1
package org.hisp.dhis.security;
4
* Copyright (c) 2004-2007, University of Oslo
7
* Redistribution and use in source and binary forms, with or without
8
* modification, are permitted provided that the following conditions are met:
9
* * Redistributions of source code must retain the above copyright notice, this
10
* list of conditions and the following disclaimer.
11
* * Redistributions in binary form must reproduce the above copyright notice,
12
* this list of conditions and the following disclaimer in the documentation
13
* and/or other materials provided with the distribution.
14
* * Neither the name of the HISP project nor the names of its contributors may
15
* be used to endorse or promote products derived from this software without
16
* specific prior written permission.
18
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
22
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30
import org.acegisecurity.AccessDecisionManager;
31
import org.acegisecurity.AccessDeniedException;
32
import org.acegisecurity.Authentication;
33
import org.acegisecurity.InsufficientAuthenticationException;
34
import org.acegisecurity.context.SecurityContext;
35
import org.acegisecurity.context.SecurityContextHolder;
36
import org.acegisecurity.intercept.ObjectDefinitionSource;
37
import org.apache.commons.logging.Log;
38
import org.apache.commons.logging.LogFactory;
39
import org.hisp.dhis.security.authority.RequiredAuthoritiesProvider;
41
import com.opensymphony.xwork.config.Configuration;
42
import com.opensymphony.xwork.config.ConfigurationManager;
43
import com.opensymphony.xwork.config.entities.ActionConfig;
44
import com.opensymphony.xwork.config.entities.PackageConfig;
47
* @author Torgeir Lorange Ostby
48
* @version $Id: AcegiActionAccessResolver.java 3160 2007-03-24 20:15:06Z torgeilo $
50
public class AcegiActionAccessResolver
51
implements ActionAccessResolver
53
private static final Log LOG = LogFactory.getLog( AcegiActionAccessResolver.class );
55
// -------------------------------------------------------------------------
57
// -------------------------------------------------------------------------
59
private RequiredAuthoritiesProvider requiredAuthoritiesProvider;
61
public void setRequiredAuthoritiesProvider( RequiredAuthoritiesProvider requiredAuthoritiesProvider )
63
this.requiredAuthoritiesProvider = requiredAuthoritiesProvider;
66
private AccessDecisionManager accessDecisionManager;
68
public void setAccessDecisionManager( AccessDecisionManager accessDecisionManager )
70
this.accessDecisionManager = accessDecisionManager;
73
// -------------------------------------------------------------------------
74
// ActionAccessResolver implementation
75
// -------------------------------------------------------------------------
77
public boolean hasAccess( String module, String name )
79
// ---------------------------------------------------------------------
80
// Get ObjectDefinitionSource
81
// ---------------------------------------------------------------------
83
Configuration config = ConfigurationManager.getConfiguration();
85
PackageConfig packageConfig = config.getPackageConfig( module );
87
if ( packageConfig == null )
89
throw new IllegalArgumentException( "Module doesn't exist: '" + module + "'" );
92
ActionConfig actionConfig = (ActionConfig) packageConfig.getActionConfigs().get( name );
94
if ( actionConfig == null )
96
throw new IllegalArgumentException( "Module " + module + " doesn't have an action named: '" + name + "'" );
99
ObjectDefinitionSource objectDefinitionSource = requiredAuthoritiesProvider
100
.createObjectDefinitionSource( actionConfig );
102
// ---------------------------------------------------------------------
104
// ---------------------------------------------------------------------
106
SecurityContext securityContext = SecurityContextHolder.getContext();
108
Authentication authentication = securityContext.getAuthentication();
112
if ( objectDefinitionSource.getAttributes( actionConfig ) != null )
114
if ( authentication == null || !authentication.isAuthenticated() )
119
accessDecisionManager.decide( authentication, actionConfig, objectDefinitionSource
120
.getAttributes( actionConfig ) );
123
LOG.debug( "Access to [" + module + ", " + name + "]: TRUE" );
127
catch ( AccessDeniedException e )
129
LOG.debug( "Access to [" + module + ", " + name + "]: FALSE (access denied)" );
133
catch ( InsufficientAuthenticationException e )
135
LOG.debug( "Access to [" + module + ", " + name + "]: FALSE (insufficient authentication)" );