You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2001/06/11 09:09:04 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security RoleBrowserAction.java RoleUpdateAction.java UserBrowserAction.java UserUpdateAction.java
taylor 01/06/11 00:09:04
Added: src/java/org/apache/jetspeed/modules/actions/portlets/security
RoleBrowserAction.java RoleUpdateAction.java
UserBrowserAction.java UserUpdateAction.java
Log:
new security actions for filling context and performing update, insert and delete actions on users and roles. (not completed)
Revision Changes Path
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java
Index: RoleBrowserAction.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.modules.actions.portlets.security;
import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.om.newregistry.RegistryEntry;
// Turbine stuff
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.turbine.om.security.Role;
import org.apache.turbine.util.security.RoleSet;
import org.apache.turbine.util.db.Criteria;
import org.apache.turbine.util.security.DataBackendException;
// Velocity Stuff
import org.apache.velocity.context.Context;
import java.util.Vector;
import java.util.Iterator;
/**
* This action sets up the template context for browsing of security roles in the Turbine database.
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class RoleBrowserAction extends VelocityPortletAction
{
/**
* Subclasses should override this method if they wish to
* build specific content when maximized. Default behavior is
* to do the same as normal content.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Subclasses should override this method if they wish to
* provide their own customization behavior.
* Default is to use Portal base customizer action
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
setTemplate(rundata, "role-browser.vm");
}
/**
* Subclasses must override this method to provide default behavior
* for the portlet action
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
try
{
Criteria criteria = new Criteria();
RoleSet roles = JetspeedSecurity.getRoles(criteria);
context.put("roles", roles.getRolesArray());
}
catch (DataBackendException e)
{
rundata.setMessage("Error in Jetspeed Role Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
public void doUpdate(RunData data, Context context)
{
}
}
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java
Index: RoleUpdateAction.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.modules.actions.portlets.security;
import java.util.Vector;
import java.util.Iterator;
import java.util.Date;
import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.om.newregistry.RegistryEntry;
// Turbine stuff
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
import org.apache.turbine.modules.ActionLoader;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.User;
import org.apache.turbine.util.db.Criteria;
import org.apache.turbine.util.security.DataBackendException;
import org.apache.turbine.util.security.EntityExistsException;
import org.apache.turbine.util.security.UnknownEntityException;
// Velocity Stuff
import org.apache.velocity.context.Context;
/**
* This action sets up the template context for editing security roles in the Turbine database.
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class RoleUpdateAction extends VelocityPortletAction
{
/**
* Subclasses should override this method if they wish to
* build specific content when maximized. Default behavior is
* to do the same as normal content.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Subclasses should override this method if they wish to
* provide their own customization behavior.
* Default is to use Portal base customizer action
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
setTemplate(rundata, "role-form.vm");
}
/**
* Subclasses must override this method to provide default behavior
* for the portlet action
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
try
{
Role role = null;
/*
* Grab the mode for the user form.
*/
String mode = rundata.getParameters().getString("mode");
if (mode.equals("modify") || mode.equals("delete"))
{
String rolename = rundata.getParameters().getString("rolename");
role = JetspeedSecurity.getRole(rolename);
context.put("role", role);
}
context.put("mode", mode);
}
catch (Exception e)
{
rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
public void doInsert(RunData rundata, Context context)
throws Exception
{
//Role role = new Role();
Role role = JetspeedSecurity.getNewRole(null);
rundata.getParameters().setProperties(role);
String name = rundata.getParameters().getString("rolename");
try
{
JetspeedSecurity.addRole(role);
// bring user back to browser
// FIXME: this doesn't work
ActionLoader.getInstance().exec( rundata, "portlets.security.RoleBrowserAction" );
}
catch (EntityExistsException eee)
{
context.put("rolename", name);
// TODO: handle these errors
context.put("errorTemplate", "/screens/role/FluxRoleAlreadyExists.vm");
context.put("role", role);
/*
* We are still in insert mode. So keep this
* value alive.
*/
rundata.getParameters().add("mode", "insert");
setTemplate(rundata, "/role/FluxRoleForm.vm");
}
}
/**
* ActionEvent responsible updating a user
* in the Tambora system. Must check the input
* for integrity before allowing the user info
* to be update in the database.
*/
public void doUpdate(RunData rundata, Context context)
throws Exception
{
Role role = JetspeedSecurity.getRole(
rundata.getParameters().getString("rolename"));
rundata.getParameters().setProperties(role);
try
{
JetspeedSecurity.saveRole(role);
}
catch (UnknownEntityException uee)
{
/*
* Should do something here but I still
* think we should use the an id so that
* this can't happen.
*/
}
// bring user back to browser
// FIXME: this doesn't work
ActionLoader.getInstance().exec( rundata, "portlets.security.RoleBrowserAction" );
}
/**
* ActionEvent responsible for removing a user
* from the Tambora system.
*/
public void doDelete(RunData rundata, Context context)
throws Exception
{
Role role = JetspeedSecurity.getRole(
rundata.getParameters().getString("rolename"));
try
{
JetspeedSecurity.removeRole(role);
}
catch (UnknownEntityException uee)
{
/*
* Should do something here but I still
* think we should use the an id so that
* this can't happen.
*/
}
// bring user back to browser
// FIXME: this doesn't work
ActionLoader.getInstance().exec( rundata, "portlets.security.RoleBrowserAction" );
}
}
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserBrowserAction.java
Index: UserBrowserAction.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.modules.actions.portlets.security;
import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.om.newregistry.RegistryEntry;
// Turbine stuff
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.turbine.om.security.User;
import org.apache.turbine.util.db.Criteria;
import org.apache.turbine.util.security.DataBackendException;
// Velocity Stuff
import org.apache.velocity.context.Context;
import java.util.Vector;
import java.util.Iterator;
/**
* This action sets up the template context for browsing of users in the Turbine database.
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class UserBrowserAction extends VelocityPortletAction
{
/**
* Subclasses should override this method if they wish to
* build specific content when maximized. Default behavior is
* to do the same as normal content.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Subclasses should override this method if they wish to
* provide their own customization behavior.
* Default is to use Portal base customizer action
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
setTemplate(rundata, "user-browser.vm");
}
/**
* Subclasses must override this method to provide default behavior
* for the portlet action
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
try
{
Criteria criteria = new Criteria();
User[] users = JetspeedSecurity.getUsers(criteria);
context.put("users", users);
}
catch (DataBackendException e)
{
rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
public void doUpdate(RunData data, Context context)
{
}
}
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java
Index: UserUpdateAction.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.modules.actions.portlets.security;
import java.util.Vector;
import java.util.Iterator;
import java.util.Date;
import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.om.newregistry.RegistryEntry;
// Turbine stuff
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
import org.apache.turbine.modules.ActionLoader;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.turbine.om.security.User;
import org.apache.turbine.util.db.Criteria;
import org.apache.turbine.util.security.DataBackendException;
// Velocity Stuff
import org.apache.velocity.context.Context;
/**
* This action sets up the template context for editing users in the Turbine database.
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class UserUpdateAction extends VelocityPortletAction
{
/**
* Subclasses should override this method if they wish to
* build specific content when maximized. Default behavior is
* to do the same as normal content.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Subclasses should override this method if they wish to
* provide their own customization behavior.
* Default is to use Portal base customizer action
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
setTemplate(rundata, "user-form.vm");
}
/**
* Subclasses must override this method to provide default behavior
* for the portlet action
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
try
{
User user = null;
/*
* Grab the mode for the user form.
*/
String mode = rundata.getParameters().getString("mode");
if (mode.equals("modify") || mode.equals("delete"))
{
String username = rundata.getParameters().getString("username");
user = JetspeedSecurity.getUser(username);
context.put("user", user);
}
context.put("mode", mode);
}
catch (Exception e)
{
rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
/**
* ActionEvent responsible for inserting a new user
* into the Turbine security system.
*/
public void doInsert(RunData data, Context context)
throws Exception
{
/*
* Create a TamboraUser object here, it will be
* used even if there is an error. It will be
* fed back into the context to give the user
* the chance to correct any errors.
*/
User user = JetspeedSecurity.getUserInstance();
data.getParameters().setProperties(user);
/*
* Grab the username entered in the form.
*/
String username = data.getParameters().getString("username");
String password = data.getParameters().getString("password");
if (password == null)
password = "";
/*
* Make sure this account doesn't already exist.
* If the account already exists then alert
* the user and make them change the username.
*/
if (JetspeedSecurity.accountExists(username))
{
context.put("username", username);
context.put("errorTemplate", "/screens/user/FluxUserAlreadyExists.vm");
context.put("user", user);
/*
* We are still in insert mode. So keep this
* value alive.
*/
data.getParameters().add("mode", "insert");
setTemplate(data, "/user/FluxUserForm.vm");
}
else
{
/*
* Set some default date properties, this needs
* to be more rigourous.
*/
Date now = new Date();
//user.setModifiedDate(now);
user.setCreateDate(now);
user.setLastLogin(new Date(0));
JetspeedSecurity.addUser(user, password);
// bring user back to browser
// FIXME: this doesn't work
ActionLoader.getInstance().exec( data, "portlets.security.UserBrowserAction" );
}
}
/**
* ActionEvent responsible updating a user
* in the Tambora system. Must check the input
* for integrity before allowing the user info
* to be update in the database.
*/
public void doUpdate(RunData data, Context context)
throws Exception
{
User user = JetspeedSecurity.getUser(data.getParameters().getString("username"));
data.getParameters().setProperties(user);
Date now = new Date();
//user.setModifiedDate(now);
user.setCreateDate(now);
user.setLastLogin(new Date(0));
JetspeedSecurity.saveUser(user);
// bring user back to browser
// FIXME: this doesn't work
ActionLoader.getInstance().exec( data, "portlets.security.UserBrowserAction" );
}
/**
* ActionEvent responsible for removing a user
* from the Tambora system.
*/
public void doDelete(RunData data, Context context)
throws Exception
{
User user = JetspeedSecurity.getUser(
data.getParameters().getString("username"));
JetspeedSecurity.removeUser(user);
// bring user back to browser
// FIXME: this doesn't work
ActionLoader.getInstance().exec( data, "portlets.security.UserBrowserAction" );
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: Security stuff...
Posted by Raphaël Luta <ra...@networks.groupvu.com>.
David Sean Taylor wrote:
>>Because a complete pull design would populate the context by reading the
>>
> objects to instanciate from a configuration info, so you would not have to
>
>>explicitely put it the context.
>>
>>An the other hand, Jetspeed does not currently offer a good pull system
>>
>>for portlets: you can use the Turbine pull system within your system but
>>it's bad because the defintion are global for all the application and not
>>portlet specific (and you need to stop restart your app for adding new
>>tools definition which is not adequate for portlet deployment)
>>
>>I started implementing a Pull system for the Velocity Portlet based on
>>registry parameter info, but it's much more complex that the Turbine one
>>because registry entries *are* mutable at runtime and semantics but be
>>extended to add a "shared" scope for sharing context objects between
>>different portlet instances.
>>
>>
> Yes, as in:
>
> <parameter name="action" value="portlets.security.RoleBrowserAction"/>
>
> So now I see Jon's point. Its not really a 'tool' as described in the TR.p.
> Perhaps it would be better to have a session 'security' tool:
>
> tool.session.security = org.apache.jetspeed.tools.Security
>
> When its instantiated at the start of the session, it could do something
> trivial, like check to see if the user has the proper authority to use the
> security tool. (I want to delay the populating of the roles in the template
> to ensure we get the most recent values)
>
Yes, security is a good candidate for implementation as a global Turbine tool
to be used in any portlet/screen/layout that requires this info.
> For the problem you described with portlet deployment,
> why not have a tool.xreg file that can be distributed with a PAR?
> I know it not a 'xml' format like the other xregs, but does turbine have a
> non-centralized, and dynamic approach to tool definition and maintenance? It
> seems like its all based out of the static TR.p, but don't quote me on
> that...
>
Because PAR are part of the new Portlet API and not integrated in HEAD right
now... ;)
> So Im sure where this this fits in...
>
> <parameter name="action" value="portlets.security.RoleBrowserAction"/>
>
> Taking the security example, we wouldn't need the action to pre-populate the
> context. The context would get populated when referenced in the template:
> $security.Roles
>
>
The action parameter is the best way I found right now for implementing MVC
for portlets (short of a complete Pull system):
- if you don't need to override specific Portlet API methods like (the
PortletState methods) you don't need to subclass the VelocityPortlet but
simply associate at runtime through the registry a default template and a
default action for the portlet.
The portlet will always call the action for populating the portlet context
before rendering with the template, thus all context population is handled
in the Action class and dynamically coupled to a template at runtime.
If you want to change your portlet behavior at runtime, you simply need to
write a new action class implementing a new context, modify the registry
entry, and your portlet will automatically use the new action context...
Also note that the VelocityPortletAction extends VelocityAction (which
itself extends ActionEvent) so you can also dynamically call events on this
action the usual Turbine way.
--
Raphael Luta - raphael.luta@networks.groupvu.com
Vivendi Universal Networks - Paris
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: Security stuff...
Posted by Jon Stevens <jo...@latchkey.com>.
on 6/12/01 10:33 AM, "David Sean Taylor" <da...@bluesunrise.com> wrote:
> So now I see Jon's point. Its not really a 'tool' as described in the TR.p.
> Perhaps it would be better to have a session 'security' tool:
>
> tool.session.security = org.apache.jetspeed.tools.Security
Correct. The goal of pull is to almost never use context.put(). Everything
should be made available through the Tools. Not 100% easy, but it is the
cleanest MVC design because you never have to worry about tying a template
to a Java class.
-jon
--
"Open source is not available to commercial companies."
-Steve Ballmer, CEO Microsoft
<http://www.suntimes.com/output/tech/cst-fin-micro01.html>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: Security stuff...
Posted by David Sean Taylor <da...@bluesunrise.com>.
> Because a complete pull design would populate the context by reading the
objects to instanciate from a configuration info, so you would not have to
> explicitely put it the context.
>
> An the other hand, Jetspeed does not currently offer a good pull system
>
> for portlets: you can use the Turbine pull system within your system but
> it's bad because the defintion are global for all the application and not
> portlet specific (and you need to stop restart your app for adding new
> tools definition which is not adequate for portlet deployment)
>
> I started implementing a Pull system for the Velocity Portlet based on
> registry parameter info, but it's much more complex that the Turbine one
> because registry entries *are* mutable at runtime and semantics but be
> extended to add a "shared" scope for sharing context objects between
> different portlet instances.
>
Yes, as in:
<parameter name="action" value="portlets.security.RoleBrowserAction"/>
So now I see Jon's point. Its not really a 'tool' as described in the TR.p.
Perhaps it would be better to have a session 'security' tool:
tool.session.security = org.apache.jetspeed.tools.Security
When its instantiated at the start of the session, it could do something
trivial, like check to see if the user has the proper authority to use the
security tool. (I want to delay the populating of the roles in the template
to ensure we get the most recent values)
The populating of the roles is done when we they are pulled out of the
context, as in
#foreach ($role in $security.Roles)
For the problem you described with portlet deployment,
why not have a tool.xreg file that can be distributed with a PAR?
I know it not a 'xml' format like the other xregs, but does turbine have a
non-centralized, and dynamic approach to tool definition and maintenance? It
seems like its all based out of the static TR.p, but don't quote me on
that...
So Im sure where this this fits in...
<parameter name="action" value="portlets.security.RoleBrowserAction"/>
Taking the security example, we wouldn't need the action to pre-populate the
context. The context would get populated when referenced in the template:
$security.Roles
> All in all, this will wait for 1.3a3 if ever (unless someone else picks
> this up)
>
I don't know, maybe we can work something out for 1.3a3 :-)
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: Security stuff...
Posted by Raphaël Luta <ra...@networks.groupvu.com>.
David Sean Taylor wrote:
>>Not really a pull design...but ok...I get it...
>>
>>
>
> That part works just like flux, except that the velocity screen is an html
> fragment.
>
> Im sorry but I don't understand why it isn't really pull design.
> The action puts the roles into the context, and then the template pulls each
> role out with a '#foreach role in roles' loop.
>
Because a complete pull design would populate the context by reading the
objects to instanciate from a configuration info, so you would not have to
explicitely put it the context.
An the other hand, Jetspeed does not currently offer a good pull system
for portlets: you can use the Turbine pull system within your system but
it's bad because the defintion are global for all the application and not
portlet specific (and you need to stop restart your app for adding new
tools definition which is not adequate for portlet deployment)
I started implementing a Pull system for the Velocity Portlet based on
registry parameter info, but it's much more complex that the Turbine one
because registry entries *are* mutable at runtime and semantics but be
extended to add a "shared" scope for sharing context objects between
different portlet instances.
All in all, this will wait for 1.3a3 if ever (unless someone else picks
this up)
--
Raphael Luta - raphael.luta@networks.groupvu.com
Vivendi Universal Networks - Paris
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: Security stuff...
Posted by David Sean Taylor <da...@bluesunrise.com>.
> Not really a pull design...but ok...I get it...
>
That part works just like flux, except that the velocity screen is an html
fragment.
Im sorry but I don't understand why it isn't really pull design.
The action puts the roles into the context, and then the template pulls each
role out with a '#foreach role in roles' loop.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: Security stuff...
Posted by Jon Stevens <jo...@latchkey.com>.
on 6/11/01 1:18 PM, "David Sean Taylor" <da...@bluesunrise.com> wrote:
> I am putting *all* the roles from the TURBINE_ROLE table into the context.
> Necessary for role-browser.vm to list all the roles in the system.
Not really a pull design...but ok...I get it...
-jon
--
"Open source is not available to commercial companies."
-Steve Ballmer, CEO Microsoft
<http://www.suntimes.com/output/tech/cst-fin-micro01.html>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: Security stuff...
Posted by David Sean Taylor <da...@bluesunrise.com>.
> Why are you putting roles into the context? Security checks should happen
on
> a permission level, not on a role level.
>
Its not a security check....
I am putting *all* the roles from the TURBINE_ROLE table into the context.
Necessary for role-browser.vm to list all the roles in the system.
This portlet is a security management portlet, (like Flux, but
portlet-based) for administrative maintenance of roles. The RoleBrowser is
for an administrator to view and edit all roles in the system. The code you
are looking at is a portlet action that is invoked whenever the portlet is
displayed, see:
org.apache.jetspeed.modules.actions.portlets.VelocityPortlet
(public abstract class VelocityPortletAction extends VelocityAction)
When was the last time you tried Jetspeed anyway?
We are now making use of Velocity for controls, portlets, and controllers.
To try out the security stuff, logon as the 'admin' user, and its under the
'security' tab. Its not yet complete. I still have permissions and a few
more templates to finish.
-- David
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Security stuff...
Posted by Jon Stevens <jo...@latchkey.com>.
on 6/11/01 12:09 AM, "taylor@apache.org" <ta...@apache.org> wrote:
> Criteria criteria = new Criteria();
> RoleSet roles = JetspeedSecurity.getRoles(criteria);
> context.put("roles", roles.getRolesArray());
Why are you putting roles into the context? Security checks should happen on
a permission level, not on a role level.
Also, all of the information for a particular user is already stored in
$data.getACL(). That is the right way to determine if someone has the right
ACL or not...
-jon
--
"Open source is not available to commercial companies."
-Steve Ballmer, CEO Microsoft
<http://www.suntimes.com/output/tech/cst-fin-micro01.html>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org