Coverage Report - org.apache.turbine.util.SecurityCheck
 
Classes in this File Line Coverage Branch Coverage Complexity
SecurityCheck
0%
0/49
0%
0/20
2,75
 
 1  
 package org.apache.turbine.util;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.turbine.om.security.Permission;
 25  
 import org.apache.turbine.om.security.Role;
 26  
 import org.apache.turbine.services.security.TurbineSecurity;
 27  
 import org.apache.turbine.util.security.RoleSet;
 28  
 import org.apache.turbine.util.security.UnknownEntityException;
 29  
 
 30  
 /**
 31  
  * Utility for doing security checks in Screens and Actions.
 32  
  *
 33  
  * Sample usage:<br>
 34  
  *
 35  
  * <pre><code>
 36  
  * SecurityCheck mycheck =
 37  
  *   new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
 38  
  * if (!mycheck.hasPermission("add_user");
 39  
  *   return;
 40  
  *</code></pre>
 41  
  *
 42  
  * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
 43  
  * @author <a href="jh@byteaction.de">J&#252;rgen Hoffmann</a>
 44  
  * @version $Id: SecurityCheck.java 615328 2008-01-25 20:25:05Z tv $
 45  
  */
 46  
 public class SecurityCheck
 47  
 {
 48  
     private String message;
 49  
 
 50  
     private String failScreen;
 51  
 
 52  0
     private RunData data = null;
 53  
 
 54  
     /**
 55  
      * Holds information if a missing Permission or Role should be created and granted on-the-fly.
 56  
      * This is good behaviour, if these change a lot.
 57  
      */
 58  
     private boolean initialize;
 59  
 
 60  
     /**
 61  
      * Constructor.
 62  
      *
 63  
      * @param data A Turbine RunData object.
 64  
      * @param message The message to display upon failure.
 65  
      * @param failedScreen The screen to redirect to upon failure.
 66  
      */
 67  
     public SecurityCheck(RunData data,
 68  
                          String message,
 69  
                          String failedScreen)
 70  
     {
 71  0
         this(data, message, failedScreen, false);
 72  0
     }
 73  
 
 74  
     /**
 75  
      * Constructor.
 76  
      *
 77  
      * @param data
 78  
      *            A Turbine RunData object.
 79  
      * @param message
 80  
      *            The message to display upon failure.
 81  
      * @param failedScreen
 82  
      *            The screen to redirect to upon failure.
 83  
      * @param initialize
 84  
      *            if a non-existing Permission or Role should be created.
 85  
      */
 86  
     public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
 87  0
     {
 88  0
         this.data = data;
 89  0
         this.message = message;
 90  0
         this.failScreen = failedScreen;
 91  0
         this.initialize = initialize;
 92  0
     }
 93  
 
 94  
     /**
 95  
      * Does the user have this role?
 96  
      *
 97  
      * @param role A Role.
 98  
      * @return True if the user has this role.
 99  
      * @exception Exception, a generic exception.
 100  
      */
 101  
     public boolean hasRole(Role role)
 102  
             throws Exception
 103  
     {
 104  0
         boolean value = false;
 105  0
         if (data.getACL() == null ||
 106  
                 !data.getACL().hasRole(role))
 107  
         {
 108  0
             data.setScreen(failScreen);
 109  0
             data.setMessage(message);
 110  
         }
 111  
         else
 112  
         {
 113  0
             value = true;
 114  
         }
 115  0
         return value;
 116  
     }
 117  
 
 118  
     /**
 119  
      * Does the user have this role?
 120  
      *
 121  
      * @param role
 122  
      *            A String.
 123  
      * @return True if the user has this role.
 124  
      * @exception Exception,
 125  
      *                a generic exception.
 126  
      */
 127  
     public boolean hasRole(String role) throws Exception
 128  
     {
 129  0
         Role roleObject = null;
 130  
         try
 131  
         {
 132  0
             roleObject = TurbineSecurity.getRoleByName(role);
 133  
         }
 134  0
         catch (UnknownEntityException e)
 135  
         {
 136  0
             if(initialize)
 137  
             {
 138  0
                 roleObject = TurbineSecurity.createRole(role);
 139  0
                 TurbineSecurity.grant(data.getUser(), TurbineSecurity.getGlobalGroup(), roleObject);
 140  
             }
 141  
             else
 142  
             {
 143  0
                 throw(e);
 144  
             }
 145  0
         }
 146  0
         return hasRole(TurbineSecurity.getRoleByName(role));
 147  
     }
 148  
 
 149  
     /**
 150  
      * Does the user have this permission?
 151  
      *
 152  
      * @param permission A Permission.
 153  
      * @return True if the user has this permission.
 154  
      * @exception Exception, a generic exception.
 155  
      */
 156  
     public boolean hasPermission(Permission permission)
 157  
             throws Exception
 158  
     {
 159  0
         boolean value = false;
 160  0
         if (data.getACL() == null ||
 161  
                 !data.getACL().hasPermission(permission))
 162  
         {
 163  0
             data.setScreen(failScreen);
 164  0
             data.setMessage(message);
 165  
         }
 166  
         else
 167  
         {
 168  0
             value = true;
 169  
         }
 170  0
         return value;
 171  
     }
 172  
 
 173  
     /**
 174  
      * Does the user have this permission? If initialze is set to <code>true</code>
 175  
      * The permission will be created and granted to the first available Role of
 176  
      * the user, that the SecurityCheck is running against.
 177  
      *
 178  
      * If the User has no Roles, the first Role via TurbineSecurity is granted the
 179  
      * permission.
 180  
      *
 181  
      * @param permission
 182  
      *            A String.
 183  
      * @return True if the user has this permission.
 184  
      * @exception Exception,
 185  
      *                a generic exception.
 186  
      */
 187  
     public boolean hasPermission(String permission)
 188  
             throws Exception
 189  
     {
 190  0
         Permission permissionObject = null;
 191  
         try
 192  
         {
 193  0
             permissionObject = TurbineSecurity.getPermissionByName(permission);
 194  
         }
 195  0
         catch (UnknownEntityException e)
 196  
         {
 197  0
             if(initialize)
 198  
             {
 199  0
                 permissionObject = TurbineSecurity.createPermission(permission);
 200  
 
 201  0
                 Role role = null;
 202  0
                 RoleSet roles = data.getACL().getRoles();
 203  0
                 if(roles.size() > 0) role = roles.getRolesArray()[0];
 204  
 
 205  0
                 if(role == null)
 206  
                 {
 207  
                     /*
 208  
                      * The User within data has no roles yet, let us grant the permission
 209  
                      * to the first role available through TurbineSecurity.
 210  
                      */
 211  0
                     roles = TurbineSecurity.getAllRoles();
 212  0
                     if(roles.size() > 0) role = roles.getRolesArray()[0];
 213  
                 }
 214  
 
 215  0
                 if(role != null)
 216  
                 {
 217  
                     /*
 218  
                      * If we have no role, there is nothing we can do about it. So only grant it,
 219  
                      * if we have a role to grant it to.
 220  
                      */
 221  0
                     TurbineSecurity.grant(data.getACL().getRoles().getRolesArray()[0], permissionObject);
 222  
                 }
 223  0
             }
 224  
             else
 225  
             {
 226  0
                 throw(e);
 227  
             }
 228  0
         }
 229  0
         return hasPermission(permissionObject);
 230  
     }
 231  
 
 232  
     /**
 233  
      * Get the message that should be displayed.  This is initialized
 234  
      * in the constructor.
 235  
      *
 236  
      * @return A String.
 237  
      */
 238  
     public String getMessage()
 239  
     {
 240  0
         return message;
 241  
     }
 242  
 
 243  
     /**
 244  
      * Get the screen that should be displayed.  This is initialized
 245  
      * in the constructor.
 246  
      *
 247  
      * @return A String.
 248  
      */
 249  
     public String getFailScreen()
 250  
     {
 251  0
         return failScreen;
 252  
     }
 253  
 }