/*
* Created on Apr 6, 2003
*/
package net.sf.jportlet.portlet.application;
import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import net.sf.jportlet.impl.PortletRequestImpl;
import net.sf.jportlet.portlet.AccessDeniedException;
import net.sf.jportlet.portlet.PortletException;
import net.sf.jportlet.portlet.PortletRequest;
import net.sf.jportlet.portlet.PortletResponse;
import net.sf.jportlet.portlet.User;
import net.sf.jportlet.portlet.descriptor.AuthConstraintDescriptor;
import net.sf.jportlet.portlet.event.ActionEvent;
import net.sf.jportlet.util.Constants;
/**
* This interceptor make sure that the current user is allowed to access the portlet
*
* @author <a href="mailto:tchbansi@sourceforge.net">Herve Tchepannou</a>
*/
public class SecurityInterceptor
implements Interceptor
{
//~ Methods ----------------------------------------------------------------
/**
* @see net.sf.jportlet.portlet.application.Interceptor#afterActionPerformed(net.sf.jportlet.portlet.application.PortletProxy, net.sf.jportlet.portlet.PortletRequest, net.sf.jportlet.portlet.PortletResponse)
*/
public void afterActionPerformed( PortletProxy proxy,
ActionEvent event )
throws PortletException {}
/**
* @see net.sf.jportlet.portlet.application.Interceptor#afterService(net.sf.jportlet.portlet.application.PortletProxy, net.sf.jportlet.portlet.PortletRequest, net.sf.jportlet.portlet.PortletResponse)
*/
public void afterService( PortletProxy proxy,
PortletRequest request,
PortletResponse response )
throws PortletException,
IOException {}
/**
* @see net.sf.jportlet.portlet.application.Interceptor#beforeActionPerformed(net.sf.jportlet.portlet.application.PortletProxy, net.sf.jportlet.portlet.PortletRequest, net.sf.jportlet.portlet.PortletResponse)
*/
public int beforeActionPerformed( PortletProxy proxy,
ActionEvent event )
throws PortletException
{
try
{
if ( beforeService( proxy, event.getPortletRequest( ), event.getPortletResponse( ) ) == Interceptor.SKIP )
{
throw new AccessDeniedException( event.getAction( ) );
}
return Interceptor.CONTINUE;
}
catch ( IOException io )
{
throw new PortletException( io );
}
}
/**
* @see net.sf.jportlet.portlet.application.Interceptor#beforeService(net.sf.jportlet.portlet.application.PortletProxy, net.sf.jportlet.portlet.PortletRequest, net.sf.jportlet.portlet.PortletResponse)
*/
public int beforeService( PortletProxy proxy,
PortletRequest request,
PortletResponse response )
throws PortletException,
IOException
{
AuthConstraintDescriptor descr = proxy.getDescriptor( ).getAuthConstraintDescriptor( request.getMode( ) );
if ( descr == null )
{
return Interceptor.CONTINUE;
}
User usr = request.getUser( );
/* Anonymous user */
if ( usr == null )
{
return descr.isAllowAnonymous( )
? Interceptor.CONTINUE
: Interceptor.SKIP;
}
/* Check the roles */
else if ( descr.containsRole( Constants.ALL ) )
{
return Interceptor.CONTINUE;
}
else
{
Collection roles = ( ( PortletRequestImpl ) request ).getUserRoles( );
Iterator it = roles.iterator( );
while ( it.hasNext( ) )
{
String role = it.next( ).toString( );
if ( descr.containsRole( role ) )
{
return Interceptor.CONTINUE;
}
}
}
return Interceptor.SKIP;
}
}