1 package org.apache.turbine.util;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.turbine.om.security.Permission;
23 import org.apache.turbine.om.security.Role;
24 import org.apache.turbine.services.security.TurbineSecurity;
25 import org.apache.turbine.util.security.RoleSet;
26 import org.apache.turbine.util.security.UnknownEntityException;
27
28 /***
29 * Utility for doing security checks in Screens and Actions.
30 *
31 * Sample usage:<br>
32 *
33 * <pre><code>
34 * SecurityCheck mycheck =
35 * new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
36 * if (!mycheck.hasPermission("add_user");
37 * return;
38 * </code></pre>
39 *
40 * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
41 * @author <a href="jh@byteaction.de">Jürgen Hoffmann</a>
42 * @version $Id: SecurityCheck.java 534527 2007-05-02 16:10:59Z tv $
43 */
44 public class SecurityCheck
45 {
46 private String message;
47
48 private String failScreen;
49
50 private RunData data = null;
51
52 /***
53 * Holds information if a missing Permission or Role should be created and granted on-the-fly.
54 * This is good behaviour, if these change a lot.
55 */
56 private boolean initialize;
57
58 /***
59 * Constructor.
60 *
61 * @param data
62 * A Turbine RunData object.
63 * @param message
64 * The message to display upon failure.
65 * @param failedScreen
66 * The screen to redirect to upon failure.
67 */
68 public SecurityCheck(RunData data, String message, String failedScreen)
69 {
70 this(data, message, failedScreen, false);
71 }
72
73 /***
74 * Constructor.
75 *
76 * @param data
77 * A Turbine RunData object.
78 * @param message
79 * The message to display upon failure.
80 * @param failedScreen
81 * The screen to redirect to upon failure.
82 * @param initialize
83 * if a non-existing Permission or Role should be created.
84 */
85 public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
86 {
87 this.data = data;
88 this.message = message;
89 this.failScreen = failedScreen;
90 this.initialize = initialize;
91 }
92
93 /***
94 * Does the user have this role?
95 *
96 * @param role
97 * A Role.
98 * @return True if the user has this role.
99 * @exception Exception,
100 * a generic exception.
101 */
102 public boolean hasRole(Role role) throws Exception
103 {
104 boolean value = false;
105 if(data.getACL() == null || !data.getACL().hasRole(role))
106 {
107 data.setScreen(failScreen);
108 data.setMessage(message);
109 }
110 else
111 {
112 value = true;
113 }
114 return value;
115 }
116
117 /***
118 * Does the user have this role?
119 *
120 * @param role
121 * A String.
122 * @return True if the user has this role.
123 * @exception Exception,
124 * a generic exception.
125 */
126 public boolean hasRole(String role) throws Exception
127 {
128 Role roleObject = null;
129 try
130 {
131 roleObject = TurbineSecurity.getRoleByName(role);
132 }
133 catch (UnknownEntityException e)
134 {
135 if(initialize)
136 {
137 roleObject = TurbineSecurity.createRole(role);
138 TurbineSecurity.grant(data.getUser(), TurbineSecurity.getGlobalGroup(), roleObject);
139 }
140 else
141 {
142 throw(e);
143 }
144 }
145 return hasRole(TurbineSecurity.getRoleByName(role));
146 }
147
148 /***
149 * Does the user have this permission?
150 *
151 * @param permission
152 * A Permission.
153 * @return True if the user has this permission.
154 * @exception Exception,
155 * a generic exception.
156 */
157 public boolean hasPermission(Permission permission) throws Exception
158 {
159 boolean value = false;
160 if(data.getACL() == null || !data.getACL().hasPermission(permission))
161 {
162 data.setScreen(failScreen);
163 data.setMessage(message);
164 }
165 else
166 {
167 value = true;
168 }
169 return value;
170 }
171
172 /***
173 * Does the user have this permission? If initialze is set to <code>true</code>
174 * The permission will be created and granted to the first available Role of
175 * the user, that the SecurityCheck is running against.
176 *
177 * If the User has no Roles, the first Role via TurbineSecurity is granted the
178 * permission.
179 *
180 * @param permission
181 * A String.
182 * @return True if the user has this permission.
183 * @exception Exception,
184 * a generic exception.
185 */
186 public boolean hasPermission(String permission) throws Exception
187 {
188 Permission permissionObject = null;
189 try
190 {
191 permissionObject = TurbineSecurity.getPermissionByName(permission);
192 }
193 catch (UnknownEntityException e)
194 {
195 if(initialize)
196 {
197 permissionObject = TurbineSecurity.createPermission(permission);
198
199 Role role = null;
200 RoleSet roles = data.getACL().getRoles();
201 if(roles.size() > 0) role = roles.getRolesArray()[0];
202
203 if(role == null)
204 {
205
206
207
208
209 roles = TurbineSecurity.getAllRoles();
210 if(roles.size() > 0) role = roles.getRolesArray()[0];
211 }
212
213 if(role != null)
214 {
215
216
217
218
219 TurbineSecurity.grant(data.getACL().getRoles().getRolesArray()[0], permissionObject);
220 }
221 }
222 else
223 {
224 throw(e);
225 }
226 }
227 return hasPermission(permissionObject);
228 }
229
230 /***
231 * Get the message that should be displayed. This is initialized in the
232 * constructor.
233 *
234 * @return A String.
235 */
236 public String getMessage()
237 {
238 return message;
239 }
240
241 /***
242 * Get the screen that should be displayed. This is initialized in the
243 * constructor.
244 *
245 * @return A String.
246 */
247 public String getFailScreen()
248 {
249 return failScreen;
250 }
251 }