Package net.sf.jportlet.portlet.application

Source Code of net.sf.jportlet.portlet.application.SecurityInterceptor

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/*
* Created on Apr 6, 2003
*/
package net.sf.jportlet.portlet.application;

import java.io.IOException;

import java.util.Collection;
import java.util.Iterator;

import net.sf.jportlet.impl.PortletRequestImpl;
import net.sf.jportlet.portlet.AccessDeniedException;
import net.sf.jportlet.portlet.PortletException;
import net.sf.jportlet.portlet.PortletRequest;
import net.sf.jportlet.portlet.PortletResponse;
import net.sf.jportlet.portlet.User;
import net.sf.jportlet.portlet.descriptor.AuthConstraintDescriptor;
import net.sf.jportlet.portlet.event.ActionEvent;
import net.sf.jportlet.util.Constants;


/**
* This interceptor make sure that the current user is allowed to access the portlet
*
* @author <a href="mailto:tchbansi@sourceforge.net">Herve Tchepannou</a>
*/
public class SecurityInterceptor
    implements Interceptor
{
    //~ Methods ----------------------------------------------------------------

    /**
     * @see net.sf.jportlet.portlet.application.Interceptor#afterActionPerformed(net.sf.jportlet.portlet.application.PortletProxy, net.sf.jportlet.portlet.PortletRequest, net.sf.jportlet.portlet.PortletResponse)
     */
    public void afterActionPerformed( PortletProxy proxy,
                                      ActionEvent  event )
        throws PortletException {}

    /**
     * @see net.sf.jportlet.portlet.application.Interceptor#afterService(net.sf.jportlet.portlet.application.PortletProxy, net.sf.jportlet.portlet.PortletRequest, net.sf.jportlet.portlet.PortletResponse)
     */
    public void afterService( PortletProxy    proxy,
                              PortletRequest  request,
                              PortletResponse response )
        throws PortletException,
                   IOException {}

    /**
     * @see net.sf.jportlet.portlet.application.Interceptor#beforeActionPerformed(net.sf.jportlet.portlet.application.PortletProxy, net.sf.jportlet.portlet.PortletRequest, net.sf.jportlet.portlet.PortletResponse)
     */
    public int beforeActionPerformed( PortletProxy proxy,
                                      ActionEvent  event )
        throws PortletException
    {
        try
        {
            if ( beforeService( proxy, event.getPortletRequest(  ), event.getPortletResponse(  ) ) == Interceptor.SKIP )
            {
                throw new AccessDeniedException( event.getAction(  ) );
            }

            return Interceptor.CONTINUE;
        }
        catch ( IOException io )
        {
            throw new PortletException( io );
        }
    }

    /**
     * @see net.sf.jportlet.portlet.application.Interceptor#beforeService(net.sf.jportlet.portlet.application.PortletProxy, net.sf.jportlet.portlet.PortletRequest, net.sf.jportlet.portlet.PortletResponse)
     */
    public int beforeService( PortletProxy    proxy,
                              PortletRequest  request,
                              PortletResponse response )
        throws PortletException,
                   IOException
    {
        AuthConstraintDescriptor descr = proxy.getDescriptor(  ).getAuthConstraintDescriptor( request.getMode(  ) );
        if ( descr == null )
        {
            return Interceptor.CONTINUE;
        }

        User usr = request.getUser(  );

        /* Anonymous user */
        if ( usr == null )
        {
            return descr.isAllowAnonymous(  )
                   ? Interceptor.CONTINUE
                   : Interceptor.SKIP;
        }

        /* Check the roles */
        else if ( descr.containsRole( Constants.ALL ) )
        {
            return Interceptor.CONTINUE;
        }
        else
        {
            Collection roles = ( ( PortletRequestImpl ) request ).getUserRoles(  );
            Iterator   it = roles.iterator(  );
            while ( it.hasNext(  ) )
            {
                String role = it.next(  ).toString(  );
                if ( descr.containsRole( role ) )
                {
                    return Interceptor.CONTINUE;
                }
            }
        }

        return Interceptor.SKIP;
    }
}
TOP

Related Classes of net.sf.jportlet.portlet.application.SecurityInterceptor

  • net.sf.jportlet.portlet.descriptor.AuthConstraintDescriptor
  • net.sf.jportlet.portlet.User
  • net.sf.jportlet.portlet.PortletException
  • java.util.Collection
  • java.util.Iterator
  • net.sf.jportlet.portlet.AccessDeniedException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.