1 6 7 package com.raptus.owxv3.api.securitymgr.tomcat; 8 9 import java.util.*; 10 11 import javax.servlet.http.HttpServletRequest ; 12 13 import com.raptus.owxv3.*; 14 import com.raptus.owxv3.api.securitymgr.SecurityMgrIF; 15 16 20 public class SecurityManager implements SecurityMgrIF 21 { 22 protected HttpServletRequest req = null; 23 24 public SecurityManager() 25 { 26 } 27 28 33 public SecurityManager(HttpServletRequest req) 34 { 35 this.req = req; 36 } 37 38 43 public void setRequest(HttpServletRequest req) 44 { 45 this.req = req; 46 } 47 48 57 public boolean hasAccess(VModuleSectionElement element) 58 { 59 VModuleSection section = element.getSection(); 62 if(!this.hasAccess(section)) 63 { 64 return false; 65 } 66 67 LoggingManager.log("Checking access for element "+element.getIdentification(), this); 68 69 String roles[] = element.getRoles(); 70 if(roles != null) 71 { 72 for(int i=0;i<roles.length;i++) 73 { 74 LoggingManager.log("Element role -> "+roles[i], this); 75 } 76 } 77 78 if(roles == null) 79 { 80 LoggingManager.log("No roles defined for element "+element.getIdentification()+ 83 " granted access through section's roles!", this); 84 return true; 85 } 86 else 87 { 88 return checkAccess(roles); 89 } 90 } 91 92 101 public boolean hasAccess(VModuleSection section) 102 { 103 VModule vm = section.getVModule(); 106 if(!this.hasAccess(vm)) 107 { 108 return false; 109 } 110 111 LoggingManager.log("Checking access for section "+section.getIdentification(), this); 112 String [] roles = section.getRoles(); 114 if(roles == null) 115 { 116 LoggingManager.log("No roles defined for section "+section.getIdentification()+ 119 " granted access thrugh vmodule's roles!", this); 120 return true; 121 } 122 else 123 { 124 return checkAccess(roles); 125 } 126 } 127 128 133 protected boolean checkAccess(String [] roles) 134 { 135 String user = req.getRemoteUser(); 137 if(user != null && user.length()<1) 138 { 139 user = null; 140 } 141 LoggingManager.log("User name='"+user+"'", this); 142 if(roles == null) 144 { 145 LoggingManager.log("Access denied, no roles defined for user !"+user, this); 146 return false; 147 } 148 149 if(user == null) 151 { 152 LoggingManager.log("User is not logged in, checking for guest role", this); 153 for(int i=0;i<roles.length;i++) 154 { 155 LoggingManager.log("guest <-> "+roles[i]); 156 if("guest".equals(roles[i])) 157 { 158 LoggingManager.log("Allowing access, based on guest role", this); 159 return true; 160 } 161 } 162 163 LoggingManager.log("Access denied, user not logged in and no guest role was found!", this); 165 return false; 166 } 167 168 LoggingManager.log("User is logged in, checking for roles matching the user's role", this); 169 for(int i=0;i<roles.length;i++) 170 { 171 LoggingManager.log(user+" <-> "+roles[i]); 172 if(req.isUserInRole(roles[i])) 175 { 176 LoggingManager.log("Allowing access to "+user+" based on role "+roles[i], this); 178 return true; 179 } 180 if("guest".equals(roles[i])) 181 { 182 LoggingManager.log("Allowing access to "+user+" based on role "+roles[i], this); 183 return true; 184 } 185 } 186 187 LoggingManager.log("Access denied, no matching role for "+user+"!", this); 188 return false; 189 } 190 191 200 public boolean hasAccess(VModule vm) 201 { 202 String [] roles = vm.getRoles(); 203 LoggingManager.log("Checking access for vmodule "+vm.getIdentification(), this); 204 return checkAccess(roles); 205 } 206 207 212 public Locale getLocale() 213 { 214 Locale l=null; 218 if(req == null) 219 { 220 XMLConfigManager cm = XMLConfigManager.getInstance(); 222 String slocale=cm.getPropertyByTree("/virtualhost/globalconfig/defaultlocale","value"); 223 if(slocale == null) 224 { 225 LoggingManager.log("Default locale not defined! Defaulting to en_GB", this); 226 slocale = "en_GB"; 227 } 228 229 StringTokenizer st = new StringTokenizer(slocale); 230 String s1 = st.nextToken(); 231 232 if(st.hasMoreTokens()) 233 { 234 l = new Locale(s1, st.nextToken()); 235 } 236 else 237 { 238 l = new Locale(s1); 239 } 240 LoggingManager.log("Loaded locale from config file", this); 241 } 242 else 243 { 244 if(req.getParameter(Constants.HTTPGET_PARAM_LOCALE) != null && 249 req.getParameter(Constants.HTTPGET_PARAM_LOCALE).length()>0) 250 { 251 String sl = (String )req.getParameter(Constants.HTTPGET_PARAM_LOCALE); 253 LoggingManager.log("Locale:"+sl); 254 String sres[] = split(sl, "_"); 255 if(sres.length==1) 256 { 257 l = new Locale(sres[0]); 258 } 259 else 260 { 261 l = new Locale(sres[0],sres[1]); 262 } 263 LoggingManager.log("Loaded locale from url params", this); 264 } 265 else 266 { 267 l = (Locale)req.getSession().getAttribute(Constants.HTTPGET_PARAM_LOCALE); 269 if(l == null) 270 { 271 XMLConfigManager cm = XMLConfigManager.getInstance(); 273 String slocale=cm.getPropertyByTree("/virtualhost/globalconfig/defaultlocale","value"); 274 if(slocale == null) 275 { 276 LoggingManager.log("Default locale not defined! Defaulting to en_GB, this"); 277 slocale = "en_GB"; 278 } 279 LoggingManager.log("Locale in cfgfile is "+slocale); 280 StringTokenizer st = new StringTokenizer(slocale,"_"); 281 String s1 = st.nextToken(); 282 283 if(st.hasMoreTokens()) 284 { 285 l = new Locale(s1, st.nextToken()); 286 } 287 else 288 { 289 l = new Locale(s1); 290 } 291 LoggingManager.log("Loaded locale from config file", this); 292 } 293 else 294 { 295 LoggingManager.log("Loaded locale from session", this); 296 } 297 } 298 } 299 300 LoggingManager.log("Final locale:"+l.toString(), this); 301 if(req != null) 303 { 304 req.getSession().setAttribute(Constants.HTTPGET_PARAM_LOCALE, l); 305 } 306 return l; 307 } 308 309 public String [] split(String str, String delim) 310 { 311 StringTokenizer st = new StringTokenizer(str, delim); 312 String [] res = new String [st.countTokens()]; 313 int i=0; 314 while(st.hasMoreTokens()) 315 { 316 res[i++] = st.nextToken(); 317 } 318 319 return res; 320 } 321 322 334 public boolean needLoginForRoles(String [] roles) 335 { 336 String user = req.getRemoteUser(); 337 338 if(user != null && user.length()<1) 339 { 340 user = null; 341 } 342 343 if(checkAccess(roles)) 344 { 345 return false; 347 } 348 349 if(user == null) 352 { 353 return true; 354 } 355 else 356 { 357 return false; 360 } 361 } 362 363 375 public boolean needLogin(VModuleSectionElement element) 376 { 377 VModuleSection section = element.getSection(); 378 VModule vm = section.getVModule(); 379 if(needLoginForRoles(vm.getRoles())) 380 { 381 LoggingManager.log("Need login, based on vmodule's roles", this); 382 return true; 383 } 384 385 if(needLoginForRoles(section.getRoles())) 386 { 387 LoggingManager.log("Need login, based on section's roles", this); 388 return true; 389 } 390 391 if(needLoginForRoles(element.getRoles())) 392 { 393 LoggingManager.log("Need login, based on element's roles", this); 394 return true; 395 } 396 397 return false; 398 } 399 400 404 public String [] getAllowedVModules() 405 { 406 Vector result=new Vector(); 407 String [] vmodules=VModuleManager.getInstance().getVModules(); 408 409 for(int i=0;i<vmodules.length;i++) 410 { 411 VModule vm = VModuleManager.getInstance().getVModule(vmodules[i]); 412 if(hasAccess(vm)) 413 { 414 result.add(vm); 415 } 416 } 417 418 String [] res = new String [result.size()]; 419 for(int i=0;i<result.size();i++) 420 { 421 VModule vm = (VModule)result.get(i); 422 res[i] = vm.getIdentification(); 423 } 424 425 return res; 426 } 427 } 428 | Popular Tags |