/*
* Copyright 2004-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.faces.security;
import javax.el.ValueExpression;
import javax.faces.context.FacesContext;
import javax.faces.view.facelets.FaceletContext;
import javax.faces.view.facelets.TagAttribute;
import javax.faces.view.facelets.TagHandler;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.springframework.security.taglibs.authz.AbstractAuthorizeTag;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
/**
* A concrete implementation of {@link AbstractAuthorizeTag} for use with standard Facelets rendering technology.
*
* @author Rossen Stoyanchev
* @since 2.2.0
*/
public class FaceletsAuthorizeTag extends AbstractAuthorizeTag {
/**
* A class constructor for use in a {@link TagHandler}. Accepts all possible tag attributes as {@link TagAttribute}
* instances. The constructor extracts the attribute values by evaluating them as Unified EL expressions. This
* excludes the access attribute, which is expected to be a Spring EL expression.
*
* @param faceletContext the current FaceletContext
* @param access the access attribute or null
* @param url the url attribute or null
* @param method the method attribute or null
* @param ifAllGranted the ifAllGranted attribute or null
* @param ifAnyGranted the ifAnyGranted attribute or null
* @param ifNotGranted the ifNotGranted attribute or null
*/
public FaceletsAuthorizeTag(FaceletContext faceletContext, TagAttribute access, TagAttribute url,
TagAttribute method, TagAttribute ifAllGranted, TagAttribute ifAnyGranted, TagAttribute ifNotGranted) {
setAccess(getAttributeValue(faceletContext, access, false));
setUrl(getAttributeValue(faceletContext, url, true));
setMethod(getAttributeValue(faceletContext, method, true));
setIfAllGranted(getAttributeValue(faceletContext, ifAllGranted, true));
setIfAnyGranted(getAttributeValue(faceletContext, ifAnyGranted, true));
setIfNotGranted(getAttributeValue(faceletContext, ifNotGranted, true));
}
/**
* A default constructor. Callers of this constructor are responsible for setting one or more of the tag attributes
* in {@link AbstractAuthorizeTag}.
*/
public FaceletsAuthorizeTag() {
}
protected ServletRequest getRequest() {
return (ServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
}
protected ServletResponse getResponse() {
return (ServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
}
protected ServletContext getServletContext() {
return (ServletContext) FacesContext.getCurrentInstance().getExternalContext().getContext();
}
void setIfAllGranted(String ifAllGranted) {
String[] roles = StringUtils.tokenizeToStringArray(ifAllGranted, ",");
if (!ObjectUtils.isEmpty(roles)) {
String expression = toHasRoleExpression(roles);
setAccess(getAccess() != null ? getAccess() + " and " + expression: expression);
}
}
void setIfAnyGranted(String ifAnyGranted) {
String[] roles = StringUtils.tokenizeToStringArray(ifAnyGranted, ",");
if (!ObjectUtils.isEmpty(roles)) {
String expression = toHasAnyRoleExpression(roles, false);
setAccess(getAccess() != null ? getAccess() + " and " + expression: expression);
}
}
void setIfNotGranted(String ifNotGranted) {
String[] roles = StringUtils.tokenizeToStringArray(ifNotGranted, ",");
if (!ObjectUtils.isEmpty(roles)) {
String expression = toHasAnyRoleExpression(roles, true);
setAccess(getAccess() != null ? getAccess() + " and " + expression: expression);
}
}
private static String toHasRoleExpression(String[] roles) {
StringBuilder expression = new StringBuilder();
boolean insertSeparator = false;
for (String role : roles) {
expression.append(insertSeparator ? " and " : "");
expression.append("hasRole('").append(role).append("')");
insertSeparator = true;
}
return expression.toString();
}
private static String toHasAnyRoleExpression(String[] roles, boolean negate) {
StringBuilder expression = new StringBuilder();
expression.append(negate ? "!" : "");
expression.append("hasAnyRole(");
boolean insertSeparator = false;
for (String role : roles) {
expression.append(insertSeparator ? "," : "");
expression.append("'").append(role).append("'");
insertSeparator = true;
}
return expression.append(")").toString();
}
private String getAttributeValue(FaceletContext faceletContext, TagAttribute tagAttribute, boolean evaluate) {
String value = null;
if (tagAttribute != null) {
if (evaluate) {
ValueExpression expression = tagAttribute.getValueExpression(faceletContext, String.class);
value = (String) expression.getValue(faceletContext.getFacesContext().getELContext());
} else {
value = tagAttribute.getValue();
}
}
return value;
}
}