View Javadoc

1   /*
2    * Copyright 2004-2006 the Seasar Foundation and the Others.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 
13   * either express or implied. See the License for the specific language
14   * governing permissions and limitations under the License.
15   */
16  package org.seasar.tuigwaa.security;
17  
18  import java.security.Principal;
19  
20  import javax.servlet.http.HttpServletRequest;
21  
22  import org.apache.commons.lang.StringUtils;
23  import org.seasar.tuigwaa.cms.ContentsStoreService;
24  import org.seasar.tuigwaa.security.auth.TgwUser;
25  import org.seasar.tuigwaa.system.SiteService;
26  import org.seasar.tuigwaa.util.TgwContext;
27  
28  
29  /***
30   * @author nishioka
31   */
32  public class SecurityServiceImpl implements SecurityService {
33  
34  	private SiteService siteService;
35  
36  	private ContentsStoreService contents;
37  
38  	private DirectoryService directory;
39  
40  	public SecurityServiceImpl(SiteService siteService,
41  			ContentsStoreService slideService, DirectoryService directoryService) {
42  		this.siteService = siteService;
43  		this.contents = slideService;
44  		this.directory = directoryService;
45  	}
46  
47  	public void setPermissions(String siteName, Action action,
48  			String[] grantRoleNames, String[] denyRoleNames) {
49  		if (action.getParameter() == null) {
50  			String roles = StringUtils.join(grantRoleNames, ",");
51  			siteService.setSecurity(siteName, action, roles);
52  		} else {
53  			if (action.getActionName().startsWith("/page/")) {
54  				String pagePath = action.getParameter();
55  				// contents.revokePermissions(siteName, pagePath);
56  				contents.setPermissions(siteName, pagePath, grantRoleNames,
57  						denyRoleNames);
58  			} else {
59  				throw new UnsupportedOperationException();
60  			}
61  		}
62  	}
63  
64  	public boolean hasPermission(String siteName, Principal principal,
65  			Action action) {
66  
67  		if (principal == null) {
68  			return hasPermission(siteName,SecurityService.ROLE_UNAUTHENTICATED,action);	
69  		} else {
70  			String[] roles = getRoles(principal.getName());
71  //			String[] roles = TgwContext.getRoles();
72  			for (int i = 0; i < roles.length; i++) {
73  				if (hasPermission(siteName, roles[i], action)) {
74  					return true;
75  				}
76  			}
77  		}
78  		return false;
79  	}
80  
81  	public boolean hasPermission(String siteName, HttpServletRequest request,
82  			Action action) {
83  		if (action.getParameter() == null) {
84  			return siteService.hasPermission(siteName, request, action);
85  		} else {
86  			return false;
87  		}
88  	}
89  
90  	public boolean hasPermission(String siteName, String role, Action action) {
91  		if (action.getParameter() == null) {
92  			return siteService.hasPermission(siteName, role, action);
93  		} else {
94  			if (action.getActionName().startsWith("/page/")) {
95  				return contents.hasPermission(siteName, action.getParameter(),
96  						role);
97  			} else {
98  				throw new UnsupportedOperationException();
99  			}
100 		}
101 	}
102 
103 	public boolean hasPermission(String siteName, Action action) {
104 		Principal principal = TgwContext.getPrincipal();
105 		return hasPermission(siteName, principal, action);
106 	}
107 
108 	public String[] getRoles(String username) {
109 		String userdn = directory.buildUserDN(username);
110 		TgwUser user = directory.getUser(userdn);
111 		return user.getRoles();
112 	}
113 }