1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.layout.impl;
18
19 import java.security.Principal;
20
21 import org.apache.commons.logging.Log;
22 import org.apache.commons.logging.LogFactory;
23 import org.apache.jetspeed.Jetspeed;
24 import org.apache.jetspeed.administration.PortalConfiguration;
25 import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
26 import org.apache.jetspeed.om.page.Page;
27 import org.apache.jetspeed.page.PageManager;
28 import org.apache.jetspeed.request.RequestContext;
29
30 /***
31 * Abstracted behavior of security checks for portlet actions
32 *
33 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
34 * @version $Id: $
35 */
36 public class PortletActionSecurityConstraintsBehavior
37 extends PortletActionSecurityPathBehavior
38 implements PortletActionSecurityBehavior
39 {
40 protected Log log = LogFactory.getLog(PortletActionSecurityConstraintsBehavior.class);
41 protected String guest = "guest";
42
43 public PortletActionSecurityConstraintsBehavior(PageManager pageManager)
44 {
45 super(pageManager);
46 PortalConfiguration config = Jetspeed.getConfiguration();
47 if (config != null)
48 {
49 guest = config.getString("default.user.principal");
50 }
51 }
52
53 public boolean checkAccess(RequestContext context, String action)
54 {
55 Page page = context.getPage();
56 try
57 {
58 page.checkAccess(action);
59 }
60 catch (Exception e)
61 {
62 Principal principal = context.getRequest().getUserPrincipal();
63 String userName = this.guest;
64 if (principal != null)
65 userName = principal.getName();
66 log.warn("Insufficient access to page " + page.getPath() + " by user " + userName);
67 return false;
68 }
69 return true;
70 }
71 }