1 package org.apache.turbine.util.template;
2
3
4 /*
5 * Licensed to the Apache Software Foundation (ASF) under one
6 * or more contributor license agreements. See the NOTICE file
7 * distributed with this work for additional information
8 * regarding copyright ownership. The ASF licenses this file
9 * to you under the Apache License, Version 2.0 (the
10 * "License"); you may not use this file except in compliance
11 * with the License. You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing,
16 * software distributed under the License is distributed on an
17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18 * KIND, either express or implied. See the License for the
19 * specific language governing permissions and limitations
20 * under the License.
21 */
22
23
24 import org.apache.turbine.Turbine;
25 import org.apache.turbine.TurbineConstants;
26 import org.apache.turbine.om.security.Permission;
27 import org.apache.turbine.om.security.Role;
28 import org.apache.turbine.services.security.TurbineSecurity;
29 import org.apache.turbine.services.template.TurbineTemplate;
30 import org.apache.turbine.util.RunData;
31
32 /**
33 * Utility class to help check for proper authorization when using
34 * template screens. Sample usages:
35 *
36 * <p><pre><code>
37 * TemplateSecurityCheck secCheck = new TemplateSecurityCheck( data );
38 * secCheck.setMessage( "Sorry, you do not have permission to " +
39 * "access this area." );
40 * secCheck.setFailTemplate("login.wm");
41 * if ( !secCheck.hasRole("ADMIN") )
42 * return;
43 * </pre></code>
44 *
45 * @author <a href="mbryson@mont.mindspring.com">Dave Bryson</a>
46 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
47 * @version $Id: TemplateSecurityCheck.java 615328 2008-01-25 20:25:05Z tv $
48 */
49 public class TemplateSecurityCheck
50 {
51 private String message =
52 "Sorry, you do not have permission to access this area.";
53 private String failScreen = TurbineTemplate.getDefaultScreen();
54 private String failTemplate;
55 private RunData data = null;
56
57 /**
58 * Constructor.
59 *
60 * @param data A Turbine RunData object.
61 * @param message A String with the message to display upon
62 * failure.
63 */
64 public TemplateSecurityCheck(RunData data, String message)
65 {
66 this.data = data;
67 this.message = message;
68 }
69
70 /**
71 * Generic Constructor.
72 *
73 * @param data A Turbine RunData object.
74 */
75 public TemplateSecurityCheck(RunData data)
76 {
77 this.data = data;
78 }
79
80 /**
81 * Does the User have this role?
82 *
83 * @param role The role to be checked.
84 * @return Whether the user has the role.
85 * @exception Exception Trouble validating.
86 */
87 public boolean hasRole(Role role)
88 throws Exception
89 {
90 if (!checkLogin())
91 {
92 return false;
93 }
94
95 if (data.getACL() == null || !data.getACL().hasRole(role))
96 {
97 data.setScreen(getFailScreen());
98 data.getTemplateInfo().setScreenTemplate(getFailTemplate());
99 data.setMessage(getMessage());
100 return false;
101 }
102
103 return true;
104 }
105
106 /**
107 * Does the User have this permission?
108 *
109 * @param permission The permission to be checked.
110 * @return Whether the user has the permission.
111 * @exception Exception Trouble validating.
112 */
113 public boolean hasPermission(Permission permission)
114 throws Exception
115 {
116 boolean value = true;
117 if (data.getACL() == null || !data.getACL().hasPermission(permission))
118 {
119 data.setScreen(getFailScreen());
120 data.getTemplateInfo().setScreenTemplate(getFailTemplate());
121 data.setMessage(getMessage());
122 value = false;
123 }
124
125 return value;
126 }
127
128 /**
129 * Check that the user has logged in.
130 *
131 * @return True if user has logged in.
132 * @exception Exception, a generic exception.
133 */
134 public boolean checkLogin()
135 throws Exception
136 {
137 boolean value = true;
138
139 // Do it like the AccessController
140 if (!TurbineSecurity.isAnonymousUser(data.getUser())
141 && !data.getUser().hasLoggedIn())
142 {
143 data.setMessage(Turbine.getConfiguration()
144 .getString(TurbineConstants.LOGIN_MESSAGE));
145
146 data.getTemplateInfo().setScreenTemplate(getFailTemplate());
147 value = false;
148 }
149
150 return value;
151 }
152
153 /**
154 * Set the message that should be displayed. This is initialized
155 * in the constructor.
156 *
157 * @param v A String with the message that should be displayed.
158 */
159 public void setMessage(String v)
160 {
161 this.message = v;
162 }
163
164 /**
165 * Get the message that should be displayed. This is initialized
166 * in the constructor.
167 *
168 * @return A String with the message that should be displayed.
169 */
170 public String getMessage()
171 {
172 return message;
173 }
174
175 /**
176 * Get the value of failScreen.
177 *
178 * @return A String with the value of failScreen.
179 */
180 public String getFailScreen()
181 {
182 return failScreen;
183 }
184
185 /**
186 * Set the value of failScreen.
187 *
188 * @param v A String with the value of failScreen.
189 */
190 public void setFailScreen(String v)
191 {
192 this.failScreen = v;
193 }
194
195 /**
196 * Get the value of failTemplate.
197 *
198 * @return A String with the value of failTemplate.
199 */
200 public String getFailTemplate()
201 {
202 return failTemplate;
203 }
204
205 /**
206 * Set the value of failTemplate.
207 *
208 * @param v A String with the value of failTemplate.
209 */
210 public void setFailTemplate(String v)
211 {
212 this.failTemplate = v;
213 }
214 }