View Javadoc

1   /*
2    * URLPermissionFactory.java
3    *
4    * Created on 2 mars 2007, 21:41
5    *
6    * To change this template, choose Tools | Template Manager
7    * and open the template in the editor.
8    */
9   
10  package net.sf.jguard.jee;
11  
12  import net.sf.jguard.jee.PermissionFactory;
13  import java.security.Permission;
14  import java.util.regex.Matcher;
15  import java.util.regex.Pattern;
16  
17  import javax.servlet.http.HttpServletRequest;
18  
19  import net.sf.jguard.core.authentication.AccessContext;
20  import net.sf.jguard.core.authorization.permissions.URLPermission;
21  
22  import net.sf.jguard.jee.authentication.http.AccessFilter;
23  import org.slf4j.Logger;
24  import org.slf4j.LoggerFactory;
25  
26  /**
27   * return an URLPermission.
28   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
29   */
30  public class HttpPermissionFactory implements PermissionFactory{
31     
32      static public final Logger logger = LoggerFactory.getLogger(HttpPermissionFactory.class);
33      private static Pattern starPattern = Pattern.compile(HttpPermissionFactory.STAR);
34      private static final String STAR = "\\*";
35      private static final String DOUBLE_STAR = "\\*\\*";
36      
37      
38      /** Creates a new instance of URLPermissionFactory */
39      public HttpPermissionFactory() {
40      }
41  
42     public Permission getPermission(AccessContext context){
43              HttpServletRequest request = (HttpServletRequest)context.getAttribute(AccessFilter.SERVLET_REQUEST);
44              String uriWithQuery = buildRequest(request);
45  	    logger.debug("uriWithQuery="+uriWithQuery);
46              //build the permission corresponding to the URI and prevent any '*' character to be interpreted as a regexp
47              StringBuffer actions = new StringBuffer(URLPermission.removeRegexpFromURI(uriWithQuery));
48              actions.append(',').append(request.getProtocol()).append(',').append(request.getMethod()).append("permission build from the user request");
49              URLPermission urlPermission = new URLPermission("permissionFromUser",actions.toString());
50              return urlPermission;
51     }
52     
53     private static String buildRequest(HttpServletRequest req) {
54  	
55         String uriWithQuery = null;
56         
57         String uri = req.getRequestURI();
58         String servletPath = req.getServletPath();
59         StringBuffer sb =new StringBuffer(uri.substring(uri.indexOf(servletPath)));
60          
61          if(req.getQueryString()!=null && req.getQueryString().length()>0){
62              sb.append("?");
63              sb.append(req.getQueryString());
64          }
65          uriWithQuery = sb.toString();
66          Matcher matcher = starPattern.matcher(uriWithQuery);
67          uriWithQuery = matcher.replaceAll(HttpPermissionFactory.DOUBLE_STAR);
68          logger.debug("uriWithQuery="+uriWithQuery);
69  		return uriWithQuery;
70  	}
71  }
72