using acegi Authz(JSP tag) in velocity template (w/ sample)

**tiepi** · Sep 22nd, 2005, 03:57 AM

When I try to use acegi at my recent project. I find that it's JSP tag prevent me from using velocity template in my project. After search the forum and read the JSP tag lib source code, I decided to build a POJO (Let's name it Authz) which can be usd in velocity templates.

This POJO should wraps the JSP Tag implements because I hope the Authz can evolveup with Acegi JSP tag.

here is the AuthenticationTag's counterpart:

Code:

$authz.getPrincipal&#40;&#41;

here is the AclTag's counterpart:

Code:

#if &#40;$authz.hasPermission&#40;$domainObject, $permissions&#41;&#41;
#end

here is the AuthorizeTag

Code:

#if &#40;$authz.allGranted&#40;"ROLE_DIRECTOR"&#41;&&
$authz.anyGranted&#40;"ROLE_TELLER"&#41;&&
$authz.noneGranted&#40;"ROLE_CUSTOMER"&#41;&#41;
...
#end

I define Authz interface for this POJO. And I also have a AuthzImpl implementation which do the actually job.

If this post got enough support (>10) or acegi developer think this is a good idea. I will contribute my code to acegi (although I don't know how to do that.)

Code:

package net.sf.acegisecurity.velocitytool;

import org.springframework.context.ApplicationContext;

import net.sf.acegisecurity.acl.AclManager;


/**
 * Wrapper the implementation of Acegi Security for Spring JSP tag
 * includes&#58; &#123;@link AuthenticationTag&#125;, &#123;@link AclTag&#125;,
 * &#123;@link AuthorizeTag&#125;
 *
 * @author tiepi
 * @version $Id&#58; Authz,v 1.2 2005/09/22 16&#58;09&#58;03 wangq Exp $
 *
 */
public interface Authz &#123;
    /**
     * return the principal's name, supports the various type of principals that
     * can exist in the &#123;@link Authentication&#125; object, such as a String or
     * &#123;@link UserDetails&#125; instance
     *
     * @return string representation of principal's name
     */
    public String getPrincipal&#40;&#41;;

    /**
     * return true if the principal holds either permission specified for the provided
     * domain object
     *
    * <P>
    * Only works with permissions that are subclasses of &#123;@link
    * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry&#125;.
    * </p>
    *
    * <p>
    * For this class to operate it must be able to access the application context
    * via the <code>WebApplicationContextUtils</code> and locate an &#123;@link
    * AclManager&#125;.
    * </p>
    * @param domainObject - domain object need acl control
    * @param permissions - comma separate integer permissions
    * @return got acl permission &#40;true|false&#41;
    */
    public boolean hasPermission&#40;Object domainObject, String permissions&#41;;
    
    /**
     * all the listed roles must be granted to return true, otherwise fasle;
     * @param roles - comma separate GrantedAuthoritys
     * @return granted &#40;true|false&#41;
     */
    public boolean allGranted&#40;String roles&#41;;
    
    /**
     * any the listed roles must be granted to return true, otherwise fasle;
     * @param roles - comma separate GrantedAuthoritys
     * @return granted &#40;true|false&#41;
     */
    public boolean anyGranted&#40;String roles&#41;;
    
    /**
     * none the listed roles must be granted to return true, otherwise fasle;
     * @param roles - comma separate GrantedAuthoritys
     * @return granted &#40;true|false&#41;
     */
    public boolean noneGranted&#40;String roles&#41;;
    
    /**
     * get Spring application context which contains acegi related bean
     */
    public void setAppCtx&#40;ApplicationContext appCtx&#41;;
    
    /**
     * set Spring application context which contains acegi related bean
     */
    public ApplicationContext getAppCtx&#40;&#41;;
&#125;

**Ben Alex** · Sep 23rd, 2005, 07:09 PM

Please post your contribution to JIRA at http://opensource.atlassian.com/proj....jspa?id=10040 and we'll take a closer look. People can also vote/comment on it there. Do you have unit tests? We need all code in CVS to have unit tests, otherwise it will need to be put in the sandbox.

**tiepi** · Sep 25th, 2005, 10:21 AM

You will see it soon on JIRA. While I am a newbie for JIRA and can't find place to upload my code and unit test. I will try to post the Authz implementation first. The unit test will be post soon.

**tiepi** · Sep 25th, 2005, 10:25 PM

Finally upload the code to JIRA. But I have to say sorry for the Issue content. Next time, it will be better.

Please see SEC-58, within it (velocitytool.rar) is the interface/implementation and unit test.

**Ben Alex** · Oct 10th, 2005, 05:07 PM

Thanks.

**fsamir** · Dec 1st, 2005, 07:30 AM

Hi Guys,

I'm very interested in to use this wrapper in my application. Could you please, tell me where I can find more documentantion about that?

Other documentation about how to verify Acegi roles in the Velocity will be helpfull.

Thanks,

**Ben Alex** · Dec 2nd, 2005, 07:04 AM

Franklin, have you looked in CVS? It now contains the code as well as unit tests that show how it works. Any contributions for the reference guide would be welcome.

**Billie** · Apr 29th, 2006, 05:25 AM

Should it do something to invoke $authz.getPrincipal() in *.vm?
Where is the $authz initialized?

**fsamir** · Apr 29th, 2006, 08:46 AM

This is my vm.

Code:

...
#if( $_auth.isUserInRole("ROLE_ADMIN") )
bla bla
#end
...

You can see this file at:
https://jnuke.dev.java.net/source/br...34&view=markup

The object "_auth" is being added to the velocity context by an interceptor:
https://jnuke.dev.java.net/source/br...&view=m arkup

Basically I'm intercepting all ModelAndView and in this interceptor I'm adding the needed objects to build the GUI, like follow:

Code:

public static void buildVelocityModelAndView(ModelAndView mav, HttpServletRequest request, HttpServletResponse response) {
	//public static void buildVelocityModelAndView(ModelAndView mav, ServletRequest request, ServletResponse response) {
        synchronized (mav) {
            mav.addObject("base", request.getContextPath());
            mav.addObject("req", request);
            mav.addObject("res", response);
            mav.addObject("_theme", ThemesViewHelper.getInstance().getCurrentTheme());
            mav.addObject("_auth", AuthManager.getInstance());
            mav.addObject("contextPath", request.getContextPath());
                                       
            if(request.getParameter("message") != null)
                mav.addObject("message", request.getParameter("message"));            
            
        }
    }

The usefull code of the AuthManager is:

Code:

public boolean isUserInRole(String role) {
        Authentication auth = getAuthentication();
        if (auth == null)
            return false;
        for (int i = 0; i < auth.getAuthorities().length; i++) {
            if (auth.getAuthorities()[i].getAuthority().equals(role) )
                return true;
        }
        return false;
    }

You can see that at:
https://jnuke.dev.java.net/source/br....2&view=markup

Probably this is not the best way to do that. If anyone has a better suggestion, please let me know.

**mohankhilariwal** · Sep 5th, 2006, 06:50 AM

Hi All,

I think it was not required to do all that stuff. As you can dynamically get the roles of the user logged in .Sprign and Acegi supports the dynamic loading.
e.g I am using the freemarker and I want to populate the roles for a user from a xml file dynamically. I have defined the Roles as key for the Data (HashMap) to be viewed in the ftl and just used the below syntex:

[#if Roles?exists]
[@auth.authorize IfAllGranted="${Roles}"]

to your stuff

[/@authz]
[/#if]

Regards
Mohan

Thread: using acegi Authz(JSP tag) in velocity template (w/ sample)

Thread Tools

Display

using acegi Authz(JSP tag) in velocity template (w/ sample)

No need to do all that stuff

Similar Threads

Velocity Template Location

How to sto stop bind macro showing in Velocity template.

FreeMarker vs Velocity

I am new to ACEGI ,can any one send me a sample application?

Velocity & Acegi

Posting Permissions