Coverage Report

Coverage Report - org.acegisecurity.taglibs.authz.AuthorizeTag

Classes in this File

Line Coverage

Branch Coverage

Complexity

AuthorizeTag

99%

100%

2.833

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.taglibs.authz;
 
 import org.acegisecurity.Authentication;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 
 import org.acegisecurity.context.SecurityContextHolder;
 
 import org.springframework.util.StringUtils;
 
 import org.springframework.web.util.ExpressionEvaluationUtils;
 
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
 
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.tagext.Tag;
 import javax.servlet.jsp.tagext.TagSupport;
 
 
 /**
  * An implementation of {@link javax.servlet.jsp.tagext.Tag} that allows it's body through if some authorizations
  * are granted to the request's principal.
  *
  * @author Francois Beausoleil
  * @version $Id: AuthorizeTag.java 1784 2007-02-24 21:00:24Z luke_t $
  */
 public class AuthorizeTag extends TagSupport {
     //~ Instance fields ================================================================================================
 
     private String ifAllGranted = "";
     private String ifAnyGranted = "";
     private String ifNotGranted = "";
 
     //~ Methods ========================================================================================================
 
     private Set authoritiesToRoles(Collection c) {
         Set target = new HashSet();
 
         for (Iterator iterator = c.iterator(); iterator.hasNext();) {
             GrantedAuthority authority = (GrantedAuthority) iterator.next();
 
             if (null == authority.getAuthority()) {
                 throw new IllegalArgumentException(
                     "Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process "
                     + authority.toString());
             }
 
             target.add(authority.getAuthority());
         }
 
         return target;
     }
 
     public int doStartTag() throws JspException {
         if (((null == ifAllGranted) || "".equals(ifAllGranted)) && ((null == ifAnyGranted) || "".equals(ifAnyGranted))
             && ((null == ifNotGranted) || "".equals(ifNotGranted))) {
             return Tag.SKIP_BODY;
         }
 
         final Collection granted = getPrincipalAuthorities();
 
         final String evaledIfNotGranted = ExpressionEvaluationUtils.evaluateString("ifNotGranted", ifNotGranted,
                 pageContext);
 
         if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) {
             Set grantedCopy = retainAll(granted, parseAuthoritiesString(evaledIfNotGranted));
 
             if (!grantedCopy.isEmpty()) {
                 return Tag.SKIP_BODY;
             }
         }
 
         final String evaledIfAllGranted = ExpressionEvaluationUtils.evaluateString("ifAllGranted", ifAllGranted,
                 pageContext);
 
         if ((null != evaledIfAllGranted) && !"".equals(evaledIfAllGranted)) {
             if (!granted.containsAll(parseAuthoritiesString(evaledIfAllGranted))) {
                 return Tag.SKIP_BODY;
             }
         }
 
         final String evaledIfAnyGranted = ExpressionEvaluationUtils.evaluateString("ifAnyGranted", ifAnyGranted,
                 pageContext);
 
         if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) {
             Set grantedCopy = retainAll(granted, parseAuthoritiesString(evaledIfAnyGranted));
 
             if (grantedCopy.isEmpty()) {
                 return Tag.SKIP_BODY;
             }
         }
 
         return Tag.EVAL_BODY_INCLUDE;
     }
 
     public String getIfAllGranted() {
         return ifAllGranted;
     }
 
     public String getIfAnyGranted() {
         return ifAnyGranted;
     }
 
     public String getIfNotGranted() {
         return ifNotGranted;
     }
 
     private Collection getPrincipalAuthorities() {
         Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
 
         if (null == currentUser) {
             return Collections.EMPTY_LIST;
         }
 
         if ((null == currentUser.getAuthorities()) || (currentUser.getAuthorities().length < 1)) {
             return Collections.EMPTY_LIST;
         }
 
         Collection granted = Arrays.asList(currentUser.getAuthorities());
 
         return granted;
     }
 
     private Set parseAuthoritiesString(String authorizationsString) {
         final Set requiredAuthorities = new HashSet();
         final String[] authorities = StringUtils.commaDelimitedListToStringArray(authorizationsString);
 
         for (int i = 0; i < authorities.length; i++) {
             String authority = authorities[i];
 
             // Remove the role's whitespace characters without depending on JDK 1.4+
             // Includes space, tab, new line, carriage return and form feed.
             String role = authority.trim(); // trim, don't use spaces, as per SEC-378
             role = StringUtils.replace(role, "\t", "");
             role = StringUtils.replace(role, "\r", "");
             role = StringUtils.replace(role, "\n", "");
             role = StringUtils.replace(role, "\f", "");
 
             requiredAuthorities.add(new GrantedAuthorityImpl(role));
         }
 
         return requiredAuthorities;
     }
 
     /**
      * Find the common authorities between the current authentication's {@link GrantedAuthority} and the ones
      * that have been specified in the tag's ifAny, ifNot or ifAllGranted attributes.<p>We need to manually
      * iterate over both collections, because the granted authorities might not implement {@link
      * Object#equals(Object)} and {@link Object#hashCode()} in the same way as {@link GrantedAuthorityImpl}, thereby
      * invalidating {@link Collection#retainAll(java.util.Collection)} results.</p>
      * <p>
      * <strong>CAVEAT</strong>:  This method <strong>will not</strong> work if the granted authorities
      * returns a <code>null</code> string as the return value of {@link
      * org.acegisecurity.GrantedAuthority#getAuthority()}.
      * </p>
      * <p>Reported by rawdave, on Fri Feb 04, 2005 2:11 pm in the Acegi Security System for Spring forums.</p>
      *
      * @param granted The authorities granted by the authentication. May be any implementation of {@link
      *        GrantedAuthority} that does <strong>not</strong> return <code>null</code> from {@link
      *        org.acegisecurity.GrantedAuthority#getAuthority()}.
      * @param required A {@link Set} of {@link GrantedAuthorityImpl}s that have been built using ifAny, ifAll or
      *        ifNotGranted.
      *
      * @return A set containing only the common authorities between <var>granted</var> and <var>required</var>.
      *
      * @see <a href="http://forum.springframework.org/viewtopic.php?t=3367">authz:authorize ifNotGranted not behaving
      *      as expected</a> TODO: wrong article Url
      */
     private Set retainAll(final Collection granted, final Set required) {
         Set grantedRoles = authoritiesToRoles(granted);
         Set requiredRoles = authoritiesToRoles(required);
         grantedRoles.retainAll(requiredRoles);
 
         return rolesToAuthorities(grantedRoles, granted);
     }
 
     private Set rolesToAuthorities(Set grantedRoles, Collection granted) {
         Set target = new HashSet();
 
         for (Iterator iterator = grantedRoles.iterator(); iterator.hasNext();) {
             String role = (String) iterator.next();
 
             for (Iterator grantedIterator = granted.iterator(); grantedIterator.hasNext();) {
                 GrantedAuthority authority = (GrantedAuthority) grantedIterator.next();
 
                 if (authority.getAuthority().equals(role)) {
                     target.add(authority);
 
                     break;
                 }
             }
         }
 
         return target;
     }
 
     public void setIfAllGranted(String ifAllGranted) throws JspException {
         this.ifAllGranted = ifAllGranted;
     }
 
     public void setIfAnyGranted(String ifAnyGranted) throws JspException {
         this.ifAnyGranted = ifAnyGranted;
     }
 
     public void setIfNotGranted(String ifNotGranted) throws JspException {
         this.ifNotGranted = ifNotGranted;
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.taglibs.authz;
17
18		import org.acegisecurity.Authentication;
19		import org.acegisecurity.GrantedAuthority;
20		import org.acegisecurity.GrantedAuthorityImpl;
21
22		import org.acegisecurity.context.SecurityContextHolder;
23
24		import org.springframework.util.StringUtils;
25
26		import org.springframework.web.util.ExpressionEvaluationUtils;
27
28		import java.util.Arrays;
29		import java.util.Collection;
30		import java.util.Collections;
31		import java.util.HashSet;
32		import java.util.Iterator;
33		import java.util.Set;
34
35		import javax.servlet.jsp.JspException;
36		import javax.servlet.jsp.tagext.Tag;
37		import javax.servlet.jsp.tagext.TagSupport;
38
39
40		/**
41		* An implementation of {@link javax.servlet.jsp.tagext.Tag} that allows it's body through if some authorizations
42		* are granted to the request's principal.
43		*
44		* @author Francois Beausoleil
45		* @version $Id: AuthorizeTag.java 1784 2007-02-24 21:00:24Z luke_t $
46		*/
47	40	public class AuthorizeTag extends TagSupport {
48		//~ Instance fields ================================================================================================
49
50	40	private String ifAllGranted = "";
51	40	private String ifAnyGranted = "";
52	40	private String ifNotGranted = "";
53
54		//~ Methods ========================================================================================================
55
56		private Set authoritiesToRoles(Collection c) {
57	25	Set target = new HashSet();
58
59	25	for (Iterator iterator = c.iterator(); iterator.hasNext();) {
60	33	GrantedAuthority authority = (GrantedAuthority) iterator.next();
61
62	33	if (null == authority.getAuthority()) {
63	1	throw new IllegalArgumentException(
64		"Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process "
65		+ authority.toString());
66		}
67
68	32	target.add(authority.getAuthority());
69	32	}
70
71	24	return target;
72		}
73
74		public int doStartTag() throws JspException {
75	20	if (((null == ifAllGranted) \|\| "".equals(ifAllGranted)) && ((null == ifAnyGranted) \|\| "".equals(ifAnyGranted))
76		&& ((null == ifNotGranted) \|\| "".equals(ifNotGranted))) {
77	1	return Tag.SKIP_BODY;
78		}
79
80	19	final Collection granted = getPrincipalAuthorities();
81
82	19	final String evaledIfNotGranted = ExpressionEvaluationUtils.evaluateString("ifNotGranted", ifNotGranted,
83		pageContext);
84
85	19	if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) {
86	5	Set grantedCopy = retainAll(granted, parseAuthoritiesString(evaledIfNotGranted));
87
88	5	if (!grantedCopy.isEmpty()) {
89	3	return Tag.SKIP_BODY;
90		}
91		}
92
93	16	final String evaledIfAllGranted = ExpressionEvaluationUtils.evaluateString("ifAllGranted", ifAllGranted,
94		pageContext);
95
96	16	if ((null != evaledIfAllGranted) && !"".equals(evaledIfAllGranted)) {
97	6	if (!granted.containsAll(parseAuthoritiesString(evaledIfAllGranted))) {
98	3	return Tag.SKIP_BODY;
99		}
100		}
101
102	13	final String evaledIfAnyGranted = ExpressionEvaluationUtils.evaluateString("ifAnyGranted", ifAnyGranted,
103		pageContext);
104
105	13	if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) {
106	8	Set grantedCopy = retainAll(granted, parseAuthoritiesString(evaledIfAnyGranted));
107
108	7	if (grantedCopy.isEmpty()) {
109	3	return Tag.SKIP_BODY;
110		}
111		}
112
113	9	return Tag.EVAL_BODY_INCLUDE;
114		}
115
116		public String getIfAllGranted() {
117	1	return ifAllGranted;
118		}
119
120		public String getIfAnyGranted() {
121	1	return ifAnyGranted;
122		}
123
124		public String getIfNotGranted() {
125	1	return ifNotGranted;
126		}
127
128		private Collection getPrincipalAuthorities() {
129	19	Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
130
131	19	if (null == currentUser) {
132	2	return Collections.EMPTY_LIST;
133		}
134
135	17	if ((null == currentUser.getAuthorities()) \|\| (currentUser.getAuthorities().length < 1)) {
136	0	return Collections.EMPTY_LIST;
137		}
138
139	17	Collection granted = Arrays.asList(currentUser.getAuthorities());
140
141	17	return granted;
142		}
143
144		private Set parseAuthoritiesString(String authorizationsString) {
145	19	final Set requiredAuthorities = new HashSet();
146	19	final String[] authorities = StringUtils.commaDelimitedListToStringArray(authorizationsString);
147
148	44	for (int i = 0; i < authorities.length; i++) {
149	25	String authority = authorities[i];
150
151		// Remove the role's whitespace characters without depending on JDK 1.4+
152		// Includes space, tab, new line, carriage return and form feed.
153	25	String role = authority.trim(); // trim, don't use spaces, as per SEC-378
154	25	role = StringUtils.replace(role, "\t", "");
155	25	role = StringUtils.replace(role, "\r", "");
156	25	role = StringUtils.replace(role, "\n", "");
157	25	role = StringUtils.replace(role, "\f", "");
158
159	25	requiredAuthorities.add(new GrantedAuthorityImpl(role));
160		}
161
162	19	return requiredAuthorities;
163		}
164
165		/**
166		* Find the common authorities between the current authentication's {@link GrantedAuthority} and the ones
167		* that have been specified in the tag's ifAny, ifNot or ifAllGranted attributes.<p>We need to manually
168		* iterate over both collections, because the granted authorities might not implement {@link
169		* Object#equals(Object)} and {@link Object#hashCode()} in the same way as {@link GrantedAuthorityImpl}, thereby
170		* invalidating {@link Collection#retainAll(java.util.Collection)} results.</p>
171		* <p>
172		* <strong>CAVEAT</strong>: This method <strong>will not</strong> work if the granted authorities
173		* returns a <code>null</code> string as the return value of {@link
174		* org.acegisecurity.GrantedAuthority#getAuthority()}.
175		* </p>
176		* <p>Reported by rawdave, on Fri Feb 04, 2005 2:11 pm in the Acegi Security System for Spring forums.</p>
177		*
178		* @param granted The authorities granted by the authentication. May be any implementation of {@link
179		* GrantedAuthority} that does <strong>not</strong> return <code>null</code> from {@link
180		* org.acegisecurity.GrantedAuthority#getAuthority()}.
181		* @param required A {@link Set} of {@link GrantedAuthorityImpl}s that have been built using ifAny, ifAll or
182		* ifNotGranted.
183		*
184		* @return A set containing only the common authorities between <var>granted</var> and <var>required</var>.
185		*
186		* @see <a href="http://forum.springframework.org/viewtopic.php?t=3367">authz:authorize ifNotGranted not behaving
187		* as expected</a> TODO: wrong article Url
188		*/
189		private Set retainAll(final Collection granted, final Set required) {
190	13	Set grantedRoles = authoritiesToRoles(granted);
191	12	Set requiredRoles = authoritiesToRoles(required);
192	12	grantedRoles.retainAll(requiredRoles);
193
194	12	return rolesToAuthorities(grantedRoles, granted);
195		}
196
197		private Set rolesToAuthorities(Set grantedRoles, Collection granted) {
198	12	Set target = new HashSet();
199
200	12	for (Iterator iterator = grantedRoles.iterator(); iterator.hasNext();) {
201	7	String role = (String) iterator.next();
202
203	7	for (Iterator grantedIterator = granted.iterator(); grantedIterator.hasNext();) {
204	10	GrantedAuthority authority = (GrantedAuthority) grantedIterator.next();
205
206	10	if (authority.getAuthority().equals(role)) {
207	7	target.add(authority);
208
209	7	break;
210		}
211	3	}
212	7	}
213
214	12	return target;
215		}
216
217		public void setIfAllGranted(String ifAllGranted) throws JspException {
218	7	this.ifAllGranted = ifAllGranted;
219	7	}
220
221		public void setIfAnyGranted(String ifAnyGranted) throws JspException {
222	10	this.ifAnyGranted = ifAnyGranted;
223	10	}
224
225		public void setIfNotGranted(String ifNotGranted) throws JspException {
226	5	this.ifNotGranted = ifNotGranted;
227	5	}
228		}