You are viewing a plain text version of this content. The canonical link for it is here.
Posted to photark-commits@incubator.apache.org by av...@apache.org on 2010/06/30 02:36:48 UTC
svn commit: r959170 - in /incubator/photark/trunk: photark-jcr/
photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/
photark-security/src/main/java/org/apache/photark/security/authentication/services/
photark-security/src/main/java/...
Author: avd
Date: Wed Jun 30 02:36:48 2010
New Revision: 959170
URL: http://svn.apache.org/viewvc?rev=959170&view=rev
Log:
PHOTARK-20 Applying patch from Suhothayan Sriskandarajah that provides the initial code for authorization.
Modified:
incubator/photark/trunk/photark-jcr/pom.xml
incubator/photark/trunk/photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/JCRAccessManager.java
incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/FormAuthenticationServiceImpl.java
incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/OpenIDAuthenticationServiceImpl.java
incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/AccessList.java
incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Permission.java
incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Role.java
incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/AccessManager.java
incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/SecurityServiceImpl.java
Modified: incubator/photark/trunk/photark-jcr/pom.xml
URL: http://svn.apache.org/viewvc/incubator/photark/trunk/photark-jcr/pom.xml?rev=959170&r1=959169&r2=959170&view=diff
==============================================================================
--- incubator/photark/trunk/photark-jcr/pom.xml (original)
+++ incubator/photark/trunk/photark-jcr/pom.xml Wed Jun 30 02:36:48 2010
@@ -29,17 +29,17 @@
<name>Apache PhotArk JCR based Implementation</name>
<dependencies>
- <dependency>
+ <dependency>
+ <groupId>org.apache.photark</groupId>
+ <artifactId>photark-security</artifactId>
+ <version>1.0-incubating-SNAPSHOT</version>
+ </dependency>
+ <dependency>
<groupId>org.apache.photark</groupId>
<artifactId>photark</artifactId>
<version>1.0-incubating-SNAPSHOT</version>
</dependency>
- <dependency>
- <groupId>org.apache.photark</groupId>
- <artifactId>photark-security</artifactId>
- <version>1.0-incubating-SNAPSHOT</version>
- </dependency>
-
+
<!-- Tuscany Dependencies -->
<dependency>
<groupId>org.apache.tuscany.sca</groupId>
Modified: incubator/photark/trunk/photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/JCRAccessManager.java
URL: http://svn.apache.org/viewvc/incubator/photark/trunk/photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/JCRAccessManager.java?rev=959170&r1=959169&r2=959170&view=diff
==============================================================================
--- incubator/photark/trunk/photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/JCRAccessManager.java (original)
+++ incubator/photark/trunk/photark-jcr/src/main/java/org/apache/photark/jcr/security/authorization/JCRAccessManager.java Wed Jun 30 02:36:48 2010
@@ -21,16 +21,15 @@ package org.apache.photark.jcr.security.
import org.apache.photark.jcr.JCRRepositoryManager;
import org.apache.photark.security.authorization.AccessList;
+import org.apache.photark.security.authorization.Permission;
import org.apache.photark.security.authorization.User;
import org.apache.photark.security.authorization.UserInfo;
import org.apache.photark.security.authorization.services.AccessManager;
import org.oasisopen.sca.annotation.*;
-import javax.jcr.LoginException;
-import javax.jcr.Node;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import java.util.ArrayList;
+import javax.jcr.*;
+import javax.jcr.Property;
+import java.util.*;
@Remotable
@Scope("COMPOSITE")
@@ -38,7 +37,7 @@ public class JCRAccessManager implements
/** JCR Repository Manager **/
private static JCRRepositoryManager repositoryManager;
- AccessList accessList;
+ //AccessList accessList;
public JCRAccessManager() {
@@ -46,49 +45,138 @@ public class JCRAccessManager implements
@Reference(name = "repositoryManager")
protected void setRepositoryManager(JCRRepositoryManager repositoryManager) {
- this.repositoryManager = repositoryManager;
+ JCRAccessManager.repositoryManager = repositoryManager;
}
@Init
- public void init() {
+ public synchronized void init() {
try {
Session session = repositoryManager.getSession();
Node root = session.getRootNode();
- if (!root.hasNode("userStore")) {
+ // List<Set<String>> mutuallyExclusiveList = new ArrayList<Set<String>>();
- Node userStore = root.addNode("userStore");
- Node roles = userStore.addNode("roles");
- Node allUsers = userStore.addNode("allUsers");
- Node registeredUserRole = roles.addNode("registeredUserRole");
- Node unRegisteredUserRole = roles
- .addNode("unRegisteredUserRole");
- session.save();
+ Set<String> Default = new HashSet<String>();
+ Default.add("superAdminRole");
+ Default.add("registeredUserRole");
+ Default.add("unRegisteredUserRole");
+ Default.add("blockedUserRole");
+
+ // mutuallyExclusiveList.add(Default);
+
+ if (!root.hasNode("userStore")) {
+
+ Node userStore = root.addNode("userStore");
+
+ Node mutuallyExclusiveRoles = userStore.addNode("mutuallyExclusiveRoles");
+ mutuallyExclusiveRoles.setProperty("_default", new String[]{"superAdminRole", "registeredUserRole", "unRegisteredUserRole", "blockedUserRole"}) ;
+
+ userStore.addNode("allUsers");
+
+ Node roles = userStore.addNode("roles");
+
+ Node blockedUserRole = roles.addNode("blockedUserRole");
+ blockedUserRole.addNode("users");
+ blockedUserRole.addNode("permissions");
+ blockedUserRole.setProperty("parents", new String[]{});
+
+ Node unRegisteredUserRole = roles.addNode("unRegisteredUserRole");
+ unRegisteredUserRole.addNode("users");
+ Node unRegisteredUserRolePermissions = unRegisteredUserRole.addNode("permissions");
+ unRegisteredUserRole.setProperty("parents", new String[]{"blockedUserRole"});
+
+ Node registeredUserRole = roles.addNode("registeredUserRole");
+ registeredUserRole.addNode("users");
+ Node registeredUserRolePermissions = registeredUserRole.addNode("permissions");
+ registeredUserRole.setProperty("parents", new String[]{"unRegisteredUserRole"});
+
+ Node superAdminRole = roles.addNode("superAdminRole");
+ Node superAdminRoleUsers = superAdminRole.addNode("users");
+ Node superAdminRolePermissions = superAdminRole.addNode("permissions");
+ superAdminRole.setProperty("parents", new String[]{"registeredUserRole"});
+
+ Node userNode= superAdminRoleUsers.addNode("SuperAdmin");
+ userNode.setProperty("displayName","SuperAdmin");
+ userNode.setProperty("email", "");
+ userNode.setProperty("realName", "");
+ userNode.setProperty("webSite", "");
+ userNode.setProperty("userId","SuperAdmin");
+
+
+ unRegisteredUserRolePermissions.addNode("boston").setProperty("permissions", new String[]{"viewImages"});
+ // unRegisteredUserRolePermissions.addNode("vegas").setProperty("permissions",new String[]{"view"});
+
+ //registeredUserRolePermissions.addNode("boston").setProperty("permissions", new String[]{"view"});
+ registeredUserRolePermissions.addNode("vegas").setProperty("permissions", new String[]{"viewImages"});
+
+// superAdminRolePermissions.addNode("boston").setProperty("permissions", new String[]{"viewImages", "addImages", "deleteImages", "deleteAlbum", "editAlbumDescription"});
+// superAdminRolePermissions.addNode("vegas").setProperty("permissions", new String[]{"viewImages", "addImages", "deleteImages", "deleteAlbum", "editAlbumDescription"});
+
+ registeredUserRolePermissions.setProperty("permissions", new String[]{"createAlbum", "deleteOwnAlbum"
+ , "createGroupRole", "deleteOwnGroupRole", "manageOwnGroupRole"
+ , "viewImagesOnOwnAlbum", "addOwnImagesToOwnAlbum", "deleteImagesFromOwnAlbum", "editOwnAlbumDescription"});
+
+ superAdminRolePermissions.setProperty("permissions", new String[]{"createAlbum", "deleteOwnAlbum", "deleteOtherAlbum"
+ , "createGroupRole", "deleteOwnGroupRole", "deleteOthersGroupRole", "manageOwnGroupRole", "manageOthersGroupRole", "manageMainRoles"
+ , "viewImagesOnOwnAlbum", "addOwnImagesToOwnAlbum", "deleteImagesFromOwnAlbum", "editOwnAlbumDescription"
+ , "viewImagesOnOthersAlbum", "addOwnImagesToOthersAlbum", "deleteImagesFromOthersAlbum", "editOthersAlbumDescription"});
+
+ Node allPermissions = userStore.addNode("allPermissions");
+
+ allPermissions.addNode("createAlbum").setProperty("desc", "Allow the users to crete a new Albums");
+
+ allPermissions.addNode("deleteOwnAlbum").setProperty("desc", "Allow the users to delete the Albums they own");
+ allPermissions.addNode("deleteOtherAlbum").setProperty("desc", "Allow the users to delete the Albums they dont own");
+
+ allPermissions.addNode("createGroupRole").setProperty("desc", "Allow the users to create Groups");
+ allPermissions.addNode("deleteOwnGroupRole").setProperty("desc", "Allow the users to delete the Groups they own");
+ allPermissions.addNode("deleteOthersGroupRole").setProperty("desc", "Allow the users to delete the Groups they dont own");
+ allPermissions.addNode("manageOwnGroupRole").setProperty("desc", "Allow the users to change the users and permissions of the Groups they own");
+ allPermissions.addNode("manageOthersGroupRole").setProperty("desc", "Allow the users to change the users and permissions of the Groups they dont own");
+
+ allPermissions.addNode("manageMainRoles").setProperty("desc", "Allow the users to change the users and permissions of the Main roles (superAdminRole, registeredUserRole, unRegisteredUserRole, blockedUserRole)");
+
+ allPermissions.addNode("viewImagesOnOwnAlbum").setProperty("desc", "Allow the users to view their album images");
+ allPermissions.addNode("addOwnImagesToOwnAlbum").setProperty("desc", "Allow the users to add new images to their album");
+ allPermissions.addNode("deleteImagesFromOwnAlbum").setProperty("desc", "Allow the users to delete images from their album");
+ allPermissions.addNode("editOwnAlbumDescription").setProperty("desc", "Allow the users to edit their Album description");
+
+ allPermissions.addNode("viewImagesOnOthersAlbum").setProperty("desc", "Allow the users to view Others album images");
+ allPermissions.addNode("addOwnImagesToOthersAlbum").setProperty("desc", "Allow the users to add new images to Others album");
+ allPermissions.addNode("deleteImagesFromOthersAlbum").setProperty("desc", "Allow the users to delete images from Others album");
+ allPermissions.addNode("editOthersAlbumDescription").setProperty("desc", "Allow the users to edit Others Album description");
+
+ //per Album permissions
+ allPermissions.addNode("viewImages").setProperty("desc", "Allow the users to view the album images");
+ allPermissions.addNode("addImages").setProperty("desc", "Allow the users to add new images to the album");
+ allPermissions.addNode("deleteImages").setProperty("desc", "Allow the users to delete images from the album");
+ allPermissions.addNode("editAlbumDescription").setProperty("desc", "Allow the users to edit Album description");
+
+ session.save();
}
} catch (Exception e) {
// FIXME: ignore for now
e.printStackTrace();
- } finally {
- // repositoryManager.releaseSession();
}
- }
+ }
- public synchronized void addUserToRole(User user, String node) {
+ public synchronized void addUserToRole(User user, String roleName) {
init();
try {
Session session = repositoryManager.getSession();
- Node subRoleNode = (Node) session.getItem("/userStore/roles/"
- + node);
+ deleteMutuallyExclusiveRoles(user.getUserId(), roleName);
+
+ Node subRoleNodeUsers = (Node) session.getItem("/userStore/roles/" + roleName+"/users");
Node userNode;
UserInfo userInfo = user.getUserInfo();
- if (subRoleNode != null) {
- if (subRoleNode.hasNode(toJCRFormat(user.getUserId()))) {
- userNode = subRoleNode
+ if (subRoleNodeUsers != null) {
+ if (subRoleNodeUsers.hasNode(toJCRFormat(user.getUserId()))) {
+ userNode = subRoleNodeUsers
.getNode(toJCRFormat(user.getUserId()));
} else {
- userNode = subRoleNode
+ userNode = subRoleNodeUsers
.addNode(toJCRFormat(user.getUserId()));
}
userNode.setProperty("displayName", toJCRFormat(userInfo
@@ -100,36 +188,75 @@ public class JCRAccessManager implements
.getWebsite()));
userNode.setProperty("userId", toJCRFormat(user.getUserId()));
}
+ session.save();
+ addToAllUsers(user);
- Node allUsers = (Node) session.getItem("/userStore/allUsers");
- if (allUsers != null) {
-
- if (allUsers.hasNode(toJCRFormat(user.getUserId()))) {
- userNode = allUsers.getNode(toJCRFormat(user.getUserId()));
- } else {
- userNode = allUsers.addNode(toJCRFormat(user.getUserId()));
- }
- userNode.setProperty("displayName", toJCRFormat(userInfo
- .getDisplayName()));
- userNode.setProperty("email", toJCRFormat(userInfo.getEmail()));
- userNode.setProperty("realName", toJCRFormat(userInfo
- .getRealName()));
- userNode.setProperty("webSite", toJCRFormat(userInfo
- .getWebsite()));
- userNode.setProperty("userId", toJCRFormat(user.getUserId()));
- }
- session.save();
} catch (Exception e) {
// FIXME: ignore for now
e.printStackTrace();
- } finally {
- // repositoryManager.releaseSession();
-
}
- }
+ }
- public synchronized User getUser(String userId) {
+ private synchronized void addToAllUsers(User user) throws RepositoryException {
+ Session session =repositoryManager.getSession();
+ UserInfo userInfo =user.getUserInfo() ;
+ Node userNode;
+ Node allUsers = (Node) session.getItem("/userStore/allUsers");
+ if (allUsers != null) {
+
+ if (allUsers.hasNode(toJCRFormat(user.getUserId()))) {
+ userNode = allUsers.getNode(toJCRFormat(user.getUserId()));
+ } else {
+ userNode = allUsers.addNode(toJCRFormat(user.getUserId()));
+ }
+ userNode.setProperty("displayName", toJCRFormat(userInfo
+ .getDisplayName()));
+ userNode.setProperty("email", toJCRFormat(userInfo.getEmail()));
+ userNode.setProperty("realName", toJCRFormat(userInfo
+ .getRealName()));
+ userNode.setProperty("webSite", toJCRFormat(userInfo
+ .getWebsite()));
+ userNode.setProperty("userId", toJCRFormat(user.getUserId()));
+ }
+ session.save();
+ }
+
+ private synchronized void deleteMutuallyExclusiveRoles(String userId, String roleName) {
+
+
+ try {
+ Session session = repositoryManager.getSession();
+ Node allMutuallyExclusiveRoles = (Node) session.getItem("/userStore/mutuallyExclusiveRoles");
+ for (PropertyIterator pi = allMutuallyExclusiveRoles.getProperties(); pi.hasNext();) {
+ Property p = pi.nextProperty();
+
+ if (!p.getName().equals("jcr:primaryType")) {
+ ArrayList<String> list =new ArrayList<String>();
+ for(Value v :p.getValues()){
+ list.add(v.getString());
+ }
+
+ if (list.contains(roleName)) {
+ for (Object aList : list) {
+ String role = (String) aList;
+ if (!role.equals(roleName)) {
+ removeUserFromRole(userId, role);
+ }
+ }
+ }
+ }
+
+
+ }
+ session.save();
+ } catch (PathNotFoundException e) {
+ e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
+ } catch (RepositoryException e) {
+ e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
+ }
+ }
+ public synchronized User getUser(String userId) {
init();
User user = null;
try {
@@ -142,10 +269,7 @@ public class JCRAccessManager implements
// //
Node allUsers = (Node) session.getItem("/userStore/allUsers");
Node userNode;
-
- if (allUsers != null) {
-
- if (allUsers.hasNode(toJCRFormat(userId))) {
+ if (allUsers != null&& allUsers.hasNode(toJCRFormat(userId))) {
userNode = allUsers.getNode(toJCRFormat(userId));
user = new User(userId);
UserInfo userInfo = new UserInfo(
@@ -156,15 +280,11 @@ public class JCRAccessManager implements
);
user.setUserInfo(userInfo);
}
- }
-
} catch (Exception e) {
// FIXME: ignore for now
e.printStackTrace();
- } finally {
- // repositoryManager.releaseSession();
}
- return user;
+ return user;
}
@Destroy
@@ -172,44 +292,188 @@ public class JCRAccessManager implements
// repositoryManager.releaseSession();
}
- public String getCurrentUserInfo() {
-
- return "Works";
- }
-
- public boolean isUserStoredInRole(String userId, String node) {
+ public synchronized boolean isUserStoredInRole(String userId, String roleName) {
init();
try {
Session session = repositoryManager.getSession();
- Node subRoleNode = (Node) session.getItem("/userStore/roles/"
- + node);
- if (subRoleNode != null && subRoleNode.hasNode(toJCRFormat(userId))) {
+ Node subRoleNodeUsers = (Node) session.getItem("/userStore/roles/"
+ + roleName+"/users");
+ if (subRoleNodeUsers != null && subRoleNodeUsers.hasNode(toJCRFormat(userId))) {
return true;
}
} catch (Exception e) {
// FIXME: ignore for now
e.printStackTrace();
- } finally {
- // repositoryManager.releaseSession();
}
- return false;
+ return false;
}
- public synchronized AccessList creatAccessList(String userId, String email) {
+ public synchronized AccessList createAccessList(String userId, String email) {
+ boolean newUser = true;
+ User user = new User(userId);
+ user.setUserInfo(new UserInfo(email));
+ Session session = null;
+ try {
+ session = repositoryManager.getSession();
+ for (Value mutuallyExclusiveRole : ((Node) session.getItem("/userStore/mutuallyExclusiveRoles")).getProperty("_default").getValues()) {
+ if ((!"unRegisteredUserRole".equals(mutuallyExclusiveRole.getString())) && (isUserStoredInRole(userId, mutuallyExclusiveRole.getString()))) {
+ newUser = false;
+ break;
+ }
+ }
+ if (newUser) {
+
+ addUserToRole(user, "unRegisteredUserRole");
+
+ }
+
+ } catch (RepositoryException e) {
+ e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
+ }
+
+ Map<String, List<Permission>> permissions= getPermissions(userId);
+// AccessList accessList = new AccessList(userId, permissions);
+// //this.accessList = accessList;
+// return accessList;
+
+ return new AccessList(userId, permissions);
+ }
+
+ private synchronized Map<String, List<Permission>> getPermissions(String userId) {
+
+ List<String> list = new ArrayList<String>();
+ try {
+ Session session = repositoryManager.getSession();
+ Node RolesNode = (Node) session.getItem("/userStore/roles");
+
+ for (NodeIterator ni = RolesNode.getNodes(); ni.hasNext();) {
+ Node n = ni.nextNode();
+ if (isUserStoredInRole(userId, n.getName())) {
+ list.add(n.getName());
+ }
+ }
+ return getPermissionsForUserInRoles(list);
+
+ } catch (LoginException e) {
+ e.printStackTrace();
+ } catch (PathNotFoundException e) {
+ e.printStackTrace();
+ } catch (RepositoryException e) {
+ e.printStackTrace();
+ }
+ return getPermissionsForUserInRoles(list);
+ }
+
+ private synchronized Map<String, List<Permission>> getPermissionsForUserInRoles(List<String> roles) {
+ Map<String, List<Permission>> permissions = new HashMap<String, List<Permission>>();
+ List<String> addedRoles = new ArrayList<String>();
+ Session session;
+ try {
+ session = repositoryManager.getSession();
+ for (int i=0 ; i<roles.size();i++ ) {
+ // for (String role : roles) {
+ String role=roles.get(i);
+ if (!addedRoles.contains(role)) {
+ Node aRolePermissions = (Node) session.getItem("/userStore/roles/" + role + "/permissions");
+ Node aRole = (Node) session.getItem("/userStore/roles/" + role);
+ //get the role based permissions
+ if (aRolePermissions.hasProperty("permissions")) {
+ if (!permissions.containsKey("_default")) {
+ // Value[] permissionValues = aRolePermissions.getProperty("permissions").getValues();
+ Set<Permission> permissionSet = new HashSet<Permission>();
+ for (Value permissionValue : aRolePermissions.getProperty("permissions").getValues()) {
+ permissionSet.add(getPermissionObject(permissionValue.getString()));
+ }
+ permissions.put("_default", new ArrayList<Permission>(permissionSet));
+ } else {
+ Set<Permission> permissionSet = new HashSet<Permission>();
+ for (Value permissionValue : aRolePermissions.getProperty("permissions").getValues()) {
+ permissionSet.add(getPermissionObject(permissionValue.getString()));
+ }
+ permissionSet.addAll(permissions.get("_default"));
+ permissions.remove("_default");
+ permissions.put("_default", new ArrayList<Permission>(permissionSet));
+
+ }
+ }
+ //get the resource based permissions
+ for (NodeIterator ni = aRolePermissions.getNodes(); ni.hasNext();) {
+ Node n = ni.nextNode();
+ // for (PropertyIterator pi = n.getProperties(); pi.hasNext();) {
+ Property p = n.getProperty("permissions");
+ // if (p.getName().startsWith("_")) {
+ if (!permissions.containsKey(n.getName())) {
+ Set<Permission> permissionSet = new HashSet<Permission>();
+
+ for (Value permissionValue : p.getValues()) {
+ permissionSet.add(getPermissionObject(permissionValue.getString()));
+ }
+ permissions.put(n.getName(), new ArrayList<Permission>(permissionSet));
+ // permissions.put(p.getName(), new HashSet<Value>(Arrays.asList(p.getValues())));
+ } else {
+ Set<Permission> permissionSet = new HashSet<Permission>();
+ for (Value permissionValue : p.getValues()) {
+ permissionSet.add(getPermissionObject(permissionValue.getString()));
+ }
+ permissionSet.addAll(permissions.get(n.getName()));
+ permissions.remove(n.getName());
+ permissions.put(n.getName(), new ArrayList<Permission>(permissionSet));
+ // permissions.get(p.getName()).addAll(Arrays.asList(p.getValues()));
+ }
+// }
+// }
+ }
+
+
+
+ addedRoles.add(aRole.getName());
+ if (aRole.hasProperty("parents")) {
+ Value[] values = aRole.getProperty("parents").getValues();
+ for (Value value : values) {
+ if (!addedRoles.contains(value.getString())) {
+ roles.add(value.getString());
+ }
+
+ }
+
+ }
+ }
+ }
+
+
+
+ } catch (LoginException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (RepositoryException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ return permissions;
+ }
+
+ private synchronized Permission getPermissionObject(String permissionName) {
+ Session session;
+ try {
+ session = repositoryManager.getSession();
+ Node allPermissions = (Node) session.getItem("/userStore/allPermissions");
+ if (allPermissions.hasNode(permissionName)) {
+ return new Permission(allPermissions.getNode(permissionName).getName(), allPermissions.getNode(permissionName).getProperty("desc").getString());
+ }
+ } catch (ValueFormatException e) {
+ e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
+ } catch (LoginException e) {
+ e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
+ } catch (PathNotFoundException e) {
+ e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
+ } catch (RepositoryException e) {
+ e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
+ }
+ return null; //To change body of created methods use File | Settings | File Templates.
+ }
- User user = new User(userId);
- user.setUserInfo(new UserInfo(email));
- if (!isUserStoredInRole(userId, "registeredUserRole")) {
- if (!isUserStoredInRole(userId, "unRegisteredUserRole")) {
- addUserToRole(user, "unRegisteredUserRole");
- }
- }
- AccessList accessList = new AccessList(userId, new ArrayList<String>());
- this.accessList = accessList;
- return accessList;
- }
-
- private String toJCRFormat(String string) {
+ private String toJCRFormat(String string) {
if (string != null) {
string = string.replaceAll("/", "#1");
string = string.replaceAll(":", "#2");
@@ -231,16 +495,16 @@ public class JCRAccessManager implements
Session session;
try {
session = repositoryManager.getSession();
- Node subRoleNode = (Node) session.getItem("/userStore/roles/"
- + node);
-
- if (subRoleNode != null) {
- if (subRoleNode.hasNode(toJCRFormat(userId))) {
- Node userNode = subRoleNode
+ Node subRoleNodeUsers = (Node) session.getItem("/userStore/roles/"
+ + node+"/users");
+
+ if (subRoleNodeUsers != null) {
+ if (subRoleNodeUsers.hasNode(toJCRFormat(userId))) {
+ Node userNode = subRoleNodeUsers
.getNode(toJCRFormat(userId));
userNode.remove();
session.save();
- }
+ }
}
} catch (LoginException e) {
// TODO Auto-generated catch block
Modified: incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/FormAuthenticationServiceImpl.java
URL: http://svn.apache.org/viewvc/incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/FormAuthenticationServiceImpl.java?rev=959170&r1=959169&r2=959170&view=diff
==============================================================================
--- incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/FormAuthenticationServiceImpl.java (original)
+++ incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/FormAuthenticationServiceImpl.java Wed Jun 30 02:36:48 2010
@@ -72,8 +72,8 @@ public class FormAuthenticationServiceIm
RelyingParty.getInstance().invalidate(request, response);
//Creating the accessList
- AccessList accesList=accessManager.creatAccessList("SuperAdmin","");
- request.getSession().setAttribute("accessList", accesList);
+ AccessList accessList=accessManager.createAccessList("SuperAdmin","");
+ request.getSession().setAttribute("accessList", accessList);
System.err.println("Super Admin authenticated");
response.sendRedirect(request.getContextPath() + "/admin/upload.html");
Modified: incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/OpenIDAuthenticationServiceImpl.java
URL: http://svn.apache.org/viewvc/incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/OpenIDAuthenticationServiceImpl.java?rev=959170&r1=959169&r2=959170&view=diff
==============================================================================
--- incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/OpenIDAuthenticationServiceImpl.java (original)
+++ incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authentication/services/OpenIDAuthenticationServiceImpl.java Wed Jun 30 02:36:48 2010
@@ -105,9 +105,9 @@ public class OpenIDAuthenticationService
if (email==null){
email="";
}
- AccessList accesList=accessManager.creatAccessList(user.getIdentity(),email);
- request.getSession().setAttribute("accessList", accesList);
- if(!accessManager.isUserStoredInRole(accesList.getUserId(), "registeredUserRole")){
+ AccessList accessList=accessManager.createAccessList(user.getIdentity(),email);
+ request.getSession().setAttribute("accessList", accessList);
+ if(!accessManager.isUserStoredInRole(accessList.getUserId(), "registeredUserRole")){
request.getSession().setAttribute("toRigester", "true");
}
Modified: incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/AccessList.java
URL: http://svn.apache.org/viewvc/incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/AccessList.java?rev=959170&r1=959169&r2=959170&view=diff
==============================================================================
--- incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/AccessList.java (original)
+++ incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/AccessList.java Wed Jun 30 02:36:48 2010
@@ -20,11 +20,7 @@
package org.apache.photark.security.authorization;
import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.oasisopen.sca.annotation.Remotable;
+import java.util.*;
/**
@@ -40,7 +36,7 @@ public class AccessList implements Seria
/** */
private String userId="";
/** */
- private List<String> permissions= new ArrayList<String>();
+ private Map<String, List<Permission>> permissions= new HashMap<String, List<Permission>>();
/**
@@ -49,8 +45,8 @@ public class AccessList implements Seria
*
* @param permissions List<String>
*/
- public AccessList(String userId, List<String> permissions){
- //TODO this.permissions = Collections.unmodifiableList(permissions);
+ public AccessList(String userId, Map<String, List<Permission>> permissions){
+ this.permissions = Collections.unmodifiableMap(permissions);
this.userId = userId;
}
@@ -62,7 +58,7 @@ public class AccessList implements Seria
*
* @return List<String>
*/
- public List<String> getPermissions(){
+ public Map<String, List<Permission>> getPermissions(){
return permissions;
}
@@ -84,11 +80,9 @@ public class AccessList implements Seria
return false;
AccessList accessList = (AccessList)obj;
- if(accessList.userId.equals(userId) && isPermissionsEqual(accessList.permissions))
- return true;
-
- return false;
- }
+ return accessList.userId.equals(userId) && isPermissionsEqual(accessList.permissions);
+
+ }
/**
@@ -96,32 +90,38 @@ public class AccessList implements Seria
* @param permissionList List<String>
*
* @return boolean
- */
- private boolean isPermissionsEqual(List<String> permissionList){
- if(permissionList != null && permissions != null){
- if(permissionList.size() == permissions.size()){
- for(String permission : permissionList){
- if(!permissions.contains(permission))
- return false;
- }
- return true;
- }
- else
- return false;
- }
- return false;
- }
+ */
+ private boolean isPermissionsEqual(Map<String, List<Permission>> permissionList) {
+ if (permissionList != null && permissions != null) {
+ if (permissionList.size() == permissions.size()) {
+ for (String permission : permissionList.keySet()) {
+ if (!permissions.keySet().contains(permission))
+ return false;
+ for (Permission aPermission : permissionList.get(permission)) {
+ if (permissions.get(permission).contains(aPermission))
+ return false;
+ }
+ }
+ return true;
+ } else
+ return false;
+ }
+ return false;
+ }
/**
*
*/
- public int hashCode(){
- int hash = 1;
- hash = hash * 7 + userId == null ? 0 : userId.hashCode();
- for(String permission : permissions){
- hash = hash * 7 + (permission == null ? 0 : permission.hashCode());
- }
- return hash;
- }
+ public int hashCode() {
+ int hash = 1;
+ hash = hash * 7 + (userId.equals("") ? 0 : userId.hashCode());
+ for (String permission : permissions.keySet()) {
+ hash = hash * 7 + (permission == null ? 0 : permission.hashCode());
+ for (Permission aPermission : permissions.get(permission)) {
+ hash = hash * 7 + (aPermission == null ? 0 : aPermission.hashCode());
+ }
+ }
+ return hash;
+ }
}
\ No newline at end of file
Modified: incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Permission.java
URL: http://svn.apache.org/viewvc/incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Permission.java?rev=959170&r1=959169&r2=959170&view=diff
==============================================================================
--- incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Permission.java (original)
+++ incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Permission.java Wed Jun 30 02:36:48 2010
@@ -31,6 +31,11 @@ public class Permission implements Seria
private static final long serialVersionUID = 115956810128294635L;
public String permission;
private String desc;
+
+ public Permission(String permission,String description){
+ this.permission = permission;
+ this.desc = description;
+ }
/**
*
Modified: incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Role.java
URL: http://svn.apache.org/viewvc/incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Role.java?rev=959170&r1=959169&r2=959170&view=diff
==============================================================================
--- incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Role.java (original)
+++ incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/Role.java Wed Jun 30 02:36:48 2010
@@ -27,35 +27,46 @@ import java.util.List;
* Model representing a Role
*/
public class Role implements Serializable {
- /**
- *
- */
- private static final long serialVersionUID = -7560129536060718311L;
- public String roleName;
- public List<Permission> permissions = new ArrayList<Permission>();
-
- /**
- *
- * @param roleName String
- */
- public Role(String roleName){
- this.roleName = roleName;
- }
-
- /**
- *
- * @param permission Permission
- */
- public void setPermission(Permission permission){
- this.permissions.add(permission);
- }
-
-
- /**
- *
- * @return List<Permission>
- */
- public List<Permission> getPermissions(){
- return permissions;
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7560129536060718311L;
+ private String roleName;
+ private List<Permission> permissions = new ArrayList<Permission>();
+ private List<Role> parents = new ArrayList<Role>();
+
+
+ public String getRoleName() {
+ return roleName;
+ }
+
+ public List<Role> getParents() {
+ return parents;
+ }
+
+ public void setParent(Role parent) {
+ this.parents.add(parent);
+ }
+
+ /**
+ * @param roleName String
+ */
+ public Role(String roleName) {
+ this.roleName = roleName;
+ }
+
+ /**
+ * @param permission Permission
+ */
+ public void setPermission(Permission permission) {
+ this.permissions.add(permission);
+ }
+
+
+ /**
+ * @return List<Permission>
+ */
+ public List<Permission> getPermissions() {
+ return permissions;
}
}
Modified: incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/AccessManager.java
URL: http://svn.apache.org/viewvc/incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/AccessManager.java?rev=959170&r1=959169&r2=959170&view=diff
==============================================================================
--- incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/AccessManager.java (original)
+++ incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/AccessManager.java Wed Jun 30 02:36:48 2010
@@ -26,11 +26,14 @@ import org.oasisopen.sca.annotation.Remo
@Remotable
public interface AccessManager {
- AccessList creatAccessList(String identity, String email);
-
- boolean isUserStoredInRole(String userId, String node);
- User getUser(String userId);
- void removeUserFromRole(String userId, String node);
- void addUserToRole(User user, String node);
-
+ AccessList createAccessList(String identity, String email);
+
+ boolean isUserStoredInRole(String userId, String node);
+
+ User getUser(String userId);
+
+ void removeUserFromRole(String userId, String node);
+
+ void addUserToRole(User user, String node);
+
}
Modified: incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/SecurityServiceImpl.java
URL: http://svn.apache.org/viewvc/incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/SecurityServiceImpl.java?rev=959170&r1=959169&r2=959170&view=diff
==============================================================================
--- incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/SecurityServiceImpl.java (original)
+++ incubator/photark/trunk/photark-security/src/main/java/org/apache/photark/security/authorization/services/SecurityServiceImpl.java Wed Jun 30 02:36:48 2010
@@ -99,6 +99,9 @@ public class SecurityServiceImpl extends
//sb.append(",unRegistered=false");
}
send(out, sb);
+ accessList=accessManager.createAccessList(userId,request.getParameter("email"));
+ request.getSession().removeAttribute("accessList");
+ request.getSession().setAttribute("accessList", accessList);
} else if ("getUser".equalsIgnoreCase(request.getParameter("request"))) {
sb.append("{" + createJSONUser(request) + "}");
send(out, sb);