/* * Copyright 2005 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.wamblee.security.tapestry; import java.security.AccessController; import javax.security.auth.Subject; import org.apache.log4j.Logger; import org.apache.tapestry.event.PageEvent; import org.apache.tapestry.event.PageValidateListener; import org.apache.tapestry.html.BasePage; import org.wamblee.general.BeanFactory; import org.wamblee.general.BeanKernel; import org.wamblee.security.authorization.AuthorizationService; import org.wamblee.security.authorization.ReadOperation; /** * Base class for pages that require a user to be authenticated for the * page to be viewed. */ public class ProtectedPage extends BasePage implements PageValidateListener { private static final Logger LOGGER = Logger.getLogger(ProtectedPage.class); private AuthorizationService _service; /** * Validates if a user is authenticated. */ public void pageValidate(PageEvent aPageEvent) { Subject subject = Subject.getSubject(AccessController.getContext()); if ( subject == null ) { throw new RuntimeException("User not logged in, security not configured correctly, or there is a programming error."); } BeanFactory factory = BeanKernel.getBeanFactory(); // Check whether we have access to the current page. _service = factory.find(AuthorizationService.class); if ( !_service.isAllowed(this, new ReadOperation())) { throw new RuntimeException("Access denied to '" + getPageName() + "' for '" + subject + "'"); } } }