KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > openedit > modules > admin > AllowViewing


1 /*
2 Copyright (c) 2003 eInnovation Inc. All rights reserved
3
4 This library is free software; you can redistribute it and/or modify it under the terms
5 of the GNU Lesser General Public License as published by the Free Software Foundation;
6 either version 2.1 of the License, or (at your option) any later version.
7
8 This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
9 without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 See the GNU Lesser General Public License for more details.
11 */
12
13 package com.openedit.modules.admin;
14
15 import java.util.ArrayList JavaDoc;
16 import java.util.Iterator JavaDoc;
17 import java.util.List JavaDoc;
18
19 import org.apache.commons.logging.Log;
20 import org.apache.commons.logging.LogFactory;
21
22 import com.openedit.OpenEditException;
23 import com.openedit.WebPageRequest;
24 import com.openedit.config.Configuration;
25 import com.openedit.page.Page;
26 import com.openedit.page.PageSettings;
27 import com.openedit.page.manage.PageManager;
28 import com.openedit.util.PathUtilities;
29 import com.openedit.util.strainer.Filter;
30 import com.openedit.util.strainer.FilterException;
31
32
33 /**
34  * This action enforces that the currently logged-in user has a certain specified permission, and
35  * redirects to the login page otherwise. A sample configuration would look like this:
36  * <pre>
37  * &lt;path-action path="/openedit/*" name="enforceAdminPrivilege"&gt;
38  * &lt;login-path&gt;/openedit/authentication/logon.html&lt;/login-path&gt;
39  * &lt;permission&gt;wsp.administration&lt;/permission&gt;
40  * &lt;exclude&gt;/openedit/authentication/logon.html&lt;/exclude&gt;
41  * &lt;exclude&gt;/openedit/dologon.html&lt;/exclude&gt;
42  * &lt;exclude&gt;/openedit/editors/*&lt;/exclude&gt;
43  * &lt;/path-action&gt;
44  * </pre>
45  *
46  * @author Eric Galluzzo
47  */
48 public class AllowViewing
49 {
50     protected static final String JavaDoc DEFAULT_LOGIN_PATH = "/openedit/authentication/logon.html";
51     protected static final String JavaDoc DEFAULT_ADMIN_PERMISSION = "oe.administration";
52
53     private static final Log log = LogFactory.getLog(AllowViewing.class);
54
55     protected String JavaDoc fieldLoginPath;
56     protected List JavaDoc fieldExcludes;
57     protected PageManager fieldPageManager;
58
59
60     /* (non-Javadoc)
61      * @see com.openedit.action.Command#execute(java.util.Map, java.util.Map)
62      */
63     public void execute( WebPageRequest inReq ) throws OpenEditException
64     {
65         Page page = (Page) inReq.getPage(); //urlUtils.requestPath();
66 String JavaDoc requestPath = page.getPath();
67
68         if (!inExcludeList(requestPath))
69         {
70             Filter filter = inReq.getPage().getViewFilter();
71             if ( (filter != null) )
72             {
73                 if ( !filter.passes( inReq ))
74                 {
75                     log.error("No permission for " + page.getPath() + " sending redirect");
76                     inReq.putPageValue("oe-exception", "You do not have permission to view "+ page.getPath() );
77
78                      //this is the original page someone might have been on. Used in login
79 inReq.putSessionValue("originalEntryPage",inReq.getContentPage().getPath() );
80                     
81                     inReq.redirect( getLoginPath() );
82                 }
83             }
84             else
85             {
86                 log.info("No view restrictions have been set for " + requestPath);
87             }
88         }
89
90     }
91
92     /**
93      * Determine whether the request path is in the exclude list in the given configuration.
94      *
95      * @param inPath The request
96      *
97      * @return <code>true</code> if the path is excluded, <code>false</code> if not
98      */
99     protected boolean inExcludeList(String JavaDoc inPath)
100     {
101         for (Iterator JavaDoc iter = getExcludes().iterator(); iter.hasNext();)
102         {
103             String JavaDoc path = (String JavaDoc)iter.next();
104
105             if (PathUtilities.match(inPath, path))
106             {
107                 log.debug(
108                     "Excluded path " + inPath + " from " + getClass().getName() +
109                     " because it matched " + path);
110
111                 return true;
112             }
113         }
114         if ( inPath.equals( getLoginPath() ) )
115         {
116             return true;
117         }
118         String JavaDoc relative = PathUtilities.resolveRelativePath(getLoginPath(), inPath);
119         if ( inPath.equals( relative ) )
120         {
121             return true;
122         }
123         return false;
124     }
125     /* (non-Javadoc)
126      * @see com.openedit.command.Command#load(com.anthonyeden.lib.config.Configuration)
127      */
128     public void configure( Configuration inElement, PageSettings inSettings )
129     {
130         fieldLoginPath = inElement.getChildValue( "login-path" );
131         fieldLoginPath = inSettings.replaceProperty(fieldLoginPath);
132         
133         for (Iterator JavaDoc iter = inElement.getChildren("exclude").iterator(); iter.hasNext();)
134         {
135             Configuration excludeElem = (Configuration) iter.next();
136             String JavaDoc path = excludeElem.getValue();
137             path = inSettings.replaceProperty(path);
138             getExcludes().add( path );
139         }
140     }
141     
142     protected String JavaDoc getLoginPath()
143     {
144         if (fieldLoginPath == null)
145         {
146             fieldLoginPath = DEFAULT_LOGIN_PATH;
147         }
148         return fieldLoginPath;
149     }
150     
151     protected List JavaDoc getExcludes()
152     {
153         if (fieldExcludes == null)
154         {
155             fieldExcludes = new ArrayList JavaDoc();
156         }
157         return fieldExcludes;
158     }
159     public PageManager getPageManager()
160     {
161         return fieldPageManager;
162     }
163     public void setPageManager( PageManager pageManager )
164     {
165         fieldPageManager = pageManager;
166     }
167
168     /**
169      * Determine whether the given user passes the given filter.
170      *
171      * @param inReq The user to query
172      * @param inFilter The filter through which to pass the user
173      *
174      * @return boolean <code>true</code> if the user passes, <code>false</code> if not
175      *
176      * @throws OpenEditException If the filter threw an exception
177      */
178     protected boolean userPassesFilter( Filter inFilter )
179         throws OpenEditException
180     {
181         try
182         {
183             return ((inFilter == null) || inFilter.passes( this ));
184         }
185         catch (FilterException fe)
186         {
187             throw new OpenEditException(fe);
188         }
189     }
190
191 }
192
Popular Tags