Package org.apache.turbine.util

Class SecurityCheck

java.lang.Object

org.apache.turbine.util.SecurityCheck

public class SecurityCheck
extends Object

Utility for doing security checks in Screens and Actions. Sample usage:

 SecurityCheck mycheck =
   new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
 if (!mycheck.hasPermission("add_user");
   return;

Version:

$Id$

Author:

Dave Bryson, Jürgen Hoffmann

Constructor Summary

Constructors

Constructor	Description
SecurityCheck(RunData data, String message, String failedScreen)	Constructor.
SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)	Constructor.

Method Summary

Modifier and Type	Method	Description
String	getFailScreen()	Get the screen that should be displayed.
String	getMessage()	Get the message that should be displayed.
boolean	hasPermission(String permission)	Does the user have this permission?
boolean	hasPermission(org.apache.fulcrum.security.entity.Permission permission)	Does the user have this permission?
boolean	hasRole(String role)	Does the user have this role?
boolean	hasRole(org.apache.fulcrum.security.entity.Role role)	Does the user have this role?

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityCheck

public SecurityCheck(RunData data,
                     String message,
                     String failedScreen)

Constructor.

Parameters:

data - A Turbine RunData object.

message - The message to display upon failure.

failedScreen - The screen to redirect to upon failure.

SecurityCheck

public SecurityCheck(RunData data,
                     String message,
                     String failedScreen,
                     boolean initialize)

Constructor.

Parameters:

data - A Turbine RunData object.

message - The message to display upon failure.

failedScreen - The screen to redirect to upon failure.

initialize - if a non-existing Permission or Role should be created.

Method Detail

hasRole

public boolean hasRole(org.apache.fulcrum.security.entity.Role role)
                throws Exception

Does the user have this role?

Parameters:

role - A Role.

Returns:

True if the user has this role.

Throws:

Exception - a generic exception.

hasRole

public boolean hasRole(String role)
                throws Exception

Does the user have this role?

Parameters:

role - A String.

Returns:

True if the user has this role.

Throws:

Exception - a generic exception.

hasPermission

public boolean hasPermission(org.apache.fulcrum.security.entity.Permission permission)
                      throws Exception

Does the user have this permission?

Parameters:

permission - A Permission.

Returns:

True if the user has this permission.

Throws:

Exception - a generic exception.

hasPermission

public boolean hasPermission(String permission)
                      throws Exception

Does the user have this permission? If initialize is set to true The permission will be created and granted to the first available Role of the user, that the SecurityCheck is running against. If the User has no Roles, the first Role via SecurityService is granted the permission.

Parameters:

permission - A String.

Returns:

True if the user has this permission.

Throws:

Exception - a generic exception.

getMessage

public String getMessage()

Get the message that should be displayed. This is initialized in the constructor.

Returns:

A String.

getFailScreen

public String getFailScreen()

Get the screen that should be displayed. This is initialized in the constructor.

Returns:

A String.