001 package org.apache.turbine.util.template; 002 003 004 /* 005 * Licensed to the Apache Software Foundation (ASF) under one 006 * or more contributor license agreements. See the NOTICE file 007 * distributed with this work for additional information 008 * regarding copyright ownership. The ASF licenses this file 009 * to you under the Apache License, Version 2.0 (the 010 * "License"); you may not use this file except in compliance 011 * with the License. You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, 016 * software distributed under the License is distributed on an 017 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 018 * KIND, either express or implied. See the License for the 019 * specific language governing permissions and limitations 020 * under the License. 021 */ 022 023 024 import org.apache.turbine.Turbine; 025 import org.apache.turbine.TurbineConstants; 026 import org.apache.turbine.om.security.Permission; 027 import org.apache.turbine.om.security.Role; 028 import org.apache.turbine.services.security.TurbineSecurity; 029 import org.apache.turbine.services.template.TurbineTemplate; 030 import org.apache.turbine.util.RunData; 031 032 /** 033 * Utility class to help check for proper authorization when using 034 * template screens. Sample usages: 035 * 036 * <p><pre><code> 037 * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data ); 038 * secCheck.setMessage( "Sorry, you do not have permission to " + 039 * "access this area." ); 040 * secCheck.setFailTemplate("login.wm"); 041 * if ( !secCheck.hasRole("ADMIN") ) 042 * return; 043 * </pre></code> 044 * 045 * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a> 046 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> 047 * @version $Id: TemplateSecurityCheck.java 615328 2008-01-25 20:25:05Z tv $ 048 */ 049 public class TemplateSecurityCheck 050 { 051 private String message = 052 "Sorry, you do not have permission to access this area."; 053 private String failScreen = TurbineTemplate.getDefaultScreen(); 054 private String failTemplate; 055 private RunData data = null; 056 057 /** 058 * Constructor. 059 * 060 * @param data A Turbine RunData object. 061 * @param message A String with the message to display upon 062 * failure. 063 */ 064 public TemplateSecurityCheck(RunData data, String message) 065 { 066 this.data = data; 067 this.message = message; 068 } 069 070 /** 071 * Generic Constructor. 072 * 073 * @param data A Turbine RunData object. 074 */ 075 public TemplateSecurityCheck(RunData data) 076 { 077 this.data = data; 078 } 079 080 /** 081 * Does the User have this role? 082 * 083 * @param role The role to be checked. 084 * @return Whether the user has the role. 085 * @exception Exception Trouble validating. 086 */ 087 public boolean hasRole(Role role) 088 throws Exception 089 { 090 if (!checkLogin()) 091 { 092 return false; 093 } 094 095 if (data.getACL() == null || !data.getACL().hasRole(role)) 096 { 097 data.setScreen(getFailScreen()); 098 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 099 data.setMessage(getMessage()); 100 return false; 101 } 102 103 return true; 104 } 105 106 /** 107 * Does the User have this permission? 108 * 109 * @param permission The permission to be checked. 110 * @return Whether the user has the permission. 111 * @exception Exception Trouble validating. 112 */ 113 public boolean hasPermission(Permission permission) 114 throws Exception 115 { 116 boolean value = true; 117 if (data.getACL() == null || !data.getACL().hasPermission(permission)) 118 { 119 data.setScreen(getFailScreen()); 120 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 121 data.setMessage(getMessage()); 122 value = false; 123 } 124 125 return value; 126 } 127 128 /** 129 * Check that the user has logged in. 130 * 131 * @return True if user has logged in. 132 * @exception Exception, a generic exception. 133 */ 134 public boolean checkLogin() 135 throws Exception 136 { 137 boolean value = true; 138 139 // Do it like the AccessController 140 if (!TurbineSecurity.isAnonymousUser(data.getUser()) 141 && !data.getUser().hasLoggedIn()) 142 { 143 data.setMessage(Turbine.getConfiguration() 144 .getString(TurbineConstants.LOGIN_MESSAGE)); 145 146 data.getTemplateInfo().setScreenTemplate(getFailTemplate()); 147 value = false; 148 } 149 150 return value; 151 } 152 153 /** 154 * Set the message that should be displayed. This is initialized 155 * in the constructor. 156 * 157 * @param v A String with the message that should be displayed. 158 */ 159 public void setMessage(String v) 160 { 161 this.message = v; 162 } 163 164 /** 165 * Get the message that should be displayed. This is initialized 166 * in the constructor. 167 * 168 * @return A String with the message that should be displayed. 169 */ 170 public String getMessage() 171 { 172 return message; 173 } 174 175 /** 176 * Get the value of failScreen. 177 * 178 * @return A String with the value of failScreen. 179 */ 180 public String getFailScreen() 181 { 182 return failScreen; 183 } 184 185 /** 186 * Set the value of failScreen. 187 * 188 * @param v A String with the value of failScreen. 189 */ 190 public void setFailScreen(String v) 191 { 192 this.failScreen = v; 193 } 194 195 /** 196 * Get the value of failTemplate. 197 * 198 * @return A String with the value of failTemplate. 199 */ 200 public String getFailTemplate() 201 { 202 return failTemplate; 203 } 204 205 /** 206 * Set the value of failTemplate. 207 * 208 * @param v A String with the value of failTemplate. 209 */ 210 public void setFailTemplate(String v) 211 { 212 this.failTemplate = v; 213 } 214 }