================================
2  * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
3  *
4  * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in
15  * the documentation and/or other materials provided with the
16  * distribution.
17  *
18  * 3. The end-user documentation included with the redistribution,
19  * if any, must include the following acknowledgment:
20  * "This product includes software developed by Jcorporate Ltd.
21  * (http://www.jcorporate.com/)."
22  * Alternately, this acknowledgment may appear in the software itself,
23  * if and wherever such third-party acknowledgments normally appear.
24  *
25  * 4. "Jcorporate" and product names such as "Expresso" must
26  * not be used to endorse or promote products derived from this
27  * software without prior written permission. For written permission,
28  * please contact info@jcorporate.com.
29  *
30  * 5. Products derived from this software may not be called "Expresso",
31  * or other Jcorporate product names; nor may "Expresso" or other
32  * Jcorporate product names appear in their name, without prior
33  * written permission of Jcorporate Ltd.
34  *
35  * 6. No product derived from this software may compete in the same
36  * market space, i.e. framework, without prior written permission
37  * of Jcorporate Ltd. For written permission, please contact
38  * partners@jcorporate.com.
39  *
40  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43  * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
44  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
46  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This software consists of voluntary contributions made by many
55  * individuals on behalf of the Jcorporate Ltd. Contributions back
56  * to the project(s) are encouraged when you make modifications.
57  * Please send them to support@jcorporate.com. For more information
58  * on Jcorporate Ltd. and its products, please see
59  * <http://www.jcorporate.com/>.
60  *
61  * Portions of this software are based upon other open source
62  * products and are subject to their respective licenses.
63  */
64
65 package com.jcorporate.expresso.ext.taglib;
66
67 import com.jcorporate.expresso.core.db.DBException;
68 import com.jcorporate.expresso.core.misc.CurrentLogin;
69 import com.jcorporate.expresso.core.misc.SerializableString;
70 import com.jcorporate.expresso.core.misc.StringUtil;
71 import com.jcorporate.expresso.core.security.User;
72 import org.apache.log4j.Logger;
73
74 import javax.servlet.ServletException JavaDoc;
75 import javax.servlet.jsp.JspTagException JavaDoc;
76 import javax.servlet.jsp.tagext.TagSupport JavaDoc;
77 import java.io.IOException JavaDoc;
78 import java.util.Hashtable JavaDoc;
79 import java.util.Iterator JavaDoc;
80 import java.util.List JavaDoc;
81 import java.util.StringTokenizer JavaDoc;
82
83
84 /**
85  * Restrict Access Tag - To easily restrict JSP page access.
86  * <p>This class provides an easy way to restrict access to particular pages.
87  * Attributes:
88  * allowedUsers: A comma delimited list of user names that are allowed to access
89  * this page.</p>
90  * <p/>
91  * <p>allowedGroups: A comma delimited list of groups that are allowed access to this
92  * page </p>
93  * <p/>
94  * <p>If neither allowedUsers or allowedGroups is set, then anybody that's logged
95  * in, will be allowed to access the page. </p>
96  * <p/>
97  * <p>Example Usage (Allows admin group to this page):</p>
98  * <p/>
99  * <code>
100  * <p>&lt;%@ taglib uri="expresso.tld" prefix"expresso" %&gt </p>
101  * <p>&lt;expresso:RestrictAccess allowedGroups="admin" /&gt </p>
102  * </code>
103  *
104  * @author Michael Rimov
105  */
106 public class RestrictAccessTag
107         extends TagSupport JavaDoc {
108     private Hashtable JavaDoc allowedUsers = null;
109     private Hashtable JavaDoc allowedGroups = null;
110     private String JavaDoc forwardURL = null;
111
112     private Logger log = Logger.getLogger(RestrictAccessTag.class);
113
114     public RestrictAccessTag() {
115         super();
116     }
117
118     /**
119      * Adds a comma delimited list of allowed users to the allowedUsers
120      * Hashtable.
121      *
122      * @param userList the allowed users for this user
123      */
124     public synchronized void setAllowedUsers(String JavaDoc userList) {
125         if (userList == null) {
126             return;
127         }
128         if (allowedUsers == null) {
129             allowedUsers = new Hashtable JavaDoc();
130         }
131
132         StringTokenizer JavaDoc strtok = new StringTokenizer JavaDoc(userList, ",");
133
134         //Add the users to the hash
135 while (strtok.hasMoreTokens() == true) {
136             allowedUsers.put(strtok.nextToken(), "");
137         }
138     }
139
140     /**
141      * Adds a comma delimited list of allowed groups to the allowedGroups
142      * Hashtable
143      *
144      * @param groupList a comma delimited list of groups allowed to access this
145      * page
146      */
147     public synchronized void setAllowedGroups(String JavaDoc groupList) {
148         if (groupList == null) {
149             return;
150         }
151         if (allowedGroups == null) {
152             allowedGroups = new Hashtable JavaDoc();
153         }
154
155         StringTokenizer JavaDoc strtok = new StringTokenizer JavaDoc(groupList, ",");
156
157         //Add the users to the hash
158 while (strtok.hasMoreTokens() == true) {
159             allowedGroups.put(strtok.nextToken(), "");
160         }
161     }
162
163     /**
164      * Sets a URL to forward to if access is denied
165      *
166      * @param url the URL to forward to if access to this page is denied
167      */
168     public synchronized void setDenyURL(String JavaDoc url) {
169         forwardURL = url;
170     }
171
172     /**
173      * Standard doEndTag. This is the main processing. Will check to see if the
174      * current user matches the appropriate userlist of grouplist
175      *
176      * @return int
177      */
178     public int doEndTag()
179             throws javax.servlet.jsp.JspTagException JavaDoc {
180
181         //
182 //First perform the checklogin to get everything set proper.
183 //
184 // try {
185 // CheckLogin.getInstance().checkLogin(
186 // (HttpServletRequest)pageContext.getRequest(),
187 // (HttpServletResponse)pageContext.getResponse());
188 // } catch (IOException e) {
189 // throw new JspTagException(e.getMessage());
190 // } catch (ServletException e) {
191 // throw new JspTagException(e.getMessage());
192 // } catch (NonHandleableException e) {
193 // throw new JspTagException(e.getMessage());
194 // }
195
196 // String userName = StringUtil.notNull((SerializableString)pageContext.getSession().getAttribute(
197 // "UserName"));
198 CurrentLogin myLogin = (CurrentLogin) pageContext.getSession().getAttribute(CurrentLogin.LOGIN_KEY);
199         String JavaDoc userName = null;
200         String JavaDoc db = null;
201         if (myLogin != null) {
202             userName = StringUtil.notNull(myLogin.getUserName());
203             db = StringUtil.notNull(myLogin.getDBName());
204
205
206         }
207
208         //Will be "" if there is no cookie or session se up.
209 if (userName == null || userName.length() == 0) {
210             denyAccess();
211         }
212
213
214         if (db == null || db.length() == 0) {
215             db = "default";
216         }
217
218         User u = null;
219         try {
220             u = new User();
221             u.setUid(myLogin.getUid());
222             u.setDataContext(db);
223             if (!u.find()) {
224                 denyAccess();
225             }
226         } catch (DBException ex) {
227             denyAccess();
228         }
229
230         if (allowedGroups == null && allowedUsers == null &&
231                 userName.equalsIgnoreCase(User.UNKNOWN_USER) == false) {
232             return EVAL_PAGE;
233         }
234
235         //Check allowed users first.
236 if (allowedUsers != null) {
237             //If the user is listed in acceptable users, then
238 //proceed
239 if (allowedUsers.containsKey(userName)) {
240                 return EVAL_PAGE;
241             }
242         }
243         //Check allowed groups (if set)
244 if (allowedGroups != null) {
245             try {
246                 List JavaDoc l = u.getGroupsList();
247
248                 for (Iterator JavaDoc i = l.iterator(); i.hasNext();) {
249                     String JavaDoc curGroup = (String JavaDoc) i.next();
250                     //Check the group
251 if (allowedGroups.containsKey(curGroup)) {
252
253                         //Then the person is contained in the listed group
254 return EVAL_PAGE;
255                     }
256                 }
257             } catch (DBException e) {
258                 throw new JspTagException JavaDoc(e.getMessage());
259             }
260         }
261
262         denyAccess();
263
264         return SKIP_PAGE;
265     }
266
267     /**
268      * Do nothing until end tag.
269      *
270      * @return int
271      * @throws javax.servlet.jsp.JspTagException
272      * The exception description.
273      */
274     public int doStartTag()
275             throws javax.servlet.jsp.JspTagException JavaDoc {
276         return SKIP_BODY;
277     } /* doStartTag() */
278
279
280     protected void denyAccess()
281             throws javax.servlet.jsp.JspTagException JavaDoc {
282         String JavaDoc userName = StringUtil.notNull((SerializableString) pageContext.getSession().getAttribute("UserName"));
283         String JavaDoc db = StringUtil.notNull((SerializableString) pageContext.getSession().getAttribute("db"));
284
285         if (db.equals("")) {
286             db = "default";
287         }
288
289         log.warn("Access to page: " + pageContext.getPage().toString() +
290                 "is denied for username: " + userName + " and DB: " + db);
291
292         if (forwardURL == null) {
293             throw new JspTagException JavaDoc("Access to this page is denied");
294         } else {
295             try {
296                 pageContext.forward(forwardURL);
297             } catch (IOException JavaDoc e) {
298                 throw new JspTagException JavaDoc(e.getMessage());
299             } catch (ServletException JavaDoc e) {
300                 throw new JspTagException JavaDoc(e.getMessage());
301             }
302         }
303     }
304 }
Popular Tags