SecurityRequestProcessor xref

View Javadoc

1   /*
2    * Copyright 2004-2006 the Seasar Foundation and the Others.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 
13   * either express or implied. See the License for the specific language
14   * governing permissions and limitations under the License.
15   */
16  package org.seasar.tuigwaa.controller.security;
17  
18  import java.io.IOException;
19  
20  import javax.servlet.ServletException;
21  import javax.servlet.http.HttpServletRequest;
22  import javax.servlet.http.HttpServletResponse;
23  
24  import org.apache.struts.Globals;
25  import org.apache.struts.action.ActionForm;
26  import org.apache.struts.action.ActionForward;
27  import org.apache.struts.action.ActionMapping;
28  import org.apache.struts.action.ActionMessages;
29  import org.apache.struts.config.ForwardConfig;
30  import org.seasar.framework.log.Logger;
31  import org.seasar.struts.processor.S2TilesRequestProcessor;
32  import org.seasar.tuigwaa.controller.TgwModuleException;
33  import org.seasar.tuigwaa.system.Constants;
34  import org.seasar.tuigwaa.system.TgwException;
35  
36  
37  public class SecurityRequestProcessor extends S2TilesRequestProcessor {
38  
39  	private String loginForwardName;
40  	
41  	public void setLoginForwardName(String loginForwardName) {
42  		this.loginForwardName = loginForwardName;
43  	}
44  	
45  	public String getLoginForwardName() {
46  		return loginForwardName;
47  	}
48  	
49  	public boolean processRoles(HttpServletRequest request,
50  			HttpServletResponse response, ActionMapping mapping)
51  			throws IOException, ServletException {
52  
53  		
54  		// Is this action protected by role requirements?
55  		String roles[] = mapping.getRoleNames();
56  		if ((roles == null) || (roles.length < 1)) {
57  			String path = mapping.getPath();
58  			if("/switch".equals(path)){
59  				request.setAttribute(Constants.RATTR_PATH, "/top");
60  			}
61  			return (true);
62  		}
63  		
64  		String remoteUser = request.getRemoteUser();		
65  
66  		// Check the current user against the list of required roles
67  		for (int i = 0; i < roles.length; i++) {
68  			if (request.isUserInRole(roles[i])) {
69  				if (log.isDebugEnabled()) {
70  					log.debug(" User '" + remoteUser
71  							+ "' has role '" + roles[i] + "', granting access");
72  				}
73  				return (true);
74  			}
75  		}
76  
77  		// The current user is not authorized for this action
78  		if (log.isDebugEnabled()) {
79  			log.debug(" User '" + remoteUser
80  					+ "' does not have any required role, denying access");
81  		}
82  
83  
84  		if (remoteUser == null || "".equals(remoteUser)) {
85  			ForwardConfig config = mapping.getModuleConfig().findForwardConfig(
86  						loginForwardName);
87  			String path = mapping.getPath();
88  			request.setAttribute(Constants.RATTR_PATH, path);
89  			processForwardConfig(request, response, config);
90  		} else {
91  			log.warn("Access Deneied..." + remoteUser);
92  			response.sendError(HttpServletResponse.SC_FORBIDDEN, getInternal()
93  					.getMessage("notAuthorized", mapping.getPath()));
94  		}
95  
96  		return (false);
97  	}
98  	
99      public ActionForward processException(HttpServletRequest request, HttpServletResponse response,
100             Exception exception, ActionForm form, ActionMapping mapping) throws IOException, ServletException {
101     	
102     	if(exception instanceof TgwException){
103     		
104     		TgwException te = (TgwException) exception;    		
105     		String actionClassName = mapping.getType();
106     		try{
107     			Class actionClass =Class.forName(actionClassName);
108     			Logger actionClassLog = Logger.getLogger(actionClass);
109     			actionClassLog.log(te.getMessageCode(),te.getArgs(),te);    			
110 
111 
112     			/*
113     			ActionMessages msgs = getMessages(request);
114     			ActionMessage msg = new ActionMessage(te.getMessage(),false);
115     			msgs.add(ActionMessages.GLOBAL_MESSAGE,msg);
116     			*/
117     			
118     			exception = new TgwModuleException(te.getMessage());    			
119     			
120     		}catch(ClassNotFoundException cnfe){
121     			log.error(cnfe.getMessage());
122     		}    		
123     	}    	    	    	
124         return super.processException(request, response, exception, form, mapping);
125     }
126     
127 	protected ActionMessages getMessages(HttpServletRequest request) {
128 		ActionMessages messages =
129 			(ActionMessages) request.getAttribute(Globals.MESSAGE_KEY);
130 		if (messages == null) {
131 			messages = new ActionMessages();
132 		}
133 		return messages;
134 	}    
135     
136     
137 }