| %line | %branch | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| org.apache.jetspeed.security.impl.SecurityAccessControllerImpl |
|
|
| 1 | /* |
|
| 2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
|
| 3 | * contributor license agreements. See the NOTICE file distributed with |
|
| 4 | * this work for additional information regarding copyright ownership. |
|
| 5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
|
| 6 | * (the "License"); you may not use this file except in compliance with |
|
| 7 | * the License. You may obtain a copy of the License at |
|
| 8 | * |
|
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
| 10 | * |
|
| 11 | * Unless required by applicable law or agreed to in writing, software |
|
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
| 14 | * See the License for the specific language governing permissions and |
|
| 15 | * limitations under the License. |
|
| 16 | */ |
|
| 17 | package org.apache.jetspeed.security.impl; |
|
| 18 | ||
| 19 | ||
| 20 | import java.security.AccessControlException; |
|
| 21 | import java.security.AccessController; |
|
| 22 | ||
| 23 | import org.apache.jetspeed.JetspeedActions; |
|
| 24 | import org.apache.jetspeed.om.common.portlet.MutablePortletApplication; |
|
| 25 | import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite; |
|
| 26 | import org.apache.jetspeed.page.PageManager; |
|
| 27 | import org.apache.jetspeed.security.PortletPermission; |
|
| 28 | import org.apache.jetspeed.security.SecurityAccessController; |
|
| 29 | ||
| 30 | /** |
|
| 31 | * SecurityAccessorImpl implements SecurityAccessor component abstracting |
|
| 32 | * access to either Security Permission or Security Constraint implementations |
|
| 33 | * |
|
| 34 | * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a> |
|
| 35 | * @version $Id: $ |
|
| 36 | */ |
|
| 37 | public class SecurityAccessControllerImpl implements SecurityAccessController |
|
| 38 | { |
|
| 39 | protected PageManager pageManager; |
|
| 40 | 0 | protected int securityMode = SecurityAccessController.PERMISSIONS; |
| 41 | ||
| 42 | public SecurityAccessControllerImpl(PageManager pageManager, int securityMode) |
|
| 43 | 0 | { |
| 44 | 0 | this.pageManager = pageManager; |
| 45 | 0 | this.securityMode = securityMode; |
| 46 | 0 | } |
| 47 | ||
| 48 | public int getSecurityMode() |
|
| 49 | { |
|
| 50 | 0 | return securityMode; |
| 51 | } |
|
| 52 | ||
| 53 | public boolean checkPortletAccess(PortletDefinitionComposite portlet, int mask) |
|
| 54 | { |
|
| 55 | 0 | if (portlet == null) |
| 56 | 0 | return false; |
| 57 | 0 | if (securityMode == SecurityAccessController.CONSTRAINTS) |
| 58 | { |
|
| 59 | 0 | String constraintRef = portlet.getJetspeedSecurityConstraint(); |
| 60 | 0 | if (constraintRef == null) |
| 61 | { |
|
| 62 | 0 | constraintRef = ((MutablePortletApplication)portlet.getPortletApplicationDefinition()).getJetspeedSecurityConstraint(); |
| 63 | 0 | if (constraintRef == null) |
| 64 | { |
|
| 65 | 0 | return true; // allow access |
| 66 | } |
|
| 67 | } |
|
| 68 | 0 | String actions = JetspeedActions.getContainerActions(mask); |
| 69 | 0 | return pageManager.checkConstraint(constraintRef, actions); |
| 70 | } |
|
| 71 | else |
|
| 72 | { |
|
| 73 | try |
|
| 74 | { |
|
| 75 | 0 | AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), mask)); |
| 76 | } |
|
| 77 | 0 | catch (AccessControlException ace) |
| 78 | { |
|
| 79 | 0 | return false; |
| 80 | 0 | } |
| 81 | 0 | return true; |
| 82 | } |
|
| 83 | ||
| 84 | } |
|
| 85 | } |
| This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |