DWR2AccessControl xref

View Javadoc

1   /*
2    * To change this template, choose Tools | Templates
3    * and open the template in the editor.
4    */
5   
6   package net.sf.jguard.jee.extras.dwr2;
7   
8   import java.lang.reflect.Method;
9   import java.security.AccessControlException;
10  import java.security.Permission;
11  import java.security.PrivilegedActionException;
12  import javax.servlet.http.HttpServletRequest;
13  import net.sf.jguard.jee.authorization.http.HttpAccessControllerUtils;
14  import org.directwebremoting.impl.DefaultAccessControl;
15  import org.directwebremoting.extend.Creator;
16  import uk.ltd.getahead.dwr.WebContextFactory;
17  
18  /**
19   * link DWR with jguard to unify access control in jguard.
20   * this implementation works in DWR 2.x.
21   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
22   */
23  public class DWR2AccessControl extends DefaultAccessControl{
24          
25  	public DWR2AccessControl(){
26  		super();
27  	}
28  	
29  
30  	public void  assertExecutionIsPossible(Creator creator, String className, Method method) {
31              //TODO implements DWR1Authorizationbindings, DWR1AuthenticationBindings and 
32              //DWR2Authorizationbindings, DWR2AuthenticationBindings
33              //http://fisheye5.cenqua.com/browse/dwr/java/org/directwebremoting/impl/DefaultAccessControl.java?r=1.15
34              StringBuffer actions = new StringBuffer();
35              actions.append(creator.getClass().getName());
36              actions.append(",");
37              actions.append(creator.getType().getName());
38              actions.append(",");
39              actions.append(method.getName());
40              Permission p = new DWR2Permission("dummy name created by DWR2AccessControl to check access  ", actions.toString());
41              HttpServletRequest req = WebContextFactory.get().getHttpServletRequest();
42              try {
43                  HttpAccessControllerUtils.checkPermission(req.getSession(true), p);
44              } catch (AccessControlException ex) {
45                  throw new SecurityException(ex);
46              } catch (PrivilegedActionException ex) {
47                  throw new SecurityException(ex);
48              }
49  	}
50  
51  	
52  	
53  	public void addRoleRestriction(String scriptName, String methodName, String role){
54  		super.addRoleRestriction(scriptName,methodName,role);
55  	}
56  	
57  	public void addIncludeRule(String scriptName, String methodName){
58  		super.addIncludeRule(scriptName, methodName);
59  	}
60  	
61  	public void addExcludeRule(String scriptName, String methodName){
62  		super.addExcludeRule(scriptName, methodName);
63  	}
64  
65  }