Authorized


1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.jee.taglib;
29  
30  
31  
32  
33  import java.security.Permission  ;
34  
35  import javax.security.auth.Subject  ;
36  import javax.servlet.http.HttpServletRequest  ;
37  import javax.servlet.jsp.JspException  ;
38  import javax.servlet.jsp.JspTagException  ;
39  import javax.servlet.jsp.jstl.core.ConditionalTagSupport;
40  
41  import net.sf.jguard.core.authorization.permissions.PermissionUtils;
42  import net.sf.jguard.core.authorization.permissions.URLPermission;
43  import net.sf.jguard.jee.authorization.http.HttpAccessControllerUtils;
44  
45  import org.apache.commons.logging.Log;
46  import org.apache.commons.logging.LogFactory;
47  import org.apache.taglibs.standard.lang.support.ExpressionEvaluatorManager;
48  
49  
50  /**
51   * display the jsp fragment if the user has got the right to access to the ressource
52   * protected by the permission.
53   * @author <a HREF="mailto:diabolo512@users.sourceforge.net ">Charles Gay</a>
54   */
55  public class Authorized extends ConditionalTagSupport{
56      /** Logger for this class */
57      private static final Log logger = LogFactory.getLog(Authorized.class);
58  
59      /**
60      * serial version id.
61      */
62      private static final long serialVersionUID = 3833742183621736755L;
63      private String   uri;
64      private String   permission=URLPermission.class.getName();
65  
66  
67      /**
68       * @return uri
69       */
70      public String   getUri() {
71          return uri;
72      }
73  
74  
75      /**
76       * @param strUri
77       */
78      public void setUri(String   strUri) {
79                uri = strUri;
80  
81      }
82  
83  
84      /**
85       * allow or not to display jsp content;depends on access rights.
86       * @return true if tag displays content when user is authorized; false otherwise
87       * @see javax.servlet.jsp.jstl.core.ConditionalTagSupport#condition()
88       */
89      protected boolean condition() throws JspTagException   {
90  
91          try {
92              this.uri=(String  )ExpressionEvaluatorManager.evaluate ("uri", this.uri, String  .class, this, pageContext);
93              String   perm = (String  )ExpressionEvaluatorManager.evaluate ("permission", this.permission, String  .class, this, pageContext);
94              if(perm!= null && !perm.equals("")){
95                  permission = perm;
96              }
97          } catch (JspException   e1) {
98              logger.error("condition()", e1);
99              throw new JspTagException  (e1.getMessage());
100         }
101 
102         if(logger.isDebugEnabled()){
103             logger.debug("<jguard:authorized> tag uri="+uri);
104         }
105 
106         Subject   subject = TagUtils.getSubject(this.pageContext);
107         if(subject == null){
108             return false;
109         }
110 
111         StringBuffer   actions = new StringBuffer  ();
112         actions.append(uri);
113 
114         Permission   urlPermission = null;
115         try {
116             urlPermission = (Permission  )PermissionUtils.getPermission(permission,"dummy name",actions.toString());
117         } catch (ClassNotFoundException   e) {
118             logger.warn("permission cannot be built ", e);
119         }
120         if(logger.isDebugEnabled()){
121             logger.debug("permission implementation class="+permission);
122             logger.debug("permission actions="+actions.toString());
123             logger.debug("URLPermission="+urlPermission);
124         }
125         if(!HttpAccessControllerUtils.hasPermission((HttpServletRequest  )pageContext.getRequest(),urlPermission)){
126               return false;
127         }
128 
129               return true;
130 
131     }
132 
133 
134     public String   getPermission() {
135         return permission;
136     }
137 
138 
139     public void setPermission(String   permission) {
140         this.permission = permission;
141     }
142 }
143
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags