You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2008/10/02 04:00:17 UTC
svn commit: r700986 - in
/portals/jetspeed-2/portal/branches/security-refactoring:
components/jetspeed-security/src/main/java/JETSPEED-INF/ojb/
components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/
components/jetspeed-security/s...
Author: ate
Date: Wed Oct 1 19:00:17 2008
New Revision: 700986
URL: http://svn.apache.org/viewvc?rev=700986&view=rev
Log:
Completing the JetspeedPermission and PermissionsManager refactoring for now.
Testing shows that enabling the PageManager permissions based checks somehow doesn't work well yet (PortletPermission doesn't seem to work): that will have to be debugged and resolved shortly.
Maintenance of the Permissions through the admin portlet is no fully functional again though.
Modified:
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/JETSPEED-INF/ojb/security_repository.xml
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionAccessManager.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionStorageManager.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalPermission.java
portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PermissionManager.java
portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/ddl-schema/security-schema.xml
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/JETSPEED-INF/ojb/security_repository.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/JETSPEED-INF/ojb/security_repository.xml?rev=700986&r1=700985&r2=700986&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/JETSPEED-INF/ojb/security_repository.xml (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/JETSPEED-INF/ojb/security_repository.xml Wed Oct 1 19:00:17 2008
@@ -203,7 +203,7 @@
auto-update="none"
auto-delete="none"
>
- <inverse-foreignkey field-ref="principalId"/>
+ <inverse-foreignkey field-ref="permissionId"/>
</collection-descriptor>
</class-descriptor>
@@ -323,7 +323,7 @@
auto-update="none"
auto-delete="none"
>
- <inverse-foreignkey field-ref="permissionId"/>
+ <inverse-foreignkey field-ref="principalId"/>
</collection-descriptor>
</class-descriptor>
@@ -422,14 +422,12 @@
column="principal_id"
jdbc-type="BIGINT"
primarykey="true"
- access="anonymous"
/>
<field-descriptor
name="permissionId"
column="permission_id"
jdbc-type="BIGINT"
primarykey="true"
- access="anonymous"
/>
<reference-descriptor
name="principal"
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java?rev=700986&r1=700985&r2=700986&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java Wed Oct 1 19:00:17 2008
@@ -19,6 +19,8 @@
import java.security.Permissions;
import java.security.Principal;
+import java.security.Permission;
+import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
@@ -42,6 +44,7 @@
private HashMap<String, JetspeedPermissionFactory> factoryMap = new HashMap<String, JetspeedPermissionFactory>();
private JetspeedPermissionAccessManager jpam;
private JetspeedPermissionStorageManager jpsm;
+ private static ThreadLocal<HashMap<Long,Permissions>> permissionsCache = new ThreadLocal<HashMap<Long,Permissions>>();
public PermissionManagerImpl(List<JetspeedPermissionFactory> factories, JetspeedPermissionAccessManager jpam, JetspeedPermissionStorageManager jpsm)
{
@@ -53,6 +56,17 @@
this.jpsm = jpsm;
}
+ private HashMap<Long,Permissions> getPermissionsMap()
+ {
+ HashMap<Long,Permissions> map = permissionsCache.get();
+ if (map == null)
+ {
+ map = new HashMap<Long,Permissions>();
+ permissionsCache.set(map);
+ }
+ return map;
+ }
+
protected PersistentJetspeedPermission getPersistentJetspeedPermission(JetspeedPermission permission)
{
if (permission instanceof PersistentJetspeedPermission)
@@ -80,47 +94,80 @@
return JetspeedActions.getContainerActionsMask(actions);
}
+ @SuppressWarnings("unchecked")
public Permissions getPermissions(JetspeedPrincipal principal)
{
- Permissions permissions = new Permissions();
+ Permissions permissions = null;
if (principal instanceof PersistentJetspeedPrincipal && ((PersistentJetspeedPrincipal)principal).getId() != null)
{
- List<PersistentJetspeedPermission> permList = (List<PersistentJetspeedPermission>)jpam.getPermissions((PersistentJetspeedPrincipal)principal);
- for (PersistentJetspeedPermission p : permList)
+ HashMap<Long,Permissions> permissionsMap = getPermissionsMap();
+ Long id = ((PersistentJetspeedPrincipal)principal).getId();
+ permissions = permissionsMap.get(id);
+ if (permissions == null)
{
- permissions.add(factoryMap.get(p.getType()).newPermission(p));
+ permissions = new Permissions();
+ List<PersistentJetspeedPermission> permList = (List<PersistentJetspeedPermission>)jpam.getPermissions((PersistentJetspeedPrincipal)principal);
+ for (PersistentJetspeedPermission p : permList)
+ {
+ permissions.add(factoryMap.get(p.getType()).newPermission(p));
+ }
+ permissionsMap.put(id, permissions);
}
}
+ else
+ {
+ permissions = new Permissions();
+ }
return permissions;
}
+ @SuppressWarnings("unchecked")
public Permissions getPermissions(Principal[] principals)
{
- Permissions permissions = new Permissions();
+ Permissions allPermissions = new Permissions();
+ HashMap<Long,Permissions> permissionsMap = null;
for (Principal principal : principals)
{
if (principal instanceof PersistentJetspeedPrincipal && ((PersistentJetspeedPrincipal)principal).getId() != null)
{
- List<PersistentJetspeedPermission> permList = (List<PersistentJetspeedPermission>)jpam.getPermissions((PersistentJetspeedPrincipal)principal);
- for (PersistentJetspeedPermission p : permList)
+ if (permissionsMap == null)
{
- permissions.add(factoryMap.get(p.getType()).newPermission(p));
+ permissionsMap = getPermissionsMap();
+ }
+ Long id = ((PersistentJetspeedPrincipal)principal).getId();
+ Permissions permissions = permissionsMap.get(id);
+ if (permissions == null)
+ {
+ permissions = new Permissions();
+ List<PersistentJetspeedPermission> permList = (List<PersistentJetspeedPermission>)jpam.getPermissions((PersistentJetspeedPrincipal)principal);
+ for (PersistentJetspeedPermission p : permList)
+ {
+ permissions.add(factoryMap.get(p.getType()).newPermission(p));
+ }
+ permissionsMap.put(id, permissions);
+ }
+ for (Enumeration<Permission> e = permissions.elements(); e.hasMoreElements(); )
+ {
+ allPermissions.add(e.nextElement());
}
}
}
- return permissions;
+ return allPermissions;
}
+ @SuppressWarnings("unchecked")
public List<JetspeedPermission> getPermissions()
{
return (List<JetspeedPermission>)jpam.getPermissions();
}
+ @SuppressWarnings("unchecked")
public List<JetspeedPermission> getPermissions(String typeName)
{
return (List<JetspeedPermission>)jpam.getPermissions(typeName);
}
+ @SuppressWarnings("unchecked")
public List<JetspeedPermission> getPermissions(String typeName, String nameFilter)
{
return (List<JetspeedPermission>)jpam.getPermissions(typeName, nameFilter);
@@ -128,12 +175,12 @@
public List<JetspeedPrincipal> getPrincipals(JetspeedPermission permission)
{
- return jpam.getPrincipals(getPersistentJetspeedPermission(permission));
+ return jpam.getPrincipals(getPersistentJetspeedPermission(permission), null);
}
public List<JetspeedPrincipal> getPrincipals(JetspeedPermission permission, String principalType)
{
- return jpam.getPrincipals(getPersistentJetspeedPermission(permission));
+ return jpam.getPrincipals(getPersistentJetspeedPermission(permission), principalType);
}
public boolean permissionExists(JetspeedPermission permission)
@@ -149,40 +196,42 @@
public void updatePermission(JetspeedPermission permission) throws SecurityException
{
jpsm.updatePermission(getPersistentJetspeedPermission(permission));
+ permissionsCache.remove();
}
public void removePermission(JetspeedPermission permission) throws SecurityException
{
jpsm.removePermission(getPersistentJetspeedPermission(permission));
+ permissionsCache.remove();
}
- public void grantPermission(JetspeedPermission permission, JetspeedPrincipal principal)
+ public void grantPermission(JetspeedPermission permission, JetspeedPrincipal principal) throws SecurityException
{
- // TODO Auto-generated method stub
-
+ jpsm.grantPermission(getPersistentJetspeedPermission(permission), principal);
+ permissionsCache.remove();
}
- public void grantPermissionOnlyTo(JetspeedPermission permission, List<JetspeedPrincipal> principal)
+ public void grantPermissionOnlyTo(JetspeedPermission permission, List<JetspeedPrincipal> principals) throws SecurityException
{
- // TODO Auto-generated method stub
-
+ jpsm.grantPermissionOnlyTo(getPersistentJetspeedPermission(permission), null, principals);
+ permissionsCache.remove();
}
- public void grantPermissionOnlyTo(JetspeedPermission permission, String principalType, List<JetspeedPrincipal> principal)
+ public void grantPermissionOnlyTo(JetspeedPermission permission, String principalType, List<JetspeedPrincipal> principals) throws SecurityException
{
- // TODO Auto-generated method stub
-
+ jpsm.grantPermissionOnlyTo(getPersistentJetspeedPermission(permission), principalType, principals);
+ permissionsCache.remove();
}
- public void revokeAllPermissions(JetspeedPrincipal principal)
+ public void revokePermission(JetspeedPermission permission, JetspeedPrincipal principal) throws SecurityException
{
- // TODO Auto-generated method stub
-
+ jpsm.revokePermission(getPersistentJetspeedPermission(permission), principal);
+ permissionsCache.remove();
}
- public void revokePermission(JetspeedPermission permission, JetspeedPrincipal principal)
+ public void revokeAllPermissions(JetspeedPrincipal principal) throws SecurityException
{
- // TODO Auto-generated method stub
-
+ jpsm.revokeAllPermissions(principal);
+ permissionsCache.remove();
}
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionAccessManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionAccessManager.java?rev=700986&r1=700985&r2=700986&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionAccessManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionAccessManager.java Wed Oct 1 19:00:17 2008
@@ -34,5 +34,5 @@
List<? extends JetspeedPermission> getPermissions();
List<? extends JetspeedPermission> getPermissions(String type);
List<? extends JetspeedPermission> getPermissions(String type, String nameFilter);
- List<JetspeedPrincipal> getPrincipals(PersistentJetspeedPermission permission);
+ List<JetspeedPrincipal> getPrincipals(PersistentJetspeedPermission permission, String principalType);
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionStorageManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionStorageManager.java?rev=700986&r1=700985&r2=700986&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionStorageManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/JetspeedPermissionStorageManager.java Wed Oct 1 19:00:17 2008
@@ -32,7 +32,6 @@
void grantPermission(PersistentJetspeedPermission permission, JetspeedPrincipal principal) throws SecurityException;
void revokePermission(PersistentJetspeedPermission permission, JetspeedPrincipal principal) throws SecurityException;
- void grantPermissionOnlyTo(PersistentJetspeedPermission permission, List<JetspeedPrincipal> principal) throws SecurityException;
- void grantPermissionOnlyTo(PersistentJetspeedPermission permission, String principalType, List<JetspeedPrincipal> principal) throws SecurityException;
+ void grantPermissionOnlyTo(PersistentJetspeedPermission permission, String principalType, List<JetspeedPrincipal> principals) throws SecurityException;
void revokeAllPermissions(JetspeedPrincipal principal) throws SecurityException;
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalPermission.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalPermission.java?rev=700986&r1=700985&r2=700986&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalPermission.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalPermission.java Wed Oct 1 19:00:17 2008
@@ -19,8 +19,8 @@
import java.io.Serializable;
-import org.apache.jetspeed.security.JetspeedPermission;
import org.apache.jetspeed.security.JetspeedPrincipal;
+import org.apache.jetspeed.security.spi.PersistentJetspeedPermission;
/**
* @version $Id$
@@ -31,9 +31,9 @@
private static final long serialVersionUID = 1842368505096279355L;
@SuppressWarnings("unused")
- private JetspeedPrincipal principal;
+ private Long principalId;
@SuppressWarnings("unused")
- private JetspeedPermission permission;
+ private Long permissionId;
public JetspeedPrincipalPermission()
{
@@ -41,19 +41,9 @@
// as the only operations to be used are insert/delete, never update
}
- public JetspeedPrincipalPermission(JetspeedPrincipal principal, JetspeedPermission permission)
+ public JetspeedPrincipalPermission(JetspeedPrincipal principal, PersistentJetspeedPermission permission)
{
- this.principal = principal;
- this.permission = permission;
- }
-
- public JetspeedPrincipal getPrincipal()
- {
- return principal;
- }
-
- public JetspeedPermission getPermission()
- {
- return permission;
+ this.principalId = principal.getId();
+ this.permissionId = permission.getId();
}
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java?rev=700986&r1=700985&r2=700986&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedSecurityPersistenceManager.java Wed Oct 1 19:00:17 2008
@@ -97,6 +97,7 @@
//
// JetspeedPrincipalAccessManager interface implementation
//
+ @SuppressWarnings("unchecked")
public List<JetspeedPrincipal> getAssociatedFrom(String principalFromName, JetspeedPrincipalType from, JetspeedPrincipalType to, String associationName)
{
Criteria criteria = new Criteria();
@@ -107,6 +108,7 @@
return (List<JetspeedPrincipal>) getPersistenceBrokerTemplate().execute(new ManagedListByQueryCallback(query));
}
+ @SuppressWarnings("unchecked")
public List<JetspeedPrincipal> getAssociatedTo(String principalToName, JetspeedPrincipalType from, JetspeedPrincipalType to, String associationName)
{
Criteria criteria = new Criteria();
@@ -117,6 +119,7 @@
return (List<JetspeedPrincipal>) getPersistenceBrokerTemplate().execute(new ManagedListByQueryCallback(query));
}
+ @SuppressWarnings("unchecked")
public List<JetspeedPrincipal> getAssociatedFrom(Long principalFromId, JetspeedPrincipalType from, JetspeedPrincipalType to, String associationName)
{
Criteria criteria = new Criteria();
@@ -127,6 +130,7 @@
return (List<JetspeedPrincipal>) getPersistenceBrokerTemplate().execute(new ManagedListByQueryCallback(query));
}
+ @SuppressWarnings("unchecked")
public List<JetspeedPrincipal> getAssociatedTo(Long principalToId, JetspeedPrincipalType from, JetspeedPrincipalType to, String associationName)
{
Criteria criteria = new Criteria();
@@ -137,6 +141,7 @@
return (List<JetspeedPrincipal>) getPersistenceBrokerTemplate().execute(new ManagedListByQueryCallback(query));
}
+ @SuppressWarnings("unchecked")
public List<String> getAssociatedNamesFrom(String principalFromName, JetspeedPrincipalType from, JetspeedPrincipalType to, String associationName)
{
Criteria criteria = new Criteria();
@@ -153,6 +158,7 @@
return names;
}
+ @SuppressWarnings("unchecked")
public List<String> getAssociatedNamesFrom(Long principalFromId, JetspeedPrincipalType from, JetspeedPrincipalType to, String associationName)
{
Criteria criteria = new Criteria();
@@ -169,6 +175,7 @@
return names;
}
+ @SuppressWarnings("unchecked")
public List<String> getAssociatedNamesTo(String principalToName, JetspeedPrincipalType from, JetspeedPrincipalType to, String associationName)
{
Criteria criteria = new Criteria();
@@ -185,6 +192,7 @@
return names;
}
+ @SuppressWarnings("unchecked")
public List<String> getAssociatedNamesTo(Long principalToId, JetspeedPrincipalType from, JetspeedPrincipalType to, String associationName)
{
Criteria criteria = new Criteria();
@@ -215,6 +223,7 @@
return (JetspeedPrincipal)getPersistenceBrokerTemplate().getObjectByQuery(query);
}
+ @SuppressWarnings("unchecked")
public List<String> getPrincipalNames(String nameFilter, JetspeedPrincipalType type)
{
Criteria criteria = new Criteria();
@@ -233,6 +242,7 @@
return names;
}
+ @SuppressWarnings("unchecked")
public List<JetspeedPrincipal> getPrincipals(String nameFilter, JetspeedPrincipalType type)
{
Criteria criteria = new Criteria();
@@ -245,6 +255,7 @@
return (List<JetspeedPrincipal>) getPersistenceBrokerTemplate().execute(new ManagedListByQueryCallback(query));
}
+ @SuppressWarnings("unchecked")
public List<JetspeedPrincipal> getPrincipalsByAttribute(String attributeName, String attributeValue, JetspeedPrincipalType type)
{
Criteria criteria = new Criteria();
@@ -425,6 +436,7 @@
}
}
+ @SuppressWarnings("unchecked")
public List<PasswordCredential> getHistoricPasswordCredentials(User user)
{
Criteria criteria = new Criteria();
@@ -501,6 +513,7 @@
//
// JetspeedPermissionAccessManager interface implementation
//
+ @SuppressWarnings("unchecked")
public List<PersistentJetspeedPermission> getPermissions()
{
QueryByCriteria query = QueryFactory.newQuery(PersistentJetspeedPermissionImpl.class, new Criteria());
@@ -514,6 +527,7 @@
return getPermissions(type, null);
}
+ @SuppressWarnings("unchecked")
public List<PersistentJetspeedPermission> getPermissions(String type, String nameFilter)
{
Criteria criteria = new Criteria();
@@ -536,6 +550,7 @@
return getPersistenceBrokerTemplate().getCount(query) == 1;
}
+ @SuppressWarnings("unchecked")
public List<PersistentJetspeedPermission> getPermissions(PersistentJetspeedPrincipal principal)
{
Criteria criteria = new Criteria();
@@ -546,7 +561,8 @@
return (List<PersistentJetspeedPermission>) getPersistenceBrokerTemplate().execute(new ManagedListByQueryCallback(query));
}
- public List<JetspeedPrincipal> getPrincipals(PersistentJetspeedPermission permission)
+ @SuppressWarnings("unchecked")
+ public List<JetspeedPrincipal> getPrincipals(PersistentJetspeedPermission permission, String principalType)
{
Criteria criteria = new Criteria();
if (permission.getId() != null)
@@ -558,6 +574,10 @@
criteria.addEqualTo("permissions.permission.type", permission.getType());
criteria.addEqualTo("permissions.permission.name", permission.getName());
}
+ if (principalType != null)
+ {
+ criteria.addEqualTo("type", principalType);
+ }
QueryByCriteria query = QueryFactory.newQuery(PersistentJetspeedPrincipal.class, criteria);
query.addOrderByAscending("type");
query.addOrderByAscending("name");
@@ -610,7 +630,7 @@
current.setActions(permission.getActions());
try
{
- getPersistenceBrokerTemplate().store(permission);
+ getPersistenceBrokerTemplate().store(current);
}
catch (Exception pbe)
{
@@ -655,29 +675,176 @@
}
}
- public void grantPermission(PersistentJetspeedPermission permission, JetspeedPrincipal principal)
+ public void grantPermission(PersistentJetspeedPermission permission, JetspeedPrincipal principal) throws SecurityException
{
- // TODO Auto-generated method stub
+ if (permission.getId() == null)
+ {
+ Criteria criteria = new Criteria();
+ criteria.addEqualTo("type", permission.getType());
+ criteria.addEqualTo("name", permission.getName());
+ Query query = QueryFactory.newQuery(PersistentJetspeedPermissionImpl.class, criteria);
+ PersistentJetspeedPermission p = (PersistentJetspeedPermission)getPersistenceBrokerTemplate().getObjectByQuery(query);
+ if (p == null)
+ {
+ throw new SecurityException(SecurityException.PERMISSION_DOES_NOT_EXIST.create(permission.getName()));
+ }
+ permission = p;
+ }
+ grantPermission(permission, principal, true);
}
- public void grantPermissionOnlyTo(PersistentJetspeedPermission permission, List<JetspeedPrincipal> principal)
+ protected void grantPermission(PersistentJetspeedPermission permission, JetspeedPrincipal principal, boolean checkExists) throws SecurityException
{
- // TODO Auto-generated method stub
+ if (principal.isTransient() || principal.getId() == null)
+ {
+ JetspeedPrincipal p = getPrincipal(principal.getName(), principal.getType());
+ if (p == null)
+ {
+ throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(principal.getType().getName(), principal.getName()));
+ }
+ principal = p;
+ }
+ Criteria criteria = new Criteria();
+ criteria.addEqualTo("principalId", principal.getId());
+ criteria.addEqualTo("permissionId", permission.getId());
+ Query query = QueryFactory.newQuery(JetspeedPrincipalPermission.class,criteria);
+ if (!checkExists || getPersistenceBrokerTemplate().getCount(query) == 0)
+ {
+ try
+ {
+ getPersistenceBrokerTemplate().store(new JetspeedPrincipalPermission(principal, permission));
+ }
+ catch (Exception pbe)
+ {
+ KeyedMessage msg = SecurityException.UNEXPECTED.create("JetspeedSecurityPersistenceManager",
+ "grantPermission",
+ pbe.getMessage());
+ logger.error(msg, pbe);
+ throw new SecurityException(msg, pbe);
+ }
+ }
}
- public void grantPermissionOnlyTo(PersistentJetspeedPermission permission, String principalType, List<JetspeedPrincipal> principal)
+ @SuppressWarnings("unchecked")
+ public void grantPermissionOnlyTo(PersistentJetspeedPermission permission, String principalType, List<JetspeedPrincipal> principals) throws SecurityException
{
- // TODO Auto-generated method stub
+ if (permission.getId() == null)
+ {
+ Criteria criteria = new Criteria();
+ criteria.addEqualTo("type", permission.getType());
+ criteria.addEqualTo("name", permission.getName());
+ Query query = QueryFactory.newQuery(PersistentJetspeedPermissionImpl.class, criteria);
+ PersistentJetspeedPermission p = (PersistentJetspeedPermission)getPersistenceBrokerTemplate().getObjectByQuery(query);
+ if (p == null)
+ {
+ throw new SecurityException(SecurityException.PERMISSION_DOES_NOT_EXIST.create(permission.getName()));
+ }
+ permission = p;
+ }
+ Criteria criteria = new Criteria();
+ criteria.addEqualTo("permissions.permissionId", permission.getId());
+ if (principalType != null)
+ {
+ criteria.addEqualTo("type", principalType);
+ }
+ QueryByCriteria query = QueryFactory.newQuery(PersistentJetspeedPrincipal.class, criteria);
+ List<JetspeedPrincipal> currentList = (List<JetspeedPrincipal>) getPersistenceBrokerTemplate().execute(new ManagedListByQueryCallback(query));
+ List<JetspeedPrincipal> targetList = new ArrayList<JetspeedPrincipal>(principals);
+ for (Iterator<JetspeedPrincipal> i = currentList.iterator(); i.hasNext(); )
+ {
+ JetspeedPrincipal current = i.next();
+ for (Iterator<JetspeedPrincipal> j = targetList.iterator(); j.hasNext(); )
+ {
+ JetspeedPrincipal target = j.next();
+
+ if (principalType != null && !target.getType().getName().equals(principalType))
+ {
+ throw new SecurityException(SecurityException.UNEXPECTED.create("JetspeedSecurityPersistenceManager",
+ "grantPermissionOnlyTo",
+ "Specified "+target.getType().getName()+" principal: "+target.getName()+" is not of type: "+principalType));
+ }
+ if (current.getType().getName().equals(target.getType().getName()) && current.getName().equals(target.getName()))
+ {
+ j.remove();
+ current = null;
+ break;
+ }
+ }
+ if (current == null)
+ {
+ i.remove();
+ }
+ }
+ for (Iterator<JetspeedPrincipal> i = currentList.iterator(); i.hasNext(); )
+ {
+ revokePermission(permission, i.next());
+ }
+ for (Iterator<JetspeedPrincipal> i = targetList.iterator(); i.hasNext(); )
+ {
+ grantPermission(permission, i.next(), false);
+ }
}
- public void revokeAllPermissions(JetspeedPrincipal principal)
+ public void revokePermission(PersistentJetspeedPermission permission, JetspeedPrincipal principal) throws SecurityException
{
- // TODO Auto-generated method stub
+ Criteria criteria = new Criteria();
+ if (principal.isTransient() || principal.getId() == null)
+ {
+ criteria.addEqualTo("principal.type", principal.getType());
+ criteria.addEqualTo("principal.name", principal.getName());
+ }
+ else
+ {
+ criteria.addEqualTo("principalId", principal.getId());
+ }
+ if (permission.getId() == null)
+ {
+ criteria.addEqualTo("permission.type", permission.getType());
+ criteria.addEqualTo("permission.name", permission.getName());
+ }
+ else
+ {
+ criteria.addEqualTo("permissionId", permission.getId());
+ }
+ Query query = QueryFactory.newQuery(JetspeedPrincipalPermission.class,criteria);
+ try
+ {
+ getPersistenceBrokerTemplate().deleteByQuery(query);
+ }
+ catch (Exception pbe)
+ {
+ KeyedMessage msg = SecurityException.UNEXPECTED.create("JetspeedSecurityPersistenceManager",
+ "revokePermission",
+ pbe.getMessage());
+ logger.error(msg, pbe);
+ throw new SecurityException(msg, pbe);
+ }
}
-
- public void revokePermission(PersistentJetspeedPermission permission, JetspeedPrincipal principal)
+
+ public void revokeAllPermissions(JetspeedPrincipal principal) throws SecurityException
{
- // TODO Auto-generated method stub
+ Criteria criteria = new Criteria();
+ if (principal.isTransient() || principal.getId() == null)
+ {
+ criteria.addEqualTo("principal.type", principal.getType());
+ criteria.addEqualTo("principal.name", principal.getName());
+ }
+ else
+ {
+ criteria.addEqualTo("principalId", principal.getId());
+ }
+ Query query = QueryFactory.newQuery(JetspeedPrincipalPermission.class,criteria);
+ try
+ {
+ getPersistenceBrokerTemplate().deleteByQuery(query);
+ }
+ catch (Exception pbe)
+ {
+ KeyedMessage msg = SecurityException.UNEXPECTED.create("JetspeedSecurityPersistenceManager",
+ "revokeAllPermissions",
+ pbe.getMessage());
+ logger.error(msg, pbe);
+ throw new SecurityException(msg, pbe);
+ }
}
-
}
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PermissionManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PermissionManager.java?rev=700986&r1=700985&r2=700986&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PermissionManager.java (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-api/src/main/java/org/apache/jetspeed/security/PermissionManager.java Wed Oct 1 19:00:17 2008
@@ -45,7 +45,7 @@
void grantPermission(JetspeedPermission permission, JetspeedPrincipal principal) throws SecurityException;
void revokePermission(JetspeedPermission permission, JetspeedPrincipal principal) throws SecurityException;
- void grantPermissionOnlyTo(JetspeedPermission permission, List<JetspeedPrincipal> principal) throws SecurityException;
- void grantPermissionOnlyTo(JetspeedPermission permission, String principalType, List<JetspeedPrincipal> principal) throws SecurityException;
+ void grantPermissionOnlyTo(JetspeedPermission permission, List<JetspeedPrincipal> principals) throws SecurityException;
+ void grantPermissionOnlyTo(JetspeedPermission permission, String principalType, List<JetspeedPrincipal> principals) throws SecurityException;
void revokeAllPermissions(JetspeedPrincipal principal) throws SecurityException;
}
\ No newline at end of file
Modified: portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/ddl-schema/security-schema.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/ddl-schema/security-schema.xml?rev=700986&r1=700985&r2=700986&view=diff
==============================================================================
--- portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/ddl-schema/security-schema.xml (original)
+++ portals/jetspeed-2/portal/branches/security-refactoring/jetspeed-portal-resources/src/main/ddl-schema/security-schema.xml Wed Oct 1 19:00:17 2008
@@ -103,6 +103,10 @@
<column name="PERMISSION_TYPE" required="true" size="30" type="VARCHAR"/>
<column name="NAME" required="true" size="254" type="VARCHAR"/>
<column name="ACTIONS" required="true" size="254" type="VARCHAR"/>
+ <unique name="UIX_SECURITY_PERMISSION">
+ <unique-column name="PERMISSION_TYPE" />
+ <unique-column name="NAME" />
+ </unique>
</table>
<!--
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org