jacoco/org.apache.turbine.util/SecurityCheck.java.html - turbine-core.git - Git at Google

 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang=""><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../jacoco-resources/report.gif" type="image/gif"/><title>SecurityCheck.java</title><link rel="stylesheet" href="../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Apache Turbine</a> &gt; <a href="index.source.html" class="el_package">org.apache.turbine.util</a> &gt; <span class="el_source">SecurityCheck.java</span></div><h1>SecurityCheck.java</h1><pre class="source lang-java linenums">package org.apache.turbine.util;


 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * &quot;License&quot;); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */


 import org.apache.fulcrum.security.SecurityService;
 import org.apache.fulcrum.security.entity.Permission;
 import org.apache.fulcrum.security.entity.Role;
 import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
 import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
 import org.apache.fulcrum.security.util.RoleSet;
 import org.apache.fulcrum.security.util.UnknownEntityException;
 import org.apache.turbine.services.TurbineServices;

 /**
  * Utility for doing security checks in Screens and Actions.
  *
  * Sample usage:&lt;br&gt;
  *
  * &lt;pre&gt;
  * SecurityCheck mycheck =
  *   new SecurityCheck(data, &quot;Unauthorized to do this!&quot;, &quot;WrongPermission&quot;);
  * if (!mycheck.hasPermission(&quot;add_user&quot;);
  *   return;
  *&lt;/pre&gt;
  *
  * @author &lt;a href=&quot;mailto:mbryson@mindspring.com&quot;&gt;Dave Bryson&lt;/a&gt;
  * @author &lt;a href=&quot;jh@byteaction.de&quot;&gt;J&amp;#252;rgen Hoffmann&lt;/a&gt;
  * @version $Id$
  */
 public class SecurityCheck
 {
     private String message;

     private String failScreen;

 <span class="nc" id="L55">    private RunData data = null;</span>

 <span class="nc" id="L57">    private SecurityService securityService = null;</span>

     /**
      * Holds information if a missing Permission or Role should be created and granted on-the-fly.
      * This is good behavior, if these change a lot.
      */
     private boolean initialize;

     /**
      * Constructor.
      *
      * @param data A Turbine RunData object.
      * @param message The message to display upon failure.
      * @param failedScreen The screen to redirect to upon failure.
      */
     public SecurityCheck(RunData data,
                          String message,
                          String failedScreen)
     {
 <span class="nc" id="L76">        this(data, message, failedScreen, false);</span>
 <span class="nc" id="L77">    }</span>

     /**
      * Constructor.
      *
      * @param data
      *            A Turbine RunData object.
      * @param message
      *            The message to display upon failure.
      * @param failedScreen
      *            The screen to redirect to upon failure.
      * @param initialize
      *            if a non-existing Permission or Role should be created.
      */
     public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
 <span class="nc" id="L92">    {</span>
 <span class="nc" id="L93">        this.data = data;</span>
 <span class="nc" id="L94">        this.message = message;</span>
 <span class="nc" id="L95">        this.failScreen = failedScreen;</span>
 <span class="nc" id="L96">        this.initialize = initialize;</span>
 <span class="nc" id="L97">        this.securityService = (SecurityService)TurbineServices</span>
 <span class="nc" id="L98">    		.getInstance()</span>
 <span class="nc" id="L99">    		.getService(SecurityService.ROLE);</span>
 <span class="nc" id="L100">    }</span>

     /**
      * Does the user have this role?
      *
      * @param role A Role.
      * @return True if the user has this role.
      * @throws Exception a generic exception.
      */
     public boolean hasRole(Role role)
             throws Exception
     {
 <span class="nc" id="L112">        boolean value = false;</span>
 <span class="nc" id="L113">        TurbineAccessControlList&lt;?&gt; acl = data.getACL();</span>
 <span class="nc bnc" id="L114" title="All 2 branches missed.">        if (acl == null ||</span>
 <span class="nc bnc" id="L115" title="All 2 branches missed.">            !acl.hasRole(role))</span>
         {
 <span class="nc" id="L117">            data.setScreen(failScreen);</span>
 <span class="nc" id="L118">            data.setMessage(message);</span>
         }
         else
         {
 <span class="nc" id="L122">            value = true;</span>
         }
 <span class="nc" id="L124">        return value;</span>
     }

     /**
      * Does the user have this role?
      *
      * @param role
      *            A String.
      * @return True if the user has this role.
      * @throws Exception
      *                a generic exception.
      */
     public boolean hasRole(String role) throws Exception
     {
 <span class="nc" id="L138">        Role roleObject = null;</span>

         try
         {
 <span class="nc" id="L142">            roleObject = securityService.getRoleManager().getRoleByName(role);</span>
         }
 <span class="nc" id="L144">        catch (UnknownEntityException e)</span>
         {
 <span class="nc bnc" id="L146" title="All 2 branches missed.">            if(initialize)</span>
             {
 <span class="nc" id="L148">                roleObject = securityService.getRoleManager().getRoleInstance(role);</span>
 <span class="nc" id="L149">                securityService.getRoleManager().addRole(roleObject);</span>
 <span class="nc" id="L150">                TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();</span>
 <span class="nc bnc" id="L151" title="All 2 branches missed.">                if (data.getUser() == null) {</span>
 <span class="nc" id="L152">                  throw new UnknownEntityException(&quot;user is null&quot;);</span>
                 }
 <span class="nc" id="L154">                modelManager.grant(data.getUser().getUserDelegate(), modelManager.getGlobalGroup(), roleObject);</span>
 <span class="nc" id="L155">            }</span>
             else
             {
 <span class="nc" id="L158">                throw(e);</span>
             }
 <span class="nc" id="L160">        }</span>

 <span class="nc" id="L162">        return hasRole(roleObject);</span>
     }

     /**
      * Does the user have this permission?
      *
      * @param permission A Permission.
      * @return True if the user has this permission.
      * @throws Exception a generic exception.
      */
     public boolean hasPermission(Permission permission)
             throws Exception
     {
 <span class="nc" id="L175">        boolean value = false;</span>
 <span class="nc" id="L176">        TurbineAccessControlList&lt;?&gt; acl = data.getACL();</span>
 <span class="nc bnc" id="L177" title="All 2 branches missed.">        if (acl == null ||</span>
 <span class="nc bnc" id="L178" title="All 2 branches missed.">            !acl.hasPermission(permission))</span>
         {
 <span class="nc" id="L180">            data.setScreen(failScreen);</span>
 <span class="nc" id="L181">            data.setMessage(message);</span>
         }
         else
         {
 <span class="nc" id="L185">            value = true;</span>
         }
 <span class="nc" id="L187">        return value;</span>
     }

     /**
      * Does the user have this permission? If initialize is set to &lt;code&gt;true&lt;/code&gt;
      * The permission will be created and granted to the first available Role of
      * the user, that the SecurityCheck is running against.
      *
      * If the User has no Roles, the first Role via SecurityService is granted the
      * permission.
      *
      * @param permission
      *            A String.
      * @return True if the user has this permission.
      * @throws Exception
      *                a generic exception.
      */
     public boolean hasPermission(String permission)
             throws Exception
     {
 <span class="nc" id="L207">        Permission permissionObject = null;</span>
         try
         {
 <span class="nc" id="L210">            permissionObject = securityService.getPermissionManager().getPermissionByName(permission);</span>
         }
 <span class="nc" id="L212">        catch (UnknownEntityException e)</span>
         {
 <span class="nc bnc" id="L214" title="All 2 branches missed.">            if(initialize)</span>
             {
 <span class="nc" id="L216">                permissionObject = securityService.getPermissionManager().getPermissionInstance(permission);</span>
 <span class="nc" id="L217">                securityService.getPermissionManager().addPermission(permissionObject);</span>

 <span class="nc" id="L219">                Role role = null;</span>
 <span class="nc" id="L220">                TurbineAccessControlList&lt;?&gt; acl = data.getACL();</span>
 <span class="nc" id="L221">                RoleSet roles = acl.getRoles();</span>
 <span class="nc bnc" id="L222" title="All 2 branches missed.">                if(roles.size() &gt; 0)</span>
                 {
 <span class="nc" id="L224">					role = roles.toArray(new Role[0])[0];</span>
 				}

 <span class="nc bnc" id="L227" title="All 2 branches missed.">                if(role == null)</span>
                 {
                     /*
                      * The User within data has no roles yet, let us grant the permission
                      * to the first role available through SecurityService.
                      */
 <span class="nc" id="L233">                    roles = securityService.getRoleManager().getAllRoles();</span>
 <span class="nc bnc" id="L234" title="All 2 branches missed.">                    if(roles.size() &gt; 0)</span>
                     {
 <span class="nc" id="L236">						role = roles.toArray(new Role[0])[0];</span>
 					}
                 }

 <span class="nc bnc" id="L240" title="All 2 branches missed.">                if(role != null)</span>
                 {
                     /*
                      * If we have no role, there is nothing we can do about it. So only grant it,
                      * if we have a role to grant it to.
                      */
 <span class="nc" id="L246">                    TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();</span>
 <span class="nc" id="L247">                    modelManager.grant(role, permissionObject);</span>
                 }
 <span class="nc" id="L249">            }</span>
             else
             {
 <span class="nc" id="L252">                throw(e);</span>
             }
 <span class="nc" id="L254">        }</span>

 <span class="nc" id="L256">        return hasPermission(permissionObject);</span>
     }

     /**
      * Get the message that should be displayed.  This is initialized
      * in the constructor.
      *
      * @return A String.
      */
     public String getMessage()
     {
 <span class="nc" id="L267">        return message;</span>
     }

     /**
      * Get the screen that should be displayed.  This is initialized
      * in the constructor.
      *
      * @return A String.
      */
     public String getFailScreen()
     {
 <span class="nc" id="L278">        return failScreen;</span>
     }
 }
 </pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.12.202403310830</span></div></body></html>
	<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang=""><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../jacoco-resources/report.gif" type="image/gif"/><title>SecurityCheck.java</title><link rel="stylesheet" href="../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Apache Turbine</a> > <a href="index.source.html" class="el_package">org.apache.turbine.util</a> > <span class="el_source">SecurityCheck.java</span></div><h1>SecurityCheck.java</h1><pre class="source lang-java linenums">package org.apache.turbine.util;


	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/


	import org.apache.fulcrum.security.SecurityService;
	import org.apache.fulcrum.security.entity.Permission;
	import org.apache.fulcrum.security.entity.Role;
	import org.apache.fulcrum.security.model.turbine.TurbineAccessControlList;
	import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
	import org.apache.fulcrum.security.util.RoleSet;
	import org.apache.fulcrum.security.util.UnknownEntityException;
	import org.apache.turbine.services.TurbineServices;

	/**
	* Utility for doing security checks in Screens and Actions.
	*
	* Sample usage:<br>
	*
	* <pre>
	* SecurityCheck mycheck =
	* new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
	* if (!mycheck.hasPermission("add_user");
	* return;
	*</pre>
	*
	* @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
	* @author <a href="jh@byteaction.de">J&#252;rgen Hoffmann</a>
	* @version $Id$
	*/
	public class SecurityCheck
	{
	private String message;

	private String failScreen;

	<span class="nc" id="L55"> private RunData data = null;</span>

	<span class="nc" id="L57"> private SecurityService securityService = null;</span>

	/**
	* Holds information if a missing Permission or Role should be created and granted on-the-fly.
	* This is good behavior, if these change a lot.
	*/
	private boolean initialize;

	/**
	* Constructor.
	*
	* @param data A Turbine RunData object.
	* @param message The message to display upon failure.
	* @param failedScreen The screen to redirect to upon failure.
	*/
	public SecurityCheck(RunData data,
	String message,
	String failedScreen)
	{
	<span class="nc" id="L76"> this(data, message, failedScreen, false);</span>
	<span class="nc" id="L77"> }</span>

	/**
	* Constructor.
	*
	* @param data
	* A Turbine RunData object.
	* @param message
	* The message to display upon failure.
	* @param failedScreen
	* The screen to redirect to upon failure.
	* @param initialize
	* if a non-existing Permission or Role should be created.
	*/
	public SecurityCheck(RunData data, String message, String failedScreen, boolean initialize)
	<span class="nc" id="L92"> {</span>
	<span class="nc" id="L93"> this.data = data;</span>
	<span class="nc" id="L94"> this.message = message;</span>
	<span class="nc" id="L95"> this.failScreen = failedScreen;</span>
	<span class="nc" id="L96"> this.initialize = initialize;</span>
	<span class="nc" id="L97"> this.securityService = (SecurityService)TurbineServices</span>
	<span class="nc" id="L98"> .getInstance()</span>
	<span class="nc" id="L99"> .getService(SecurityService.ROLE);</span>
	<span class="nc" id="L100"> }</span>

	/**
	* Does the user have this role?
	*
	* @param role A Role.
	* @return True if the user has this role.
	* @throws Exception a generic exception.
	*/
	public boolean hasRole(Role role)
	throws Exception
	{
	<span class="nc" id="L112"> boolean value = false;</span>
	<span class="nc" id="L113"> TurbineAccessControlList<?> acl = data.getACL();</span>
	<span class="nc bnc" id="L114" title="All 2 branches missed."> if (acl == null \|\|</span>
	<span class="nc bnc" id="L115" title="All 2 branches missed."> !acl.hasRole(role))</span>
	{
	<span class="nc" id="L117"> data.setScreen(failScreen);</span>
	<span class="nc" id="L118"> data.setMessage(message);</span>
	}
	else
	{
	<span class="nc" id="L122"> value = true;</span>
	}
	<span class="nc" id="L124"> return value;</span>
	}

	/**
	* Does the user have this role?
	*
	* @param role
	* A String.
	* @return True if the user has this role.
	* @throws Exception
	* a generic exception.
	*/
	public boolean hasRole(String role) throws Exception
	{
	<span class="nc" id="L138"> Role roleObject = null;</span>

	try
	{
	<span class="nc" id="L142"> roleObject = securityService.getRoleManager().getRoleByName(role);</span>
	}
	<span class="nc" id="L144"> catch (UnknownEntityException e)</span>
	{
	<span class="nc bnc" id="L146" title="All 2 branches missed."> if(initialize)</span>
	{
	<span class="nc" id="L148"> roleObject = securityService.getRoleManager().getRoleInstance(role);</span>
	<span class="nc" id="L149"> securityService.getRoleManager().addRole(roleObject);</span>
	<span class="nc" id="L150"> TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();</span>
	<span class="nc bnc" id="L151" title="All 2 branches missed."> if (data.getUser() == null) {</span>
	<span class="nc" id="L152"> throw new UnknownEntityException("user is null");</span>
	}
	<span class="nc" id="L154"> modelManager.grant(data.getUser().getUserDelegate(), modelManager.getGlobalGroup(), roleObject);</span>
	<span class="nc" id="L155"> }</span>
	else
	{
	<span class="nc" id="L158"> throw(e);</span>
	}
	<span class="nc" id="L160"> }</span>

	<span class="nc" id="L162"> return hasRole(roleObject);</span>
	}

	/**
	* Does the user have this permission?
	*
	* @param permission A Permission.
	* @return True if the user has this permission.
	* @throws Exception a generic exception.
	*/
	public boolean hasPermission(Permission permission)
	throws Exception
	{
	<span class="nc" id="L175"> boolean value = false;</span>
	<span class="nc" id="L176"> TurbineAccessControlList<?> acl = data.getACL();</span>
	<span class="nc bnc" id="L177" title="All 2 branches missed."> if (acl == null \|\|</span>
	<span class="nc bnc" id="L178" title="All 2 branches missed."> !acl.hasPermission(permission))</span>
	{
	<span class="nc" id="L180"> data.setScreen(failScreen);</span>
	<span class="nc" id="L181"> data.setMessage(message);</span>
	}
	else
	{
	<span class="nc" id="L185"> value = true;</span>
	}
	<span class="nc" id="L187"> return value;</span>
	}

	/**
	* Does the user have this permission? If initialize is set to <code>true</code>
	* The permission will be created and granted to the first available Role of
	* the user, that the SecurityCheck is running against.
	*
	* If the User has no Roles, the first Role via SecurityService is granted the
	* permission.
	*
	* @param permission
	* A String.
	* @return True if the user has this permission.
	* @throws Exception
	* a generic exception.
	*/
	public boolean hasPermission(String permission)
	throws Exception
	{
	<span class="nc" id="L207"> Permission permissionObject = null;</span>
	try
	{
	<span class="nc" id="L210"> permissionObject = securityService.getPermissionManager().getPermissionByName(permission);</span>
	}
	<span class="nc" id="L212"> catch (UnknownEntityException e)</span>
	{
	<span class="nc bnc" id="L214" title="All 2 branches missed."> if(initialize)</span>
	{
	<span class="nc" id="L216"> permissionObject = securityService.getPermissionManager().getPermissionInstance(permission);</span>
	<span class="nc" id="L217"> securityService.getPermissionManager().addPermission(permissionObject);</span>

	<span class="nc" id="L219"> Role role = null;</span>
	<span class="nc" id="L220"> TurbineAccessControlList<?> acl = data.getACL();</span>
	<span class="nc" id="L221"> RoleSet roles = acl.getRoles();</span>
	<span class="nc bnc" id="L222" title="All 2 branches missed."> if(roles.size() > 0)</span>
	{
	<span class="nc" id="L224"> role = roles.toArray(new Role[0])[0];</span>
	}

	<span class="nc bnc" id="L227" title="All 2 branches missed."> if(role == null)</span>
	{
	/*
	* The User within data has no roles yet, let us grant the permission
	* to the first role available through SecurityService.
	*/
	<span class="nc" id="L233"> roles = securityService.getRoleManager().getAllRoles();</span>
	<span class="nc bnc" id="L234" title="All 2 branches missed."> if(roles.size() > 0)</span>
	{
	<span class="nc" id="L236"> role = roles.toArray(new Role[0])[0];</span>
	}
	}

	<span class="nc bnc" id="L240" title="All 2 branches missed."> if(role != null)</span>
	{
	/*
	* If we have no role, there is nothing we can do about it. So only grant it,
	* if we have a role to grant it to.
	*/
	<span class="nc" id="L246"> TurbineModelManager modelManager = (TurbineModelManager)securityService.getModelManager();</span>
	<span class="nc" id="L247"> modelManager.grant(role, permissionObject);</span>
	}
	<span class="nc" id="L249"> }</span>
	else
	{
	<span class="nc" id="L252"> throw(e);</span>
	}
	<span class="nc" id="L254"> }</span>

	<span class="nc" id="L256"> return hasPermission(permissionObject);</span>
	}

	/**
	* Get the message that should be displayed. This is initialized
	* in the constructor.
	*
	* @return A String.
	*/
	public String getMessage()
	{
	<span class="nc" id="L267"> return message;</span>
	}

	/**
	* Get the screen that should be displayed. This is initialized
	* in the constructor.
	*
	* @return A String.
	*/
	public String getFailScreen()
	{
	<span class="nc" id="L278"> return failScreen;</span>
	}
	}
	</pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.12.202403310830</span></div></body></html>