1 package org.apache.turbine.util;
2
3
4 /*
5 * Licensed to the Apache Software Foundation (ASF) under one
6 * or more contributor license agreements. See the NOTICE file
7 * distributed with this work for additional information
8 * regarding copyright ownership. The ASF licenses this file
9 * to you under the Apache License, Version 2.0 (the
10 * "License"); you may not use this file except in compliance
11 * with the License. You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing,
16 * software distributed under the License is distributed on an
17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 * KIND, either express or implied. See the License for the
19 * specific language governing permissions and limitations
20 * under the License.
21 */
22
23
24 import org.apache.turbine.om.security.Permission;
25 import org.apache.turbine.om.security.Role;
26 import org.apache.turbine.services.security.TurbineSecurity;
27 import org.apache.turbine.util.security.RoleSet;
28 import org.apache.turbine.util.security.UnknownEntityException;
29
30 /**
31 * Utility for doing security checks in Screens and Actions.
32 *
33 * Sample usage:<br>
34 *
35 * <pre><code>
36 * SecurityCheck mycheck =
37 * new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
38 * if (!mycheck.hasPermission("add_user");
39 * return;
40 *</code></pre>
41 *
42 * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
43 * @author <a href="jh@byteaction.de">Jürgen Hoffmann</a>
44 * @version $Id: SecurityCheck.java 615328 2008-01-25 20:25:05Z tv $
45 */
46 public class SecurityCheck
47 {
48 private String message;
49
50 private String failScreen;
51
52 private RunData data = null;
53
54 /**
55 * Holds information if a missing Permission or Role should be created and granted on-the-fly.
56 * This is good behaviour, if these change a lot.
57 */
58 private boolean initialize;
59
60 /**
61 * Constructor.
62 *
63 * @param data A Turbine RunData object.
64 * @param message The message to display upon failure.
65 * @param failedScreen The screen to redirect to upon failure.
66 */
67 public SecurityCheck(RunData data,
68 String message,
69 String failedScreen)
70 {
71 this(data, message, failedScreen, false);
72 }
73
74 /**
75 * Constructor.
76 *
77 * @param data
78 * A Turbine RunData object.
79 * @param message
80 * The message to display upon failure.
81 * @param failedScreen
82 * The screen to redirect to upon failure.
83 * @param initialize
84 * if a non-existing Permission or Role should be created.
85 */
86 public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
87 {
88 this.data = data;
89 this.message = message;
90 this.failScreen = failedScreen;
91 this.initialize = initialize;
92 }
93
94 /**
95 * Does the user have this role?
96 *
97 * @param role A Role.
98 * @return True if the user has this role.
99 * @exception Exception, a generic exception.
100 */
101 public boolean hasRole(Role role)
102 throws Exception
103 {
104 boolean value = false;
105 if (data.getACL() == null ||
106 !data.getACL().hasRole(role))
107 {
108 data.setScreen(failScreen);
109 data.setMessage(message);
110 }
111 else
112 {
113 value = true;
114 }
115 return value;
116 }
117
118 /**
119 * Does the user have this role?
120 *
121 * @param role
122 * A String.
123 * @return True if the user has this role.
124 * @exception Exception,
125 * a generic exception.
126 */
127 public boolean hasRole(String role) throws Exception
128 {
129 Role roleObject = null;
130 try
131 {
132 roleObject = TurbineSecurity.getRoleByName(role);
133 }
134 catch (UnknownEntityException e)
135 {
136 if(initialize)
137 {
138 roleObject = TurbineSecurity.createRole(role);
139 TurbineSecurity.grant(data.getUser(), TurbineSecurity.getGlobalGroup(), roleObject);
140 }
141 else
142 {
143 throw(e);
144 }
145 }
146 return hasRole(TurbineSecurity.getRoleByName(role));
147 }
148
149 /**
150 * Does the user have this permission?
151 *
152 * @param permission A Permission.
153 * @return True if the user has this permission.
154 * @exception Exception, a generic exception.
155 */
156 public boolean hasPermission(Permission permission)
157 throws Exception
158 {
159 boolean value = false;
160 if (data.getACL() == null ||
161 !data.getACL().hasPermission(permission))
162 {
163 data.setScreen(failScreen);
164 data.setMessage(message);
165 }
166 else
167 {
168 value = true;
169 }
170 return value;
171 }
172
173 /**
174 * Does the user have this permission? If initialze is set to <code>true</code>
175 * The permission will be created and granted to the first available Role of
176 * the user, that the SecurityCheck is running against.
177 *
178 * If the User has no Roles, the first Role via TurbineSecurity is granted the
179 * permission.
180 *
181 * @param permission
182 * A String.
183 * @return True if the user has this permission.
184 * @exception Exception,
185 * a generic exception.
186 */
187 public boolean hasPermission(String permission)
188 throws Exception
189 {
190 Permission permissionObject = null;
191 try
192 {
193 permissionObject = TurbineSecurity.getPermissionByName(permission);
194 }
195 catch (UnknownEntityException e)
196 {
197 if(initialize)
198 {
199 permissionObject = TurbineSecurity.createPermission(permission);
200
201 Role role = null;
202 RoleSet roles = data.getACL().getRoles();
203 if(roles.size() > 0) role = roles.getRolesArray()[0];
204
205 if(role == null)
206 {
207 /*
208 * The User within data has no roles yet, let us grant the permission
209 * to the first role available through TurbineSecurity.
210 */
211 roles = TurbineSecurity.getAllRoles();
212 if(roles.size() > 0) role = roles.getRolesArray()[0];
213 }
214
215 if(role != null)
216 {
217 /*
218 * If we have no role, there is nothing we can do about it. So only grant it,
219 * if we have a role to grant it to.
220 */
221 TurbineSecurity.grant(data.getACL().getRoles().getRolesArray()[0], permissionObject);
222 }
223 }
224 else
225 {
226 throw(e);
227 }
228 }
229 return hasPermission(permissionObject);
230 }
231
232 /**
233 * Get the message that should be displayed. This is initialized
234 * in the constructor.
235 *
236 * @return A String.
237 */
238 public String getMessage()
239 {
240 return message;
241 }
242
243 /**
244 * Get the screen that should be displayed. This is initialized
245 * in the constructor.
246 *
247 * @return A String.
248 */
249 public String getFailScreen()
250 {
251 return failScreen;
252 }
253 }