You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by ho...@apache.org on 2006/12/12 09:23:39 UTC
svn commit: r486058 -
/jakarta/turbine/core/trunk/src/java/org/apache/turbine/util/SecurityCheck.java
Author: hoffmann
Date: Tue Dec 12 00:23:38 2006
New Revision: 486058
URL: http://svn.apache.org/viewvc?view=rev&rev=486058
Log:
make SecurityCheck configurable, to create Permissions and Roles on-the-fly. See TRB-38
Modified:
jakarta/turbine/core/trunk/src/java/org/apache/turbine/util/SecurityCheck.java
Modified: jakarta/turbine/core/trunk/src/java/org/apache/turbine/util/SecurityCheck.java
URL: http://svn.apache.org/viewvc/jakarta/turbine/core/trunk/src/java/org/apache/turbine/util/SecurityCheck.java?view=diff&rev=486058&r1=486057&r2=486058
==============================================================================
--- jakarta/turbine/core/trunk/src/java/org/apache/turbine/util/SecurityCheck.java (original)
+++ jakarta/turbine/core/trunk/src/java/org/apache/turbine/util/SecurityCheck.java Tue Dec 12 00:23:38 2006
@@ -21,6 +21,8 @@
import org.apache.turbine.om.security.Permission;
import org.apache.turbine.om.security.Role;
import org.apache.turbine.services.security.TurbineSecurity;
+import org.apache.turbine.util.security.RoleSet;
+import org.apache.turbine.util.security.UnknownEntityException;
/**
* Utility for doing security checks in Screens and Actions.
@@ -35,15 +37,24 @@
*</code></pre>
*
* @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
+ * @author <a href="jh@byteaction.de">Jürgen Hoffmann</a>
* @version $Id$
*/
public class SecurityCheck
{
private String message;
+
private String failScreen;
+
private RunData data = null;
/**
+ * Holds information if a missing Permission or Role should be created and granted on-the-fly.
+ * This is good behaviour, if these change a lot.
+ */
+ private boolean initialize;
+
+ /**
* Constructor.
*
* @param data A Turbine RunData object.
@@ -54,9 +65,27 @@
String message,
String failedScreen)
{
+ this(data, message, failedScreen, false);
+ }
+
+ /**
+ * Constructor.
+ *
+ * @param data
+ * A Turbine RunData object.
+ * @param message
+ * The message to display upon failure.
+ * @param failedScreen
+ * The screen to redirect to upon failure.
+ * @param initialize
+ * if a non-existing Permission or Role should be created.
+ */
+ public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
+ {
this.data = data;
this.message = message;
this.failScreen = failedScreen;
+ this.initialize = initialize;
}
/**
@@ -85,14 +114,32 @@
/**
* Does the user have this role?
- *
- * @param role A String.
+ *
+ * @param role
+ * A String.
* @return True if the user has this role.
- * @exception Exception, a generic exception.
+ * @exception Exception,
+ * a generic exception.
*/
- public boolean hasRole(String role)
- throws Exception
+ public boolean hasRole(String role) throws Exception
{
+ Role roleObject = null;
+ try
+ {
+ roleObject = TurbineSecurity.getRoleByName(role);
+ }
+ catch (UnknownEntityException e)
+ {
+ if(initialize)
+ {
+ roleObject = TurbineSecurity.createRole(role);
+ TurbineSecurity.grant(data.getUser(), TurbineSecurity.getGlobalGroup(), roleObject);
+ }
+ else
+ {
+ throw(e);
+ }
+ }
return hasRole(TurbineSecurity.getRoleByName(role));
}
@@ -121,16 +168,62 @@
}
/**
- * Does the user have this permission?
- *
- * @param permission A String.
+ * Does the user have this permission? If initialze is set to <code>true</code>
+ * The permission will be created and granted to the first available Role of
+ * the user, that the SecurityCheck is running against.
+ *
+ * If the User has no Roles, the first Role via TurbineSecurity is granted the
+ * permission.
+ *
+ * @param permission
+ * A String.
* @return True if the user has this permission.
- * @exception Exception, a generic exception.
+ * @exception Exception,
+ * a generic exception.
*/
public boolean hasPermission(String permission)
throws Exception
{
- return hasPermission(TurbineSecurity.getPermissionByName(permission));
+ Permission permissionObject = null;
+ try
+ {
+ permissionObject = TurbineSecurity.getPermissionByName(permission);
+ }
+ catch (UnknownEntityException e)
+ {
+ if(initialize)
+ {
+ permissionObject = TurbineSecurity.createPermission(permission);
+
+ Role role = null;
+ RoleSet roles = data.getACL().getRoles();
+ if(roles.size() > 0) role = roles.getRolesArray()[0];
+
+ if(role == null)
+ {
+ /*
+ * The User within data has no roles yet, let us grant the permission
+ * to the first role available through TurbineSecurity.
+ */
+ roles = TurbineSecurity.getAllRoles();
+ if(roles.size() > 0) role = roles.getRolesArray()[0];
+ }
+
+ if(role != null)
+ {
+ /*
+ * If we have no role, there is nothing we can do about it. So only grant it,
+ * if we have a role to grant it to.
+ */
+ TurbineSecurity.grant(data.getACL().getRoles().getRolesArray()[0], permissionObject);
+ }
+ }
+ else
+ {
+ throw(e);
+ }
+ }
+ return hasPermission(permissionObject);
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org