View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.myfaces.tobago.security;
21  
22  import org.slf4j.Logger;
23  import org.slf4j.LoggerFactory;
24  
25  import javax.el.ELContext;
26  import javax.el.MethodExpression;
27  import javax.el.MethodInfo;
28  import javax.faces.application.FacesMessage;
29  import javax.faces.component.StateHolder;
30  import javax.faces.component.UIComponentBase;
31  import javax.faces.context.FacesContext;
32  
33  public class CheckAuthorisationMethodExpression extends MethodExpression implements StateHolder {
34    private static final Logger LOG = LoggerFactory.getLogger(CheckAuthorisationMethodExpression.class);
35  
36    private MethodExpression methodExpression;
37  
38    public CheckAuthorisationMethodExpression() {
39    }
40  
41    public CheckAuthorisationMethodExpression(final MethodExpression methodExpression) {
42      this.methodExpression = methodExpression;
43    }
44  
45    @Override
46    public MethodInfo getMethodInfo(final ELContext context) {
47      return methodExpression.getMethodInfo(context);
48    }
49  
50    @Override
51    public Object invoke(final ELContext context, final Object[] objects) {
52      if (LOG.isDebugEnabled()) {
53        LOG.debug("MethodBinding invoke " + getExpressionString());
54      }
55      // MethodExpression with a argument list would not be checked for authorisation
56      if ((objects!=null && objects.length > 0)
57          || AuthorizationUtils.isAuthorized(FacesContext.getCurrentInstance(), getExpressionString())) {
58        return methodExpression.invoke(context, objects);
59      } else {
60        // TODO better message
61        FacesContext.getCurrentInstance().addMessage(null, new FacesMessage("Not authorised"));
62        return null;
63      }
64    }
65  
66    @Override
67    public String getExpressionString() {
68      return methodExpression.getExpressionString();
69    }
70  
71    @Override
72    public boolean equals(final Object obj) {
73      return methodExpression.equals(obj);
74    }
75  
76    @Override
77    public int hashCode() {
78      return methodExpression.hashCode();
79    }
80  
81    @Override
82    public boolean isLiteralText() {
83      return methodExpression.isLiteralText();
84    }
85  
86    public Object saveState(final FacesContext facesContext) {
87    final Object[] saveState = new Object[1];
88      saveState[0] = UIComponentBase.saveAttachedState(facesContext, methodExpression);
89      return saveState;
90    }
91  
92    public void restoreState(final FacesContext facesContext, final Object savedState) {
93      final Object[] values = (Object[]) savedState;
94      methodExpression = (MethodExpression) UIComponentBase.restoreAttachedState(facesContext, values[0]);
95    }
96  
97    public boolean isTransient() {
98      return methodExpression instanceof StateHolder && ((StateHolder) methodExpression).isTransient();
99    }
100 
101   public void setTransient(final boolean bool) {
102     if (methodExpression instanceof StateHolder) {
103       ((StateHolder) methodExpression).setTransient(bool);
104     }
105   }
106 
107   public boolean isAuthorized(final FacesContext facesContext) {
108     return AuthorizationUtils.isAuthorized(facesContext, getExpressionString());
109   }
110 }