Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
PlainJSONSecureAnnotatedScreen |
|
| 4.0;4 |
1 | package org.apache.turbine.modules.screens; | |
2 | ||
3 | /* | |
4 | * Licensed to the Apache Software Foundation (ASF) under one | |
5 | * or more contributor license agreements. See the NOTICE file | |
6 | * distributed with this work for additional information | |
7 | * regarding copyright ownership. The ASF licenses this file | |
8 | * to you under the Apache License, Version 2.0 (the | |
9 | * "License"); you may not use this file except in compliance | |
10 | * with the License. You may obtain a copy of the License at | |
11 | * | |
12 | * http://www.apache.org/licenses/LICENSE-2.0 | |
13 | * | |
14 | * Unless required by applicable law or agreed to in writing, | |
15 | * software distributed under the License is distributed on an | |
16 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
17 | * KIND, either express or implied. See the License for the | |
18 | * specific language governing permissions and limitations | |
19 | * under the License. | |
20 | */ | |
21 | ||
22 | import java.lang.reflect.Method; | |
23 | ||
24 | import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList; | |
25 | import org.apache.turbine.annotation.AnnotationProcessor; | |
26 | import org.apache.turbine.annotation.AnnotationProcessor.ConditionType; | |
27 | import org.apache.turbine.annotation.TurbineRequiredRole; | |
28 | import org.apache.turbine.pipeline.PipelineData; | |
29 | import org.apache.turbine.util.RunData; | |
30 | ||
31 | 0 | public class PlainJSONSecureAnnotatedScreen extends PlainJSONScreen |
32 | { | |
33 | ||
34 | /** | |
35 | * This method overrides the method in JSONScreen to perform a security | |
36 | * check prior to producing the output. | |
37 | * | |
38 | * @param pipelineData Turbine information. | |
39 | * @throws Exception a generic exception. | |
40 | */ | |
41 | @Override | |
42 | public void doOutput(PipelineData pipelineData) throws Exception | |
43 | { | |
44 | 0 | if (isAuthorized(pipelineData)) |
45 | { | |
46 | 0 | super.doOutput(pipelineData); |
47 | } | |
48 | 0 | } |
49 | ||
50 | /** | |
51 | * Use this method to perform the necessary security check with Turbine annotations {@link TurbineRequiredRole} in | |
52 | * a newly overridden {@link #doOutput(PipelineData)} method. | |
53 | * | |
54 | * @param pipelineData Turbine information. | |
55 | * @return <code>true</code> if the user is authorized to access the screen, by default it is required ACL is populated. | |
56 | * If {@link TurbineRequiredRole} is not set, it is allowed by default | |
57 | * @throws Exception A generic exception. | |
58 | */ | |
59 | protected boolean isAuthorized(PipelineData pipelineData) throws Exception { | |
60 | 0 | RunData data = pipelineData.getRunData(); |
61 | 0 | Method[] methods = getClass().getMethods(); |
62 | 0 | for (Method m : methods) { |
63 | 0 | if (m.getName().equals( "doOutput" )) { |
64 | 0 | if ((TurbineAccessControlList)data.getACL() == null) return false; |
65 | 0 | return AnnotationProcessor.isAuthorized( m, (TurbineAccessControlList)data.getACL(), ConditionType.ANY ); |
66 | } | |
67 | } | |
68 | 0 | return false; |
69 | } | |
70 | } |