1 64 65 package com.jcorporate.expresso.ext.taglib; 66 67 import com.jcorporate.expresso.core.db.DBException; 68 import com.jcorporate.expresso.core.misc.CurrentLogin; 69 import com.jcorporate.expresso.core.misc.SerializableString; 70 import com.jcorporate.expresso.core.misc.StringUtil; 71 import com.jcorporate.expresso.core.security.User; 72 import org.apache.log4j.Logger; 73 74 import javax.servlet.ServletException ; 75 import javax.servlet.jsp.JspTagException ; 76 import javax.servlet.jsp.tagext.TagSupport ; 77 import java.io.IOException ; 78 import java.util.Hashtable ; 79 import java.util.Iterator ; 80 import java.util.List ; 81 import java.util.StringTokenizer ; 82 83 84 106 public class RestrictAccessTag 107 extends TagSupport { 108 private Hashtable allowedUsers = null; 109 private Hashtable allowedGroups = null; 110 private String forwardURL = null; 111 112 private Logger log = Logger.getLogger(RestrictAccessTag.class); 113 114 public RestrictAccessTag() { 115 super(); 116 } 117 118 124 public synchronized void setAllowedUsers(String userList) { 125 if (userList == null) { 126 return; 127 } 128 if (allowedUsers == null) { 129 allowedUsers = new Hashtable (); 130 } 131 132 StringTokenizer strtok = new StringTokenizer (userList, ","); 133 134 while (strtok.hasMoreTokens() == true) { 136 allowedUsers.put(strtok.nextToken(), ""); 137 } 138 } 139 140 147 public synchronized void setAllowedGroups(String groupList) { 148 if (groupList == null) { 149 return; 150 } 151 if (allowedGroups == null) { 152 allowedGroups = new Hashtable (); 153 } 154 155 StringTokenizer strtok = new StringTokenizer (groupList, ","); 156 157 while (strtok.hasMoreTokens() == true) { 159 allowedGroups.put(strtok.nextToken(), ""); 160 } 161 } 162 163 168 public synchronized void setDenyURL(String url) { 169 forwardURL = url; 170 } 171 172 178 public int doEndTag() 179 throws javax.servlet.jsp.JspTagException { 180 181 196 CurrentLogin myLogin = (CurrentLogin) pageContext.getSession().getAttribute(CurrentLogin.LOGIN_KEY); 199 String userName = null; 200 String db = null; 201 if (myLogin != null) { 202 userName = StringUtil.notNull(myLogin.getUserName()); 203 db = StringUtil.notNull(myLogin.getDBName()); 204 205 206 } 207 208 if (userName == null || userName.length() == 0) { 210 denyAccess(); 211 } 212 213 214 if (db == null || db.length() == 0) { 215 db = "default"; 216 } 217 218 User u = null; 219 try { 220 u = new User(); 221 u.setUid(myLogin.getUid()); 222 u.setDataContext(db); 223 if (!u.find()) { 224 denyAccess(); 225 } 226 } catch (DBException ex) { 227 denyAccess(); 228 } 229 230 if (allowedGroups == null && allowedUsers == null && 231 userName.equalsIgnoreCase(User.UNKNOWN_USER) == false) { 232 return EVAL_PAGE; 233 } 234 235 if (allowedUsers != null) { 237 if (allowedUsers.containsKey(userName)) { 240 return EVAL_PAGE; 241 } 242 } 243 if (allowedGroups != null) { 245 try { 246 List l = u.getGroupsList(); 247 248 for (Iterator i = l.iterator(); i.hasNext();) { 249 String curGroup = (String ) i.next(); 250 if (allowedGroups.containsKey(curGroup)) { 252 253 return EVAL_PAGE; 255 } 256 } 257 } catch (DBException e) { 258 throw new JspTagException (e.getMessage()); 259 } 260 } 261 262 denyAccess(); 263 264 return SKIP_PAGE; 265 } 266 267 274 public int doStartTag() 275 throws javax.servlet.jsp.JspTagException { 276 return SKIP_BODY; 277 } 278 279 280 protected void denyAccess() 281 throws javax.servlet.jsp.JspTagException { 282 String userName = StringUtil.notNull((SerializableString) pageContext.getSession().getAttribute("UserName")); 283 String db = StringUtil.notNull((SerializableString) pageContext.getSession().getAttribute("db")); 284 285 if (db.equals("")) { 286 db = "default"; 287 } 288 289 log.warn("Access to page: " + pageContext.getPage().toString() + 290 "is denied for username: " + userName + " and DB: " + db); 291 292 if (forwardURL == null) { 293 throw new JspTagException ("Access to this page is denied"); 294 } else { 295 try { 296 pageContext.forward(forwardURL); 297 } catch (IOException e) { 298 throw new JspTagException (e.getMessage()); 299 } catch (ServletException e) { 300 throw new JspTagException (e.getMessage()); 301 } 302 } 303 } 304 } | Popular Tags |