app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UISecurityInterceptor.java - roller - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  *  contributor license agreements.  The ASF licenses this file to You
  * under the Apache License, Version 2.0 (the "License"); you may not
  * use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.  For additional information regarding
  * copyright in this work, please see the NOTICE file in the top level
  * directory of this distribution.
  */

 package org.apache.roller.weblogger.ui.struts2.util;

 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.roller.weblogger.business.UserManager;
 import org.apache.roller.weblogger.business.WebloggerFactory;
 import org.apache.roller.weblogger.pojos.GlobalPermission;
 import org.apache.roller.weblogger.pojos.User;
 import org.apache.roller.weblogger.pojos.Weblog;
 import org.apache.roller.weblogger.pojos.WeblogPermission;

 import com.opensymphony.xwork2.ActionInvocation;
 import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;

 /**
  * A struts2 interceptor for configuring specifics of the weblogger ui.
  */
 public class UISecurityInterceptor extends MethodFilterInterceptor {

     private static final long serialVersionUID = -7787813271277874462L;
     private static Log log = LogFactory.getLog(UISecurityInterceptor.class);

     @Override
     public String doIntercept(ActionInvocation invocation) throws Exception {

         if (log.isDebugEnabled()) {
             log.debug("Entering UISecurityInterceptor");
         }

         final Object action = invocation.getAction();

         // is this one of our own UIAction classes?
         if (action instanceof UISecurityEnforced && action instanceof UIAction) {

             if (log.isDebugEnabled()) {
                 log.debug("action is UISecurityEnforced ... enforcing security rules");
             }

             final UISecurityEnforced theAction = (UISecurityEnforced) action;

             // are we requiring an authenticated user?
             if (theAction.isUserRequired()) {

                 UserManager umgr = WebloggerFactory.getWeblogger()
                         .getUserManager();

                 User authenticatedUser = ((UIAction) theAction)
                         .getAuthenticatedUser();
                 if (authenticatedUser == null) {
                     if (log.isDebugEnabled()) {
                         log.debug("DENIED: required user not found");
                     }
                     return UIAction.DENIED;
                 }

                 // are we also enforcing global permissions?
                 if (theAction.requiredGlobalPermissionActions() != null
                         && !theAction.requiredGlobalPermissionActions().isEmpty()) {
                     GlobalPermission perm = new GlobalPermission(theAction.requiredGlobalPermissionActions());
                     if (!umgr.checkPermission(perm, authenticatedUser)) {
                         if (log.isDebugEnabled()) {
                             log.debug(String.format("DENIED: user %s does not have permission = %s",
                                 authenticatedUser.getUserName(), perm));
                         }
                         return UIAction.DENIED;
                     }
                 }

                 // are we requiring a valid action weblog?
                 if (theAction.isWeblogRequired()) {

                     Weblog actionWeblog = ((UIAction) theAction)
                             .getActionWeblog();
                     if (actionWeblog == null) {
                         if (log.isWarnEnabled()) {
                             log.warn(String.format("User %s unable to process action %s " +
                                     "because no weblog was defined (Check JSP form provides weblog value).",
                                 authenticatedUser.getUserName(), ((UIAction) theAction).getActionName()));
                         }
                         return UIAction.DENIED;
                     }

                     // are we also enforcing a specific weblog permission?
                     if (theAction.requiredWeblogPermissionActions() != null
                             && !theAction.requiredWeblogPermissionActions()
                                     .isEmpty()) {
                         WeblogPermission required = new WeblogPermission(
                                 actionWeblog,
                                 theAction.requiredWeblogPermissionActions());

                         if (!umgr.checkPermission(required, authenticatedUser)) {
                             if (log.isDebugEnabled()) {
                                 log.debug(String.format("DENIED: user %s does not have required weblog permissions %s",
                                     authenticatedUser.getUserName(), required));
                             }
                             return UIAction.DENIED;
                         }
                     }
                 }

             }

         }

         return invocation.invoke();
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. The ASF licenses this file to You
	* under the Apache License, Version 2.0 (the "License"); you may not
	* use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License. For additional information regarding
	* copyright in this work, please see the NOTICE file in the top level
	* directory of this distribution.
	*/

	package org.apache.roller.weblogger.ui.struts2.util;

	import org.apache.commons.logging.Log;
	import org.apache.commons.logging.LogFactory;
	import org.apache.roller.weblogger.business.UserManager;
	import org.apache.roller.weblogger.business.WebloggerFactory;
	import org.apache.roller.weblogger.pojos.GlobalPermission;
	import org.apache.roller.weblogger.pojos.User;
	import org.apache.roller.weblogger.pojos.Weblog;
	import org.apache.roller.weblogger.pojos.WeblogPermission;

	import com.opensymphony.xwork2.ActionInvocation;
	import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;

	/**
	* A struts2 interceptor for configuring specifics of the weblogger ui.
	*/
	public class UISecurityInterceptor extends MethodFilterInterceptor {

	private static final long serialVersionUID = -7787813271277874462L;
	private static Log log = LogFactory.getLog(UISecurityInterceptor.class);

	@Override
	public String doIntercept(ActionInvocation invocation) throws Exception {

	if (log.isDebugEnabled()) {
	log.debug("Entering UISecurityInterceptor");
	}

	final Object action = invocation.getAction();

	// is this one of our own UIAction classes?
	if (action instanceof UISecurityEnforced && action instanceof UIAction) {

	if (log.isDebugEnabled()) {
	log.debug("action is UISecurityEnforced ... enforcing security rules");
	}

	final UISecurityEnforced theAction = (UISecurityEnforced) action;

	// are we requiring an authenticated user?
	if (theAction.isUserRequired()) {

	UserManager umgr = WebloggerFactory.getWeblogger()
	.getUserManager();

	User authenticatedUser = ((UIAction) theAction)
	.getAuthenticatedUser();
	if (authenticatedUser == null) {
	if (log.isDebugEnabled()) {
	log.debug("DENIED: required user not found");
	}
	return UIAction.DENIED;
	}

	// are we also enforcing global permissions?
	if (theAction.requiredGlobalPermissionActions() != null
	&& !theAction.requiredGlobalPermissionActions().isEmpty()) {
	GlobalPermission perm = new GlobalPermission(theAction.requiredGlobalPermissionActions());
	if (!umgr.checkPermission(perm, authenticatedUser)) {
	if (log.isDebugEnabled()) {
	log.debug(String.format("DENIED: user %s does not have permission = %s",
	authenticatedUser.getUserName(), perm));
	}
	return UIAction.DENIED;
	}
	}

	// are we requiring a valid action weblog?
	if (theAction.isWeblogRequired()) {

	Weblog actionWeblog = ((UIAction) theAction)
	.getActionWeblog();
	if (actionWeblog == null) {
	if (log.isWarnEnabled()) {
	log.warn(String.format("User %s unable to process action %s " +
	"because no weblog was defined (Check JSP form provides weblog value).",
	authenticatedUser.getUserName(), ((UIAction) theAction).getActionName()));
	}
	return UIAction.DENIED;
	}

	// are we also enforcing a specific weblog permission?
	if (theAction.requiredWeblogPermissionActions() != null
	&& !theAction.requiredWeblogPermissionActions()
	.isEmpty()) {
	WeblogPermission required = new WeblogPermission(
	actionWeblog,
	theAction.requiredWeblogPermissionActions());

	if (!umgr.checkPermission(required, authenticatedUser)) {
	if (log.isDebugEnabled()) {
	log.debug(String.format("DENIED: user %s does not have required weblog permissions %s",
	authenticatedUser.getUserName(), required));
	}
	return UIAction.DENIED;
	}
	}
	}

	}

	}

	return invocation.invoke();
	}

	}