1 28 package net.sf.jguard.example.struts.admin.actions; 29 30 import groovy.lang.GroovyShell; 31 32 import java.security.AccessControlContext ; 33 import java.security.AccessController ; 34 import java.security.PrivilegedAction ; 35 36 import javax.servlet.http.HttpServletRequest ; 37 import javax.servlet.http.HttpServletResponse ; 38 39 import net.sf.jguard.core.authorization.policy.AccessControlContextUtils; 40 import net.sf.jguard.core.principals.RolePrincipal; 41 import net.sf.jguard.example.struts.actions.BaseAction; 42 import net.sf.jguard.ext.SecurityConstants; 43 import net.sf.jguard.ext.authorization.AuthorizationException; 44 import net.sf.jguard.ext.authorization.manager.AuthorizationManager; 45 46 import org.apache.log4j.Logger; 47 import org.apache.struts.action.ActionForm; 48 import org.apache.struts.action.ActionForward; 49 import org.apache.struts.action.ActionMapping; 50 import org.apache.struts.action.DynaActionForm; 51 import org.codehaus.groovy.control.CompilationFailedException; 52 56 public class GroovyDispatchAction extends BaseAction { 57 private static Logger logger = Logger.getLogger(GroovyDispatchAction.class); 58 59 67 public ActionForward executeShell(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) { 68 DynaActionForm dyna = (DynaActionForm)form; 69 String scriptText = (String )dyna.get("scriptText"); 70 GroovyShell gs = new GroovyShell(); 71 try { 72 Object result = gs.evaluate(scriptText); 73 dyna.set("scriptResult",result); 74 } catch (CompilationFailedException e) { 75 logger.error("groovy Error=",e); 76 } 77 78 return mapping.findForward("executeShell"); 79 } 80 88 public ActionForward executeSafeShell(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) { 89 DynaActionForm dyna = (DynaActionForm)form; 90 final String scriptText = (String )dyna.get("scriptText"); 91 final GroovyShell gs = new GroovyShell(); 92 final Object result; 93 AuthorizationManager am = (AuthorizationManager) request.getSession().getServletContext().getAttribute(SecurityConstants.AUTHORIZATION_MANAGER); 94 AccessControlContext acc = null; 95 try { 96 acc = AccessControlContextUtils.getRestrictedAccessControlContext((RolePrincipal) am.readPrincipal("guest")); 97 } catch (AuthorizationException e1) { 98 e1.printStackTrace(); 99 } 100 System.setSecurityManager(new SecurityManager ()); 101 try{ 102 result = AccessController.doPrivileged( 103 new PrivilegedAction () { 104 public Object run() { 105 Object scriptResult = null; 106 try { 107 scriptResult = gs.evaluate(scriptText); 109 } catch (CompilationFailedException e) { 110 logger.error(e.getMessage()); 111 } 112 return scriptResult; 113 } 114 },acc); 115 dyna.set("scriptResult",result); 116 }catch(SecurityException sex){ 117 dyna.set("scriptResult",sex.getMessage()); 118 } 119 120 return mapping.findForward("executeShellOK"); 121 } 122 } 123 | Popular Tags |