1/*2 * Licensed to the Apache Software Foundation (ASF) under one or more3 * contributor license agreements. See the NOTICE file distributed with4 * this work for additional information regarding copyright ownership.5 * The ASF licenses this file to You under the Apache License, Version 2.06 * (the "License"); you may not use this file except in compliance with7 * the License. You may obtain a copy of the License at8 * 9 * http://www.apache.org/licenses/LICENSE-2.010 * 11 * Unless required by applicable law or agreed to in writing, software12 * distributed under the License is distributed on an "AS IS" BASIS,13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.14 * See the License for the specific language governing permissions and15 * limitations under the License.16 */17packageorg.apache.jetspeed.layout.impl;
1819import java.security.Principal;
2021import org.apache.commons.logging.Log;
22import org.apache.commons.logging.LogFactory;
23import org.apache.jetspeed.Jetspeed;
24import org.apache.jetspeed.administration.PortalConfiguration;
25import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
26import org.apache.jetspeed.om.page.Page;
27import org.apache.jetspeed.page.PageManager;
28import org.apache.jetspeed.request.RequestContext;
2930/***31 * Abstracted behavior of security checks for portlet actions32 *33 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>34 * @version $Id: $35 */36publicclassPortletActionSecurityConstraintsBehavior37extendsPortletActionSecurityPathBehavior38 implements PortletActionSecurityBehavior
39 {
40protected Log log = LogFactory.getLog(PortletActionSecurityConstraintsBehavior.class);
41protected String guest = "guest";
4243publicPortletActionSecurityConstraintsBehavior(PageManager pageManager)
44 {
45this( pageManager, Boolean.FALSE );
46 }
47publicPortletActionSecurityConstraintsBehavior(PageManager pageManager, Boolean enableCreateUserPagesFromRolesOnEdit )
48 {
49super( pageManager, enableCreateUserPagesFromRolesOnEdit );
50 PortalConfiguration config = Jetspeed.getConfiguration();
51if (config != null)
52 {
53 guest = config.getString("default.user.principal");
54 }
55 }
5657publicboolean checkAccess(RequestContext context, String action)
58 {
59 Page page = context.getPage();
60try61 {
62 page.checkAccess(action);
63 }
64catch (Exception e)
65 {
66 Principal principal = context.getRequest().getUserPrincipal();
67 String userName = this.guest;
68if (principal != null)
69 userName = principal.getName();
70 log.warn("Insufficient access to page " + page.getPath() + " by user " + userName);
71return false;
72 }
73returntrue;
74 }
75 }