authenticationtag.java

acegi_secutity_1.6源码 最好用的安全认证框架

/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity.taglibs.authz;

import org.acegisecurity.Authentication;

import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;

import org.acegisecurity.userdetails.UserDetails;

import java.io.IOException;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;

import java.util.HashSet;
import java.util.Set;

import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;


/**
 * An {@link javax.servlet.jsp.tagext.Tag} implementation that allows convenient access to the current
 * <code>Authentication</code> object.<p>Whilst JSPs can access the <code>SecurityContext</code> directly, this tag
 * avoids handling <code>null</code> conditions. The tag also properly accommodates
 * <code>Authentication.getPrincipal()</code>, which can either be a <code>String</code> or a
 * <code>UserDetails</code>.</p>
 *
 * @author Ben Alex
 * @version $Id: AuthenticationTag.java 1784 2007-02-24 21:00:24Z luke_t $
 */
public class AuthenticationTag extends TagSupport {
    //~ Static fields/initializers =====================================================================================

    private static final Set methodPrefixValidOptions = new HashSet();

    static {
        methodPrefixValidOptions.add("get");
        methodPrefixValidOptions.add("is");
    }

    //~ Instance fields ================================================================================================

    private String methodPrefix = "get";
    private String operation = "";

    //~ Methods ========================================================================================================

    public int doStartTag() throws JspException {
        if ((null == operation) || "".equals(operation)) {
            return Tag.SKIP_BODY;
        }

        validateArguments();

        if ((SecurityContextHolder.getContext() == null)
            || !(SecurityContextHolder.getContext() instanceof SecurityContext)
            || (((SecurityContext) SecurityContextHolder.getContext()).getAuthentication() == null)) {
            return Tag.SKIP_BODY;
        }

        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        if (auth.getPrincipal() == null) {
            return Tag.SKIP_BODY;
        } else if (auth.getPrincipal() instanceof UserDetails) {
            writeMessage(invokeOperation(auth.getPrincipal()));

            return Tag.SKIP_BODY;
        } else {
            writeMessage(auth.getPrincipal().toString());

            return Tag.SKIP_BODY;
        }
    }

    public String getMethodPrefix() {
        return methodPrefix;
    }

    public String getOperation() {
        return operation;
    }

    protected String invokeOperation(Object obj) throws JspException {
        Class clazz = obj.getClass();
        String methodToInvoke = getOperation();
        StringBuffer methodName = new StringBuffer();
        methodName.append(getMethodPrefix());
        methodName.append(methodToInvoke.substring(0, 1).toUpperCase());
        methodName.append(methodToInvoke.substring(1));

        Method method = null;

        try {
            method = clazz.getMethod(methodName.toString(), (Class[]) null);
        } catch (SecurityException se) {
            throw new JspException(se);
        } catch (NoSuchMethodException nsme) {
            throw new JspException(nsme);
        }

        Object retVal = null;

        try {
            retVal = method.invoke(obj, (Object[]) null);
        } catch (IllegalArgumentException iae) {
            throw new JspException(iae);
        } catch (IllegalAccessException iae) {
            throw new JspException(iae);
        } catch (InvocationTargetException ite) {
            throw new JspException(ite);
        }

        if (retVal == null) {
            retVal = "";
        }

        return retVal.toString();
    }

    public void setMethodPrefix(String methodPrefix) {
        this.methodPrefix = methodPrefix;
    }

    public void setOperation(String operation) {
        this.operation = operation;
    }

    protected void validateArguments() throws JspException {
        if ((getMethodPrefix() != null) && !getMethodPrefix().equals("")) {
            if (!methodPrefixValidOptions.contains(getMethodPrefix())) {
                throw new JspException("Authorization tag : no valid method prefix available");
            }
        } else {
            throw new JspException("Authorization tag : no method prefix available");
        }
    }

    protected void writeMessage(String msg) throws JspException {
        try {
            pageContext.getOut().write(String.valueOf(msg));
        } catch (IOException ioe) {
            throw new JspException(ioe);
        }
    }
}