} catch (Exception e) {
getLogger().error(".authorize(): No policy could be retrieved (" + e + "). Access denied (return false).");
return false;
}
Policy policy = new Policy(policyDoc, getLogger());
// Read action (read, write, publish, etc.)
String action = XPathAPI.selectSingleNode(policyDoc, "/ac/request/action/@name").getNodeValue(); //"read";
if (getLogger().isDebugEnabled()) {
getLogger().debug(".authorize(): action: " + action);
}
// Check permissions
if (policy.authorizeWorld(action)) {
return true;
}
if (policy.authorizeMachine(action, remoteAddress)) {
return true;
}
Session session = request.getSession(true);
if (session == null) {
getLogger().error(".authorize(): No session object");
return false;
}
// Needs to be here after authorizeMachine() check, else every component (XPSAssembler) must be wrapped by a proxy!
String authenticator_type = (String) session.getAttribute("org.apache.lenya.cms.cocoon.acting.Authenticator.id");
if (!this.authenticator_type.equals(authenticator_type)) {
if (authenticator_type == null) {
getLogger().warn(".authorize(): No authenticator yet");
} else {
getLogger().warn(".authorize(): Authenticators do not match: " + authenticator_type + " (Authorizer's authenticator: " + this.authenticator_type + ")");
}
getLogger().warn(".authorize(): Permission denied");
return false;
}
Identity identity = (Identity) session.getAttribute("org.apache.lenya.cms.ac.Identity");
if (identity != null) {
if (policy.authorizeUser(action, identity.getUsername())) {
return true;
}
String[] groupname = identity.getGroupnames();
for (int i = 0; i < groupname.length; i++) {
if (policy.authorizeGroup(action, groupname[i])) {
return true;
}
}
}