1/*2 * Licensed to the Apache Software Foundation (ASF) under one or more3 * contributor license agreements. See the NOTICE file distributed with4 * this work for additional information regarding copyright ownership.5 * The ASF licenses this file to You under the Apache License, Version 2.06 * (the "License"); you may not use this file except in compliance with7 * the License. You may obtain a copy of the License at8 * 9 * http://www.apache.org/licenses/LICENSE-2.010 * 11 * Unless required by applicable law or agreed to in writing, software12 * distributed under the License is distributed on an "AS IS" BASIS,13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.14 * See the License for the specific language governing permissions and15 * limitations under the License.16 */17packageorg.apache.jetspeed.security.impl;
181920import java.security.AccessControlException;
21import java.security.AccessController;
2223import org.apache.jetspeed.JetspeedActions;
24import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
25import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
26import org.apache.jetspeed.page.PageManager;
27import org.apache.jetspeed.security.PortletPermission;
28import org.apache.jetspeed.security.SecurityAccessController;
2930/***31 * SecurityAccessorImpl implements SecurityAccessor component abstracting32 * access to either Security Permission or Security Constraint implementations33 * 34 * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>35 * @version $Id: $36 */37publicclassSecurityAccessControllerImpl implements SecurityAccessController
38 {
39protected PageManager pageManager;
40protectedint securityMode = SecurityAccessController.PERMISSIONS;
4142publicSecurityAccessControllerImpl(PageManager pageManager, int securityMode)
43 {
44this.pageManager = pageManager;
45this.securityMode = securityMode;
46 }
4748publicint getSecurityMode()
49 {
50return securityMode;
51 }
5253publicboolean checkPortletAccess(PortletDefinitionComposite portlet, int mask)
54 {
55if (portlet == null)
56return false;
57if (securityMode == SecurityAccessController.CONSTRAINTS)
58 {
59 String constraintRef = portlet.getJetspeedSecurityConstraint();
60if (constraintRef == null)
61 {
62 constraintRef = ((MutablePortletApplication)portlet.getPortletApplicationDefinition()).getJetspeedSecurityConstraint();
63if (constraintRef == null)
64 {
65returntrue; // allow access66 }
67 }
68 String actions = JetspeedActions.getContainerActions(mask);
69return pageManager.checkConstraint(constraintRef, actions);
70 }
71else72 {
73try74 {
75 AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), mask));
76 }
77catch (AccessControlException ace)
78 {
79return false;
80 }
81returntrue;
82 }
8384 }
85 }