001 package org.apache.turbine.util;
002
003
004 /*
005 * Licensed to the Apache Software Foundation (ASF) under one
006 * or more contributor license agreements. See the NOTICE file
007 * distributed with this work for additional information
008 * regarding copyright ownership. The ASF licenses this file
009 * to you under the Apache License, Version 2.0 (the
010 * "License"); you may not use this file except in compliance
011 * with the License. You may obtain a copy of the License at
012 *
013 * http://www.apache.org/licenses/LICENSE-2.0
014 *
015 * Unless required by applicable law or agreed to in writing,
016 * software distributed under the License is distributed on an
017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
018 * KIND, either express or implied. See the License for the
019 * specific language governing permissions and limitations
020 * under the License.
021 */
022
023
024 import org.apache.turbine.om.security.Permission;
025 import org.apache.turbine.om.security.Role;
026 import org.apache.turbine.services.security.TurbineSecurity;
027 import org.apache.turbine.util.security.RoleSet;
028 import org.apache.turbine.util.security.UnknownEntityException;
029
030 /**
031 * Utility for doing security checks in Screens and Actions.
032 *
033 * Sample usage:<br>
034 *
035 * <pre><code>
036 * SecurityCheck mycheck =
037 * new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
038 * if (!mycheck.hasPermission("add_user");
039 * return;
040 *</code></pre>
041 *
042 * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
043 * @author <a href="jh@byteaction.de">Jürgen Hoffmann</a>
044 * @version $Id: SecurityCheck.java 615328 2008-01-25 20:25:05Z tv $
045 */
046 public class SecurityCheck
047 {
048 private String message;
049
050 private String failScreen;
051
052 private RunData data = null;
053
054 /**
055 * Holds information if a missing Permission or Role should be created and granted on-the-fly.
056 * This is good behaviour, if these change a lot.
057 */
058 private boolean initialize;
059
060 /**
061 * Constructor.
062 *
063 * @param data A Turbine RunData object.
064 * @param message The message to display upon failure.
065 * @param failedScreen The screen to redirect to upon failure.
066 */
067 public SecurityCheck(RunData data,
068 String message,
069 String failedScreen)
070 {
071 this(data, message, failedScreen, false);
072 }
073
074 /**
075 * Constructor.
076 *
077 * @param data
078 * A Turbine RunData object.
079 * @param message
080 * The message to display upon failure.
081 * @param failedScreen
082 * The screen to redirect to upon failure.
083 * @param initialize
084 * if a non-existing Permission or Role should be created.
085 */
086 public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
087 {
088 this.data = data;
089 this.message = message;
090 this.failScreen = failedScreen;
091 this.initialize = initialize;
092 }
093
094 /**
095 * Does the user have this role?
096 *
097 * @param role A Role.
098 * @return True if the user has this role.
099 * @exception Exception, a generic exception.
100 */
101 public boolean hasRole(Role role)
102 throws Exception
103 {
104 boolean value = false;
105 if (data.getACL() == null ||
106 !data.getACL().hasRole(role))
107 {
108 data.setScreen(failScreen);
109 data.setMessage(message);
110 }
111 else
112 {
113 value = true;
114 }
115 return value;
116 }
117
118 /**
119 * Does the user have this role?
120 *
121 * @param role
122 * A String.
123 * @return True if the user has this role.
124 * @exception Exception,
125 * a generic exception.
126 */
127 public boolean hasRole(String role) throws Exception
128 {
129 Role roleObject = null;
130 try
131 {
132 roleObject = TurbineSecurity.getRoleByName(role);
133 }
134 catch (UnknownEntityException e)
135 {
136 if(initialize)
137 {
138 roleObject = TurbineSecurity.createRole(role);
139 TurbineSecurity.grant(data.getUser(), TurbineSecurity.getGlobalGroup(), roleObject);
140 }
141 else
142 {
143 throw(e);
144 }
145 }
146 return hasRole(TurbineSecurity.getRoleByName(role));
147 }
148
149 /**
150 * Does the user have this permission?
151 *
152 * @param permission A Permission.
153 * @return True if the user has this permission.
154 * @exception Exception, a generic exception.
155 */
156 public boolean hasPermission(Permission permission)
157 throws Exception
158 {
159 boolean value = false;
160 if (data.getACL() == null ||
161 !data.getACL().hasPermission(permission))
162 {
163 data.setScreen(failScreen);
164 data.setMessage(message);
165 }
166 else
167 {
168 value = true;
169 }
170 return value;
171 }
172
173 /**
174 * Does the user have this permission? If initialze is set to <code>true</code>
175 * The permission will be created and granted to the first available Role of
176 * the user, that the SecurityCheck is running against.
177 *
178 * If the User has no Roles, the first Role via TurbineSecurity is granted the
179 * permission.
180 *
181 * @param permission
182 * A String.
183 * @return True if the user has this permission.
184 * @exception Exception,
185 * a generic exception.
186 */
187 public boolean hasPermission(String permission)
188 throws Exception
189 {
190 Permission permissionObject = null;
191 try
192 {
193 permissionObject = TurbineSecurity.getPermissionByName(permission);
194 }
195 catch (UnknownEntityException e)
196 {
197 if(initialize)
198 {
199 permissionObject = TurbineSecurity.createPermission(permission);
200
201 Role role = null;
202 RoleSet roles = data.getACL().getRoles();
203 if(roles.size() > 0) role = roles.getRolesArray()[0];
204
205 if(role == null)
206 {
207 /*
208 * The User within data has no roles yet, let us grant the permission
209 * to the first role available through TurbineSecurity.
210 */
211 roles = TurbineSecurity.getAllRoles();
212 if(roles.size() > 0) role = roles.getRolesArray()[0];
213 }
214
215 if(role != null)
216 {
217 /*
218 * If we have no role, there is nothing we can do about it. So only grant it,
219 * if we have a role to grant it to.
220 */
221 TurbineSecurity.grant(data.getACL().getRoles().getRolesArray()[0], permissionObject);
222 }
223 }
224 else
225 {
226 throw(e);
227 }
228 }
229 return hasPermission(permissionObject);
230 }
231
232 /**
233 * Get the message that should be displayed. This is initialized
234 * in the constructor.
235 *
236 * @return A String.
237 */
238 public String getMessage()
239 {
240 return message;
241 }
242
243 /**
244 * Get the screen that should be displayed. This is initialized
245 * in the constructor.
246 *
247 * @return A String.
248 */
249 public String getFailScreen()
250 {
251 return failScreen;
252 }
253 }