gov.nih.nci.cabig.ctms.acegi.csm.web.CSMAccessControlTag.java Source code

Java tutorial

  1. HOME
  2. Java
  3. gov.nih.nci.cabig.ctms.acegi.csm.web.CSMAccessControlTag.java

Introduction

Here is the source code for gov.nih.nci.cabig.ctms.acegi.csm.web.CSMAccessControlTag.java

Source

/*
 * Copyright Northwestern University and SemanticBits, LLC
 * 
 * Distributed under the OSI-approved BSD 3-Clause License.
 * See http://ncip.github.com/ctms-commons/LICENSE.txt for details.
 */
package gov.nih.nci.cabig.ctms.acegi.csm.web;

import gov.nih.nci.cabig.ctms.acegi.csm.authorization.CSMAuthorizationCheck;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
import org.acegisecurity.context.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.util.ExpressionEvaluationUtils;

import javax.servlet.ServletContext;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;

public class CSMAccessControlTag extends TagSupport {

    protected static final Logger logger = LoggerFactory.getLogger(CSMAccessControlTag.class);

    private Object domainObject;

    private String hasPrivileges = "";

    private String authorizationCheckName = "";

    public int doStartTag() throws JspException {
        if (authorizationCheckName == null || authorizationCheckName.trim().length() == 0) {
            throw new JspException("authorizationCheckName is required");
        }

        String evaledAuthorizationCheckName = ExpressionEvaluationUtils.evaluateString("authorizationCheckName",
                authorizationCheckName, pageContext);

        String evaledPrivilegesString = hasPrivileges;
        if (evaledPrivilegesString != null && evaledPrivilegesString.trim().length() > 0) {
            evaledPrivilegesString = ExpressionEvaluationUtils.evaluateString("hasPrivileges", hasPrivileges,
                    pageContext);
        }

        String[] requiredPrivileges = evaledPrivilegesString.split(",");

        Object resolvedDomainObject = null;

        if (domainObject instanceof String) {
            resolvedDomainObject = ExpressionEvaluationUtils.evaluate("domainObject", (String) domainObject,
                    Object.class, pageContext);
        } else {
            resolvedDomainObject = domainObject;
        }

        if (resolvedDomainObject == null) {

            logger.debug("domainObject resolved to null, so including tag body");

            return Tag.EVAL_BODY_INCLUDE;
        }

        Authentication auth = getAuthentication();

        ApplicationContext context = getContext(pageContext);

        CSMAuthorizationCheck authzCheck = (CSMAuthorizationCheck) context.getBean(evaledAuthorizationCheckName);
        if (authzCheck == null) {
            throw new JspException(
                    "No authorization check found for bean name '" + evaledAuthorizationCheckName + "'.");
        }

        for (String requiredPrivilege : requiredPrivileges) {

            if (authzCheck.checkAuthorization(auth, requiredPrivilege, resolvedDomainObject)) {
                logger.debug("Authorization succeeded, evaluating body");
                return Tag.EVAL_BODY_INCLUDE;
            }

        }

        logger.debug("No permission, so skipping tag body");

        return Tag.SKIP_BODY;
    }

    private Authentication getAuthentication() {
        Authentication auth = null;
        SecurityContext securityContext = (SecurityContext) this.pageContext.getSession()
                .getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY);
        if (securityContext != null) {
            auth = securityContext.getAuthentication();
        }
        return auth;
    }

    /**
     * Allows test cases to override where application context obtained from.
     * 
     * @param pageContext
     *            so the <code>ServletContext</code> can be accessed as
     *            required by Spring's <code>WebApplicationContextUtils</code>
     * 
     * @return the Spring application context (never <code>null</code>)
     */
    protected ApplicationContext getContext(PageContext pageContext) {
        ServletContext servletContext = pageContext.getServletContext();

        return WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
    }

    public Object getDomainObject() {
        return domainObject;
    }

    public String getHasPrivileges() {
        return hasPrivileges;
    }

    public void setDomainObject(Object domainObject) {
        this.domainObject = domainObject;
    }

    public void setHasPrivileges(String hasPermission) {
        this.hasPrivileges = hasPermission;
    }

    public String getAuthorizationCheckName() {
        return authorizationCheckName;
    }

    public void setAuthorizationCheckName(String authorizationCheckName) {
        this.authorizationCheckName = authorizationCheckName;
    }

}