You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2008/09/19 12:52:43 UTC
svn commit: r697044 - in
/portals/jetspeed-2/portal/branches/security-refactoring:
components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/
components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/
components/jet...
Author: ate
Date: Fri Sep 19 03:52:42 2008
New Revision: 697044
URL: http://svn.apache.org/viewvc?rev=697044&view=rev
Log:
- rewrite of the JetspeedPrincipalAssociationType configuration and hierarchy handling derived from that.
- added a now pluggable solution for building up (user) Subject principals using one or more SubjectPrincipalsResolver instances
- still TODO: deriving principals from hierarchy (e.g. role-to-role) or indirect (like group-to-role) which should now be very easy to add
Added:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsProvider.java (with props)
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsResolver.java (with props)
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserSubjectPrincipalsResolverImpl.java (with props)
Removed:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/JetspeedPrincipalHierarchyAssocationTypeImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/SimpleHierarchyPrincipalAssociationHandler.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalHierachyAssocationType.java
Modified:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/BaseJetspeedPrincipalManager.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/JetspeedPrincipalAssociationTypeImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/BaseJetspeedPrincipalAssociationHandler.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/SimpleMemberOfPrincipalAssociationHandler.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/GroupManager.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationHandler.java (contents, props changed)
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationType.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalManager.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/RoleManager.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/assembly/security-managers.xml
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/BaseJetspeedPrincipalManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/BaseJetspeedPrincipalManager.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/BaseJetspeedPrincipalManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/BaseJetspeedPrincipalManager.java Fri Sep 19 03:52:42 2008
@@ -29,7 +29,6 @@
import org.apache.jetspeed.security.JetspeedPrincipalAssociationHandler;
import org.apache.jetspeed.security.JetspeedPrincipalAssociationReference;
import org.apache.jetspeed.security.JetspeedPrincipalAssociationType;
-import org.apache.jetspeed.security.JetspeedPrincipalHierachyAssocationType;
import org.apache.jetspeed.security.JetspeedPrincipalManagerProvider;
import org.apache.jetspeed.security.JetspeedPrincipalType;
import org.apache.jetspeed.security.PrincipalAlreadyExistsException;
@@ -87,14 +86,14 @@
}
private JetspeedPrincipalType principalType;
+ private List<JetspeedPrincipalAssociationType> associationTypes = new ArrayList<JetspeedPrincipalAssociationType>();
private Map<AssociationHandlerKey, JetspeedPrincipalAssociationHandler> assHandlers = new HashMap<AssociationHandlerKey, JetspeedPrincipalAssociationHandler>();
private Map<AssociationHandlerKey, JetspeedPrincipalAssociationType> reqAssociations = new HashMap<AssociationHandlerKey, JetspeedPrincipalAssociationType>();
- private JetspeedPrincipalHierachyAssocationType hierachyAssType;
private JetspeedPrincipalAccessManager jpam;
private JetspeedPrincipalStorageManager jpsm;
//added for removing circular dependciese
protected static JetspeedPrincipalManagerProvider jpmp;
- private static boolean loaded = false;
+
public BaseJetspeedPrincipalManager(JetspeedPrincipalType principalType, JetspeedPrincipalAccessManager jpam,
JetspeedPrincipalStorageManager jpsm)
{
@@ -120,20 +119,29 @@
jpmp = Jpmp;
}
- protected JetspeedPrincipalManagerProvider getJetspeedPrincipalManagerProvider()
+ public JetspeedPrincipalManagerProvider getPrincipalManagerProvider()
{
- if(!loaded && jpmp==null)
+ if(jpmp==null)
{
jpmp= (JetspeedPrincipalManagerProvider)Jetspeed.getComponentManager().getComponent("org.apache.jetspeed.security.spi.JetspeedPrincipalManagerProvider");
- loaded = true;
}
return jpmp;
}
+ public JetspeedPrincipalAccessManager getPrincipalAccessManager()
+ {
+ return jpam;
+ }
+
public final JetspeedPrincipalType getPrincipalType()
{
return principalType;
}
+
+ public List<JetspeedPrincipalAssociationType> getAssociationTypes()
+ {
+ return Collections.unmodifiableList(associationTypes);
+ }
public boolean principalExists(String name)
{
@@ -209,82 +217,6 @@
}
return jpam.getAssociatedTo(principalToName, principalType, to, associationName);
}
-
- public final List<? extends JetspeedPrincipal> resolveAssociatedFrom(String principalFromName, JetspeedPrincipalType from, String associationName)
- {
- return resolveHierachies((List<JetspeedPrincipal>)getAssociatedFrom(principalFromName, from, associationName));
- }
-
- public final List<? extends JetspeedPrincipal> resolveAssociatedTo(String principalToName, JetspeedPrincipalType to, String associationName)
- {
- return resolveHierachies((List<JetspeedPrincipal>)getAssociatedTo(principalToName, to, associationName));
- }
-
- protected List<? extends JetspeedPrincipal> resolveHierachies(List<JetspeedPrincipal> principals)
- {
- if (hierachyAssType != null && !principals.isEmpty())
- {
- List<Long> resolved = new ArrayList<Long>();
- for (JetspeedPrincipal p : principals)
- {
- resolved.add(p.getId());
- }
- List<Long> ids = new ArrayList<Long>(resolved);
- if (this.hierachyAssType.getHierachyType().equals(JetspeedPrincipalHierachyAssocationType.HierarchyType.PART_OF))
- {
- for (Long id : ids)
- {
- resolveChildren(id, principals, resolved);
- }
- }
- else // IS_A or CHILD_OF HierachyType
- {
- for (Long id : ids)
- {
- resolveParents(id, principals, resolved);
- }
- }
- }
- return principals;
- }
-
- protected void resolveParents(Long principalId, List<JetspeedPrincipal> principals, List<Long> resolved)
- {
- List<JetspeedPrincipal> parents = jpam.getAssociatedFrom(principalId, principalType, principalType, hierachyAssType.getAssociationName());
- if (!parents.isEmpty())
- {
- JetspeedPrincipal parent = parents.get(0);
- if (!resolved.contains(parent.getId()))
- {
- principals.add(parent);
- resolved.add(parent.getId());
- resolveParents(parent.getId(), principals, resolved);
- }
- }
- }
-
- protected void resolveChildren(Long principalId, List<JetspeedPrincipal> principals, List<Long> resolved)
- {
- List<JetspeedPrincipal> children = jpam.getAssociatedTo(principalId, principalType, principalType, hierachyAssType.getAssociationName());
- if (!children.isEmpty())
- {
- List<Long> ids = new ArrayList<Long>();
- for (JetspeedPrincipal p : principals)
- {
- if (!resolved.contains(p.getId()))
- {
- ids.add(p.getId());
- resolved.add(p.getId());
- principals.add(p);
- }
- }
- for (Long id : ids)
- {
- resolveChildren(id, principals, resolved);
- }
- }
- }
-
//
// JetspeedPrincipalManagerSPI interface implementation
@@ -300,22 +232,8 @@
throw new IllegalStateException("An AssociationHandler for " +
jpah.getAssociationType().getAssociationName() + " already defined");
}
- if (jpah.getAssociationType() instanceof JetspeedPrincipalHierachyAssocationType)
- {
- if (jpah.getManagerFrom() != this || jpah.getManagerTo() != this)
- {
- throw new IllegalStateException("Invalid HierarchyAssociationType with associationName "+jpah.getAssociationType().getAssociationName()+": not referencing this JetspeedPrincipalManager (only)");
- }
- if (hierachyAssType == null)
- {
- hierachyAssType = (JetspeedPrincipalHierachyAssocationType)jpah.getAssociationType();
- }
- else
- {
- throw new IllegalStateException("Only one HierachyAssociationType handler can be defined for a JetspeedPrincipal");
- }
- }
assHandlers.put(key, jpah);
+ associationTypes.add(jpah.getAssociationType());
if (jpah.getAssociationType().isRequired())
{
reqAssociations.put(key,jpah.getAssociationType());
@@ -392,7 +310,7 @@
{
jpah.beforeRemoveFrom(principal);
}
- else
+ if (jpah.getAssociationType().getToPrincipalType().getName().equals(principalType.getName()))
{
jpah.beforeRemoveTo(principal);
}
@@ -441,6 +359,24 @@
}
jpah.add(from, to);
}
+
+ public void transferAssociationFrom(JetspeedPrincipal from, JetspeedPrincipal to, JetspeedPrincipal target,
+ String associationName) throws PrincipalNotFoundException,
+ PrincipalAssociationUnsupportedException,
+ PrincipalAssociationNotAllowedException
+ {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void transferAssociationTo(JetspeedPrincipal from, JetspeedPrincipal to, JetspeedPrincipal target,
+ String associationName) throws PrincipalNotFoundException,
+ PrincipalAssociationUnsupportedException,
+ PrincipalAssociationNotAllowedException
+ {
+ // TODO Auto-generated method stub
+
+ }
public void removeAssociation(JetspeedPrincipal from, JetspeedPrincipal to, String associationName) throws PrincipalAssociationRequiredException, PrincipalNotFoundException
{
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java Fri Sep 19 03:52:42 2008
@@ -78,7 +78,7 @@
{
if (userManager == null)
{
- userManager = (UserManager)getJetspeedPrincipalManagerProvider().getManager(userType);
+ userManager = (UserManager)getPrincipalManagerProvider().getManager(userType);
}
}
@@ -203,15 +203,6 @@
}
/**
- * @see org.apache.jetspeed.security.GroupManager#resolveGroupsForUser(java.lang.String)
- */
- public List<Group> resolveGroupsForUser(String username)
- throws SecurityException
- {
- return (List<Group>) super.resolveAssociatedFrom(username, userType, JetspeedPrincipalAssociationType.IS_MEMBER_OF_ASSOCIATION_TYPE_NAME);
- }
-
- /**
* @see org.apache.jetspeed.security.GroupManager#getGroupsInRole(java.lang.String)
*/
public List<Group> getGroupsInRole(String roleName)
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/JetspeedPrincipalAssociationTypeImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/JetspeedPrincipalAssociationTypeImpl.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/JetspeedPrincipalAssociationTypeImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/JetspeedPrincipalAssociationTypeImpl.java Fri Sep 19 03:52:42 2008
@@ -28,14 +28,20 @@
private JetspeedPrincipalType fromType;
private JetspeedPrincipalType toType;
private boolean required;
+ private boolean dependent;
+ private boolean singular;
+ private boolean dominant;
public JetspeedPrincipalAssociationTypeImpl(String associationName, JetspeedPrincipalType fromType,
- JetspeedPrincipalType toType, boolean required)
+ JetspeedPrincipalType toType, boolean required, boolean dependent, boolean singular, boolean dominant)
{
this.associationName = associationName;
this.fromType = fromType;
this.toType = toType;
this.required = required;
+ this.dependent = dependent;
+ this.singular = singular;
+ this.dominant = dominant;
}
public String getAssociationName()
@@ -57,4 +63,19 @@
{
return required;
}
+
+ public boolean isDependent()
+ {
+ return dependent;
+ }
+
+ public boolean isSingular()
+ {
+ return singular;
+ }
+
+ public boolean isDominant()
+ {
+ return dominant;
+ }
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java Fri Sep 19 03:52:42 2008
@@ -82,11 +82,11 @@
{
if (userManager == null)
{
- userManager = (UserManager)getJetspeedPrincipalManagerProvider().getManager(userType);
+ userManager = (UserManager)getPrincipalManagerProvider().getManager(userType);
}
if (groupManager == null)
{
- groupManager = (GroupManager)getJetspeedPrincipalManagerProvider().getManager(groupType);
+ groupManager = (GroupManager)getPrincipalManagerProvider().getManager(groupType);
}
}
@@ -218,22 +218,6 @@
}
/**
- * @see org.apache.jetspeed.security.RoleManager#resolveRolesForUser(java.lang.String)
- */
- public List<Role> resolveRolesForUser(String username) throws SecurityException
- {
- return (List<Role>)super.resolveAssociatedFrom(username, userType, JetspeedPrincipalAssociationType.IS_MEMBER_OF_ASSOCIATION_TYPE_NAME);
- }
-
- /**
- * @see org.apache.jetspeed.security.RoleManager#resolveRolesInGroup(java.lang.String)
- */
- public List<Role> resolveRolesInGroup(String groupName) throws SecurityException
- {
- return (List<Role>)super.resolveAssociatedFrom(groupName, groupType, JetspeedPrincipalAssociationType.IS_MEMBER_OF_ASSOCIATION_TYPE_NAME);
- }
-
- /**
* @see org.apache.jetspeed.security.RoleManager#addRoleToUser(java.lang.String,
* java.lang.String)
*/
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java Fri Sep 19 03:52:42 2008
@@ -17,8 +17,10 @@
package org.apache.jetspeed.security.impl;
import java.security.Principal;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
@@ -51,7 +53,8 @@
import org.apache.jetspeed.security.spi.JetspeedPrincipalAccessManager;
import org.apache.jetspeed.security.spi.JetspeedPrincipalStorageManager;
import org.apache.jetspeed.security.spi.UserPasswordCredentialManager;
-import org.springframework.beans.factory.InitializingBean;
+import org.apache.jetspeed.security.spi.UserSubjectPrincipalsProvider;
+import org.apache.jetspeed.security.spi.UserSubjectPrincipalsResolver;
/**
* <p>
@@ -62,7 +65,7 @@
* @author <a href="mailto:vkumar@apache.org">Vivek Kumar </a>
* @version $Id$
*/
-public class UserManagerImpl extends BaseJetspeedPrincipalManager implements UserManager
+public class UserManagerImpl extends BaseJetspeedPrincipalManager implements UserManager, UserSubjectPrincipalsProvider
{
private static final Log log = LogFactory.getLog(UserManagerImpl.class);
@@ -73,6 +76,7 @@
private UserPasswordCredentialManager credentialManager;
private RoleManager roleManager;
private GroupManager groupManager;
+ private Map<String, UserSubjectPrincipalsResolver> usprMap = new HashMap<String, UserSubjectPrincipalsResolver>();
public UserManagerImpl(JetspeedPrincipalType principalType, JetspeedPrincipalType roleType, JetspeedPrincipalType groupType,
JetspeedPrincipalAccessManager jpam, JetspeedPrincipalStorageManager jpsm, UserPasswordCredentialManager credentialManager)
@@ -87,11 +91,11 @@
{
if (groupManager == null)
{
- groupManager = (GroupManager) getJetspeedPrincipalManagerProvider().getManager(groupType);
+ groupManager = (GroupManager) getPrincipalManagerProvider().getManager(groupType);
}
if (roleManager == null)
{
- roleManager = (RoleManager) getJetspeedPrincipalManagerProvider().getManager(roleType);
+ roleManager = (RoleManager) getPrincipalManagerProvider().getManager(roleType);
}
}
@@ -166,7 +170,7 @@
public Subject getSubject(AuthenticatedUser user) throws SecurityException
{
Set<Principal> principals = new PrincipalsSet();
- addSubjectPrincipals(user, principals);
+ resolveSubjectPrincipals(user, principals);
return JetspeedSubjectFactory.createSubject(user.getUser(), getPublicCredentialsForSubject(user), getPrivateCredentialsForSubject(user), principals);
}
@@ -190,22 +194,14 @@
return credentials;
}
- protected void addSubjectPrincipals(AuthenticatedUser user, Set<Principal> principals) throws SecurityException
+ protected void resolveSubjectPrincipals(AuthenticatedUser user, Set<Principal> principals) throws SecurityException
{
checkInitialized();
- addSubjectRolePrincipals(user, principals, roleManager);
- addSubjectGroupPrincipals(user, principals, groupManager);
- // still TODO: adding roles for groups
- }
-
- protected void addSubjectRolePrincipals(AuthenticatedUser user, Set<Principal> principals, RoleManager roleManager) throws SecurityException
- {
- principals.addAll(roleManager.resolveRolesForUser(user.getUserName()));
- }
-
- protected void addSubjectGroupPrincipals(AuthenticatedUser user, Set<Principal> principals, GroupManager groupManager) throws SecurityException
- {
- principals.addAll(groupManager.resolveGroupsForUser(user.getUserName()));
+ HashSet<Long> resolvedIds = new HashSet<Long>();
+ for (UserSubjectPrincipalsResolver resolver : usprMap.values())
+ {
+ resolver.resolve(user.getUser(), resolvedIds, principals, usprMap);
+ }
}
public User getUser(String username) throws SecurityException
@@ -322,4 +318,9 @@
{
return newTransientPrincipal(name);
}
+
+ public void addSubjectPrincipalsResolver(UserSubjectPrincipalsResolver resolver)
+ {
+ this.usprMap.put(resolver.getPrincipalType().getName(), resolver);
+ }
}
\ No newline at end of file
Added: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsProvider.java?rev=697044&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsProvider.java (added)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsProvider.java Fri Sep 19 03:52:42 2008
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jetspeed.security.spi;
+
+import org.apache.jetspeed.security.JetspeedPrincipalManager;
+
+/**
+ * @version $Id$
+ *
+ */
+public interface UserSubjectPrincipalsProvider extends JetspeedPrincipalManager
+{
+ void addSubjectPrincipalsResolver(UserSubjectPrincipalsResolver resolver);
+ JetspeedPrincipalAccessManager getPrincipalAccessManager();
+}
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsProvider.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsProvider.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsResolver.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsResolver.java?rev=697044&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsResolver.java (added)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsResolver.java Fri Sep 19 03:52:42 2008
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jetspeed.security.spi;
+
+import java.security.Principal;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.jetspeed.security.JetspeedPrincipal;
+import org.apache.jetspeed.security.JetspeedPrincipalType;
+import org.apache.jetspeed.security.User;
+
+/**
+ * @version $Id$
+ *
+ */
+public interface UserSubjectPrincipalsResolver
+{
+ JetspeedPrincipalType getPrincipalType();
+
+ void resolve(User user, Set<Long> resolvedIds, Set<Principal> principals, Map<String, UserSubjectPrincipalsResolver> resolvers);
+ void processPrincipal(JetspeedPrincipal principal, User user, Set<Long> resolvedIds, Set<Principal> principals, Map<String, UserSubjectPrincipalsResolver> resolvers);
+}
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsResolver.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsResolver.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/UserSubjectPrincipalsResolver.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/BaseJetspeedPrincipalAssociationHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/BaseJetspeedPrincipalAssociationHandler.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/BaseJetspeedPrincipalAssociationHandler.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/BaseJetspeedPrincipalAssociationHandler.java Fri Sep 19 03:52:42 2008
@@ -20,13 +20,11 @@
import org.apache.jetspeed.security.JetspeedPrincipal;
import org.apache.jetspeed.security.JetspeedPrincipalAssociationHandler;
import org.apache.jetspeed.security.JetspeedPrincipalAssociationType;
-import org.apache.jetspeed.security.JetspeedPrincipalHierachyAssocationType;
import org.apache.jetspeed.security.JetspeedPrincipalManager;
import org.apache.jetspeed.security.PrincipalAssociationNotAllowedException;
import org.apache.jetspeed.security.PrincipalAssociationRequiredException;
import org.apache.jetspeed.security.PrincipalAssociationUnsupportedException;
import org.apache.jetspeed.security.PrincipalNotFoundException;
-import org.apache.jetspeed.security.JetspeedPrincipalHierachyAssocationType.HierarchyType;
import org.apache.jetspeed.security.spi.JetspeedPrincipalAssociationStorageManager;
import org.apache.jetspeed.security.spi.JetspeedPrincipalManagerSPI;
@@ -65,16 +63,6 @@
return associationType;
}
- public boolean isHierachyAssociationType()
- {
- return associationType instanceof JetspeedPrincipalHierachyAssocationType;
- }
-
- public HierarchyType getHierarchyType()
- {
- return isHierachyAssociationType() ? ((JetspeedPrincipalHierachyAssocationType)associationType).getHierachyType() : null;
- }
-
public JetspeedPrincipalManager getManagerFrom()
{
return from;
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/SimpleMemberOfPrincipalAssociationHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/SimpleMemberOfPrincipalAssociationHandler.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/SimpleMemberOfPrincipalAssociationHandler.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/SimpleMemberOfPrincipalAssociationHandler.java Fri Sep 19 03:52:42 2008
@@ -36,9 +36,9 @@
super(associationType, from, to, jpasm);
}
- public SimpleMemberOfPrincipalAssociationHandler(String associationName, JetspeedPrincipalManagerSPI from,JetspeedPrincipalManagerSPI to, boolean required, JetspeedPrincipalAssociationStorageManager jpasm)
+ public SimpleMemberOfPrincipalAssociationHandler(String associationName, JetspeedPrincipalManagerSPI from,JetspeedPrincipalManagerSPI to, JetspeedPrincipalAssociationStorageManager jpasm)
{
- this(new JetspeedPrincipalAssociationTypeImpl(associationName, from.getPrincipalType(), to.getPrincipalType(), required), from, to, jpasm);
+ this(new JetspeedPrincipalAssociationTypeImpl(associationName, from.getPrincipalType(), to.getPrincipalType(), false, false, false, false), from, to, jpasm);
}
/* (non-Javadoc)
Added: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserSubjectPrincipalsResolverImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserSubjectPrincipalsResolverImpl.java?rev=697044&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserSubjectPrincipalsResolverImpl.java (added)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserSubjectPrincipalsResolverImpl.java Fri Sep 19 03:52:42 2008
@@ -0,0 +1,181 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jetspeed.security.spi.impl;
+
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.jetspeed.security.JetspeedPrincipal;
+import org.apache.jetspeed.security.JetspeedPrincipalAssociationType;
+import org.apache.jetspeed.security.JetspeedPrincipalType;
+import org.apache.jetspeed.security.User;
+import org.apache.jetspeed.security.spi.JetspeedPrincipalAccessManager;
+import org.apache.jetspeed.security.spi.UserSubjectPrincipalsProvider;
+import org.apache.jetspeed.security.spi.UserSubjectPrincipalsResolver;
+
+/**
+ * @version $Id$
+ *
+ */
+public class UserSubjectPrincipalsResolverImpl implements UserSubjectPrincipalsResolver
+{
+ private UserSubjectPrincipalsProvider spp;
+ private JetspeedPrincipalType principalType;
+ private JetspeedPrincipalAssociationType uat;
+ private JetspeedPrincipalAssociationType iat;
+ private boolean fromUser;
+ private boolean initialized;
+ private boolean indirectFrom;
+ private JetspeedPrincipalAccessManager accessManager;
+
+ public UserSubjectPrincipalsResolverImpl(UserSubjectPrincipalsProvider spp, JetspeedPrincipalType principalType,
+ JetspeedPrincipalAssociationType userAssociationType)
+ {
+ init(spp, principalType, userAssociationType, null);
+ }
+
+ protected void init(UserSubjectPrincipalsProvider spp, JetspeedPrincipalType principalType,
+ JetspeedPrincipalAssociationType userAssociationType,
+ JetspeedPrincipalAssociationType indirectAssociationType)
+ {
+ if (!spp.getPrincipalType().getName().equals(JetspeedPrincipalType.USER_TYPE_NAME))
+ {
+ throw new IllegalArgumentException("The provided SubjectPrincipalsProvider should be for the user principalType");
+ }
+ this.spp = spp;
+
+ if (principalType.getName().equals(JetspeedPrincipalType.USER_TYPE_NAME))
+ {
+ throw new IllegalArgumentException("This resolver principalType cannot be that of the user principalType");
+ }
+ this.principalType = principalType;
+
+ if (userAssociationType.getFromPrincipalType().getName().equals(JetspeedPrincipalType.USER_TYPE_NAME))
+ {
+ if (userAssociationType.getToPrincipalType() != principalType)
+ {
+ throw new IllegalArgumentException("Provided userAssociationType doesn't target this resolver principalType");
+ }
+ fromUser = true;
+ }
+ else if (userAssociationType.getToPrincipalType().getName().equals(JetspeedPrincipalType.USER_TYPE_NAME))
+ {
+ if (userAssociationType.getFromPrincipalType() != principalType)
+ {
+ throw new IllegalArgumentException("Provided userAssociationType doesn't target this resolver principalType");
+ }
+ fromUser = false;
+ }
+ else
+ {
+ throw new IllegalArgumentException("Provided userAssociationType is not for a user association");
+ }
+ this.uat = userAssociationType;
+
+ if (indirectAssociationType != null)
+ {
+ if (indirectAssociationType.getFromPrincipalType() != principalType || indirectAssociationType.getToPrincipalType() != principalType)
+ {
+ throw new IllegalArgumentException("Provided indirectAssociationType should match this resolvers principalType");
+ }
+ else
+ {
+ this.iat = indirectAssociationType;
+ indirectFrom = indirectAssociationType.getFromPrincipalType() == principalType;
+ }
+ }
+
+ spp.addSubjectPrincipalsResolver(this);
+ }
+
+ protected void checkInitialized()
+ {
+ if (!initialized)
+ {
+ accessManager = spp.getPrincipalAccessManager();
+ initialized = true;
+ }
+ }
+
+ public JetspeedPrincipalType getPrincipalType()
+ {
+ return principalType;
+ }
+
+ protected void processFound(List<JetspeedPrincipal> found, User user, Set<Long> resolvedIds, Set<Principal> principals, Map<String, UserSubjectPrincipalsResolver> resolvers)
+ {
+ for (int i = found.size() -1; i > -1; i--)
+ {
+ JetspeedPrincipal p = found.get(i);
+ if (!p.isEnabled() || !resolvers.containsKey(p.getType().getName()) || !resolvedIds.add(p.getId()))
+ {
+ found.remove(i);
+ }
+ }
+ for (JetspeedPrincipal p : found)
+ {
+ resolvers.get(p.getType().getName()).processPrincipal(p, user, resolvedIds, principals, resolvers);
+ }
+ }
+
+ public void resolve(User user, Set<Long> resolvedIds, Set<Principal> principals, Map<String, UserSubjectPrincipalsResolver> resolvers)
+ {
+ checkInitialized();
+ if (user.getId() == null || !user.isEnabled())
+ {
+ // sanity check
+ return;
+ }
+ List<JetspeedPrincipal> found = null;
+ if (fromUser)
+ {
+ found = accessManager.getAssociatedFrom(user.getId(), uat.getFromPrincipalType(), uat.getToPrincipalType(), uat.getAssociationName());
+ }
+ else
+ {
+ found = accessManager.getAssociatedTo(user.getId(), uat.getFromPrincipalType(), uat.getToPrincipalType(), uat.getAssociationName());
+ }
+ processFound(found, user, resolvedIds, principals, resolvers);
+ }
+
+ public void processPrincipal(JetspeedPrincipal principal, User user, Set<Long> resolvedIds, Set<Principal> principals, Map<String, UserSubjectPrincipalsResolver> resolvers)
+ {
+ checkInitialized();
+ if (user.getId() == null || !user.isEnabled() || principal.getId() == null || !principal.isEnabled() || principal.getType() != principalType)
+ {
+ // sanity check
+ return;
+ }
+ principals.add(principal);
+ if (iat != null)
+ {
+ List <JetspeedPrincipal> found = null;
+ if (indirectFrom)
+ {
+ found = accessManager.getAssociatedFrom(principal.getId(), iat.getFromPrincipalType(), iat.getToPrincipalType(), iat.getAssociationName());
+ }
+ else
+ {
+ found = accessManager.getAssociatedTo(user.getId(), iat.getFromPrincipalType(), iat.getToPrincipalType(), iat.getAssociationName());
+ }
+ processFound(found, user, resolvedIds, principals, resolvers);
+ }
+ }
+}
\ No newline at end of file
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserSubjectPrincipalsResolverImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserSubjectPrincipalsResolverImpl.java
------------------------------------------------------------------------------
svn:keywords = Id
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserSubjectPrincipalsResolverImpl.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/GroupManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/GroupManager.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/GroupManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/GroupManager.java Fri Sep 19 03:52:42 2008
@@ -97,17 +97,6 @@
/**
* <p>
- * Retrieves a detached and modifiable {@link Group} list of all the groups and their hierarchically ones, associated to a specific
- * user.
- *
- * @param username The user name.
- * @return A list of {@link Group}.
- * @throws Throws security exception if the user does not exist.
- */
- List<Group> resolveGroupsForUser(String username) throws SecurityException;
-
- /**
- * <p>
* Retrieves a detached and modifiable {@link Group} list of all the groups in a specific role.
* </p>
*
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationHandler.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationHandler.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationHandler.java Fri Sep 19 03:52:42 2008
@@ -16,16 +16,12 @@
*/
package org.apache.jetspeed.security;
-import org.apache.jetspeed.security.JetspeedPrincipalHierachyAssocationType.HierarchyType;
-
/**
* @version $Id$
*/
public interface JetspeedPrincipalAssociationHandler
{
JetspeedPrincipalAssociationType getAssociationType();
- boolean isHierachyAssociationType();
- HierarchyType getHierarchyType();
JetspeedPrincipalManager getManagerFrom();
JetspeedPrincipalManager getManagerTo();
Propchange: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationHandler.java
------------------------------------------------------------------------------
svn:keywords = Id
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationType.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationType.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationType.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalAssociationType.java Fri Sep 19 03:52:42 2008
@@ -60,5 +60,30 @@
JetspeedPrincipalType getToPrincipalType();
- boolean isRequired(); // associations cannot be added or removed other then by removal of the Principal(s) itself
+ /**
+ * True if the from principal cannot be created without this association.
+ * <p>
+ * If {@link #isDependent()} the from principal will be deleted when the to principal is deleted,
+ * otherwise deleting the to principal is not allowed without first transfering association to another.
+ * </p>
+ */
+ boolean isRequired();
+
+ /**
+ * True if the from principal will be deleted when the to principal is deleted.
+ * <p>
+ * Deleting the to principal is not allowed when {@link #isRequired()} until the association is transferred to another.
+ * </p>
+ */
+ boolean isDependent();
+
+ /**
+ * True if the from principal can be associated at most once.
+ */
+ boolean isSingular();
+
+ /**
+ * True if the to principal can be associated to at most once.
+ */
+ boolean isDominant();
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalManager.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/JetspeedPrincipalManager.java Fri Sep 19 03:52:42 2008
@@ -25,6 +25,8 @@
public interface JetspeedPrincipalManager
{
JetspeedPrincipalType getPrincipalType();
+
+ List<JetspeedPrincipalAssociationType> getAssociationTypes();
boolean principalExists(String name);
@@ -63,7 +65,10 @@
/**
* <p>
* Retrieves a detached and modifiable {@link JetspeedPrincipal} list of all the principals managed by this manager which are
- * associated <em>to</em> the specified principal by the specified association.
+ * associated <em>from</em> the specified principal by the specified association.
+ * </p>
+ * <p>
+ * If the association is {@link JetspeedAssociationType#isSingular()} at most one principal will be returned.
* </p>
*
* @param principalFromName The principal name to find the other principals associated <em>to</em>.
@@ -76,7 +81,10 @@
/**
* <p>
* Retrieves a detached and modifiable {@link JetspeedPrincipal} list of all the principals managed by this manager which are
- * associated <em>from</em> the specified principal by the specified association.
+ * associated <em>to</em> the specified principal by the specified association.
+ * </p>
+ * <p>
+ * If the association is {@link JetspeedAssociationType#isDominant()} at most one principal will be returned.
* </p>
*
* @param principalToName The principal name to find the other principals associated <em>from</em>.
@@ -89,7 +97,10 @@
/**
* <p>
* Retrieves a detached and modifiable list of the names of all the principals managed by this manager which are
- * associated <em>to</em> the specified principal by the specified association.
+ * associated <em>from</em> the specified principal by the specified association.
+ * </p>
+ * <p>
+ * If the association is {@link JetspeedAssociationType#isSingular()} at most one principal name will be returned.
* </p>
*
* @param principalFromName The principal name to find the other principals associated <em>to</em>.
@@ -102,7 +113,10 @@
/**
* <p>
* Retrieves a detached and modifiable list of the names of all the principals managed by this manager which are
- * associated <em>from</em> the specified principal by the specified association.
+ * associated <em>to</em> the specified principal by the specified association.
+ * </p>
+ * <p>
+ * If the association is {@link JetspeedAssociationType#isDominant()} at most one principal name will be returned.
* </p>
*
* @param principalToName The principal name to find the other principals associated <em>from</em>.
@@ -112,56 +126,6 @@
*/
List<String> getAssociatedNamesTo(String principalToName, JetspeedPrincipalType to, String associationName);
- /**
- * <p>
- * Resolved a detached and modifiable {@link JetspeedPrincipal} list of all the principals managed by this manager which are
- * associated <em>to</em> the specified principal by the specified association as well as those within their hierarchical relationship.
- * </p>
- * <p>
- * If there is no {@link JetspeedPrincipalHierachyAssociationType} configured, this method falls back to the {@link #getAssociatedFrom(String, JetspeedPrincipalType, String)}
- * method.
- * </p>
- * <p>
- * If a {@link JetspeedPrincipalHierachyAssociationType.HierarchyType#PART_OF partOf} hierachy is used, recursively all the "children" of the found principals will be retrieved
- * as well.
- * </p>
- * <p>
- * If a {@link JetspeedPrincipalHierachyAssociationType.HierarchyType#IS_A isA} or {@link JetspeedPrincipalHierachyAssociationType.HierarchyType#CHILD_OF childOf} hierachy
- * is used, recursively all the "parents" of the found principals will be retrieved as well.
- * </p>
- *
- * @param principalFromName The principal name to find the other principals associated <em>to</em>.
- * @param from The principal type of the provided principal name
- * @param associationName The name of the association <em>from</em> the provided principal type <em>to</em> this Manager principal type.
- * @return The hierarchically resolved list of {@link JetspeedPrincipal} in the <em>to</em> side of the provided association for the provided principal name and its type
- */
- List<? extends JetspeedPrincipal> resolveAssociatedFrom(String principalFromName, JetspeedPrincipalType from, String associationName);
-
- /**
- * <p>
- * Resolved a detached and modifiable {@link JetspeedPrincipal} list of all the principals managed by this manager which are
- * associated <em>from</em> the specified principal by the specified association as well as those within their hierarchical relationship.
- * </p>
- * <p>
- * If there is no {@link JetspeedPrincipalHierachyAssociationType} configured, this method falls back to the {@link #getAssociatedTo(String, JetspeedPrincipalType, String)}
- * method.
- * </p>
- * <p>
- * If a {@link JetspeedPrincipalHierachyAssociationType.HierarchyType#PART_OF partOf} hierachy is used, recursively all the "children" of the found principals will be retrieved
- * as well.
- * </p>
- * <p>
- * If a {@link JetspeedPrincipalHierachyAssociationType.HierarchyType#IS_A isA} or {@link JetspeedPrincipalHierachyAssociationType.HierarchyType#CHILD_OF childOf} hierachy
- * is used, recursively all the "parents" of the found principals will be retrieved as well.
- * </p>
- *
- * @param principalToName The principal name to find the other principals associated <em>from</em>.
- * @param from The principal type of the provided principal name
- * @param associationName The name of the association <em>from</em> this Manager principal type <em>to</em> the provided principal type.
- * @return The hierarchically resolved list of {@link JetspeedPrincipal} in the <em>from</em> side of the provided association for the provided principal name and its type
- */
- List<? extends JetspeedPrincipal> resolveAssociatedTo(String principalToName, JetspeedPrincipalType to, String associationName);
-
void addPrincipal(JetspeedPrincipal principal, Set<JetspeedPrincipalAssociationReference> associations)
throws PrincipalAssociationNotAllowedException, PrincipalAlreadyExistsException, PrincipalAssociationRequiredException, PrincipalNotFoundException, PrincipalAssociationUnsupportedException;
@@ -173,6 +137,12 @@
void addAssociation(JetspeedPrincipal from, JetspeedPrincipal to, String associationName)
throws PrincipalNotFoundException, PrincipalAssociationUnsupportedException, PrincipalAssociationNotAllowedException;
+ void transferAssociationTo(JetspeedPrincipal from, JetspeedPrincipal to, JetspeedPrincipal target, String associationName)
+ throws PrincipalNotFoundException, PrincipalAssociationUnsupportedException, PrincipalAssociationNotAllowedException;
+
+ void transferAssociationFrom(JetspeedPrincipal from, JetspeedPrincipal to, JetspeedPrincipal target, String associationName)
+ throws PrincipalNotFoundException, PrincipalAssociationUnsupportedException, PrincipalAssociationNotAllowedException;
+
void removeAssociation(JetspeedPrincipal from, JetspeedPrincipal to, String associationName)
throws PrincipalAssociationRequiredException, PrincipalNotFoundException;
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/RoleManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/RoleManager.java?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/RoleManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/RoleManager.java Fri Sep 19 03:52:42 2008
@@ -86,15 +86,6 @@
/**
* <p>Retrieves a detached and modifiable {@link Role} list of all the roles
- * and their hierachically associated onces, associated to a specific user.</p>
- * @param username The user name.
- * @return A List of {@link Role}.
- * @throws Throws a security exception if the user does not exist.
- */
- List<Role> resolveRolesForUser(String username) throws SecurityException;
-
- /**
- * <p>Retrieves a detached and modifiable {@link Role} list of all the roles
* associated to a specific group.</p>
* @param groupName The group name
* @return A Collection of {@link Role}.
@@ -103,15 +94,6 @@
List<Role> getRolesInGroup(String groupName) throws SecurityException;
/**
- * <p>Retrieves a detached and modifiable {@link Role} list of all the roles
- * and their hierachically associated ones, associated to a specific group.</p>
- * @param groupName The group name
- * @return A Collection of {@link Role}.
- * @throws Throws a security exception if the group does not exist.
- */
- List<Role> resolveRolesInGroup(String groupName) throws SecurityException;
-
- /**
* <p>Add a role to a user.</p>
* @param username The user name
* @param roleName The role name
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/assembly/security-managers.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/assembly/security-managers.xml?rev=697044&r1=697043&r2=697044&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/assembly/security-managers.xml (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/resources/assembly/security-managers.xml Fri Sep 19 03:52:42 2008
@@ -104,7 +104,9 @@
<bean id="org.apache.jetspeed.security.UserManager" parent="baseTransactionProxy">
<meta key="j2:cat" value="default,security" />
<property name="proxyInterfaces">
- <value>org.apache.jetspeed.security.UserManager, org.apache.jetspeed.security.JetspeedPrincipalManager, org.apache.jetspeed.security.spi.JetspeedPrincipalManagerSPI</value>
+ <value>org.apache.jetspeed.security.UserManager, org.apache.jetspeed.security.JetspeedPrincipalManager,
+ org.apache.jetspeed.security.spi.JetspeedPrincipalManagerSPI,
+ org.apache.jetspeed.security.spi.UserSubjectPrincipalsProvider</value>
</property>
<property name="target">
<ref bean="org.apache.jetspeed.security.impl.UserManagerImpl" />
@@ -252,36 +254,57 @@
<ref bean="org.apache.jetspeed.security.RoleManager" />
</set>
</constructor-arg>
- </bean>
-
- <bean id="_userIsMemberOfRoleAssociationHandler"
+ </bean>
+
+ <bean id="userIsMemberOfRoleAssociationHandler"
class="org.apache.jetspeed.security.spi.impl.SimpleMemberOfPrincipalAssociationHandler">
<meta key="j2:cat" value="default,security" />
<constructor-arg index="0" value="isMemberOf"/>
<constructor-arg index="1" ref="org.apache.jetspeed.security.UserManager"/>
<constructor-arg index="2" ref="org.apache.jetspeed.security.RoleManager"/>
- <constructor-arg index="3" type="boolean" value="false"/>
- <constructor-arg index="4" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"/>
+ <constructor-arg index="3" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"/>
</bean>
- <bean id="_userIsMemberOfGroupAssociationHandler"
+ <bean id="userIsMemberOfGroupAssociationHandler"
class="org.apache.jetspeed.security.spi.impl.SimpleMemberOfPrincipalAssociationHandler">
<meta key="j2:cat" value="default,security" />
<constructor-arg index="0" value="isMemberOf"/>
<constructor-arg index="1" ref="org.apache.jetspeed.security.UserManager"/>
<constructor-arg index="2" ref="org.apache.jetspeed.security.GroupManager"/>
- <constructor-arg index="3" type="boolean" value="false"/>
- <constructor-arg index="4" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"/>
+ <constructor-arg index="3" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"/>
</bean>
- <bean id="_groupIsMemberOfRoleAssociationHandler"
+ <bean id="groupIsMemberOfRoleAssociationHandler"
class="org.apache.jetspeed.security.spi.impl.SimpleMemberOfPrincipalAssociationHandler">
<meta key="j2:cat" value="default,security" />
<constructor-arg index="0" value="isMemberOf"/>
<constructor-arg index="1" ref="org.apache.jetspeed.security.GroupManager"/>
<constructor-arg index="2" ref="org.apache.jetspeed.security.RoleManager"/>
- <constructor-arg index="3" type="boolean" value="false"/>
- <constructor-arg index="4" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"/>
- </bean>
+ <constructor-arg index="3" ref="org.apache.jetspeed.security.spi.JetspeedSecurityPersistenceManager"/>
+ </bean>
+
+ <bean id="userSubjectRolesResolver" class="org.apache.jetspeed.security.spi.impl.UserSubjectPrincipalsResolverImpl">
+ <meta key="j2:cat" value="default,security" />
+ <constructor-arg index="0" ref="org.apache.jetspeed.security.UserManager"/>
+ <constructor-arg index="1" ref="org.apache.jetspeed.security.JetspeedPrincipalType.role"/>
+ <constructor-arg index="2">
+ <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+ <property name="targetObject"><ref bean="userIsMemberOfRoleAssociationHandler"/></property>
+ <property name="targetMethod"><value>getAssociationType</value></property>
+ </bean>
+ </constructor-arg>
+ </bean>
+
+ <bean id="userSubjectGroupsResolver" class="org.apache.jetspeed.security.spi.impl.UserSubjectPrincipalsResolverImpl">
+ <meta key="j2:cat" value="default,security" />
+ <constructor-arg index="0" ref="org.apache.jetspeed.security.UserManager"/>
+ <constructor-arg index="1" ref="org.apache.jetspeed.security.JetspeedPrincipalType.group"/>
+ <constructor-arg index="2">
+ <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+ <property name="targetObject"><ref bean="userIsMemberOfGroupAssociationHandler"/></property>
+ <property name="targetMethod"><value>getAssociationType</value></property>
+ </bean>
+ </constructor-arg>
+ </bean>
-</beans>
+</beans>
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org