KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > sf > jguard > jee > taglib > HasPermission


1 /*
2 jGuard is a security framework based on top of jaas (java authentication and authorization security).
3 it is written for web applications, to resolve simply, access control problems.
4 version $Name$
5 http://sourceforge.net/projects/jguard/
6
7 Copyright (C) 2004 Charles GAY
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 2.1 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this library; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24 jGuard project home page:
25 http://sourceforge.net/projects/jguard/
26
27 */
28 package net.sf.jguard.jee.taglib;
29
30 import java.security.Permission JavaDoc;
31
32 import javax.security.auth.Subject JavaDoc;
33 import javax.servlet.http.HttpServletRequest JavaDoc;
34 import javax.servlet.jsp.JspException JavaDoc;
35 import javax.servlet.jsp.JspTagException JavaDoc;
36 import javax.servlet.jsp.jstl.core.ConditionalTagSupport;
37
38 import net.sf.jguard.core.authorization.permissions.PermissionUtils;
39 import net.sf.jguard.core.authorization.permissions.URLPermission;
40 import net.sf.jguard.jee.authorization.http.HttpAccessControllerUtils;
41
42 import org.apache.commons.logging.Log;
43 import org.apache.commons.logging.LogFactory;
44 import org.apache.taglibs.standard.lang.support.ExpressionEvaluatorManager;
45
46 /**
47  * display the jsp fragment if the Subject has got this Permission.
48  * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
49  * @since 1.0.0
50  */
51 public class HasPermission extends ConditionalTagSupport {
52
53     private static final long serialVersionUID = -2870113702917724315L;
54     private final String JavaDoc defaultClassName = URLPermission.class.getName();
55     private String JavaDoc className =defaultClassName;
56     private String JavaDoc name ="";
57     private String JavaDoc actions="";
58     /** Logger for this class */
59     private static final Log logger = LogFactory.getLog(HasPermission.class);
60     
61     
62     protected boolean condition() throws JspTagException JavaDoc {
63         
64            try {
65                 String JavaDoc csName =(String JavaDoc)ExpressionEvaluatorManager.evaluate ("class", this.className, String JavaDoc.class, this, pageContext);
66                 this.name=(String JavaDoc)ExpressionEvaluatorManager.evaluate ("name", this.name, String JavaDoc.class, this, pageContext);
67                 this.actions=(String JavaDoc)ExpressionEvaluatorManager.evaluate ("actions", this.actions, String JavaDoc.class, this, pageContext);
68                 if(csName!= null && !csName.equals("")){
69                     className = csName;
70                 }
71             } catch (JspException JavaDoc e1) {
72                 logger.error("condition()", e1);
73                 throw new JspTagException JavaDoc(e1.getMessage());
74             }
75
76
77             Subject JavaDoc subject = TagUtils.getSubject(this.pageContext);
78             if(subject == null){
79                 return false;
80             }
81
82
83             Permission JavaDoc permission = null;
84             try {
85                 permission = (Permission JavaDoc)PermissionUtils.getPermission(className,name,actions);
86             } catch (ClassNotFoundException JavaDoc e) {
87                 logger.warn("permission cannot be built ", e);
88                 throw new JspTagException JavaDoc(e.getMessage());
89             }
90             if(logger.isDebugEnabled()){
91                 logger.debug("permission implementation class="+permission);
92                 logger.debug("permission actions="+actions);
93             }
94             if(!HttpAccessControllerUtils.hasPermission((HttpServletRequest JavaDoc)pageContext.getRequest(),permission)){
95                   return false;
96             }
97
98                   return true;
99
100     }
101
102
103     public String JavaDoc getActions() {
104         return actions;
105     }
106
107     public void setActions(String JavaDoc actions) {
108         this.actions = actions;
109     }
110
111     public String JavaDoc getClassName() {
112         return className;
113     }
114
115     public void setClassName(String JavaDoc className) {
116         this.className = className;
117     }
118
119
120     public String JavaDoc getName() {
121         return name;
122     }
123
124
125     public void setName(String JavaDoc name) {
126         this.name = name;
127     }
128
129 }
130
Popular Tags