Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

General refactoring of taglibs.

This commit is contained in:
Ben Alex 2004-12-03 06:41:48 +00:00
parent 1b660d4d5b
commit 7a4a46cc7b
2 changed files with 100 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

192
core/src/main/java/org/acegisecurity/taglibs/authz/AclTag.java
View File

@ -37,6 +37,7 @@ import java.util.StringTokenizer;
import javax.servlet.ServletContext; import javax.servlet.ServletContext;
import javax.servlet.jsp.JspException; import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.Tag; import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport; import javax.servlet.jsp.tagext.TagSupport;
@ -106,130 +107,113 @@ public class AclTag extends TagSupport {
final String evaledPermissionsString = ExpressionEvaluationUtils final String evaledPermissionsString = ExpressionEvaluationUtils
.evaluateString("hasPermission", hasPermission, pageContext); .evaluateString("hasPermission", hasPermission, pageContext);
if ((null != evaledPermissionsString) Integer[] requiredIntegers = null;
&& !"".equals(evaledPermissionsString)) {
Integer[] requiredIntegers = null;
try { try {
requiredIntegers = parseIntegersString(evaledPermissionsString); requiredIntegers = parseIntegersString(evaledPermissionsString);
} catch (NumberFormatException nfe) { } catch (NumberFormatException nfe) {
throw new JspException(nfe); throw new JspException(nfe);
} }
if (requiredIntegers.length == 0) { Object resolvedDomainObject = null;
throw new JspException(
"A comma separate list of integers representing authorised permissions was NOT provided via the 'hasPermission' attribute");
}
Object resolvedDomainObject = null; if (domainObject instanceof String) {
resolvedDomainObject = ExpressionEvaluationUtils.evaluate("domainObject",
if (domainObject instanceof String) { (String) domainObject, Object.class, pageContext);
resolvedDomainObject = ExpressionEvaluationUtils.evaluate("domainObject", } else {
(String) domainObject, Object.class, pageContext); resolvedDomainObject = domainObject;
} else { }
resolvedDomainObject = domainObject;
}
if (resolvedDomainObject == null) {
if (logger.isDebugEnabled()) {
logger.debug(
"domainObject resolved to null, so including tag body");
}
// Of course they have access to a null object!
return Tag.EVAL_BODY_INCLUDE;
}
if ((ContextHolder.getContext() == null)
|| !(ContextHolder.getContext() instanceof SecureContext)
|| (((SecureContext) ContextHolder.getContext())
.getAuthentication() == null)) {
if (logger.isDebugEnabled()) {
logger.debug(
"ContextHolder did not return a non-null Authentication object, so skipping tag body");
}
return Tag.SKIP_BODY;
}
Authentication auth = ((SecureContext) ContextHolder.getContext())
.getAuthentication();
ApplicationContext context = getContext(pageContext
.getServletContext());
if (context == null) {
throw new JspException(
"applicationContext unavailable from servlet context");
}
Map beans = context.getBeansOfType(AclManager.class, false, false);
if (beans.size() == 0) {
throw new JspException(
"No AclManager would found the application context: "
+ context.toString());
}
String beanName = (String) beans.keySet().iterator().next();
AclManager aclManager = (AclManager) context.getBean(beanName);
// Obtain aclEntrys applying to the current Authentication object
AclEntry[] acls = aclManager.getAcls(resolvedDomainObject, auth);
if (resolvedDomainObject == null) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Authentication: '" + auth + "' has: " logger.debug(
+ ((acls == null) ? 0 : acls.length) "domainObject resolved to null, so including tag body");
+ " AclEntrys for domain object: '" + resolvedDomainObject
+ "' from AclManager: '" + aclManager.toString() + "'");
} }
if ((acls == null) || (acls.length == 0)) { // Of course they have access to a null object!
return Tag.SKIP_BODY; return Tag.EVAL_BODY_INCLUDE;
} }
for (int i = 0; i < acls.length; i++) {
// Locate processable AclEntrys
if (acls[i] instanceof AbstractBasicAclEntry) {
AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i];
// See if principal has any of the required permissions
for (int y = 0; y < requiredIntegers.length; y++) {
if (processableAcl.isPermitted(
requiredIntegers[y].intValue())) {
if (logger.isDebugEnabled()) {
logger.debug(
"Including tag body as found permission: "
+ requiredIntegers[y]
+ " due to AclEntry: '" + processableAcl
+ "'");
}
return Tag.EVAL_BODY_INCLUDE;
}
}
}
}
if ((ContextHolder.getContext() == null)
|| !(ContextHolder.getContext() instanceof SecureContext)
|| (((SecureContext) ContextHolder.getContext()).getAuthentication() == null)) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("No permission, so skipping tag body"); logger.debug(
"ContextHolder did not return a non-null Authentication object, so skipping tag body");
} }
return Tag.SKIP_BODY; return Tag.SKIP_BODY;
} else {
throw new JspException("Unsupported use of auth:acl tag");
} }
Authentication auth = ((SecureContext) ContextHolder.getContext())
.getAuthentication();
ApplicationContext context = getContext(pageContext);
Map beans = context.getBeansOfType(AclManager.class, false, false);
if (beans.size() == 0) {
throw new JspException(
"No AclManager would found the application context: "
+ context.toString());
}
String beanName = (String) beans.keySet().iterator().next();
AclManager aclManager = (AclManager) context.getBean(beanName);
// Obtain aclEntrys applying to the current Authentication object
AclEntry[] acls = aclManager.getAcls(resolvedDomainObject, auth);
if (logger.isDebugEnabled()) {
logger.debug("Authentication: '" + auth + "' has: "
+ ((acls == null) ? 0 : acls.length)
+ " AclEntrys for domain object: '" + resolvedDomainObject
+ "' from AclManager: '" + aclManager.toString() + "'");
}
if ((acls == null) || (acls.length == 0)) {
return Tag.SKIP_BODY;
}
for (int i = 0; i < acls.length; i++) {
// Locate processable AclEntrys
if (acls[i] instanceof AbstractBasicAclEntry) {
AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i];
// See if principal has any of the required permissions
for (int y = 0; y < requiredIntegers.length; y++) {
if (processableAcl.isPermitted(
requiredIntegers[y].intValue())) {
if (logger.isDebugEnabled()) {
logger.debug(
"Including tag body as found permission: "
+ requiredIntegers[y] + " due to AclEntry: '"
+ processableAcl + "'");
}
return Tag.EVAL_BODY_INCLUDE;
}
}
}
}
if (logger.isDebugEnabled()) {
logger.debug("No permission, so skipping tag body");
}
return Tag.SKIP_BODY;
} }
/** /**
* Allows test cases to override where application context obtained from. * Allows test cases to override where application context obtained from.
* *
* @param servletContext as required by Spring's * @param pageContext so the <code>ServletContext</code> can be accessed as
* <code>WebApplicationContextUtils</code> * required by Spring's <code>WebApplicationContextUtils</code>
* *
* @return the Spring application context * @return the Spring application context (never <code>null</code>)
*/ */
protected ApplicationContext getContext(ServletContext servletContext) { protected ApplicationContext getContext(PageContext pageContext) {
ServletContext servletContext = pageContext.getServletContext();
return WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext); return WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
} }

24
core/src/main/java/org/acegisecurity/taglibs/authz/AuthenticationTag.java
View File

@ -66,6 +66,10 @@ public class AuthenticationTag extends TagSupport {
return Tag.SKIP_BODY; return Tag.SKIP_BODY;
} }
if (!OPERATION_PRINCIPAL.equalsIgnoreCase(operation)) {
throw new JspException("Unsupported use of auth:authentication tag");
}
if ((ContextHolder.getContext() == null) if ((ContextHolder.getContext() == null)
|| !(ContextHolder.getContext() instanceof SecureContext) || !(ContextHolder.getContext() instanceof SecureContext)
|| (((SecureContext) ContextHolder.getContext()).getAuthentication() == null)) { || (((SecureContext) ContextHolder.getContext()).getAuthentication() == null)) {
@ -75,20 +79,16 @@ public class AuthenticationTag extends TagSupport {
Authentication auth = ((SecureContext) ContextHolder.getContext()) Authentication auth = ((SecureContext) ContextHolder.getContext())
.getAuthentication(); .getAuthentication();
if (OPERATION_PRINCIPAL.equalsIgnoreCase(operation)) { if (auth.getPrincipal() == null) {
if (auth.getPrincipal() == null) { return Tag.SKIP_BODY;
return Tag.SKIP_BODY; } else if (auth.getPrincipal() instanceof UserDetails) {
} else if (auth.getPrincipal() instanceof UserDetails) { writeMessage(((UserDetails) auth.getPrincipal()).getUsername());
writeMessage(((UserDetails) auth.getPrincipal()).getUsername());
return Tag.SKIP_BODY; return Tag.SKIP_BODY;
} else {
writeMessage(auth.getPrincipal().toString());
return Tag.SKIP_BODY;
}
} else { } else {
throw new JspException("Unsupported use of auth:athentication tag"); writeMessage(auth.getPrincipal().toString());
return Tag.SKIP_BODY;
} }
} }