PortletActionSecurityConstraintsBehavior xref

View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.layout.impl;
18  
19  import java.security.Principal;
20  
21  import org.apache.commons.logging.Log;
22  import org.apache.commons.logging.LogFactory;
23  import org.apache.jetspeed.Jetspeed;
24  import org.apache.jetspeed.administration.PortalConfiguration;
25  import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
26  import org.apache.jetspeed.om.page.Page;
27  import org.apache.jetspeed.page.PageManager;
28  import org.apache.jetspeed.request.RequestContext;
29  
30  /***
31   * Abstracted behavior of security checks for portlet actions
32   *
33   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
34   * @version $Id: $
35   */
36  public class PortletActionSecurityConstraintsBehavior 
37         extends PortletActionSecurityPathBehavior
38         implements PortletActionSecurityBehavior
39  {
40      protected Log log = LogFactory.getLog(PortletActionSecurityConstraintsBehavior.class);    
41      protected String guest = "guest";
42      
43      public PortletActionSecurityConstraintsBehavior(PageManager pageManager)
44      {
45      	this( pageManager, Boolean.FALSE );
46      }
47      public PortletActionSecurityConstraintsBehavior(PageManager pageManager, Boolean enableCreateUserPagesFromRolesOnEdit )
48      {
49          super( pageManager, enableCreateUserPagesFromRolesOnEdit );
50          PortalConfiguration config = Jetspeed.getConfiguration();
51          if (config != null)
52          {
53              guest = config.getString("default.user.principal");
54          }
55      }
56  
57      public boolean checkAccess(RequestContext context, String action)
58      {
59          Page page = context.getPage();
60          try
61          {
62              page.checkAccess(action);            
63          }
64          catch (Exception e)
65          {
66              Principal principal = context.getRequest().getUserPrincipal();
67              String userName = this.guest;
68              if (principal != null)
69                  userName = principal.getName();
70              log.warn("Insufficient access to page " + page.getPath() + " by user " + userName);
71              return false;
72          }     
73          return true;
74      }
75  }