SecurityCheck.java
package org.apache.turbine.util;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.fulcrum.security.SecurityService;
import org.apache.fulcrum.security.entity.Permission;
import org.apache.fulcrum.security.entity.Role;
import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
import org.apache.fulcrum.security.util.RoleSet;
import org.apache.fulcrum.security.util.UnknownEntityException;
import org.apache.turbine.services.TurbineServices;
/**
* Utility for doing security checks in Screens and Actions.
*
* Sample usage:<br>
*
* <pre>
* SecurityCheck mycheck =
* new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
* if (!mycheck.hasPermission("add_user");
* return;
*</pre>
*
* @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
* @author <a href="jh@byteaction.de">Jürgen Hoffmann</a>
* @version $Id$
*/
public class SecurityCheck
{
private String message;
private String failScreen;
private RunData data = null;
private SecurityService securityService = null;
/**
* Holds information if a missing Permission or Role should be created and granted on-the-fly.
* This is good behavior, if these change a lot.
*/
private boolean initialize;
/**
* Constructor.
*
* @param data A Turbine RunData object.
* @param message The message to display upon failure.
* @param failedScreen The screen to redirect to upon failure.
*/
public SecurityCheck(RunData data,
String message,
String failedScreen)
{
this(data, message, failedScreen, false);
}
/**
* Constructor.
*
* @param data
* A Turbine RunData object.
* @param message
* The message to display upon failure.
* @param failedScreen
* The screen to redirect to upon failure.
* @param initialize
* if a non-existing Permission or Role should be created.
*/
public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
{
this.data = data;
this.message = message;
this.failScreen = failedScreen;
this.initialize = initialize;
this.securityService = (SecurityService)TurbineServices
.getInstance()
.getService(SecurityService.ROLE);
}
/**
* Does the user have this role?
*
* @param role A Role.
* @return True if the user has this role.
* @throws Exception a generic exception.
*/
public boolean hasRole(Role role)
throws Exception
{
boolean value = false;
TurbineAccessControlList<?> acl = data.getACL();
if (acl == null ||
!acl.hasRole(role))
{
data.setScreen(failScreen);
data.setMessage(message);
}
else
{
value = true;
}
return value;
}
/**
* Does the user have this role?
*
* @param role
* A String.
* @return True if the user has this role.
* @throws Exception
* a generic exception.
*/
public boolean hasRole(String role) throws Exception
{
Role roleObject = null;
try
{
roleObject = securityService.getRoleManager().getRoleByName(role);
}
catch (UnknownEntityException e)
{
if(initialize)
{
roleObject = securityService.getRoleManager().getRoleInstance(role);
securityService.getRoleManager().addRole(roleObject);
TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
if (data.getUser() == null) {
throw new UnknownEntityException("user is null");
}
modelManager.grant(data.getUser().getUserDelegate(), modelManager.getGlobalGroup(), roleObject);
}
else
{
throw(e);
}
}
return hasRole(roleObject);
}
/**
* Does the user have this permission?
*
* @param permission A Permission.
* @return True if the user has this permission.
* @throws Exception a generic exception.
*/
public boolean hasPermission(Permission permission)
throws Exception
{
boolean value = false;
TurbineAccessControlList<?> acl = data.getACL();
if (acl == null ||
!acl.hasPermission(permission))
{
data.setScreen(failScreen);
data.setMessage(message);
}
else
{
value = true;
}
return value;
}
/**
* Does the user have this permission? If initialize is set to <code>true</code>
* The permission will be created and granted to the first available Role of
* the user, that the SecurityCheck is running against.
*
* If the User has no Roles, the first Role via SecurityService is granted the
* permission.
*
* @param permission
* A String.
* @return True if the user has this permission.
* @throws Exception
* a generic exception.
*/
public boolean hasPermission(String permission)
throws Exception
{
Permission permissionObject = null;
try
{
permissionObject = securityService.getPermissionManager().getPermissionByName(permission);
}
catch (UnknownEntityException e)
{
if(initialize)
{
permissionObject = securityService.getPermissionManager().getPermissionInstance(permission);
securityService.getPermissionManager().addPermission(permissionObject);
Role role = null;
TurbineAccessControlList<?> acl = data.getACL();
RoleSet roles = acl.getRoles();
if(roles.size() > 0)
{
role = roles.toArray(new Role[0])[0];
}
if(role == null)
{
/*
* The User within data has no roles yet, let us grant the permission
* to the first role available through SecurityService.
*/
roles = securityService.getRoleManager().getAllRoles();
if(roles.size() > 0)
{
role = roles.toArray(new Role[0])[0];
}
}
if(role != null)
{
/*
* If we have no role, there is nothing we can do about it. So only grant it,
* if we have a role to grant it to.
*/
TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();
modelManager.grant(role, permissionObject);
}
}
else
{
throw(e);
}
}
return hasPermission(permissionObject);
}
/**
* Get the message that should be displayed. This is initialized
* in the constructor.
*
* @return A String.
*/
public String getMessage()
{
return message;
}
/**
* Get the screen that should be displayed. This is initialized
* in the constructor.
*
* @return A String.
*/
public String getFailScreen()
{
return failScreen;
}
}