You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2007/12/17 15:11:56 UTC
svn commit: r604875 [1/2] - in /lenya/branches/branch_1_2_x_shibboleth/src:
java/org/apache/lenya/ac/ java/org/apache/lenya/ac/file/
java/org/apache/lenya/ac/impl/ java/org/apache/lenya/ac/impl/antlr/
java/org/apache/lenya/ac/impl/jexl/ java/org/apache...
Author: andreas
Date: Mon Dec 17 06:11:52 2007
New Revision: 604875
URL: http://svn.apache.org/viewvc?rev=604875&view=rev
Log:
Decouple user management from session. The accreditables are now only referenced by the session and not stored in the session itself. This allows to restore the session by the servlet container, and it allows to transfer a session from one access controller to another (i.e., from one publication to another).
Added:
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeOwner.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/ManagedUser.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/UserReference.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUserReference.java
Modified:
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Accreditable.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeRuleEvaluator.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Group.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Groupable.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identifiable.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identity.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Item.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Machine.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/User.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/World.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FileItemManager.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FilePolicyManager.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroup.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroupable.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractUser.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AnonymousAuthenticator.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultPolicy.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyBuilder.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUser.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/UserAuthenticator.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/antlr/AntlrEvaluator.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/jexl/JexlEvaluator.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/shibboleth/ShibbolethAuthenticator.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/ac/cocoon/PolicyHelper.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/ForceCheckInAction.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/XopusHandlerAction.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/components/modules/input/AccessControlModule.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/flow/FlowHelper.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/task/CocoonTaskWrapper.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/task/WorkflowInvoker.java
lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/workflow/WorkflowFactory.java
lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/file/FileUserTest.java
lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/AccessControlTest.java
lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/IdentityTest.java
lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/PolicyTest.java
lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/UserManagerTest.java
lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/cms/workflow/WorkflowTest.java
lenya/branches/branch_1_2_x_shibboleth/src/webapp/lenya/content/admin/users/overview.xsp
lenya/branches/branch_1_2_x_shibboleth/src/webapp/lenya/content/admin/users/users.xsp
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Accreditable.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Accreditable.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Accreditable.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Accreditable.java Mon Dec 17 06:11:52 2007
@@ -26,12 +26,6 @@
* using a {@link org.apache.lenya.ac.impl.Credential}.
*/
public interface Accreditable {
- /**
- * Returns the set of accreditables of this accreditable.
- * The set contains the accreditable itself and all collections it belongs to.
- * @return An array of accreditables.
- */
- Accreditable[] getAccreditables();
/**
* @return The name of this accreditable.
Added: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeOwner.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeOwner.java?rev=604875&view=auto
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeOwner.java (added)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeOwner.java Mon Dec 17 06:11:52 2007
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac;
+
+/**
+ * Attribute owner.
+ */
+public interface AttributeOwner {
+
+ /**
+ * @return The names of all possible attributes.
+ */
+ String[] getAttributeNames();
+
+ /**
+ * @param name The attribute name.
+ * @return The attribute values or <code>null</code> if no value is
+ * available for the attribute.
+ * @throws AccessControlException if the attribute is not supported.
+ */
+ String[] getAttributeValues(String name) throws AccessControlException;
+
+}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeRuleEvaluator.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeRuleEvaluator.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeRuleEvaluator.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/AttributeRuleEvaluator.java Mon Dec 17 06:11:52 2007
@@ -29,7 +29,7 @@
* @param rule The rule.
* @return if the rule is complied.
*/
- public boolean isComplied(User user, String rule);
+ public boolean isComplied(AttributeOwner user, String rule);
/**
* @param rule The rule to validate.
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Group.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Group.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Group.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Group.java Mon Dec 17 06:11:52 2007
@@ -22,7 +22,7 @@
* A group.
* @version $Id: Group.java 473841 2006-11-12 00:46:38Z gregor $
*/
-public interface Group extends Identifiable, Item {
+public interface Group extends Accreditable, Item {
/**
* Returns the members of this group.
@@ -81,6 +81,6 @@
* @param user The user.
* @return if the group's rule matches this user.
*/
- boolean matches(User user);
+ boolean matches(AttributeOwner user);
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Groupable.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Groupable.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Groupable.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Groupable.java Mon Dec 17 06:11:52 2007
@@ -38,7 +38,7 @@
/**
* Returns all groups that contain this Groupable.
- * @return A {@link Group} array.
+ * @return An array of {@link Group}s.
*/
Group[] getGroups();
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identifiable.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identifiable.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identifiable.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identifiable.java Mon Dec 17 06:11:52 2007
@@ -20,8 +20,13 @@
package org.apache.lenya.ac;
+import java.io.Serializable;
+
/**
- * A marker interface to mark an {@link Accreditable} as identifiable.
+ * An identifiable object which can be put into the session.
*/
-public interface Identifiable extends Accreditable {
+public interface Identifiable extends Serializable {
+
+ Accreditable[] getAccreditables(AccreditableManager manager);
+
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identity.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identity.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identity.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Identity.java Mon Dec 17 06:11:52 2007
@@ -25,7 +25,6 @@
import java.util.Set;
import org.apache.cocoon.environment.Session;
-import org.apache.lenya.ac.impl.TransientUser;
import org.apache.log4j.Logger;
/**
@@ -91,15 +90,15 @@
}
/**
- * @see Accreditable#getAccreditables()
+ * @return all accreditables which belong to this identity.
*/
- public Accreditable[] getAccreditables() {
+ public Accreditable[] getAccreditables(AccreditableManager manager) {
Set accreditables = new HashSet();
Identifiable[] identifiables = getIdentifiables();
for (int i = 0; i < identifiables.length; i++) {
- Accreditable[] groupAccreditables = identifiables[i].getAccreditables();
- accreditables.addAll(Arrays.asList(groupAccreditables));
+ Accreditable[] accrs = identifiables[i].getAccreditables(manager);
+ accreditables.addAll(Arrays.asList(accrs));
}
return (Accreditable[]) accreditables.toArray(new Accreditable[accreditables.size()]);
@@ -109,48 +108,26 @@
* @see java.lang.Object#toString()
*/
public String toString() {
- Accreditable[] accreditables = getAccreditables();
+ Identifiable[] identifiables = getIdentifiables();
StringBuffer buf = new StringBuffer("[identity:");
- for (int i = 0; i < accreditables.length; i++) {
- buf.append(" ").append(accreditables[i]);
+ for (int i = 0; i < identifiables.length; i++) {
+ buf.append(" ").append(identifiables[i]);
}
buf.append("]");
return buf.toString();
}
/**
- * Checks if this identity belongs to a certain accreditable manager.
- * @param manager The accreditable manager to check for.
- * @return A boolean value.
- *
- * @throws AccessControlException if an error occurs
- */
- public boolean belongsTo(AccreditableManager manager) throws AccessControlException {
- User user = getUser();
- if (user == null) {
- return true;
- }
- else if (user instanceof TransientUser) {
- return true;
- }
- else {
- String thisId = user.getItemManager().getId();
- String otherId = manager.getUserManager().getId();
- return thisId.equals(otherId);
- }
- }
-
- /**
* Returns the user of this identity.
* @return A user.
*/
- public User getUser() {
- User user = null;
+ public UserReference getUserReference() {
+ UserReference user = null;
Identifiable[] identifiables = getIdentifiables();
int i = 0;
while (user == null && i < identifiables.length) {
- if (identifiables[i] instanceof User) {
- user = (User) identifiables[i];
+ if (identifiables[i] instanceof UserReference) {
+ user = (UserReference) identifiables[i];
}
i++;
}
@@ -201,9 +178,5 @@
assert identifiables.contains(identifiable);
identifiables.remove(identifiable);
}
-
- public String getName() {
- return null;
- }
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Item.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Item.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Item.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Item.java Mon Dec 17 06:11:52 2007
@@ -74,14 +74,4 @@
*/
void configure(Configuration configuration) throws ConfigurationException;
- /**
- * @param manager The manager which manages this item.
- */
- void setItemManager(ItemManager manager);
-
- /**
- * @return The manager which manages this item.
- */
- ItemManager getItemManager();
-
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Machine.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Machine.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Machine.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/Machine.java Mon Dec 17 06:11:52 2007
@@ -18,17 +18,16 @@
package org.apache.lenya.ac;
-import java.io.Serializable;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
/**
* A machine (representing an IP address).
* @version $Id: Machine.java 473841 2006-11-12 00:46:38Z gregor $
*/
-public class Machine implements Identifiable, Serializable {
+public class Machine implements Identifiable {
/**
* Creates a new machine object. This method accepts
@@ -75,17 +74,13 @@
return getAddress().hashCode();
}
- /**
- * @see org.apache.lenya.ac.Accreditable#getAccreditables()
- */
- public Accreditable[] getAccreditables() {
- Accreditable[] ranges = getIPRanges();
- Accreditable[] accreditables = new Accreditable[ranges.length + 1];
- accreditables[0] = this;
+ public Accreditable[] getAccreditables(AccreditableManager manager) {
+ IPRange[] ranges = getIpRanges(manager);
+ Set accrs = new HashSet();
for (int i = 0; i < ranges.length; i++) {
- accreditables[i+1] = ranges[i];
+ accrs.add(ranges[i]);
}
- return accreditables;
+ return (Accreditable[]) accrs.toArray(new Accreditable[accrs.size()]);
}
/**
@@ -97,7 +92,7 @@
}
/**
- * Converts a string to an IP addres.
+ * Converts a string to an IP address.
* @param string The IP address, represented by a string.
* @return An InetAddress object.
* @throws AccessControlException when something went wrong.
@@ -151,38 +146,26 @@
public void setAddress(InetAddress address) {
this.address = address;
}
-
- private transient List ipRanges;
-
- protected List ipRanges() {
- if (this.ipRanges == null) {
- this.ipRanges = new ArrayList();
- }
- return this.ipRanges;
- }
-
- /**
- * Adds an IP range to this machine.
- * @param range An IP range this machine belongs to.
- */
- public void addIPRange(IPRange range) {
- assert range != null;
- List ipRanges = ipRanges();
- assert !ipRanges.contains(range);
- ipRanges.add(range);
- }
/**
* Returns the IP ranges this machine belongs to.
+ * @param manager The accreditable manager to obtain the IP ranges from.
* @return An array of IP ranges.
*/
- public IPRange[] getIPRanges() {
- List ipRanges = ipRanges();
- return (IPRange[]) ipRanges.toArray(new IPRange[ipRanges.size()]);
+ public IPRange[] getIpRanges(AccreditableManager manager) {
+ Set ranges = new HashSet();
+ try {
+ IPRange[] allRanges = manager.getIPRangeManager().getIPRanges();
+ for (int i = 0; i < allRanges.length; i++) {
+ if (allRanges[i].contains(this)) {
+ ranges.add(allRanges[i]);
+ }
+ }
+ } catch (AccessControlException e) {
+ throw new RuntimeException(e);
+ }
+
+ return (IPRange[]) ranges.toArray(new IPRange[ranges.size()]);
}
- public String getName() {
- return getIp();
- }
-
}
Added: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/ManagedUser.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/ManagedUser.java?rev=604875&view=auto
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/ManagedUser.java (added)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/ManagedUser.java Mon Dec 17 06:11:52 2007
@@ -0,0 +1,34 @@
+package org.apache.lenya.ac;
+
+public interface ManagedUser extends User, Accreditable {
+
+ /**
+ * Delete a user
+ *
+ * @throws AccessControlException if the delete failed
+ */
+ void delete() throws AccessControlException;
+
+ /**
+ * Authenticate a user. This is done by encrypting the given password and
+ * comparing this to the encryptedPassword.
+ *
+ * @param password to authenticate with
+ * @return true if the given password matches the password for this user
+ */
+ boolean authenticate(String password);
+
+ /**
+ * Sets the password.
+ * @param plainTextPassword The plain text password.
+ */
+ void setPassword(String plainTextPassword);
+
+ /**
+ * Save the user
+ *
+ * @throws AccessControlException if the save failed
+ */
+ void save() throws AccessControlException;
+
+}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/User.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/User.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/User.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/User.java Mon Dec 17 06:11:52 2007
@@ -22,7 +22,7 @@
* A user.
* @version $Id: User.java 473841 2006-11-12 00:46:38Z gregor $
*/
-public interface User extends Identifiable, Item, Groupable {
+public interface User extends Item, AttributeOwner {
/**
* Get the email address
@@ -37,47 +37,5 @@
* @param email the new email address
*/
void setEmail(String email);
-
- /**
- * Sets the password.
- * @param plainTextPassword The plain text passwrod.
- */
- void setPassword(String plainTextPassword);
-
- /**
- * Save the user
- *
- * @throws AccessControlException if the save failed
- */
- void save() throws AccessControlException;
-
- /**
- * Delete a user
- *
- * @throws AccessControlException if the delete failed
- */
- void delete() throws AccessControlException;
-
- /**
- * Authenticate a user. This is done by encrypting the given password and
- * comparing this to the encryptedPassword.
- *
- * @param password to authenticate with
- * @return true if the given password matches the password for this user
- */
- boolean authenticate(String password);
-
- /**
- * @return The names of all possible attributes.
- */
- String[] getAttributeNames();
-
- /**
- * @param name The attribute name.
- * @return The attribute values or <code>null</code> if no value is
- * available for the attribute.
- * @throws AccessControlException if the attribute is not supported.
- */
- String[] getAttributeValues(String name) throws AccessControlException;
}
Added: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/UserReference.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/UserReference.java?rev=604875&view=auto
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/UserReference.java (added)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/UserReference.java Mon Dec 17 06:11:52 2007
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+
+public class UserReference implements Identifiable {
+
+ private String id;
+ private String managerId;
+
+ public UserReference(String id, String managerId) {
+ this.id = id;
+ this.managerId = managerId;
+ }
+
+ public String getId() {
+ return this.id;
+ }
+
+ protected String getManagerId() {
+ return this.managerId;
+ }
+
+ public User getUser(AccreditableManager accrMgr) {
+ try {
+ if (canGetUserFrom(accrMgr)) {
+ return accrMgr.getUserManager().getUser(getId());
+ } else {
+ throw new RuntimeException("Invalid accreditable manager.");
+ }
+ } catch (AccessControlException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public boolean canGetUserFrom(AccreditableManager accrMgr) {
+ try {
+ UserManager userMgr = accrMgr.getUserManager();
+ return userMgr.getId().equals(getManagerId());
+ } catch (AccessControlException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public Accreditable[] getAccreditables(AccreditableManager accrMgr) {
+ Set accreditables = new HashSet();
+ if (canGetUserFrom(accrMgr)) {
+ ManagedUser user = (ManagedUser) getUser(accrMgr);
+ accreditables.add(user);
+ if (user instanceof Groupable) {
+ accreditables.addAll(Arrays.asList(((Groupable) user).getGroups()));
+ }
+ accreditables.addAll(getMatchingGroups(accrMgr, user));
+ }
+ return (Accreditable[]) accreditables.toArray(new Accreditable[accreditables.size()]);
+ }
+
+ protected Set getMatchingGroups(AccreditableManager accrMgr, AttributeOwner user) {
+ Set matchingGroups = new HashSet();
+ if (user.getAttributeNames().length > 0) {
+ try {
+ Group[] groups = accrMgr.getGroupManager()
+ .getGroups();
+ for (int i = 0; i < groups.length; i++) {
+ if (groups[i].matches(user)) {
+ matchingGroups.add(groups[i]);
+ }
+ }
+ } catch (AccessControlException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ return matchingGroups;
+ }
+
+}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/World.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/World.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/World.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/World.java Mon Dec 17 06:11:52 2007
@@ -19,13 +19,12 @@
package org.apache.lenya.ac;
import java.io.Serializable;
-import java.util.Collections;
/**
* The world.
* @version $Id: World.java 473841 2006-11-12 00:46:38Z gregor $
*/
-public final class World implements Identifiable, Serializable {
+public final class World implements Identifiable, Accreditable, Serializable {
private static final String NAME = "everyone";
@@ -49,14 +48,12 @@
return instance;
}
- /**
- * @see org.apache.lenya.ac.Accreditable#getAccreditables()
- */
- public Accreditable[] getAccreditables() {
- return (Accreditable[]) Collections.singleton(this).toArray(new Accreditable[1]);
- }
-
public String getName() {
return NAME;
+ }
+
+ public Accreditable[] getAccreditables(AccreditableManager manager) {
+ Accreditable[] accrs = { this };
+ return accrs;
}
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FileItemManager.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FileItemManager.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FileItemManager.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FileItemManager.java Mon Dec 17 06:11:52 2007
@@ -47,6 +47,7 @@
import org.apache.lenya.ac.Item;
import org.apache.lenya.ac.ItemManager;
import org.apache.lenya.ac.ItemManagerListener;
+import org.apache.lenya.ac.impl.AbstractItem;
import org.apache.lenya.ac.impl.ItemConfiguration;
/**
@@ -196,7 +197,7 @@
Item item;
try {
item = (Item) Class.forName(klass).newInstance();
- item.setItemManager(this);
+ ((AbstractItem) item).setItemManager(this);
} catch (Exception e) {
String errorMsg = "Exception when trying to instanciate: " + klass
+ " with exception: " + e.fillInStackTrace();
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FilePolicyManager.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FilePolicyManager.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FilePolicyManager.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/file/FilePolicyManager.java Mon Dec 17 06:11:52 2007
@@ -150,7 +150,7 @@
}
if (policy == null) {
- policy = new DefaultPolicy();
+ policy = new DefaultPolicy(controller);
}
return policy;
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroup.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroup.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroup.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroup.java Mon Dec 17 06:11:52 2007
@@ -28,11 +28,11 @@
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.Accreditable;
import org.apache.lenya.ac.AccreditableManager;
+import org.apache.lenya.ac.AttributeOwner;
import org.apache.lenya.ac.AttributeRuleEvaluator;
import org.apache.lenya.ac.Group;
import org.apache.lenya.ac.Groupable;
import org.apache.lenya.ac.Message;
-import org.apache.lenya.ac.User;
import org.apache.lenya.util.Assert;
/**
@@ -52,7 +52,7 @@
public AbstractGroup(String id) {
setId(id);
}
-
+
/**
* Returns the members of this group.
* @return An array of {@link Groupable}s.
@@ -64,11 +64,10 @@
try {
groupables.addAll(Arrays.asList(accrMgr.getUserManager().getUsers()));
groupables.addAll(Arrays.asList(accrMgr.getIPRangeManager().getIPRanges()));
- }
- catch (Exception e) {
+ } catch (Exception e) {
throw new RuntimeException(e);
}
- for (Iterator i = groupables.iterator(); i.hasNext(); ) {
+ for (Iterator i = groupables.iterator(); i.hasNext();) {
Groupable groupable = (Groupable) i.next();
if (Arrays.asList(groupable.getGroups()).contains(this)) {
members.add(groupable);
@@ -76,7 +75,7 @@
}
return (Groupable[]) members.toArray(new Groupable[members.size()]);
}
-
+
/**
* Adds a member to this group.
* @param member The member to add.
@@ -108,10 +107,10 @@
public boolean contains(Groupable member) {
return Arrays.asList(getMembers()).contains(member);
}
-
- public boolean matches(User user) {
- AttributeRuleEvaluator evaluator = getAttributeRuleEvaluator();
- return evaluator.isComplied(user, getRule());
+
+ public boolean matches(AttributeOwner user) {
+ String rule = getRule();
+ return rule == null ? false : getAttributeRuleEvaluator().isComplied(user, rule);
}
protected AttributeRuleEvaluator getAttributeRuleEvaluator() {
@@ -119,14 +118,6 @@
}
/**
- * @see org.apache.lenya.ac.Accreditable#getAccreditables()
- */
- public Accreditable[] getAccreditables() {
- Accreditable[] accreditables = { this };
- return accreditables;
- }
-
- /**
* Delete a group
*
* @throws AccessControlException if the delete failed
@@ -153,8 +144,8 @@
}
msg.append(messages[i].getText());
}
- throw new AccessControlException("The rule for group [" + getId() + "] is not valid: "
- + msg.toString());
+ throw new AccessControlException("The rule for group [" + getId()
+ + "] is not valid: " + msg.toString());
}
}
this.rule = rule;
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroupable.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroupable.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroupable.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractGroupable.java Mon Dec 17 06:11:52 2007
@@ -73,21 +73,4 @@
}
}
- /**
- * @see org.apache.lenya.ac.Accreditable#getAccreditables()
- */
- public Accreditable[] getAccreditables() {
- Set accreditables = new HashSet();
- accreditables.add(this);
-
- Group[] groups = getGroups();
-
- for (int i = 0; i < groups.length; i++) {
- Accreditable[] groupAccreditables = groups[i].getAccreditables();
- accreditables.addAll(Arrays.asList(groupAccreditables));
- }
-
- return (Accreditable[]) accreditables.toArray(new Accreditable[accreditables.size()]);
- }
-
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractUser.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractUser.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractUser.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AbstractUser.java Mon Dec 17 06:11:52 2007
@@ -26,15 +26,16 @@
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.Group;
+import org.apache.lenya.ac.Groupable;
+import org.apache.lenya.ac.ManagedUser;
import org.apache.lenya.ac.Password;
-import org.apache.lenya.ac.User;
import org.apache.log4j.Logger;
/**
* Abstract user implementation.
* @version $Id: AbstractUser.java 473841 2006-11-12 00:46:38Z gregor $
*/
-public abstract class AbstractUser extends AbstractGroupable implements User {
+public abstract class AbstractUser extends AbstractGroupable implements ManagedUser, Groupable {
private static Logger log = Logger.getLogger(AbstractUser.class);
private String email;
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AnonymousAuthenticator.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AnonymousAuthenticator.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AnonymousAuthenticator.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/AnonymousAuthenticator.java Mon Dec 17 06:11:52 2007
@@ -24,52 +24,49 @@
import org.apache.lenya.ac.Authenticator;
import org.apache.lenya.ac.ErrorHandler;
import org.apache.lenya.ac.Identity;
-import org.apache.lenya.ac.User;
-
+import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
/**
- * The anonymous authenticator authenticates to an anonymous user with no password
- * (you just have to add a user named 'anonymous' with an arbitrary password and the permissions
- * you'd like via the admin screen). This is useful in conjunction with client certificates.
+ * The anonymous authenticator authenticates to an anonymous user with no password (you just have to
+ * add a user named 'anonymous' with an arbitrary password and the permissions you'd like via the
+ * admin screen). This is useful in conjunction with client certificates.
* @version $Id: UserAuthenticator.java 43241 2004-08-16 16:36:57Z andreas $
*/
public class AnonymousAuthenticator extends AbstractLogEnabled implements Authenticator {
-
/**
* @see org.apache.lenya.ac.Authenticator#authenticate(org.apache.lenya.ac.AccreditableManager,
* org.apache.cocoon.environment.Request, ErrorHandler)
*/
- public boolean authenticate(AccreditableManager accreditableManager, Request request, ErrorHandler handler)
- throws AccessControlException {
+ public boolean authenticate(AccreditableManager accreditableManager, Request request,
+ ErrorHandler handler) throws AccessControlException {
- String username = "anonymous";
+ String username = "anonymous";
if (getLogger().isDebugEnabled()) {
- getLogger().debug(
- "Authenticating username [" + username + "]");
+ getLogger().debug("Authenticating username [" + username + "]");
}
- Identity identity = (Identity) request.getSession(false).getAttribute(Identity.class.getName());
+ Identity identity = (Identity) request.getSession(false).getAttribute(
+ Identity.class.getName());
- User user = accreditableManager.getUserManager().getUser(username);
+ UserManager userManager = accreditableManager.getUserManager();
boolean authenticated = false;
- if (user != null) {
+ if (userManager.contains(username)) {
if (getLogger().isDebugEnabled()) {
- getLogger().debug("User [" + user + "] authenticated.");
+ getLogger().debug("User [" + username + "] authenticated.");
}
- if (!identity.contains(user)) {
- User oldUser = identity.getUser();
- if (oldUser != null) {
- if (getLogger().isDebugEnabled()) {
- getLogger().debug("Removing user [" + oldUser + "] from identity.");
- }
- identity.removeIdentifiable(oldUser);
+ UserReference oldUser = identity.getUserReference();
+ if (oldUser != null) {
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug("Removing user [" + oldUser + "] from identity.");
}
- identity.addIdentifiable(user);
+ identity.removeIdentifiable(oldUser);
}
+ identity.addIdentifiable(new UserReference(username, userManager.getId()));
authenticated = true;
} else {
if (getLogger().isDebugEnabled()) {
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java Mon Dec 17 06:11:52 2007
@@ -379,17 +379,6 @@
}
/**
- * Checks if this identity was initialized by this access controller.
- *
- * @param identity An identity.
- * @return A boolean value.
- * @throws AccessControlException when something went wrong.
- */
- public boolean ownsIdenity(Identity identity) throws AccessControlException {
- return identity.belongsTo(getAccreditableManager());
- }
-
- /**
* @see org.apache.lenya.ac.AccessController#setupIdentity(org.apache.cocoon.environment.Request)
*/
public void setupIdentity(Request request) throws AccessControlException {
@@ -411,13 +400,6 @@
getLogger().info("Remote Address to use: [" + remoteAddress + "]");
Machine machine = new Machine(remoteAddress);
- IPRange[] ranges = accreditableManager.getIPRangeManager().getIPRanges();
- for (int i = 0; i < ranges.length; i++) {
- if (ranges[i].contains(machine)) {
- machine.addIPRange(ranges[i]);
- }
- }
-
identity.addIdentifiable(machine);
session.setAttribute(Identity.class.getName(), identity);
}
@@ -432,12 +414,8 @@
* @throws AccessControlException when something went wrong.
*/
protected boolean hasValidIdentity(Session session) throws AccessControlException {
- boolean valid = true;
Identity identity = (Identity) session.getAttribute(Identity.class.getName());
- if (identity == null || !ownsIdenity(identity)) {
- valid = false;
- }
- return valid;
+ return identity != null;
}
/**
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultPolicy.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultPolicy.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultPolicy.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/DefaultPolicy.java Mon Dec 17 06:11:52 2007
@@ -29,9 +29,11 @@
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.Accreditable;
+import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Identity;
import org.apache.lenya.ac.Policy;
import org.apache.lenya.ac.Role;
+import org.apache.lenya.util.Assert;
/**
* A DefaultPolicy is the own policy of a certain URL (not merged).
@@ -39,6 +41,15 @@
public class DefaultPolicy implements Policy {
private Map accreditableToCredential = new HashMap();
+ private AccreditableManager accrManager;
+
+ /**
+ * @param accrMgr The accreditable manager.
+ */
+ public DefaultPolicy(AccreditableManager accrMgr) {
+ Assert.notNull(accrMgr);
+ this.accrManager = accrMgr;
+ }
/**
* Adds a credential to this policy.
@@ -117,11 +128,8 @@
return (Credential[]) values.toArray(new Credential[values.size()]);
}
- /**
- * @see org.apache.lenya.ac.Policy#getRoles(org.apache.lenya.ac.Identity)
- */
public Role[] getRoles(Identity identity) {
- Accreditable[] accreditables = identity.getAccreditables();
+ Accreditable[] accreditables = identity.getAccreditables(this.accrManager);
Credential[] credentials = getCredentials();
Set roles = new HashSet();
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java Mon Dec 17 06:11:52 2007
@@ -106,17 +106,7 @@
getLogger().debug("Trying to authorize identity: " + identity);
}
- boolean authorized;
-
- if (identity.belongsTo(getAccreditableManager())) {
- authorized = authorizePolicy(identity, request, handler);
- } else {
- getLogger().debug(
- "Identity [" + identity
- + "] not authorized - belongs to wrong accreditable manager.");
- authorized = false;
- }
-
+ boolean authorized = authorizePolicy(identity, request, handler);
getLogger().debug("Authorized: " + authorized);
return authorized;
@@ -156,7 +146,7 @@
Accreditable[] accrs = policy.getAccreditables(allRoles[i]);
accreditables.addAll(Arrays.asList(accrs));
}
- if (identity.getUser() != null && !accreditables.isEmpty()) {
+ if (identity.getUserReference() != null && !accreditables.isEmpty()) {
handler.error("page-can-only-accessed-by");
for (Iterator i = accreditables.iterator(); i.hasNext(); ) {
Accreditable accreditable = (Accreditable) i.next();
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyBuilder.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyBuilder.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyBuilder.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/PolicyBuilder.java Mon Dec 17 06:11:52 2007
@@ -99,7 +99,7 @@
public DefaultPolicy buildPolicy(Document document)
throws AccessControlException {
- DefaultPolicy policy = new DefaultPolicy();
+ DefaultPolicy policy = new DefaultPolicy(getAccreditableManager());
Element policyElement = document.getDocumentElement();
assert policyElement.getLocalName().equals(POLICY_ELEMENT);
@@ -154,9 +154,9 @@
Accreditable accreditable = null;
if (elementName.equals(USER_ELEMENT)) {
- accreditable = getAccreditableManager().getUserManager().getUser(id);
+ accreditable = (Accreditable) getAccreditableManager().getUserManager().getUser(id);
} else if (elementName.equals(GROUP_ELEMENT)) {
- accreditable = getAccreditableManager().getGroupManager().getGroup(id);
+ accreditable = (Accreditable) getAccreditableManager().getGroupManager().getGroup(id);
} else if (elementName.equals(WORLD_ELEMENT)) {
accreditable = World.getInstance();
} else if (elementName.equals(IP_RANGE_ELEMENT)) {
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUser.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUser.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUser.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUser.java Mon Dec 17 06:11:52 2007
@@ -19,37 +19,28 @@
import java.io.File;
import java.util.Arrays;
+import java.util.HashMap;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.Accreditable;
+import org.apache.lenya.ac.AccreditableManager;
+import org.apache.lenya.ac.AttributeOwner;
import org.apache.lenya.ac.Group;
+import org.apache.lenya.ac.Identifiable;
import org.apache.lenya.ac.ItemManager;
+import org.apache.lenya.ac.User;
/**
* Class for users which are not stored in the CMS, but in an external directory
* like LDAP.
*/
-public class TransientUser extends AbstractUser {
+public class TransientUser implements User {
- public void save() throws AccessControlException {
- throw new UnsupportedOperationException();
- }
-
- public void configure(Configuration configuration) throws ConfigurationException {
- throw new UnsupportedOperationException();
- }
-
- public void setConfigurationDirectory(File configurationDirectory) {
- }
-
- public boolean authenticate(String password) {
- return false;
- }
-
private String id;
public String getId() {
@@ -64,45 +55,65 @@
return false;
}
- public void delete() throws AccessControlException {
- throw new UnsupportedOperationException();
+ private Map attributes = new HashMap();
+
+ public String[] getAttributeValues(String name) throws AccessControlException {
+ return (String[]) this.attributes.get(name);
}
- public ItemManager getItemManager() {
- throw new UnsupportedOperationException();
+ public String[] getAttributeNames() {
+ Set names = this.attributes.keySet();
+ return (String[]) names.toArray(new String[names.size()]);
}
- public void setItemManager(ItemManager manager) {
- throw new UnsupportedOperationException();
+ /**
+ * Sets an attribute.
+ * @param name The name.
+ * @param values The values.
+ * @throws AccessControlException if the attribute name is not supported.
+ */
+ public void setAttributeValues(String name, String[] values) throws AccessControlException {
+ this.attributes.put(name, values);
}
- public void addedToGroup(Group group) {
- throw new UnsupportedOperationException();
+ protected boolean hasAttributes() {
+ return !this.attributes.isEmpty();
}
+
+ private String email;
+ private String description;
+ private String name;
- public Group[] getGroups() {
- throw new UnsupportedOperationException();
+ public String getEmail() {
+ return this.email;
+ }
+
+ public void setEmail(String email) {
+ this.email = email;
}
- public void removeFromAllGroups() {
+ public void configure(Configuration configuration) throws ConfigurationException {
throw new UnsupportedOperationException();
}
- public void removedFromGroup(Group group) {
+ public String getDescription() {
+ return this.description;
+ }
+
+ public String getName() {
+ return this.name;
+ }
+
+ public void setConfigurationDirectory(File configurationDirectory) {
throw new UnsupportedOperationException();
}
- public Accreditable[] getAccreditables() {
- Set accrs = new HashSet();
- accrs.add(this);
-
- Group[] groups = getRuleGroups();
- for (int i = 0; i < groups.length; i++) {
- Accreditable[] groupAccreditables = groups[i].getAccreditables();
- accrs.addAll(Arrays.asList(groupAccreditables));
- }
+ public void setDescription(String description) {
+ this.description = description;
+ }
- return (Accreditable[]) accrs.toArray(new Accreditable[accrs.size()]);
+ public void setName(String name) {
+ this.name = name;
}
}
Added: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUserReference.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUserReference.java?rev=604875&view=auto
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUserReference.java (added)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/TransientUserReference.java Mon Dec 17 06:11:52 2007
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.impl;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.lenya.ac.Accreditable;
+import org.apache.lenya.ac.AccreditableManager;
+import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserReference;
+import org.apache.lenya.util.Assert;
+
+public class TransientUserReference extends UserReference {
+
+ private TransientUser user;
+
+ public TransientUserReference(TransientUser user) {
+ super(user.getId(), "");
+ Assert.notNull(user);
+ this.user = user;
+ }
+
+ public Accreditable[] getAccreditables(AccreditableManager accrMgr) {
+ Set accrs = new HashSet();
+ accrs.addAll(getMatchingGroups(accrMgr, this.user));
+ return (Accreditable[]) accrs.toArray(new Accreditable[accrs.size()]);
+ }
+
+ public boolean canGetUserFrom(AccreditableManager accrMgr) {
+ return true;
+ }
+
+ public User getUser(AccreditableManager accrMgr) {
+ return this.user;
+ }
+
+}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/UserAuthenticator.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/UserAuthenticator.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/UserAuthenticator.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/UserAuthenticator.java Mon Dec 17 06:11:52 2007
@@ -27,7 +27,10 @@
import org.apache.lenya.ac.Authenticator;
import org.apache.lenya.ac.ErrorHandler;
import org.apache.lenya.ac.Identity;
+import org.apache.lenya.ac.ManagedUser;
import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.cms.publication.util.OutgoingLinkRewriter;
import org.apache.lenya.util.ServletHelper;
@@ -87,26 +90,25 @@
handler.error("Please enter a username.");
} else {
- User user = accreditableManager.getUserManager().getUser(username);
+ UserManager userManager = accreditableManager.getUserManager();
+ User user = userManager.getUser(username);
if (getLogger().isDebugEnabled()) {
getLogger().debug("Authenticating user: [" + user + "]");
}
- if (user != null && user.authenticate(password)) {
+ if (user != null && ((ManagedUser) user).authenticate(password)) {
if (getLogger().isDebugEnabled()) {
getLogger().debug("User [" + user + "] authenticated.");
}
- if (!identity.contains(user)) {
- User oldUser = identity.getUser();
- if (oldUser != null) {
- if (getLogger().isDebugEnabled()) {
- getLogger().debug("Removing user [" + oldUser + "] from identity.");
- }
- identity.removeIdentifiable(oldUser);
+ UserReference oldUser = identity.getUserReference();
+ if (oldUser != null) {
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug("Removing user [" + oldUser + "] from identity.");
}
- identity.addIdentifiable(user);
+ identity.removeIdentifiable(oldUser);
}
+ identity.addIdentifiable(new UserReference(username, userManager.getId()));
authenticated = true;
} else {
if (getLogger().isDebugEnabled()) {
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/antlr/AntlrEvaluator.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/antlr/AntlrEvaluator.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/antlr/AntlrEvaluator.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/antlr/AntlrEvaluator.java Mon Dec 17 06:11:52 2007
@@ -25,12 +25,13 @@
import org.apache.avalon.framework.logger.Logger;
import org.apache.lenya.ac.AttributeDefinition;
import org.apache.lenya.ac.AttributeDefinitionRegistry;
+import org.apache.lenya.ac.AttributeOwner;
import org.apache.lenya.ac.AttributeRuleEvaluator;
import org.apache.lenya.ac.ErrorHandler;
import org.apache.lenya.ac.Message;
import org.apache.lenya.ac.SimpleErrorHandler;
-import org.apache.lenya.ac.User;
import org.apache.lenya.ac.impl.ValidationResult;
+import org.apache.lenya.util.Assert;
/**
* ANTLR-based attribute rule evaluator.
@@ -46,7 +47,7 @@
protected static final String UNDEFINED_VALUE = "undefined";
- public boolean isComplied(User user, String rule) {
+ public boolean isComplied(AttributeOwner user, String rule) {
ErrorHandler handler = new SimpleErrorHandler();
ExpressionsParser parser = getParser(rule, handler);
try {
@@ -106,6 +107,7 @@
}
protected ExpressionsParser getParser(String rule, ErrorHandler handler) {
+ Assert.notNull("rule", rule);
CharStream stream = new ANTLRStringStream(rule);
ExpressionsLexer lexer = new ExpressionsLexer(stream);
lexer.setErrorHandler(handler);
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/jexl/JexlEvaluator.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/jexl/JexlEvaluator.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/jexl/JexlEvaluator.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/impl/jexl/JexlEvaluator.java Mon Dec 17 06:11:52 2007
@@ -26,8 +26,8 @@
import org.apache.commons.jexl.JexlHelper;
import org.apache.lenya.ac.AttributeDefinition;
import org.apache.lenya.ac.AttributeDefinitionRegistry;
+import org.apache.lenya.ac.AttributeOwner;
import org.apache.lenya.ac.AttributeRuleEvaluator;
-import org.apache.lenya.ac.User;
import org.apache.lenya.ac.impl.ValidationResult;
/**
@@ -47,7 +47,7 @@
* @param rule The rule.
* @return if the rule is complied.
*/
- public boolean isComplied(User user, String rule) {
+ public boolean isComplied(AttributeOwner user, String rule) {
if (user.getAttributeNames().length == 0) {
return false;
} else {
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/shibboleth/ShibbolethAuthenticator.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/shibboleth/ShibbolethAuthenticator.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/shibboleth/ShibbolethAuthenticator.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/ac/shibboleth/ShibbolethAuthenticator.java Mon Dec 17 06:11:52 2007
@@ -42,8 +42,11 @@
import org.apache.lenya.ac.Policy;
import org.apache.lenya.ac.Role;
import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.ac.impl.DefaultAccessController;
import org.apache.lenya.ac.impl.TransientUser;
+import org.apache.lenya.ac.impl.TransientUserReference;
import org.apache.lenya.ac.impl.UserAuthenticator;
import org.apache.lenya.ac.saml.AttributeTranslator;
import org.apache.lenya.ac.saml.UserFieldsMapper;
@@ -130,7 +133,8 @@
if (uniqueId == null) {
issueError(handler, ERROR_MISSING_UID_ATTRIBUTE);
} else {
- if (accreditableManager.getUserManager().contains(uniqueId)) {
+ UserManager userManager = accreditableManager.getUserManager();
+ if (userManager.contains(uniqueId)) {
getLogger().error(
"Persistent user with ID [" + uniqueId
+ "] exists, can't create transient user.");
@@ -138,8 +142,8 @@
} else {
TransientUser user = new TransientUser();
user.setId(uniqueId);
- passAttributes((TransientUser) user, attributesMap);
- updateIdentity(identity, user);
+ passAttributes(user, attributesMap);
+ updateIdentity(identity, user, userManager);
authenticated = true;
}
}
@@ -176,19 +180,17 @@
* @param identity The identity.
* @param user The new user.
*/
- protected void updateIdentity(Identity identity, User user) {
- if (!identity.contains(user)) {
- User oldUser = identity.getUser();
- if (oldUser != null) {
- if (getLogger().isDebugEnabled()) {
- getLogger().debug("Removing user [" + oldUser + "] from identity.");
- }
- identity.removeIdentifiable(oldUser);
- }
- identity.addIdentifiable(user);
+ protected void updateIdentity(Identity identity, TransientUser user, UserManager userMgr) {
+ UserReference oldUser = identity.getUserReference();
+ if (oldUser != null) {
if (getLogger().isDebugEnabled()) {
- getLogger().debug("Adding user [" + user + "] to identity.");
+ getLogger().debug("Removing user [" + oldUser + "] from identity.");
}
+ identity.removeIdentifiable(oldUser);
+ }
+ identity.addIdentifiable(new TransientUserReference(user));
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug("Adding user [" + user + "] to identity.");
}
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/ac/cocoon/PolicyHelper.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/ac/cocoon/PolicyHelper.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/ac/cocoon/PolicyHelper.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/ac/cocoon/PolicyHelper.java Mon Dec 17 06:11:52 2007
@@ -38,6 +38,7 @@
import org.apache.lenya.ac.Role;
import org.apache.lenya.ac.User;
import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.ac.impl.Credential;
import org.apache.lenya.ac.impl.DefaultAccessController;
import org.apache.lenya.ac.impl.DefaultPolicy;
@@ -323,7 +324,8 @@
User[] userArray = userManager.getUsers();
for (int i = 0; i < userArray.length; i++) {
Identity identity = new Identity();
- identity.addIdentifiable(userArray[i]);
+ User user = userArray[i];
+ identity.addIdentifiable(new UserReference(user.getId(), userManager.getId()));
Role[] roles = policy.getRoles(identity);
for (int roleIndex = 0; roleIndex < roles.length; roleIndex++) {
if (roles[roleIndex].getId().equals(roleId)) {
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/ForceCheckInAction.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/ForceCheckInAction.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/ForceCheckInAction.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/ForceCheckInAction.java Mon Dec 17 06:11:52 2007
@@ -87,7 +87,7 @@
return actionMap;
}
- rcml.checkOutIn(RCML.ci, identity.getUser().getId(), new Date().getTime(),
+ rcml.checkOutIn(RCML.ci, identity.getUserReference().getId(), new Date().getTime(),
false);
return null;
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java Mon Dec 17 06:11:52 2007
@@ -31,7 +31,7 @@
import org.apache.cocoon.environment.Session;
import org.apache.cocoon.environment.SourceResolver;
import org.apache.lenya.ac.Identity;
-import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.cms.publication.Document;
import org.apache.lenya.cms.publication.DocumentBuilder;
import org.apache.lenya.cms.publication.PageEnvelope;
@@ -160,7 +160,7 @@
username = null;
if (identity != null) {
- User user = identity.getUser();
+ UserReference user = identity.getUserReference();
if (user != null) {
username = user.getId();
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/XopusHandlerAction.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/XopusHandlerAction.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/XopusHandlerAction.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/acting/XopusHandlerAction.java Mon Dec 17 06:11:52 2007
@@ -43,7 +43,7 @@
import org.apache.excalibur.source.Source;
import org.apache.excalibur.xml.dom.DOMParser;
import org.apache.lenya.ac.Identity;
-import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.cms.rc.RevisionController;
import org.apache.lenya.xml.DOMParserFactory;
import org.apache.lenya.xml.DOMWriter;
@@ -273,12 +273,12 @@
(org.apache.lenya.ac.Identity) session.getAttribute(Identity.class.getName());
String username = null;
if (identity != null) {
- User user = identity.getUser();
+ UserReference user = identity.getUserReference();
if (user != null) {
username = user.getId();
}
} else if (identityTwo != null) {
- username = identityTwo.getUser().getId();
+ username = identityTwo.getUserReference().getId();
} else {
getLogger().error(".act(): No identity!");
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/components/modules/input/AccessControlModule.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/components/modules/input/AccessControlModule.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/components/modules/input/AccessControlModule.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/components/modules/input/AccessControlModule.java Mon Dec 17 06:11:52 2007
@@ -43,6 +43,8 @@
import org.apache.lenya.ac.Machine;
import org.apache.lenya.ac.Role;
import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.ac.impl.DefaultAccessController;
import org.apache.lenya.ac.impl.PolicyAuthorizer;
import org.apache.lenya.util.ServletHelper;
@@ -102,17 +104,17 @@
Identity identity = (Identity) session.getAttribute(Identity.class.getName());
if (identity != null) {
if (name.equals(USER_ID)) {
- User user = identity.getUser();
+ User user = getUser(request, identity);
if (user != null) {
value = user.getId();
}
} else if (name.equals(USER_NAME)) {
- User user = identity.getUser();
+ User user = getUser(request, identity);
if (user != null) {
value = user.getName();
}
} else if (name.equals(USER_EMAIL)) {
- User user = identity.getUser();
+ User user = getUser(request, identity);
if (user != null) {
value = user.getEmail();
}
@@ -150,6 +152,19 @@
value = getLoginUri(request);
}
return value;
+ }
+
+ protected User getUser(Request request, Identity identity) throws ConfigurationException {
+ User user = null;
+ UserReference userRef = identity.getUserReference();
+ if (userRef != null) {
+ UserManager userMgr = (UserManager) getItemManager(request, USER_MANAGER);
+ AccreditableManager accrMgr = userMgr.getAccreditableManager();
+ if (userRef.canGetUserFrom(accrMgr)) {
+ user = userRef.getUser(accrMgr);
+ }
+ }
+ return user;
}
protected String getLoginUri(Request request) throws ConfigurationException {
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/flow/FlowHelper.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/flow/FlowHelper.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/flow/FlowHelper.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/flow/FlowHelper.java Mon Dec 17 06:11:52 2007
@@ -33,7 +33,7 @@
import org.apache.lenya.ac.Identity;
import org.apache.lenya.ac.Machine;
import org.apache.lenya.ac.Role;
-import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.ac.impl.PolicyAuthorizer;
import org.apache.lenya.cms.publication.DocumentHelper;
import org.apache.lenya.cms.publication.PageEnvelope;
@@ -79,7 +79,7 @@
String userId = "";
String ipAddress = "";
- User user = identity.getUser();
+ UserReference user = identity.getUserReference();
if (user != null) {
userId = user.getId();
}
@@ -232,6 +232,6 @@
final PageEnvelope pageEnvelope = getPageEnvelope(cocoon);
final Publication publication = getPageEnvelope(cocoon).getPublication();
final String filename = pageEnvelope.getDocument().getFile().getAbsolutePath().substring(publication.getDirectory().getAbsolutePath().length());
- getRevisionController(cocoon).reservedCheckIn(filename, identity.getUser().getId(), backup);
+ getRevisionController(cocoon).reservedCheckIn(filename, identity.getUserReference().getId(), backup);
}
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/task/CocoonTaskWrapper.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/task/CocoonTaskWrapper.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/task/CocoonTaskWrapper.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/cocoon/task/CocoonTaskWrapper.java Mon Dec 17 06:11:52 2007
@@ -23,14 +23,22 @@
import java.util.Iterator;
import java.util.Map;
+import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.parameters.Parameters;
+import org.apache.avalon.framework.service.ServiceSelector;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.Session;
import org.apache.lenya.ac.AccessControlException;
+import org.apache.lenya.ac.AccessController;
+import org.apache.lenya.ac.AccessControllerResolver;
+import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Identity;
+import org.apache.lenya.ac.ItemManager;
import org.apache.lenya.ac.Role;
import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserReference;
+import org.apache.lenya.ac.impl.DefaultAccessController;
import org.apache.lenya.ac.impl.PolicyAuthorizer;
import org.apache.lenya.cms.publication.Publication;
import org.apache.lenya.cms.publication.PublicationException;
@@ -153,14 +161,49 @@
}
}
- if (notificationMap.getMap().isEmpty()) {
+ if (notificationMap.getMap().isEmpty()) {
log.debug(" No notification parameters found.");
} else {
log.debug(" Initializing notification");
Identity identity = Identity.getIdentity(request.getSession());
- User user = identity.getUser();
- String eMail = user.getEmail();
+ /*
+
+ AccessController accessController = null;
+ ServiceSelector selector = null;
+ AccessControllerResolver resolver = null;
+ ItemManager itemManager = null;
+
+ try {
+ selector = (ServiceSelector) manager.lookup(AccessControllerResolver.ROLE + "Selector");
+ resolver =
+ (AccessControllerResolver) selector.select(
+ AccessControllerResolver.DEFAULT_RESOLVER);
+
+ String url = ServletHelper.getWebappURI(request);
+ accessController = resolver.resolveAccessController(url);
+
+ AccreditableManager accreditableManager =
+ ((DefaultAccessController) accessController).getAccreditableManager();
+
+
+ } catch (Exception e) {
+ throw new ConfigurationException("Obtaining item manager failed: ", e);
+ } finally {
+ if (selector != null) {
+ if (resolver != null) {
+ if (accessController != null) {
+ resolver.release(accessController);
+ }
+ selector.release(resolver);
+ }
+ manager.release(selector);
+ }
+ }
+
+ */
+ UserReference user = identity.getUserReference();
+ String eMail = ""; // user.getEmail();
notificationMap.put(Notifier.PARAMETER_FROM, eMail);
log.debug(" Setting from address [" + Notifier.PARAMETER_FROM + "] = [" + eMail + "]");
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/task/WorkflowInvoker.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/task/WorkflowInvoker.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/task/WorkflowInvoker.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/task/WorkflowInvoker.java Mon Dec 17 06:11:52 2007
@@ -25,7 +25,7 @@
import org.apache.lenya.ac.Identity;
import org.apache.lenya.ac.Machine;
import org.apache.lenya.ac.Role;
-import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.cms.publication.Document;
import org.apache.lenya.cms.publication.DocumentBuildException;
import org.apache.lenya.cms.publication.Publication;
@@ -125,7 +125,7 @@
public static void setIdentity(NamespaceMap parameters, Identity identity) {
String userId = "";
- User user = identity.getUser();
+ UserReference user = identity.getUserReference();
if (user != null) {
userId = user.getId();
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/workflow/WorkflowFactory.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/workflow/WorkflowFactory.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/workflow/WorkflowFactory.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/java/org/apache/lenya/cms/workflow/WorkflowFactory.java Mon Dec 17 06:11:52 2007
@@ -25,7 +25,7 @@
import org.apache.lenya.ac.Identity;
import org.apache.lenya.ac.Machine;
import org.apache.lenya.ac.Role;
-import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.cms.publication.Document;
import org.apache.lenya.cms.publication.DocumentException;
import org.apache.lenya.cms.publication.LanguageVersions;
@@ -147,7 +147,7 @@
throw new WorkflowException("Session does not contain identity!");
}
String userId = null;
- User user = identity.getUser();
+ UserReference user = identity.getUserReference();
if (user != null) {
userId = user.getId();
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/file/FileUserTest.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/file/FileUserTest.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/file/FileUserTest.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/file/FileUserTest.java Mon Dec 17 06:11:52 2007
@@ -229,7 +229,7 @@
FileUserManager manager = getUserManager();
assertNotNull(manager);
- User lenya = manager.getUser("lenya");
+ FileUser lenya = (FileUser) manager.getUser("lenya");
assertNotNull(lenya);
assertTrue(lenya.authenticate("levi"));
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/AccessControlTest.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/AccessControlTest.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/AccessControlTest.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/AccessControlTest.java Mon Dec 17 06:11:52 2007
@@ -28,6 +28,8 @@
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Identity;
import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.ac.file.FileAccreditableManager;
import org.apache.lenya.ac.file.FilePolicyManager;
import org.apache.lenya.cms.ExcaliburTest;
@@ -141,11 +143,12 @@
*/
protected Identity getIdentity() throws AccessControlException {
DefaultAccessController controller = getAccessController();
- User user = controller.getAccreditableManager().getUserManager().getUser(USERNAME);
+ UserManager userMgr = controller.getAccreditableManager().getUserManager();
+ User user = userMgr.getUser(USERNAME);
assertNotNull(user);
Identity identity = new Identity();
- identity.addIdentifiable(user);
+ identity.addIdentifiable(new UserReference(user.getId(), userMgr.getId()));
return identity;
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/IdentityTest.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/IdentityTest.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/IdentityTest.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/IdentityTest.java Mon Dec 17 06:11:52 2007
@@ -19,8 +19,11 @@
import junit.textui.TestRunner;
import org.apache.lenya.ac.AccessControlException;
+import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Identity;
import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.cms.PublicationHelper;
public class IdentityTest extends AccessControlTest {
@@ -51,11 +54,13 @@
*/
public void testIdentity() throws AccessControlException {
Identity identity = new Identity();
- User user = getAccessController().getAccreditableManager().getUserManager().getUser(USER_ID);
+ AccreditableManager accreditableManager = getAccessController().getAccreditableManager();
+ UserManager userManager = accreditableManager.getUserManager();
+ User user = userManager.getUser(USER_ID);
System.out.println("Adding user to identity: [" + user + "]");
- identity.addIdentifiable(user);
+ identity.addIdentifiable(new UserReference(user.getId(), userManager.getId()));
- assertSame(user, identity.getUser());
+ assertSame(user, identity.getUserReference().getUser(accreditableManager));
}
}
Modified: lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/PolicyTest.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/PolicyTest.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/PolicyTest.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/PolicyTest.java Mon Dec 17 06:11:52 2007
@@ -27,6 +27,7 @@
import junit.textui.TestRunner;
import org.apache.lenya.ac.AccessControlException;
+import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Policy;
import org.apache.lenya.ac.Role;
import org.apache.lenya.cms.PublicationHelper;
@@ -91,9 +92,9 @@
* @throws AccessControlException when something went wrong.
*/
public void testSavePolicy() throws AccessControlException {
- DefaultPolicy urlPolicy =
- getPolicyManager().buildURLPolicy(getAccessController().getAccreditableManager(), URL);
- DefaultPolicy newPolicy = new DefaultPolicy();
+ AccreditableManager accreditableManager = getAccessController().getAccreditableManager();
+ DefaultPolicy urlPolicy = getPolicyManager().buildURLPolicy(accreditableManager, URL);
+ DefaultPolicy newPolicy = new DefaultPolicy(accreditableManager);
Credential[] credentials = urlPolicy.getCredentials();
@@ -114,7 +115,7 @@
newPolicy =
getPolicyManager().buildURLPolicy(
- getAccessController().getAccreditableManager(),
+ accreditableManager,
SAVE_URL);
assertEquals(urlPolicy.getCredentials().length, newPolicy.getCredentials().length);
Modified: lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/UserManagerTest.java
URL: http://svn.apache.org/viewvc/lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/UserManagerTest.java?rev=604875&r1=604874&r2=604875&view=diff
==============================================================================
--- lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/UserManagerTest.java (original)
+++ lenya/branches/branch_1_2_x_shibboleth/src/test/org/apache/lenya/ac/impl/UserManagerTest.java Mon Dec 17 06:11:52 2007
@@ -103,7 +103,7 @@
FileRole editorRole = new FileRole(configDir, editorRoleId);
FileRole adminRole = new FileRole(configDir, adminRoleId);
- User user = new FileUser(configDir, userName, "Alice in Wonderland", "alice@test.com",
+ FileUser user = new FileUser(configDir, userName, "Alice in Wonderland", "alice@test.com",
"secret");
editorRole.save();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org