1 28 package net.sf.jguard.jee.taglib; 29 30 import java.security.Permission ; 31 32 import javax.security.auth.Subject ; 33 import javax.servlet.http.HttpServletRequest ; 34 import javax.servlet.jsp.JspException ; 35 import javax.servlet.jsp.JspTagException ; 36 import javax.servlet.jsp.jstl.core.ConditionalTagSupport; 37 38 import net.sf.jguard.core.authorization.permissions.PermissionUtils; 39 import net.sf.jguard.core.authorization.permissions.URLPermission; 40 import net.sf.jguard.jee.authorization.http.HttpAccessControllerUtils; 41 42 import org.apache.commons.logging.Log; 43 import org.apache.commons.logging.LogFactory; 44 import org.apache.taglibs.standard.lang.support.ExpressionEvaluatorManager; 45 46 51 public class HasPermission extends ConditionalTagSupport { 52 53 private static final long serialVersionUID = -2870113702917724315L; 54 private final String defaultClassName = URLPermission.class.getName(); 55 private String className =defaultClassName; 56 private String name =""; 57 private String actions=""; 58 59 private static final Log logger = LogFactory.getLog(HasPermission.class); 60 61 62 protected boolean condition() throws JspTagException { 63 64 try { 65 String csName =(String )ExpressionEvaluatorManager.evaluate ("class", this.className, String .class, this, pageContext); 66 this.name=(String )ExpressionEvaluatorManager.evaluate ("name", this.name, String .class, this, pageContext); 67 this.actions=(String )ExpressionEvaluatorManager.evaluate ("actions", this.actions, String .class, this, pageContext); 68 if(csName!= null && !csName.equals("")){ 69 className = csName; 70 } 71 } catch (JspException e1) { 72 logger.error("condition()", e1); 73 throw new JspTagException (e1.getMessage()); 74 } 75 76 77 Subject subject = TagUtils.getSubject(this.pageContext); 78 if(subject == null){ 79 return false; 80 } 81 82 83 Permission permission = null; 84 try { 85 permission = (Permission )PermissionUtils.getPermission(className,name,actions); 86 } catch (ClassNotFoundException e) { 87 logger.warn("permission cannot be built ", e); 88 throw new JspTagException (e.getMessage()); 89 } 90 if(logger.isDebugEnabled()){ 91 logger.debug("permission implementation class="+permission); 92 logger.debug("permission actions="+actions); 93 } 94 if(!HttpAccessControllerUtils.hasPermission((HttpServletRequest )pageContext.getRequest(),permission)){ 95 return false; 96 } 97 98 return true; 99 100 } 101 102 103 public String getActions() { 104 return actions; 105 } 106 107 public void setActions(String actions) { 108 this.actions = actions; 109 } 110 111 public String getClassName() { 112 return className; 113 } 114 115 public void setClassName(String className) { 116 this.className = className; 117 } 118 119 120 public String getName() { 121 return name; 122 } 123 124 125 public void setName(String name) { 126 this.name = name; 127 } 128 129 } 130 | Popular Tags |