1 19 20 package com.sslexplorer.security.tags; 21 22 import java.util.ArrayList ; 23 import java.util.List ; 24 import java.util.StringTokenizer ; 25 26 import javax.servlet.jsp.tagext.TagSupport ; 27 28 import org.apache.commons.logging.Log; 29 import org.apache.commons.logging.LogFactory; 30 31 import com.sslexplorer.policyframework.Permission; 32 import com.sslexplorer.policyframework.PolicyDatabaseFactory; 33 import com.sslexplorer.policyframework.ResourceType; 34 import com.sslexplorer.security.LogonControllerFactory; 35 import com.sslexplorer.security.User; 36 37 public class PermissionTag extends TagSupport { 38 39 final static Log log = LogFactory.getLog(PermissionTag.class); 40 41 boolean required = true; 42 int resourceTypeId = -1; 43 String permissionList = ""; 44 boolean all = false; 45 46 public PermissionTag() { 47 } 48 49 public int doStartTag() { 50 51 User user = null; 52 try { 53 user = LogonControllerFactory.getInstance().getUser(pageContext.getSession(), null); 54 if (user == null) { 55 return required ? SKIP_BODY : EVAL_BODY_INCLUDE; 56 } else { 57 58 ResourceType resourceType = null; 59 if (resourceTypeId != -1) { 60 if (permissionList.equals("")) { 61 throw new Error ("No permissionMask attribute supplied."); 62 } 63 resourceType = PolicyDatabaseFactory.getInstance().getResourceType(resourceTypeId); 64 } 65 if (resourceType != null) { 66 StringTokenizer t = new StringTokenizer (permissionList, ","); 67 List allowed = new ArrayList (); 68 List denied = new ArrayList (); 69 while(t.hasMoreTokens()) { 70 String perm = t.nextToken(); 71 if(perm.startsWith("!")) { 72 int id = Integer.parseInt(perm.substring(1)); 73 Permission permInfo = resourceType.getPermission(id); 74 if(permInfo == null) { 75 throw new Error ("No permission with ID of " + id + " in resource type " + resourceType.getResourceTypeId()); 76 } 77 denied.add(permInfo); 78 } 79 else { 80 int id = Integer.parseInt(perm); 81 Permission permInfo = resourceType.getPermission(id); 82 if(permInfo == null) { 83 throw new Error ("No permission with ID of " + id + " in resource type " + resourceType.getResourceTypeId()); 84 } 85 allowed.add(permInfo); 86 } 87 } 88 Permission[] allowedPerms = (Permission[]) 89 allowed.toArray(new Permission[allowed.size()]); 90 Permission[] deniedPerms = (Permission[]) 91 denied.toArray(new Permission[denied.size()]); 92 boolean allowedOk = allowedPerms.length == 0 ? true : PolicyDatabaseFactory.getInstance().isPermitted( 93 resourceType, allowedPerms, user, all); 94 boolean deniedOk = deniedPerms.length == 0 ? all : !PolicyDatabaseFactory.getInstance().isPermitted( 95 resourceType, deniedPerms, user, all); 96 if(all) { 97 if(allowedOk && deniedOk) { 98 return required ? EVAL_BODY_INCLUDE : SKIP_BODY; 99 } 100 else { 101 return required ? SKIP_BODY : EVAL_BODY_INCLUDE; 102 } 103 } 104 else { 105 if(allowedOk || deniedOk) { 106 return required ? EVAL_BODY_INCLUDE : SKIP_BODY; 107 } 108 else { 109 return required ? SKIP_BODY : EVAL_BODY_INCLUDE; 110 } 111 } 112 } else { 113 if (!PolicyDatabaseFactory.getInstance().isAnyAccessRightAllowed(user, true, true, false)) { 114 return SKIP_BODY; 115 } else { 116 return EVAL_BODY_INCLUDE; 117 } 118 } 119 } 120 } catch (Exception e) { 121 log.error("Failed to term permissions.", e); 122 } 123 return SKIP_BODY; 124 } 125 126 public void setAll(boolean all) { 127 this.all = all; 128 } 129 130 public void setRequired(boolean required) { 131 this.required = required; 132 } 133 134 public void setResourceType(int resourceTypeId) { 135 this.resourceTypeId = resourceTypeId; 136 } 137 138 public void setPermissionList(String permissionList) { 139 this.permissionList = permissionList; 140 } 141 142 public void setPermissionList(int permissionList) { 143 this.permissionList = String.valueOf(permissionList); 144 } 145 146 151 public void release() { 152 required = true; 153 permissionList = ""; 154 resourceTypeId = -1; 155 all = false; 156 super.release(); 157 } 158 } | Popular Tags |