View Javadoc
1 package org.apache.turbine.util.template; 2 3 /* ==================================================================== 4 * The Apache Software License, Version 1.1 5 * 6 * Copyright (c) 2001 The Apache Software Foundation. All rights 7 * reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. The end-user documentation included with the redistribution, 22 * if any, must include the following acknowledgment: 23 * "This product includes software developed by the 24 * Apache Software Foundation (http://www.apache.org/)." 25 * Alternately, this acknowledgment may appear in the software itself, 26 * if and wherever such third-party acknowledgments normally appear. 27 * 28 * 4. The names "Apache" and "Apache Software Foundation" and 29 * "Apache Turbine" must not be used to endorse or promote products 30 * derived from this software without prior written permission. For 31 * written permission, please contact apache@apache.org. 32 * 33 * 5. Products derived from this software may not be called "Apache", 34 * "Apache Turbine", nor may "Apache" appear in their name, without 35 * prior written permission of the Apache Software Foundation. 36 * 37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 48 * SUCH DAMAGE. 49 * ==================================================================== 50 * 51 * This software consists of voluntary contributions made by many 52 * individuals on behalf of the Apache Software Foundation. For more 53 * information on the Apache Software Foundation, please see 54 * <http://www.apache.org/>;. 55 */ 56 57 import org.apache.turbine.om.security.Permission; 58 import org.apache.turbine.om.security.Role; 59 import org.apache.turbine.services.resources.TurbineResources; 60 import org.apache.turbine.services.template.TurbineTemplate; 61 import org.apache.turbine.util.RunData; 62 63 /*** 64 * Utility class to help check for proper authorization when using 65 * template screens. Sample usages: 66 * 67 * <p><code> 68 * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data ); 69 * secCheck.setMessage( "Sorry, you do not have permission to " + 70 * "access this area." ); 71 * secCheck.setFailTemplate("login.wm"); 72 * if ( !secCheck.hasRole("ADMIN") ) 73 * return; 74 * </code> 75 * 76 * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a> 77 * @version $Id: TemplateSecurityCheck.java,v 1.2 2002/07/11 16:53:19 mpoeschl Exp $ 78 */ 79 public class TemplateSecurityCheck 80 { 81 private String message = 82 "Sorry, you do not have permission to access this area."; 83 private String failScreen = TurbineTemplate.getDefaultScreen(); 84 private String failTemplate; 85 private RunData data = null; 86 87 /*** 88 * Constructor. 89 * 90 * @param data A Turbine RunData object. 91 * @param message A String with the message to display upon 92 * failure. 93 */ 94 public TemplateSecurityCheck(RunData data, String message) 95 { 96 this.data = data; 97 this.message = message; 98 } 99 100 /*** 101 * Generic Constructor. 102 * 103 * @param data A Turbine RunData object. 104 */ 105 public TemplateSecurityCheck(RunData data) 106 { 107 this.data = data; 108 } 109 110 /*** 111 * Does the User have this role? 112 * 113 * @param role The role to be checked. 114 * @return Whether the user has the role. 115 * @exception Exception Trouble validating. 116 */ 117 public boolean hasRole(Role role) throws Exception 118 { 119 if (!checkLogin()) 120 { 121 return false; 122 } 123 124 if (data.getACL() == null || !data.getACL().hasRole(role)) 125 { 126 data.setScreen(getFailScreen()); 127 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 128 data.setMessage(getMessage()); 129 return false; 130 } 131 else 132 { 133 return true; 134 } 135 } 136 137 /*** 138 * Does the User have this permission? 139 * 140 * @param permission The permission to be checked. 141 * @return Whether the user has the permission. 142 * @exception Exception Trouble validating. 143 */ 144 public boolean hasPermission(Permission permission) throws Exception 145 { 146 if (data.getACL() == null || !data.getACL().hasPermission(permission)) 147 { 148 data.setScreen(getFailScreen()); 149 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 150 data.setMessage(getMessage()); 151 return false; 152 } 153 else 154 { 155 return true; 156 } 157 } 158 159 /*** 160 * Check that the user has logged in. 161 * 162 * @return True if user has logged in. 163 * @exception Exception, a generic exception. 164 */ 165 public boolean checkLogin() throws Exception 166 { 167 boolean value = false; 168 169 if (data.getUser() != null && !data.getUser().hasLoggedIn()) 170 { 171 data.setMessage(TurbineResources.getString("login.message")); 172 data.getTemplateInfo().setScreenTemplate( getFailTemplate()); 173 value = false; 174 } 175 else 176 { 177 value = true; 178 } 179 return value; 180 } 181 182 /*** 183 * Set the message that should be displayed. This is initialized 184 * in the constructor. 185 * 186 * @param v A String with the message that should be displayed. 187 */ 188 public void setMessage(String v) 189 { 190 this.message = v; 191 } 192 193 /*** 194 * Get the message that should be displayed. This is initialized 195 * in the constructor. 196 * 197 * @return A String with the message that should be displayed. 198 */ 199 public String getMessage() 200 { 201 return message; 202 } 203 204 /*** 205 * Get the value of failScreen. 206 * 207 * @return A String with the value of failScreen. 208 */ 209 public String getFailScreen() 210 { 211 return failScreen; 212 } 213 214 /*** 215 * Set the value of failScreen. 216 * 217 * @param v A String with the value of failScreen. 218 */ 219 public void setFailScreen(String v) 220 { 221 this.failScreen = v; 222 } 223 224 /*** 225 * Get the value of failTemplate. 226 * 227 * @return A String with the value of failTemplate. 228 */ 229 public String getFailTemplate() 230 { 231 return failTemplate; 232 } 233 234 /*** 235 * Set the value of failTemplate. 236 * 237 * @param v A String with the value of failTemplate. 238 */ 239 public void setFailTemplate(String v) 240 { 241 this.failTemplate = v; 242 } 243 }

This page was automatically generated by Maven