KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > sf > jguard > jee > authorization > http > HttpAccessControllerUtils


1 /*
2 jGuard is a security framework based on top of jaas (java authentication and authorization security).
3 it is written for web applications, to resolve simply, access control problems.
4 version $Name$
5 http://sourceforge.net/projects/jguard/
6
7 Copyright (C) 2004 Charles GAY
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 2.1 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this library; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24 jGuard project home page:
25 http://sourceforge.net/projects/jguard/
26
27 */

28 package net.sf.jguard.jee.authorization.http;
29
30 import java.security.AccessControlException JavaDoc;
31 import java.security.Permission JavaDoc;
32 import java.security.PrivilegedActionException JavaDoc;
33
34 import javax.security.auth.Subject JavaDoc;
35 import javax.servlet.http.HttpServletRequest JavaDoc;
36 import javax.servlet.http.HttpSession JavaDoc;
37
38 import net.sf.jguard.core.authorization.policy.AccessControllerUtils;
39 import net.sf.jguard.jee.authentication.http.HttpAuthenticationUtils;
40 import net.sf.jguard.jee.authentication.http.HttpConstants;
41
42 import org.apache.commons.logging.Log;
43 import org.apache.commons.logging.LogFactory;
44
45 public class HttpAccessControllerUtils {
46
47     static public final Log logger = LogFactory.getLog(HttpAccessControllerUtils.class);
48     
49     /**
50      * return the Subject from the HttpSession, or null if no Subject is present.
51      * @param session
52      * @return
53      */

54     public static AccessControllerUtils getAuthorizationUtils(HttpSession JavaDoc session){
55         AccessControllerUtils authUtils = (AccessControllerUtils)session.getServletContext().getAttribute(HttpConstants.AUTHZ_UTILS);
56         return authUtils;
57     }
58     
59     public static void checkPermission(HttpSession JavaDoc session,Permission JavaDoc p)throws AccessControlException JavaDoc, PrivilegedActionException JavaDoc{
60         if(session ==null){
61             throw new AccessControlException JavaDoc(" user is not yet authenticated ",p);
62         }
63         AccessControllerUtils authZUtils =getAuthorizationUtils(session);
64         Subject JavaDoc subject = HttpAuthenticationUtils.getSubject(session);
65         if(subject == null){
66             throw new AccessControlException JavaDoc(" user is not yet authenticated ",p);
67         }
68         authZUtils.checkPermission(subject, p);
69     }
70     
71     /**
72      * check if the user has got the permission and return the result as a boolean.
73      * it does not throw any PrivilegedActionException or AccessControlException.
74      * @param request
75      * @param p
76      * @return
77      */

78     public static boolean hasPermission(HttpServletRequest JavaDoc request,Permission JavaDoc p){
79         boolean result = true;
80         try{
81             checkPermission(request.getSession(true), p);
82         }catch(AccessControlException JavaDoc ace){
83             logger.debug(ace.getMessage());
84             result = false;
85         }catch(PrivilegedActionException JavaDoc pae){
86             logger.debug(pae.getMessage());
87             result = false;
88         }
89         
90         return result;
91     }
92
93 }
94
Popular Tags