You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by ev...@apache.org on 2007/02/28 16:02:57 UTC
svn commit: r512790 - in
/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action:
./ admin/ notifier/
Author: evenisse
Date: Wed Feb 28 07:02:56 2007
New Revision: 512790
URL: http://svn.apache.org/viewvc?view=rev&rev=512790
Log:
Fix some security issues.
Modified:
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AddMavenProjectAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigurationAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddGroupNotifierAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddProjectNotifierAction.java
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AddMavenProjectAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AddMavenProjectAction.java?view=diff&rev=512790&r1=512789&r2=512790
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AddMavenProjectAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AddMavenProjectAction.java Wed Feb 28 07:02:56 2007
@@ -169,7 +169,13 @@
boolean checkProtocol )
throws ContinuumException;
+ // TODO: Remove this method because a default method return SUCCESS instead of INPUT
public String doDefault()
+ {
+ return doInput();
+ }
+
+ public String doInput()
{
try
{
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java?view=diff&rev=512790&r1=512789&r2=512790
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/BuildDefinitionAction.java Wed Feb 28 07:02:56 2007
@@ -37,13 +37,11 @@
*
* @author Jesse McConnell <jm...@apache.org>
* @version $Id$
- * @plexus.component role="com.opensymphony.xwork.Action"
- * role-hint="buildDefinition"
+ * @plexus.component role="com.opensymphony.xwork.Action" role-hint="buildDefinition"
*/
public class BuildDefinitionAction
extends ContinuumConfirmAction
{
-
private int buildDefinitionId;
private int projectId;
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java?view=diff&rev=512790&r1=512789&r2=512790
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/ContinuumActionSupport.java Wed Feb 28 07:02:56 2007
@@ -93,7 +93,7 @@
protected void checkAuthorization( String role )
throws AuthorizationRequiredException
{
- checkAuthorization( role, null );
+ checkAuthorization( role, null, false );
}
/**
@@ -106,6 +106,20 @@
protected void checkAuthorization( String role, String resource )
throws AuthorizationRequiredException
{
+ checkAuthorization( role, resource, true );
+ }
+
+ /**
+ * Check if the current user is authorized to do the action
+ *
+ * @param role the role
+ * @param resource the operation resource
+ * @param requiredResource true if resource can't be null
+ * @throws AuthorizationRequiredException if the user isn't authorized
+ */
+ protected void checkAuthorization( String role, String resource, boolean requiredResource )
+ throws AuthorizationRequiredException
+ {
try
{
if ( resource != null && StringUtils.isNotEmpty( resource.trim() ) )
@@ -117,7 +131,7 @@
}
else
{
- if ( !getSecuritySystem().isAuthorized( getSecuritySession(), role ) )
+ if ( requiredResource || !getSecuritySystem().isAuthorized( getSecuritySession(), role ) )
{
throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigurationAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigurationAction.java?view=diff&rev=512790&r1=512789&r2=512790
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigurationAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigurationAction.java Wed Feb 28 07:02:56 2007
@@ -45,7 +45,6 @@
extends ContinuumActionSupport
implements Preparable, SecureAction
{
-
/**
* @plexus.requirement
*/
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java?view=diff&rev=512790&r1=512789&r2=512790
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java Wed Feb 28 07:02:56 2007
@@ -89,6 +89,27 @@
return SUCCESS;
}
+ public String doInput()
+ throws IOException, RegistryException
+ {
+ try
+ {
+ checkManageConfigurationAuthorization();
+ }
+ catch ( AuthorizationRequiredException authzE )
+ {
+ addActionError( authzE.getMessage() );
+ return REQUIRES_AUTHORIZATION;
+ }
+ catch ( AuthenticationRequiredException e )
+ {
+ addActionError( e.getMessage() );
+ return REQUIRES_AUTHENTICATION;
+ }
+
+ return INPUT;
+ }
+
public Object getModel()
{
return configuration;
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java?view=diff&rev=512790&r1=512789&r2=512790
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java Wed Feb 28 07:02:56 2007
@@ -97,6 +97,26 @@
return SUCCESS;
}
+ public String doInput()
+ {
+ try
+ {
+ checkManageConfigurationAuthorization();
+ }
+ catch ( AuthorizationRequiredException authzE )
+ {
+ addActionError( authzE.getMessage() );
+ return REQUIRES_AUTHORIZATION;
+ }
+ catch ( AuthenticationRequiredException e )
+ {
+ addActionError( e.getMessage() );
+ return REQUIRES_AUTHENTICATION;
+ }
+
+ return INPUT;
+ }
+
public Object getModel()
{
return companyModel;
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddGroupNotifierAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddGroupNotifierAction.java?view=diff&rev=512790&r1=512789&r2=512790
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddGroupNotifierAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddGroupNotifierAction.java Wed Feb 28 07:02:56 2007
@@ -75,7 +75,14 @@
return notifierType + "_" + INPUT;
}
+ // TODO: Remove this method because a default method return SUCCESS instead of INPUT
public String doDefault()
+ throws ContinuumException
+ {
+ return doInput();
+ }
+
+ public String doInput()
throws ContinuumException
{
try
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddProjectNotifierAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddProjectNotifierAction.java?view=diff&rev=512790&r1=512789&r2=512790
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddProjectNotifierAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/notifier/AddProjectNotifierAction.java Wed Feb 28 07:02:56 2007
@@ -83,10 +83,14 @@
return notifierType + "_" + INPUT;
}
- /**
- * TODO: document!
- */
+ // TODO: Remove this method because a default method return SUCCESS instead of INPUT
public String doDefault()
+ throws ContinuumException
+ {
+ return doInput();
+ }
+
+ public String doInput()
throws ContinuumException
{
try