GroovyDispatchAction


1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.example.struts.admin.actions;
29  
30  import groovy.lang.GroovyShell;
31  
32  import java.security.AccessControlContext  ;
33  import java.security.AccessController  ;
34  import java.security.PrivilegedAction  ;
35  
36  import javax.servlet.http.HttpServletRequest  ;
37  import javax.servlet.http.HttpServletResponse  ;
38  
39  import net.sf.jguard.core.authorization.policy.AccessControlContextUtils;
40  import net.sf.jguard.core.principals.RolePrincipal;
41  import net.sf.jguard.example.struts.actions.BaseAction;
42  import net.sf.jguard.ext.SecurityConstants;
43  import net.sf.jguard.ext.authorization.AuthorizationException;
44  import net.sf.jguard.ext.authorization.manager.AuthorizationManager;
45  
46  import org.apache.log4j.Logger;
47  import org.apache.struts.action.ActionForm;
48  import org.apache.struts.action.ActionForward;
49  import org.apache.struts.action.ActionMapping;
50  import org.apache.struts.action.DynaActionForm;
51  import org.codehaus.groovy.control.CompilationFailedException;
52  /**
53   * a groovy dedicated action to show how to execute code in a "safe" sandbox.
54   * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
55   */
56  public class GroovyDispatchAction extends BaseAction {
57      private static Logger logger = Logger.getLogger(GroovyDispatchAction.class);
58  
59      /**
60       * create a new URLPermission.
61       * @param mapping
62       * @param form
63       * @param request
64       * @param response
65       * @return
66       */
67      public ActionForward executeShell(ActionMapping mapping, ActionForm form, HttpServletRequest   request, HttpServletResponse   response) {
68           DynaActionForm dyna = (DynaActionForm)form;
69           String   scriptText = (String  )dyna.get("scriptText");
70           GroovyShell gs = new GroovyShell();
71           try {
72              Object   result = gs.evaluate(scriptText);
73              dyna.set("scriptResult",result);
74           } catch (CompilationFailedException e) {
75              logger.error("groovy Error=",e);
76           }
77  
78           return mapping.findForward("executeShell");
79      }
80      /**
81       * create a new URLPermission.
82       * @param mapping
83       * @param form
84       * @param request
85       * @param response
86       * @return
87       */
88      public ActionForward executeSafeShell(ActionMapping mapping, ActionForm form, HttpServletRequest   request, HttpServletResponse   response) {
89           DynaActionForm dyna = (DynaActionForm)form;
90           final String   scriptText = (String  )dyna.get("scriptText");
91           final GroovyShell gs = new GroovyShell();
92           final Object   result;
93           AuthorizationManager am = (AuthorizationManager) request.getSession().getServletContext().getAttribute(SecurityConstants.AUTHORIZATION_MANAGER);
94           AccessControlContext   acc = null;
95          try {
96              acc = AccessControlContextUtils.getRestrictedAccessControlContext((RolePrincipal) am.readPrincipal("guest"));
97          } catch (AuthorizationException e1) {
98              e1.printStackTrace();
99          }
100         System.setSecurityManager(new SecurityManager  ());
101         try{
102          result = AccessController.doPrivileged(
103              new PrivilegedAction  () {
104                          public Object   run() {
105                              Object   scriptResult = null;
106                              try {
107                                  //System.setSecurityManager(new SecurityManager());
108                                  scriptResult = gs.evaluate(scriptText);
109                             } catch (CompilationFailedException e) {
110                                 logger.error(e.getMessage());
111                             }
112                          return scriptResult;
113                          }
114              },acc);
115          dyna.set("scriptResult",result);
116         }catch(SecurityException   sex){
117             dyna.set("scriptResult",sex.getMessage());
118         }
119 
120          return mapping.findForward("executeShellOK");
121     }
122 }
123
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags