1 package org.codehaus.redback.integration.taglib.jsp;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import org.apache.archiva.redback.authorization.AuthorizationException;
23 import org.codehaus.plexus.redback.system.SecuritySession;
24 import org.codehaus.plexus.redback.system.SecuritySystem;
25 import org.codehaus.plexus.redback.system.SecuritySystemConstants;
26 import org.springframework.context.ApplicationContext;
27 import org.springframework.web.context.support.WebApplicationContextUtils;
29 import javax.servlet.jsp.JspTagException;
30 import javax.servlet.jsp.jstl.core.ConditionalTagSupport;
31 import java.util.StringTokenizer;
36 * @author Jesse McConnell <jesse@codehaus.org>
39 public class IfAnyAuthorizedTag
40 extends ConditionalTagSupport
43 * comma delimited list of permissions to check
45 private String permissions;
47 private String resource;
49 public void setPermissions( String permissions )
51 this.permissions = permissions;
54 public void setResource( String resource )
56 this.resource = resource;
59 protected boolean condition()
60 throws JspTagException
62 ApplicationContext applicationContext =
63 WebApplicationContextUtils.getRequiredWebApplicationContext( pageContext.getServletContext() );
65 SecuritySession securitySession =
66 (SecuritySession) pageContext.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY );
70 final SecuritySystem securitySystem = applicationContext.getBean( "securitySystem", SecuritySystem.class );
71 if ( securitySystem == null )
73 throw new JspTagException( "unable to locate the security system" );
76 StringTokenizer strtok = new StringTokenizer( permissions, "," );
78 while ( strtok.hasMoreTokens() )
80 String permission = strtok.nextToken().trim();
82 if ( securitySystem.isAuthorized( securitySession, permission, resource ) )
88 catch ( AuthorizationException ae )
90 throw new JspTagException( "error with authorization", ae );