View Javadoc

1   package org.apache.turbine.util;
2   
3   
4   /*
5    * Licensed to the Apache Software Foundation (ASF) under one
6    * or more contributor license agreements.  See the NOTICE file
7    * distributed with this work for additional information
8    * regarding copyright ownership.  The ASF licenses this file
9    * to you under the Apache License, Version 2.0 (the
10   * "License"); you may not use this file except in compliance
11   * with the License.  You may obtain a copy of the License at
12   *
13   *   http://www.apache.org/licenses/LICENSE-2.0
14   *
15   * Unless required by applicable law or agreed to in writing,
16   * software distributed under the License is distributed on an
17   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18   * KIND, either express or implied.  See the License for the
19   * specific language governing permissions and limitations
20   * under the License.
21   */
22  
23  
24  import org.apache.fulcrum.security.SecurityService;
25  import org.apache.fulcrum.security.entity.Permission;
26  import org.apache.fulcrum.security.entity.Role;
27  import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
28  import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
29  import org.apache.fulcrum.security.util.RoleSet;
30  import org.apache.fulcrum.security.util.UnknownEntityException;
31  import org.apache.turbine.services.TurbineServices;
32  
33  /**
34   * Utility for doing security checks in Screens and Actions.
35   *
36   * Sample usage:<br>
37   *
38   * <pre><code>
39   * SecurityCheck mycheck =
40   *   new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
41   * if (!mycheck.hasPermission("add_user");
42   *   return;
43   *</code></pre>
44   *
45   * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
46   * @author <a href="jh@byteaction.de">J&#252;rgen Hoffmann</a>
47   * @version $Id: SecurityCheck.java 1706239 2015-10-01 13:18:35Z tv $
48   */
49  public class SecurityCheck
50  {
51      private String message;
52  
53      private String failScreen;
54  
55      private RunData data = null;
56  
57      private SecurityService securityService = null;
58  
59      /**
60       * Holds information if a missing Permission or Role should be created and granted on-the-fly.
61       * This is good behavior, if these change a lot.
62       */
63      private boolean initialize;
64  
65      /**
66       * Constructor.
67       *
68       * @param data A Turbine RunData object.
69       * @param message The message to display upon failure.
70       * @param failedScreen The screen to redirect to upon failure.
71       */
72      public SecurityCheck(RunData data,
73                           String message,
74                           String failedScreen)
75      {
76          this(data, message, failedScreen, false);
77      }
78  
79      /**
80       * Constructor.
81       *
82       * @param data
83       *            A Turbine RunData object.
84       * @param message
85       *            The message to display upon failure.
86       * @param failedScreen
87       *            The screen to redirect to upon failure.
88       * @param initialize
89       *            if a non-existing Permission or Role should be created.
90       */
91      public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
92      {
93          this.data = data;
94          this.message = message;
95          this.failScreen = failedScreen;
96          this.initialize = initialize;
97          this.securityService = (SecurityService)TurbineServices
98      		.getInstance()
99      		.getService(SecurityService.ROLE);
100     }
101 
102     /**
103      * Does the user have this role?
104      *
105      * @param role A Role.
106      * @return True if the user has this role.
107      * @exception Exception, a generic exception.
108      */
109     public boolean hasRole(Role role)
110             throws Exception
111     {
112         boolean value = false;
113         TurbineAccessControlList acl = data.getACL();
114         if (acl == null ||
115             !acl.hasRole(role))
116         {
117             data.setScreen(failScreen);
118             data.setMessage(message);
119         }
120         else
121         {
122             value = true;
123         }
124         return value;
125     }
126 
127     /**
128      * Does the user have this role?
129      *
130      * @param role
131      *            A String.
132      * @return True if the user has this role.
133      * @exception Exception,
134      *                a generic exception.
135      */
136     public boolean hasRole(String role) throws Exception
137     {
138         Role roleObject = null;
139 
140         try
141         {
142             roleObject = securityService.getRoleManager().getRoleByName(role);
143         }
144         catch (UnknownEntityException e)
145         {
146             if(initialize)
147             {
148                 roleObject = securityService.getRoleManager().getRoleInstance(role);
149                 securityService.getRoleManager().addRole(roleObject);
150                 TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
151                 modelManager.grant(data.getUser(), modelManager.getGlobalGroup(), roleObject);
152             }
153             else
154             {
155                 throw(e);
156             }
157         }
158 
159         return hasRole(roleObject);
160     }
161 
162     /**
163      * Does the user have this permission?
164      *
165      * @param permission A Permission.
166      * @return True if the user has this permission.
167      * @exception Exception, a generic exception.
168      */
169     public boolean hasPermission(Permission permission)
170             throws Exception
171     {
172         boolean value = false;
173         TurbineAccessControlList acl = data.getACL();
174         if (acl == null ||
175             !acl.hasPermission(permission))
176         {
177             data.setScreen(failScreen);
178             data.setMessage(message);
179         }
180         else
181         {
182             value = true;
183         }
184         return value;
185     }
186 
187     /**
188      * Does the user have this permission? If initialize is set to <code>true</code>
189      * The permission will be created and granted to the first available Role of
190      * the user, that the SecurityCheck is running against.
191      *
192      * If the User has no Roles, the first Role via TurbineSecurity is granted the
193      * permission.
194      *
195      * @param permission
196      *            A String.
197      * @return True if the user has this permission.
198      * @exception Exception,
199      *                a generic exception.
200      */
201     public boolean hasPermission(String permission)
202             throws Exception
203     {
204         Permission permissionObject = null;
205         try
206         {
207             permissionObject = securityService.getPermissionManager().getPermissionByName(permission);
208         }
209         catch (UnknownEntityException e)
210         {
211             if(initialize)
212             {
213                 permissionObject = securityService.getPermissionManager().getPermissionInstance(permission);
214                 securityService.getPermissionManager().addPermission(permissionObject);
215 
216                 Role role = null;
217                 TurbineAccessControlList acl = data.getACL();
218                 RoleSet roles = acl.getRoles();
219                 if(roles.size() > 0)
220                 {
221 					role = roles.toArray(new Role[0])[0];
222 				}
223 
224                 if(role == null)
225                 {
226                     /*
227                      * The User within data has no roles yet, let us grant the permission
228                      * to the first role available through TurbineSecurity.
229                      */
230                     roles = securityService.getRoleManager().getAllRoles();
231                     if(roles.size() > 0)
232                     {
233 						role = roles.toArray(new Role[0])[0];
234 					}
235                 }
236 
237                 if(role != null)
238                 {
239                     /*
240                      * If we have no role, there is nothing we can do about it. So only grant it,
241                      * if we have a role to grant it to.
242                      */
243                     TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
244                     modelManager.grant(role, permissionObject);
245                 }
246             }
247             else
248             {
249                 throw(e);
250             }
251         }
252 
253         return hasPermission(permissionObject);
254     }
255 
256     /**
257      * Get the message that should be displayed.  This is initialized
258      * in the constructor.
259      *
260      * @return A String.
261      */
262     public String getMessage()
263     {
264         return message;
265     }
266 
267     /**
268      * Get the screen that should be displayed.  This is initialized
269      * in the constructor.
270      *
271      * @return A String.
272      */
273     public String getFailScreen()
274     {
275         return failScreen;
276     }
277 }