Source code

001/*
002 *  Copyright 2012 Anyware Services
003 *
004 *  Licensed under the Apache License, Version 2.0 (the "License");
005 *  you may not use this file except in compliance with the License.
006 *  You may obtain a copy of the License at
007 *
008 *      http://www.apache.org/licenses/LICENSE-2.0
009 *
010 *  Unless required by applicable law or agreed to in writing, software
011 *  distributed under the License is distributed on an "AS IS" BASIS,
012 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 *  See the License for the specific language governing permissions and
014 *  limitations under the License.
015 */
016
017package org.ametys.web;
018
019import java.util.Map;
020
021import org.apache.avalon.framework.parameters.Parameters;
022import org.apache.avalon.framework.service.ServiceException;
023import org.apache.avalon.framework.service.ServiceManager;
024import org.apache.avalon.framework.service.Serviceable;
025import org.apache.avalon.framework.thread.ThreadSafe;
026import org.apache.cocoon.ResourceNotFoundException;
027import org.apache.cocoon.acting.AbstractAction;
028import org.apache.cocoon.environment.ObjectModelHelper;
029import org.apache.cocoon.environment.Redirector;
030import org.apache.cocoon.environment.Request;
031import org.apache.cocoon.environment.SourceResolver;
032
033import org.ametys.web.renderingcontext.RenderingContext;
034import org.ametys.web.renderingcontext.RenderingContextHandler;
035
036/**
037 * Used to protect back-office only pipelines.
038 * If the current {@link RenderingContext} is "front", an exception is thrown.
039 */
040public class CheckNotFrontAction extends AbstractAction implements Serviceable, ThreadSafe
041{
042    /**
043     * Request attribute to check if a request from front can go thru this check
044     */
045    public static final String CAN_COME_FROM_FRONT_ATTRIBUTE = "can-come-from-front";
046    private RenderingContextHandler _renderingContextHandler;
047    
048    @Override
049    public void service(ServiceManager manager) throws ServiceException
050    {
051        _renderingContextHandler = (RenderingContextHandler) manager.lookup(RenderingContextHandler.ROLE);
052    }
053    
054    @Override
055    public Map act(Redirector redirector, SourceResolver resolver, Map objectModel, String source, Parameters parameters) throws Exception
056    {
057        RenderingContext context = _renderingContextHandler.getRenderingContext();
058        
059        Request request = ObjectModelHelper.getRequest(objectModel);
060        
061        Boolean hasFrontAccess = (Boolean) request.getAttribute(CAN_COME_FROM_FRONT_ATTRIBUTE);
062        
063        if ((hasFrontAccess == null || !hasFrontAccess) && context == RenderingContext.FRONT)
064        {
065            throw new ResourceNotFoundException("Access denied to '" + ObjectModelHelper.getRequest(objectModel).getSitemapURI() + "' when coming from front-office.");
066        }
067        
068        return EMPTY_MAP;
069    }
070}