ACLInterceptor


1   /*
2    * This file is part of "SnipSnap Wiki/Weblog".
3    *
4    * Copyright (c) 2002 Stephan J. Schmidt, Matthias L. Jugel
5    * All Rights Reserved.
6    *
7    * Please visit http://snipsnap.org/ for updates and contact.
8    *
9    * --LICENSE NOTICE--
10   * This program is free software; you can redistribute it and/or
11   * modify it under the terms of the GNU General Public License
12   * as published by the Free Software Foundation; either version 2
13   * of the License, or (at your option) any later version.
14   *
15   * This program is distributed in the hope that it will be useful,
16   * but WITHOUT ANY WARRANTY; without even the implied warranty of
17   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18   * GNU General Public License for more details.
19   *
20   * You should have received a copy of the GNU General Public License
21   * along with this program; if not, write to the Free Software
22   * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23   * --LICENSE NOTICE--
24   */
25  
26  package org.snipsnap.interceptor.custom;
27  
28  import org.snipsnap.app.Application;
29  import org.snipsnap.interceptor.InterceptorSupport;
30  import org.snipsnap.interceptor.Invocation;
31  import org.snipsnap.snip.Snip;
32  import org.snipsnap.user.Roles;
33  import org.snipsnap.user.Security;
34  import org.snipsnap.user.User;
35  
36  import java.security.GeneralSecurityException  ;
37  
38  /**
39   * Access Control Interceptor for checking permissions of set operations on objects.
40   *
41   * @author Stephan J. Schmidt
42   * @version $Id: ACLInterceptor.java 1665 2004-06-22 12:19:05Z leo $
43   */
44  public class ACLInterceptor extends InterceptorSupport {
45    private Roles roles;
46  
47    public ACLInterceptor() {
48      super();
49      roles = new Roles();
50      roles.add("Editor");
51    }
52  
53    public Object   invoke(Invocation invocation) throws Throwable   {
54      // hack should a.) also check other methods b.) declare security for every method
55      String   name = invocation.getMethod().getName();
56      User user = Application.get().getUser();
57      Snip snip = (Snip) invocation.getTarget();
58      if (invocation.getMethod().getName().startsWith("set")) {
59        //Logger.debug("ACLInterceptor: Method="+invocation.getMethod().getName());
60        //Logger.debug("ACLInterceptor: User = "+user);
61        //Logger.debug("ACLInterceptor: Snip = "+snip);
62        if (user != null && !user.isAdmin()) {// TODO: checking for the admin is a hack
63          if (!(Security.checkPermission("Edit", user, snip)
64                  || Security.hasRoles(user, snip, roles))) {
65            //Logger.debug("SECURITY EXCEPTION");
66            throw new GeneralSecurityException  (snip.getName() + ": " + user + " is not allowed to modify object");
67          }
68        }
69      } else if ("getContent".equals(name) || "getXMLContent".equals(name)) {
70        String   snipName = snip.getName();
71        if (user != null && ("SnipSnap/config".equals(snipName) || snipName.startsWith("SnipSnap/blacklist")) && !user.isAdmin()) {
72          return "content protected";
73        }
74      }
75      return invocation.next();
76    }
77  }
78
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags