it.scoppelletti.programmerpower.web.view.AuthorizeComponent.java Source code

Introduction

Here is the source code for it.scoppelletti.programmerpower.web.view.AuthorizeComponent.java

Source

/*
 * Copyright (C) 2011 Dario Scoppelletti, <http://www.scoppelletti.it/>.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package it.scoppelletti.programmerpower.web.view;

import java.io.*;
import java.util.*;
import javax.servlet.*;
import com.opensymphony.xwork2.util.*;
import org.apache.struts2.*;
import org.apache.struts2.components.*;
import org.springframework.context.ApplicationContext;
import org.springframework.expression.*;
import org.springframework.security.access.expression.*;
import org.springframework.security.core.*;
import org.springframework.security.core.context.*;
import org.springframework.security.web.*;
import org.springframework.security.web.access.expression.*;
import org.springframework.web.context.support.*;
import it.scoppelletti.programmerpower.*;
import it.scoppelletti.programmerpower.reflect.*;
import it.scoppelletti.programmerpower.types.*;

/**
 * Reimplementazione del tag Spring Security {@code authorize} come componente
 * Struts 2.
 *
 * @see   it.scoppelletti.programmerpower.web.view.freemarker.AuthorizeModel
 * @see   <A HREF="http:///www.springsource.org/spring-security"
 *        TARGET="_blank">Spring Security</A>  
 * @since 1.0.0
 */
@Final
public class AuthorizeComponent extends Component {
    private String myAccess;

    /**
     * Costruttore.
     * 
     * @param valueStack Stack dei valori.
     */
    public AuthorizeComponent(ValueStack valueStack) {
        super(valueStack);
    }

    /**
     * Imposta l&rsquo;espressione che specifica l&rsquo;accesso richiesto per
     * l&rsquo;utente correntemente autenticato.
     * 
     * @param                        value Valore.
     * @it.scoppelletti.tag.required
     */
    public void setAccess(String value) {
        myAccess = value;
    }

    /**
     * Emette l&rsquo;apertura del tag e verifica se deve essere emesso il
     * contenuto del tag stesso.
     * 
     * @param  writer Flusso di scrittura.
     * @return        Esito della verifica.
     */
    @Override
    public boolean start(Writer writer) {
        Authentication currentUser;
        FilterInvocation filter;
        Expression accessExpr;
        DefaultWebSecurityExpressionHandler exprHandler;

        if (Strings.isNullOrEmpty(myAccess)) {
            throw new PropertyNotSetException(toString(), "access");
        }

        currentUser = SecurityContextHolder.getContext().getAuthentication();
        if (currentUser == null) {
            throw new ObjectNotFoundException(Authentication.class.getName());
        }

        exprHandler = getExpressionHandler();
        accessExpr = exprHandler.getExpressionParser().parseExpression(myAccess);

        filter = new FilterInvocation(ServletActionContext.getRequest(), ServletActionContext.getResponse(),
                new AuthorizeComponent.DummyChain());

        if (ExpressionUtils.evaluateAsBoolean(accessExpr,
                exprHandler.createEvaluationContext(currentUser, filter))) {
            return true;
        }

        return false;
    }

    /**
     * Restituisce il gestore delle espressioni.
     * 
     * @return Oggetto.
     */
    private DefaultWebSecurityExpressionHandler getExpressionHandler() {
        ServletContext servletCtx;
        ApplicationContext applCtx;
        DefaultWebSecurityExpressionHandler exprHandler;
        Map<String, DefaultWebSecurityExpressionHandler> exprHandlers;

        servletCtx = ServletActionContext.getServletContext();
        applCtx = WebApplicationContextUtils.getRequiredWebApplicationContext(servletCtx);
        exprHandlers = applCtx.getBeansOfType(DefaultWebSecurityExpressionHandler.class);

        if (exprHandlers.size() == 0) {
            throw new ObjectNotFoundException(DefaultWebSecurityExpressionHandler.class.getName());
        }

        exprHandler = (DefaultWebSecurityExpressionHandler) exprHandlers.values().toArray()[0];

        return exprHandler;
    }

    /**
     * Catena di filtri.
     */
    private static final class DummyChain implements FilterChain {

        /**
         * Costruttore.
         */
        DummyChain() {
        }

        /**
         * Esegue il filtro.
         * 
         * @param req  Richiesta.
         * @param resp Risposta.
         */
        public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException {
            throw new NotImplementedException(getClass().toString(), "doFilter");
        }
    }
}