View Javadoc

1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.jsf;
29  
30  import java.util.HashMap;
31  import java.util.Map;
32  
33  import javax.faces.context.FacesContext;
34  import javax.faces.event.PhaseEvent;
35  import javax.faces.event.PhaseId;
36  import javax.faces.event.PhaseListener;
37  
38  import javax.portlet.PortletRequest;
39  
40  import javax.servlet.http.HttpServletRequest;
41  
42  import net.sf.jguard.core.CoreConstants;
43  import net.sf.jguard.core.PolicyEnforcementPoint;
44  import net.sf.jguard.core.PolicyEnforcementPointOptions;
45  import net.sf.jguard.core.authentication.AccessContext;
46  import net.sf.jguard.jee.provisioning.HttpServletProvisioningServicePoint;
47  import net.sf.jguard.jsf.authentication.JSFAuthenticationBindingsFactory;
48  import net.sf.jguard.jsf.authorization.JSFAuthorizationBindings;
49  import org.slf4j.Logger;
50  import org.slf4j.LoggerFactory;
51  
52  
53  /**
54   * JSF PhaseListener implementation to control in one unique point all access.
55   * this class do a bridge between JSF and jGuard and its PolicyEnforcementPoint.
56   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
57   *
58   */
59  public class AccessListener implements PhaseListener {
60  
61  	private static final long serialVersionUID = 2813722561916091752L;
62  	private static PolicyEnforcementPoint pep = null; 
63  	private static boolean initialized;
64  	public static final String LISTENER_CONFIGURATION_LOCATION = "listenerConfigurationLocation";
65  	public final static String FACES_CONTEXT="facesContext";
66  	
67          private static final Logger logger = LoggerFactory.getLogger(AccessListener.class.getName());
68          
69  	public void afterPhase(PhaseEvent event) {
70              logger.debug(" after phase "+event.getPhaseId());
71              if(PhaseId.RESTORE_VIEW==event.getPhaseId()||
72                 PhaseId.INVOKE_APPLICATION==event.getPhaseId()){
73                  AccessContext context = new AccessContext();
74                  context.setAttribute(FACES_CONTEXT, event.getFacesContext());
75                  ((PolicyEnforcementPoint)pep.clone()).process(context);
76              }
77  	}
78  
79  	public void beforePhase(PhaseEvent event) {
80              logger.debug(" before phase "+event.getPhaseId());
81              if(!initialized){
82                      initialize(event);
83                      initialized = true;
84              }
85  	}
86  	
87  	private static void initialize(PhaseEvent event) {
88  		FacesContext fc = event.getFacesContext();
89  		
90  		//init parameter is now in the context
91  		String authenticationBindingsFactoryImpl = fc.getExternalContext().getInitParameter(PolicyEnforcementPointOptions.AUTHENTICATION_BINDINGS_FACTORY.getLabel());
92  		if(authenticationBindingsFactoryImpl == null ||authenticationBindingsFactoryImpl.equals("")){
93  			authenticationBindingsFactoryImpl = JSFAuthenticationBindingsFactory.class.getName();
94  		}
95  		
96  		Map options = new HashMap<PolicyEnforcementPointOptions,String>();
97  		
98  		options.put(PolicyEnforcementPointOptions.AUTHENTICATION_BINDINGS_FACTORY,authenticationBindingsFactoryImpl);
99  		
100 		//init parameter is now in the context
101 		String filterConfigurationLocation = ExternalContextUtil.getContextPath(fc.getExternalContext(), fc.getExternalContext().getInitParameter(LISTENER_CONFIGURATION_LOCATION));
102 		options.put(PolicyEnforcementPointOptions.CONFIGURATION_LOCATION,filterConfigurationLocation);
103 		
104 		String authenticationScope = fc.getExternalContext().getInitParameter(PolicyEnforcementPointOptions.AUTHENTICATION_SCOPE.getLabel());
105 		if(authenticationScope==null || "".equals(authenticationScope)){
106 			authenticationScope = CoreConstants.LOCAL_SCOPE;
107 		}
108 		options.put(PolicyEnforcementPointOptions.AUTHENTICATION_SCOPE,authenticationScope);
109 		
110 		//PolicyDecisionPoint init parameters
111 		//init parameter is now in the external context
112 		String authorizationBindingsImpl = fc.getExternalContext().getInitParameter(PolicyEnforcementPointOptions.AUTHORIZATION_BINDINGS.getLabel());
113 		if(authorizationBindingsImpl == null ||authorizationBindingsImpl.equals("")){
114 			authorizationBindingsImpl = JSFAuthorizationBindings.class.getName();
115 		}
116 		options.put(PolicyEnforcementPointOptions.AUTHORIZATION_BINDINGS,authorizationBindingsImpl);
117 		
118 		
119         String applicationName = fc.getExternalContext().getInitParameter(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel());
120         if(applicationName==null || "".equals(applicationName)){
121             Object request = fc.getExternalContext().getRequest();
122            if(HttpServletRequest.class.isAssignableFrom(request.getClass())){
123                 applicationName = ((HttpServletRequest)request).getSession(true).getServletContext().getServletContextName();
124             }else if(PortletRequest.class.isAssignableFrom(request.getClass())){
125                 applicationName = ((PortletRequest)request).getPortletSession(true).getPortletContext().getPortletContextName();
126             }else{
127                 throw new RuntimeException(" applicationName is null or empty ");
128             }
129         }
130         options.put(PolicyEnforcementPointOptions.APPLICATION_NAME,applicationName);
131     
132         boolean propagateThrowableOption = false;
133         String propagateThrowable = fc.getExternalContext().getInitParameter(PolicyEnforcementPointOptions.PROPAGATE_THROWABLE.getLabel());
134         if(propagateThrowable != null &&!("").equals(propagateThrowable)){
135                 propagateThrowableOption = Boolean.parseBoolean(propagateThrowable);
136         }
137         options.put(PolicyEnforcementPointOptions.PROPAGATE_THROWABLE,Boolean.toString(propagateThrowableOption));
138 
139 		pep = new PolicyEnforcementPoint(authenticationBindingsFactoryImpl,options);
140 	}
141 
142     
143         /**
144          * we can select only one phase or all phases 
145          * and we want to be called after  the RESTORE_VIEW 
146          * and the INVOKE_APPLICATION phases.
147          * so we return ANY_PHASE and the selection will be done 
148          * in the afterPhase method.
149          * @ return PhaseId.ANY_PHASE
150          */
151 	public PhaseId getPhaseId() {
152             return PhaseId.ANY_PHASE; 
153 	}
154 
155 }