1 package org.apache.turbine.util.template;
2
3 /* ====================================================================
4 * The Apache Software License, Version 1.1
5 *
6 * Copyright (c) 2001 The Apache Software Foundation. All rights
7 * reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. The end-user documentation included with the redistribution,
22 * if any, must include the following acknowledgment:
23 * "This product includes software developed by the
24 * Apache Software Foundation (http://www.apache.org/)."
25 * Alternately, this acknowledgment may appear in the software itself,
26 * if and wherever such third-party acknowledgments normally appear.
27 *
28 * 4. The names "Apache" and "Apache Software Foundation" and
29 * "Apache Turbine" must not be used to endorse or promote products
30 * derived from this software without prior written permission. For
31 * written permission, please contact apache@apache.org.
32 *
33 * 5. Products derived from this software may not be called "Apache",
34 * "Apache Turbine", nor may "Apache" appear in their name, without
35 * prior written permission of the Apache Software Foundation.
36 *
37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48 * SUCH DAMAGE.
49 * ====================================================================
50 *
51 * This software consists of voluntary contributions made by many
52 * individuals on behalf of the Apache Software Foundation. For more
53 * information on the Apache Software Foundation, please see
54 * <http://www.apache.org/>.
55 */
56
57 import org.apache.turbine.om.security.Permission;
58 import org.apache.turbine.om.security.Role;
59 import org.apache.turbine.services.resources.TurbineResources;
60 import org.apache.turbine.services.template.TurbineTemplate;
61 import org.apache.turbine.util.RunData;
62
63 /***
64 * Utility class to help check for proper authorization when using
65 * template screens. Sample usages:
66 *
67 * <p><code>
68 * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
69 * secCheck.setMessage( "Sorry, you do not have permission to " +
70 * "access this area." );
71 * secCheck.setFailTemplate("login.wm");
72 * if ( !secCheck.hasRole("ADMIN") )
73 * return;
74 * </code>
75 *
76 * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
77 * @version $Id: TemplateSecurityCheck.java,v 1.2 2002/07/11 16:53:19 mpoeschl Exp $
78 */
79 public class TemplateSecurityCheck
80 {
81 private String message =
82 "Sorry, you do not have permission to access this area.";
83 private String failScreen = TurbineTemplate.getDefaultScreen();
84 private String failTemplate;
85 private RunData data = null;
86
87 /***
88 * Constructor.
89 *
90 * @param data A Turbine RunData object.
91 * @param message A String with the message to display upon
92 * failure.
93 */
94 public TemplateSecurityCheck(RunData data, String message)
95 {
96 this.data = data;
97 this.message = message;
98 }
99
100 /***
101 * Generic Constructor.
102 *
103 * @param data A Turbine RunData object.
104 */
105 public TemplateSecurityCheck(RunData data)
106 {
107 this.data = data;
108 }
109
110 /***
111 * Does the User have this role?
112 *
113 * @param role The role to be checked.
114 * @return Whether the user has the role.
115 * @exception Exception Trouble validating.
116 */
117 public boolean hasRole(Role role) throws Exception
118 {
119 if (!checkLogin())
120 {
121 return false;
122 }
123
124 if (data.getACL() == null || !data.getACL().hasRole(role))
125 {
126 data.setScreen(getFailScreen());
127 data.getTemplateInfo().setScreenTemplate(getFailTemplate());
128 data.setMessage(getMessage());
129 return false;
130 }
131 else
132 {
133 return true;
134 }
135 }
136
137 /***
138 * Does the User have this permission?
139 *
140 * @param permission The permission to be checked.
141 * @return Whether the user has the permission.
142 * @exception Exception Trouble validating.
143 */
144 public boolean hasPermission(Permission permission) throws Exception
145 {
146 if (data.getACL() == null || !data.getACL().hasPermission(permission))
147 {
148 data.setScreen(getFailScreen());
149 data.getTemplateInfo().setScreenTemplate(getFailTemplate());
150 data.setMessage(getMessage());
151 return false;
152 }
153 else
154 {
155 return true;
156 }
157 }
158
159 /***
160 * Check that the user has logged in.
161 *
162 * @return True if user has logged in.
163 * @exception Exception, a generic exception.
164 */
165 public boolean checkLogin() throws Exception
166 {
167 boolean value = false;
168
169 if (data.getUser() != null && !data.getUser().hasLoggedIn())
170 {
171 data.setMessage(TurbineResources.getString("login.message"));
172 data.getTemplateInfo().setScreenTemplate( getFailTemplate());
173 value = false;
174 }
175 else
176 {
177 value = true;
178 }
179 return value;
180 }
181
182 /***
183 * Set the message that should be displayed. This is initialized
184 * in the constructor.
185 *
186 * @param v A String with the message that should be displayed.
187 */
188 public void setMessage(String v)
189 {
190 this.message = v;
191 }
192
193 /***
194 * Get the message that should be displayed. This is initialized
195 * in the constructor.
196 *
197 * @return A String with the message that should be displayed.
198 */
199 public String getMessage()
200 {
201 return message;
202 }
203
204 /***
205 * Get the value of failScreen.
206 *
207 * @return A String with the value of failScreen.
208 */
209 public String getFailScreen()
210 {
211 return failScreen;
212 }
213
214 /***
215 * Set the value of failScreen.
216 *
217 * @param v A String with the value of failScreen.
218 */
219 public void setFailScreen(String v)
220 {
221 this.failScreen = v;
222 }
223
224 /***
225 * Get the value of failTemplate.
226 *
227 * @return A String with the value of failTemplate.
228 */
229 public String getFailTemplate()
230 {
231 return failTemplate;
232 }
233
234 /***
235 * Set the value of failTemplate.
236 *
237 * @param v A String with the value of failTemplate.
238 */
239 public void setFailTemplate(String v)
240 {
241 this.failTemplate = v;
242 }
243 }
This page was automatically generated by Maven