View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.myfaces.tobago.security;
21  
22  import org.slf4j.Logger;
23  import org.slf4j.LoggerFactory;
24  
25  import javax.faces.el.MethodBinding;
26  import javax.faces.el.MethodNotFoundException;
27  import javax.faces.el.EvaluationException;
28  import javax.faces.context.FacesContext;
29  import javax.faces.component.StateHolder;
30  import javax.faces.component.UIComponentBase;
31  import javax.faces.application.FacesMessage;
32  
33  public class CheckAuthorisationMethodBinding extends MethodBinding implements StateHolder {
34    private static final Logger LOG = LoggerFactory.getLogger(CheckAuthorisationMethodBinding.class);
35  
36    private MethodBinding methodBinding;
37  
38    public CheckAuthorisationMethodBinding() {
39    }
40  
41    public CheckAuthorisationMethodBinding(MethodBinding methodBinding) {
42      this.methodBinding = methodBinding;
43    }
44  
45    public String getExpressionString() {
46      return methodBinding.getExpressionString();
47    }
48  
49    public Class getType(FacesContext facesContext) throws MethodNotFoundException {
50      return methodBinding.getType(facesContext);
51    }
52  
53    public Object invoke(FacesContext facesContext, Object[] objects)
54        throws EvaluationException {
55      if (LOG.isDebugEnabled()) {
56        LOG.debug("MethodBinding invoke " + getExpressionString());
57      }
58      // MethodBindings with a argument list would not be checked for authorisation
59      if ((objects!=null && objects.length > 0) || AuthorizationUtils.isAuthorized(facesContext, getExpressionString())) {
60        return methodBinding.invoke(facesContext, objects);
61      } else {
62        // TODO better message
63        facesContext.addMessage(null, new FacesMessage("Not authorised"));
64        return null;
65      }
66    }
67  
68    public Object saveState(FacesContext facesContext) {
69      Object[] saveState = new Object[1];
70      saveState[0] = UIComponentBase.saveAttachedState(facesContext, methodBinding);
71      return saveState;
72    }
73  
74    public void restoreState(FacesContext facesContext, Object savedState) {
75      Object[] values = (Object[]) savedState;
76      methodBinding = (MethodBinding) UIComponentBase.restoreAttachedState(facesContext, values[0]);
77    }
78  
79    public boolean isTransient() {
80      return methodBinding instanceof StateHolder && ((StateHolder) methodBinding).isTransient();
81    }
82  
83    public void setTransient(boolean bool) {
84      if (methodBinding instanceof StateHolder) {
85        ((StateHolder) methodBinding).setTransient(bool);
86      }
87    }
88  
89    public boolean isAuthorized(FacesContext facesContext) {
90      return AuthorizationUtils.isAuthorized(facesContext, getExpressionString());
91    }
92  }