Java tutorial
/* * Copyright (C) 2011 Dario Scoppelletti, <http://www.scoppelletti.it/>. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package it.scoppelletti.programmerpower.web.view; import java.io.*; import java.util.*; import javax.servlet.*; import com.opensymphony.xwork2.util.*; import org.apache.struts2.*; import org.apache.struts2.components.*; import org.springframework.context.ApplicationContext; import org.springframework.expression.*; import org.springframework.security.access.expression.*; import org.springframework.security.core.*; import org.springframework.security.core.context.*; import org.springframework.security.web.*; import org.springframework.security.web.access.expression.*; import org.springframework.web.context.support.*; import it.scoppelletti.programmerpower.*; import it.scoppelletti.programmerpower.reflect.*; import it.scoppelletti.programmerpower.types.*; /** * Reimplementazione del tag Spring Security {@code authorize} come componente * Struts 2. * * @see it.scoppelletti.programmerpower.web.view.freemarker.AuthorizeModel * @see <A HREF="http:///www.springsource.org/spring-security" * TARGET="_blank">Spring Security</A> * @since 1.0.0 */ @Final public class AuthorizeComponent extends Component { private String myAccess; /** * Costruttore. * * @param valueStack Stack dei valori. */ public AuthorizeComponent(ValueStack valueStack) { super(valueStack); } /** * Imposta l’espressione che specifica l’accesso richiesto per * l’utente correntemente autenticato. * * @param value Valore. * @it.scoppelletti.tag.required */ public void setAccess(String value) { myAccess = value; } /** * Emette l’apertura del tag e verifica se deve essere emesso il * contenuto del tag stesso. * * @param writer Flusso di scrittura. * @return Esito della verifica. */ @Override public boolean start(Writer writer) { Authentication currentUser; FilterInvocation filter; Expression accessExpr; DefaultWebSecurityExpressionHandler exprHandler; if (Strings.isNullOrEmpty(myAccess)) { throw new PropertyNotSetException(toString(), "access"); } currentUser = SecurityContextHolder.getContext().getAuthentication(); if (currentUser == null) { throw new ObjectNotFoundException(Authentication.class.getName()); } exprHandler = getExpressionHandler(); accessExpr = exprHandler.getExpressionParser().parseExpression(myAccess); filter = new FilterInvocation(ServletActionContext.getRequest(), ServletActionContext.getResponse(), new AuthorizeComponent.DummyChain()); if (ExpressionUtils.evaluateAsBoolean(accessExpr, exprHandler.createEvaluationContext(currentUser, filter))) { return true; } return false; } /** * Restituisce il gestore delle espressioni. * * @return Oggetto. */ private DefaultWebSecurityExpressionHandler getExpressionHandler() { ServletContext servletCtx; ApplicationContext applCtx; DefaultWebSecurityExpressionHandler exprHandler; Map<String, DefaultWebSecurityExpressionHandler> exprHandlers; servletCtx = ServletActionContext.getServletContext(); applCtx = WebApplicationContextUtils.getRequiredWebApplicationContext(servletCtx); exprHandlers = applCtx.getBeansOfType(DefaultWebSecurityExpressionHandler.class); if (exprHandlers.size() == 0) { throw new ObjectNotFoundException(DefaultWebSecurityExpressionHandler.class.getName()); } exprHandler = (DefaultWebSecurityExpressionHandler) exprHandlers.values().toArray()[0]; return exprHandler; } /** * Catena di filtri. */ private static final class DummyChain implements FilterChain { /** * Costruttore. */ DummyChain() { } /** * Esegue il filtro. * * @param req Richiesta. * @param resp Risposta. */ public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException { throw new NotImplementedException(getClass().toString(), "doFilter"); } } }