001    package org.tynamo.security;
002    
003    import java.io.IOException;
004    import java.util.List;
005    
006    import org.apache.tapestry5.services.ComponentClassResolver;
007    import org.apache.tapestry5.services.ComponentEventRequestParameters;
008    import org.apache.tapestry5.services.ComponentRequestFilter;
009    import org.apache.tapestry5.services.ComponentRequestHandler;
010    import org.apache.tapestry5.services.PageRenderRequestParameters;
011    
012    import org.tynamo.shiro.extension.authz.aop.SecurityInterceptor;
013    import org.tynamo.security.services.ClassInterceptorsCache;
014    import org.tynamo.security.services.PageService;
015    
016    public class SecurityComponentRequestFilter implements ComponentRequestFilter {
017    
018            private final ComponentClassResolver resolver;
019            private final ClassInterceptorsCache classInterceptorsCache;
020            private final String loginClassName;
021            private final String unauthorizedClassName;
022            
023            
024            public SecurityComponentRequestFilter(PageService pageService,
025                            ComponentClassResolver resolver,
026                            ClassInterceptorsCache classInterceptorsCache) {
027                    
028                    this.resolver = resolver;
029                    this.classInterceptorsCache = classInterceptorsCache;
030                    
031                    loginClassName = resolver.resolvePageNameToClassName(pageService.getLoginPage());
032                    unauthorizedClassName = resolver.resolvePageNameToClassName(pageService.getUnauthorizedPage());
033                    
034            }
035    
036            @Override
037            public void handleComponentEvent(
038                            ComponentEventRequestParameters parameters,
039                            ComponentRequestHandler handler) throws IOException {
040                    
041                    checkInternal(parameters.getActivePageName());
042                    handler.handleComponentEvent(parameters);
043            }
044    
045            @Override
046            public void handlePageRender(PageRenderRequestParameters parameters,
047                            ComponentRequestHandler handler) throws IOException {
048                    
049                    checkInternal(parameters.getLogicalPageName());
050                    handler.handlePageRender(parameters);   
051            }
052    
053            private void checkInternal(String logicalPageName) {
054    
055                    String pageClassName = resolver.resolvePageNameToClassName(logicalPageName);
056                    if (
057                            !(pageClassName.equals(loginClassName) ||
058                              pageClassName.equals(unauthorizedClassName))
059                                            
060                    ) {
061                            
062                            String className = resolver.resolvePageNameToClassName(logicalPageName);
063                            
064                            List<SecurityInterceptor> interceptors = classInterceptorsCache.get(className);
065                            
066                            if (interceptors != null) {
067                                    for (SecurityInterceptor interceptor : interceptors) {
068                                            interceptor.intercept();
069                                    }
070                            }
071                            
072                    }                       
073            }
074    }