View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.layout.impl;
18  
19  import java.security.Principal;
20  
21  import org.apache.commons.logging.Log;
22  import org.apache.commons.logging.LogFactory;
23  import org.apache.jetspeed.Jetspeed;
24  import org.apache.jetspeed.administration.PortalConfiguration;
25  import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
26  import org.apache.jetspeed.om.page.Page;
27  import org.apache.jetspeed.page.PageManager;
28  import org.apache.jetspeed.request.RequestContext;
29  
30  /***
31   * Abstracted behavior of security checks for portlet actions
32   *
33   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
34   * @version $Id: $
35   */
36  public class PortletActionSecurityConstraintsBehavior 
37         extends PortletActionSecurityPathBehavior
38         implements PortletActionSecurityBehavior
39  {
40      protected Log log = LogFactory.getLog(PortletActionSecurityConstraintsBehavior.class);    
41      protected String guest = "guest";
42      
43      public PortletActionSecurityConstraintsBehavior(PageManager pageManager)
44      {
45          super(pageManager);
46          PortalConfiguration config = Jetspeed.getConfiguration();
47          if (config != null)
48          {
49              guest = config.getString("default.user.principal");
50          }
51      }
52  
53      public boolean checkAccess(RequestContext context, String action)
54      {
55          Page page = context.getPage();
56          try
57          {
58              page.checkAccess(action);            
59          }
60          catch (Exception e)
61          {
62              Principal principal = context.getRequest().getUserPrincipal();
63              String userName = this.guest;
64              if (principal != null)
65                  userName = principal.getName();
66              log.warn("Insufficient access to page " + page.getPath() + " by user " + userName);
67              return false;
68          }     
69          return true;
70      }
71  }