1 28 package net.sf.jguard.jee.taglib; 29 30 31 32 33 import java.security.Permission ; 34 35 import javax.security.auth.Subject ; 36 import javax.servlet.http.HttpServletRequest ; 37 import javax.servlet.jsp.JspException ; 38 import javax.servlet.jsp.JspTagException ; 39 import javax.servlet.jsp.jstl.core.ConditionalTagSupport; 40 41 import net.sf.jguard.core.authorization.permissions.PermissionUtils; 42 import net.sf.jguard.core.authorization.permissions.URLPermission; 43 import net.sf.jguard.jee.authorization.http.HttpAccessControllerUtils; 44 45 import org.apache.commons.logging.Log; 46 import org.apache.commons.logging.LogFactory; 47 import org.apache.taglibs.standard.lang.support.ExpressionEvaluatorManager; 48 49 50 55 public class Authorized extends ConditionalTagSupport{ 56 57 private static final Log logger = LogFactory.getLog(Authorized.class); 58 59 62 private static final long serialVersionUID = 3833742183621736755L; 63 private String uri; 64 private String permission=URLPermission.class.getName(); 65 66 67 70 public String getUri() { 71 return uri; 72 } 73 74 75 78 public void setUri(String strUri) { 79 uri = strUri; 80 81 } 82 83 84 89 protected boolean condition() throws JspTagException { 90 91 try { 92 this.uri=(String )ExpressionEvaluatorManager.evaluate ("uri", this.uri, String .class, this, pageContext); 93 String perm = (String )ExpressionEvaluatorManager.evaluate ("permission", this.permission, String .class, this, pageContext); 94 if(perm!= null && !perm.equals("")){ 95 permission = perm; 96 } 97 } catch (JspException e1) { 98 logger.error("condition()", e1); 99 throw new JspTagException (e1.getMessage()); 100 } 101 102 if(logger.isDebugEnabled()){ 103 logger.debug("<jguard:authorized> tag uri="+uri); 104 } 105 106 Subject subject = TagUtils.getSubject(this.pageContext); 107 if(subject == null){ 108 return false; 109 } 110 111 StringBuffer actions = new StringBuffer (); 112 actions.append(uri); 113 114 Permission urlPermission = null; 115 try { 116 urlPermission = (Permission )PermissionUtils.getPermission(permission,"dummy name",actions.toString()); 117 } catch (ClassNotFoundException e) { 118 logger.warn("permission cannot be built ", e); 119 } 120 if(logger.isDebugEnabled()){ 121 logger.debug("permission implementation class="+permission); 122 logger.debug("permission actions="+actions.toString()); 123 logger.debug("URLPermission="+urlPermission); 124 } 125 if(!HttpAccessControllerUtils.hasPermission((HttpServletRequest )pageContext.getRequest(),urlPermission)){ 126 return false; 127 } 128 129 return true; 130 131 } 132 133 134 public String getPermission() { 135 return permission; 136 } 137 138 139 public void setPermission(String permission) { 140 this.permission = permission; 141 } 142 } 143 | Popular Tags |