/**
* Copyright (c) 2009 Juwi MacMillan Group GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.juwimm.cms.cocoon.selection;
import java.util.*;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.thread.ThreadSafe;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.selection.Selector;
import org.apache.cocoon.webapps.authentication.components.DefaultAuthenticationManager;
import org.apache.cocoon.webapps.authentication.user.UserState;
import org.apache.log4j.Logger;
import org.tizzit.util.XercesHelper;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Node;
/**
*
* @author <a href="sascha.kulawik@juwimm.com">Sascha-Matthias Kulawik</a>
* @version $Id$
*/
public class CmsSecurityRoleSelector extends AbstractLogEnabled implements ThreadSafe, Selector {
private static Logger log = Logger.getLogger(CmsSecurityRoleSelector.class);
private ArrayList<String> roles;
public boolean select(String expression, Map objectModel, Parameters parameters) {
String handlerName = parameters.getParameter("handler", null);
String strRoles = expression;
if (log.isDebugEnabled()) log.debug("Testing: " + strRoles + " in Handler " + handlerName);
if (strRoles != null) {
roles = new ArrayList<String>();
StringTokenizer st = new StringTokenizer(strRoles, ",");
while (st.hasMoreTokens()) {
roles.add(st.nextToken());
}
} else {
getLogger().warn("No attribute name given -- failing.");
return false;
}
boolean retVal = true;
Object value = ObjectModelHelper.getRequest(objectModel).getSession().getAttribute(DefaultAuthenticationManager.SESSION_ATTRIBUTE_USER_STATUS);
UserState userState = (UserState) value;
try {
DocumentFragment doc = userState.getHandler(handlerName).getContext().getXML("/authentication/roles");
Iterator it = roles.iterator();
while (it.hasNext()) {
String role = (String) it.next();
String xpath = "";
if (role.startsWith("unit_") || role.startsWith("site_") || role.startsWith("group_")
|| role.startsWith("role_")) {
xpath = "//role[starts-with(text(), '" + role + "')]";
} else if (role.toUpperCase().startsWith("ROLEISSUBSTRINGOF:")) {
// this does not work with Jaxen...
String searchRole = role.substring(18);
xpath = "//role[starts-with('" + searchRole + "', text())]";
if (log.isDebugEnabled()) log.debug("xpathquery: " + xpath);
if (log.isDebugEnabled()) log.debug(XercesHelper.node2string(doc));
} else {
xpath = "//role[text()='" + role + "']";
}
Node nde = XercesHelper.findNode(doc, xpath);
// Node nde = org.apache.xpath.XPathAPI.selectSingleNode(doc, xpath);
if (nde == null) {
if (log.isDebugEnabled()) log.debug("Could not find role: " + role);
retVal = false;
break;
}
}
} catch (Exception exe) {
retVal = false;
}
return retVal;
}
}