SecurityAccessControllerImpl xref

View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.security.impl;
18  
19  
20  import java.security.AccessControlException;
21  import java.security.AccessController;
22  
23  import org.apache.jetspeed.JetspeedActions;
24  import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
25  import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
26  import org.apache.jetspeed.page.PageManager;
27  import org.apache.jetspeed.security.PortletPermission;
28  import org.apache.jetspeed.security.SecurityAccessController;
29  
30  /***
31   * SecurityAccessorImpl implements SecurityAccessor component abstracting
32   * access to either Security Permission or Security Constraint implementations
33   * 
34   * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>
35   * @version $Id: $
36   */
37  public class SecurityAccessControllerImpl implements SecurityAccessController
38  {
39      protected PageManager pageManager;
40      protected int securityMode = SecurityAccessController.PERMISSIONS;
41      
42      public SecurityAccessControllerImpl(PageManager pageManager, int securityMode)
43      {
44          this.pageManager = pageManager;
45          this.securityMode = securityMode;
46      }
47      
48      public int getSecurityMode()
49      {
50          return securityMode;
51      }
52      
53      public boolean checkPortletAccess(PortletDefinitionComposite portlet, int mask)
54      {
55          if (portlet == null)
56              return false;
57          if (securityMode == SecurityAccessController.CONSTRAINTS)
58          {
59              String constraintRef = portlet.getJetspeedSecurityConstraint();
60              if (constraintRef == null)
61              {
62                  constraintRef = ((MutablePortletApplication)portlet.getPortletApplicationDefinition()).getJetspeedSecurityConstraint();                
63                  if (constraintRef == null)
64                  {
65                      return true; // allow access
66                  }
67              }
68              String actions = JetspeedActions.getContainerActions(mask);
69              return pageManager.checkConstraint(constraintRef, actions);                
70          }
71          else
72          {
73              try
74              {
75                  AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), mask));
76              }
77              catch (AccessControlException ace)
78              {
79                  return false;
80              }
81              return true;
82          }
83      
84      }
85  }