01 package de.java2html.plugin.jspwiki;
02
03 import java.net.URL;
04
05 import com.ecyrd.jspwiki.WikiContext;
06 import com.ecyrd.jspwiki.attachment.Attachment;
07 import com.ecyrd.jspwiki.attachment.AttachmentManager;
08 import com.ecyrd.jspwiki.plugin.PluginException;
09 import com.ecyrd.jspwiki.providers.ProviderException;
10
11 /**
12 * @author Markus Gebhard
13 */
14 public class PluginSecurityManager {
15 private static final String FILE_URL_PROPERTY = "de.java2html.file.url.enabled";
16 private static final String HTTP_URL_PROPERTY = "de.java2html.http.url.enabled";
17
18 private WikiContext context;
19
20 public PluginSecurityManager(WikiContext context) {
21 this.context = context;
22 }
23
24 public void checkUrlAccessEnabled(URL url) throws PluginException {
25 if ("file".equals(url.getProtocol())) {
26 if (!isPropertySetTrue(context, FILE_URL_PROPERTY)) {
27 throw new PluginException(
28 "File URLs are disabled in this Wiki (property '" + FILE_URL_PROPERTY + "' is not set to true).");
29 }
30 }
31 else if ("http".equals(url.getProtocol())) {
32 if (!isPropertySetTrue(context, HTTP_URL_PROPERTY)) {
33 throw new PluginException(
34 "Http URLs are disabled in this Wiki (property '" + HTTP_URL_PROPERTY + "' is not set to true).");
35 }
36 }
37 else {
38 throw new PluginException("Unsupported protocol: '" + url.getProtocol() + "'");
39 }
40 }
41
42 private boolean isPropertySetTrue(WikiContext context, String key) {
43 final Object value = context.getEngine().getWikiProperties().get(key);
44 return value != null && "true".equals(value);
45 }
46
47 public void checkValidAttachmentUrlPart(String attachment) throws PluginException {
48 final AttachmentManager attachmentManager = context.getEngine().getAttachmentManager();
49 if (!attachmentManager.attachmentsEnabled()) {
50 throw new PluginException("Attachments are not enabled in this Wiki.");
51 }
52 if (!attachmentManager.hasAttachments(context.getPage())) {
53 throw new PluginException("The current page does not have any attachments.");
54 }
55 Attachment attachmentInfo = null;
56 try {
57 attachmentInfo = attachmentManager.getAttachmentInfo(context, attachment);
58 }
59 catch (final ProviderException e) {
60 throw new PluginException("The current page does not have an attachment '" + attachment + "'");
61 }
62 if (attachmentInfo == null) {
63 throw new PluginException("The current page does not have an attachment '" + attachment + "'");
64 }
65 }
66 }
|