Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep
Home >> All >> com >> RuntimeCollective >> webapps >> [ tag Javadoc ]

Source code: com/RuntimeCollective/webapps/tag/CheckViewTag.java


1   /* $Header: /home/CVS/rjp/src/com/RuntimeCollective/webapps/tag/CheckViewTag.java,v 1.5 2003/09/30 15:13:16 joe Exp $
2    * $Revision: 1.5 $
3    * $Date: 2003/09/30 15:13:16 $
4    *
5    * ====================================================================
6    *
7    * Josephine : http://www.runtime-collective.com/josephine/index.html
8    *
9    * Copyright (C) 2003 Runtime Collective
10   * 
11   * This product includes software developed by the
12   * Apache Software Foundation (http://www.apache.org/).
13   *
14   * This library is free software; you can redistribute it and/or
15   * modify it under the terms of the GNU Lesser General Public
16   * License as published by the Free Software Foundation; either
17   * version 2.1 of the License, or (at your option) any later version.
18   *
19   * This library is distributed in the hope that it will be useful,
20   * but WITHOUT ANY WARRANTY; without even the implied warranty of
21   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
22   * Lesser General Public License for more details.
23   *
24   * You should have received a copy of the GNU Lesser General Public
25   * License along with this library; if not, write to the Free Software
26   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
27   *
28   */
29  
30  package com.RuntimeCollective.webapps.tag;
31  
32  import com.RuntimeCollective.webapps.RuntimeParameters;
33  import com.RuntimeCollective.webapps.bean.User;
34  import com.RuntimeCollective.webapps.bean.PermissionBean;
35  
36  import java.sql.SQLException;
37  import java.io.IOException;
38  import javax.servlet.http.HttpSession;
39  import javax.servlet.jsp.JspException;
40  import javax.servlet.jsp.JspWriter;
41  import javax.servlet.jsp.PageContext;
42  import javax.servlet.jsp.tagext.TagSupport;
43  import org.apache.struts.action.Action;
44  import org.apache.struts.action.ActionError;
45  import org.apache.struts.action.ActionErrors;
46  import org.apache.struts.util.MessageResources;
47  
48  /**
49   *
50   * Check if a user can view the named session-scoped bean.  This bean must implement the PermissionBean interface.
51   *
52   * If they do not have permission to view this bean, control will be forwarded to a page that will display errors (defaults to /logon.jsp).
53   *
54   * <p> By default, the User on the session under RuntimeParameters.get("logonUserKey")  will be used.  A different User bean on the session
55   * can be used by specifying the "user" parameter.
56   * <p>
57   * This tag assumes the user is logged on; this tag should be used after checkLogon (unless "user" is specified).
58   * <p>
59   * Attributes:
60   * <ul>
61   * <li> name - The name of the bean to check view permissions for</li>
62   * <li> user - [optional] The name of the user bean to check permissions with - defaults to RuntimeParameters.get("logonUserKey")</li>
63   * <li> page - the page to go to if the user is not logged in (defaults to /logon.jsp)</li>
64   * </ul>
65   * <p>
66   * For example, inserting
67   * <p><code>&lt;%@ taglib uri="/WEB-INF/runtime-struts.tld" prefix="rs" %&gt;
68   * <p>&lt;rs:checkView name="com.RuntimeCollective.school.bean.Course"/&gt;
69   * <p></code>
70   * <p> into a jsp page will check that the user in the session under <code>RuntimeParameters.get("logonUserKey")</code> can view the <code>com.RuntimeCollective.school.bean.Course</code> bean.
71   * <p> The following errors are returned
72   * <ul>
73   * <li><code>error.permission.viewDenied</code>
74   * <li><code>error.permission.nullValues</code>
75   * <li><code>error.db.connection</code>
76   * <li><code>error.permission.nullSession</code>
77   *</ul>
78   *
79   * @author Joe Holmberg
80   * @version $Id: CheckViewTag.java,v 1.5 2003/09/30 15:13:16 joe Exp $
81   */
82  
83  public final class CheckViewTag extends TagSupport {
84  
85  
86      /** The key of the session-scope bean we check permissions for. */
87      private String name = "";
88  
89      /** The page to which we should forward for the user to log on.  Defaults to "/logon.jsp". */
90      private String page = "/logon.jsp";
91  
92      /** The key of the user to check permissions for. Defaults to <code>RuntimeParameters.get("logonUserKey")</code> */
93      private String user = RuntimeParameters.get("logonUserKey");
94  
95      /** Return the bean name. */
96      public String getName() {
97    return (this.name);
98      }
99  
100     /** Set the bean name.
101      * @param name The new bean name
102      */
103     public void setName(String name) {
104   this.name = name;
105     }
106 
107     /** Return the forward page. */
108     public String getPage() {
109   return (this.page);
110     }
111 
112     /** Set the forward page.
113      * @param page The new forward page
114      */
115     public void setPage(String page) {
116   this.page = page;
117     }
118 
119     /** Return the user. */
120     public String getUser() { return this.user; }
121 
122     /** Set the user. */
123     public void setUser(String user) { this.user = user; }
124 
125 
126     /** Defer our checking until the end of this tag is encountered.
127      * @exception JspException if a JSP exception has occurred
128      */
129     public int doStartTag() throws JspException {
130   return (SKIP_BODY);
131     }
132 
133 
134     /**
135      * Perform a permissions check by calling the specified bean's 
136      * <code>canView</code> method, with the current user.
137      * If either of these beans are blank, or there is no session,
138      * or the user does not have permissions to access that bean,
139      * control will be forwarded to the specified error page
140      * with an appropriate error message set.
141      * @exception JspException if a JSP exception has occurred
142      */
143     public int doEndTag() throws JspException {
144 
145   ActionErrors errors = new ActionErrors();
146 
147   // Does the user have permission?
148   HttpSession session = pageContext.getSession();
149   if (session!=null) {
150       User userBean = (User) session.getAttribute(user);
151       if (userBean != null) {
152     userBean = (User)RuntimeParameters.getStore().get(User.class.getName(), userBean.getId());
153       }
154       PermissionBean perm = (PermissionBean) session.getAttribute(name);
155 
156       try {
157     if (userBean != null && perm != null) {
158         if ( !perm.canView(userBean) ) errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("error.permission.viewDenied"));
159     } else {
160         errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("error.permission.nullValues"));
161     }
162       } catch ( SQLException e ) {
163     errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("error.db.connection"));
164       }
165   } else {
166       errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("error.permission.nullSession"));
167   }
168 
169   // Forward control based on results
170   if (errors.size() == 0)
171       return (EVAL_PAGE);
172   else {
173       // Put the errors on the request
174       pageContext.getRequest().setAttribute(Action.ERROR_KEY, errors);
175 
176       try {
177     pageContext.forward(page);
178       } catch (Exception e) {
179     throw new JspException(e.toString());
180       }
181       return (SKIP_PAGE);
182   }
183     }
184 
185     /** Release any acquired resources. */
186     public void release() {
187         super.release();
188         this.name = "";
189         this.page = "/logon.jsp";
190   this.user = RuntimeParameters.get("logonUserKey");
191     }
192 }