You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2005/10/28 08:16:39 UTC
svn commit: r329117 -
/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/tools/pamanager/PortletApplicationManager.java
Author: taylor
Date: Thu Oct 27 23:16:37 2005
New Revision: 329117
URL: http://svn.apache.org/viewcvs?rev=329117&view=rev
Log:
http://issues.apache.org/jira/browse/JS2-384
grant default permissions on deploy
revote them on undeploy
default permissions are configurable in the pam assembly
Modified:
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/tools/pamanager/PortletApplicationManager.java
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/tools/pamanager/PortletApplicationManager.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/tools/pamanager/PortletApplicationManager.java?rev=329117&r1=329116&r2=329117&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/tools/pamanager/PortletApplicationManager.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/tools/pamanager/PortletApplicationManager.java Thu Oct 27 23:16:37 2005
@@ -27,10 +27,13 @@
import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
import org.apache.jetspeed.om.common.servlet.MutableWebApplication;
import org.apache.jetspeed.search.SearchEngine;
+import org.apache.jetspeed.security.PermissionManager;
+import org.apache.jetspeed.security.PortletPermission;
+import org.apache.jetspeed.security.Role;
import org.apache.jetspeed.security.RoleManager;
import org.apache.jetspeed.util.FileSystemHelper;
import org.apache.jetspeed.util.descriptor.PortletApplicationWar;
-
+import org.apache.jetspeed.security.SecurityException;
import org.apache.pluto.om.common.SecurityRole;
import org.apache.pluto.om.entity.PortletEntity;
import org.apache.pluto.om.entity.PortletEntityCtrl;
@@ -38,8 +41,10 @@
import java.io.IOException;
+import java.security.Permission;
import java.util.Collection;
import java.util.Iterator;
+import java.util.List;
/**
* PortletApplicationManager
@@ -58,18 +63,26 @@
protected PortletWindowAccessor windowAccess;
protected SearchEngine searchEngine;
protected RoleManager roleManager;
+ protected PermissionManager permissionManager;
protected boolean autoCreateRoles;
+ protected List permissionRoles;
/**
* Creates a new PortletApplicationManager object.
*/
public PortletApplicationManager(PortletFactory portletFactory, PortletRegistry registry,
- PortletEntityAccessComponent entityAccess, PortletWindowAccessor windowAccess)
+ PortletEntityAccessComponent entityAccess, PortletWindowAccessor windowAccess,
+ PermissionManager permissionManager, SearchEngine searchEngine,
+ RoleManager roleManager, List permissionRoles)
{
this.portletFactory = portletFactory;
this.registry = registry;
this.entityAccess = entityAccess;
this.windowAccess = windowAccess;
+ this.permissionManager = permissionManager;
+ this.searchEngine = searchEngine;
+ this.roleManager = roleManager;
+ this.permissionRoles = permissionRoles;
}
public void setRoleManager(RoleManager roleManager)
@@ -275,6 +288,9 @@
log.info("Registered the portlet application in the search engine... " + paName);
}
+ // grant default permissions to portlet application
+ grantDefaultPermissions(paName);
+
if ( autoCreateRoles && roleManager != null && pa.getWebApplicationDefinition().getSecurityRoles() != null )
{
try
@@ -437,5 +453,60 @@
// todo keep (User)Prefs?
registry.removeApplication(pa);
+ revokeDefaultPermissions(pa.getName());
}
+
+ protected void grantDefaultPermissions(String paName)
+ {
+ try
+ {
+ // create a default permission for this portlet app, granting configured roles to the portlet application
+ Iterator roles = permissionRoles.iterator();
+ while (roles.hasNext())
+ {
+ String roleName = (String)roles.next();
+ Role userRole = roleManager.getRole(roleName);
+ if (userRole != null)
+ {
+ Permission permission = new PortletPermission(paName + "::*", "view, edit");
+ if (!permissionManager.permissionExists(permission))
+ {
+ permissionManager.addPermission(permission);
+ permissionManager.grantPermission(userRole.getPrincipal(), permission);
+ }
+ }
+ }
+ }
+ catch (SecurityException e)
+ {
+ log.error("Error granting default permissions for " + paName, e);
+ }
+ }
+
+ protected void revokeDefaultPermissions(String paName)
+ {
+ try
+ {
+ Iterator roles = permissionRoles.iterator();
+ while (roles.hasNext())
+ {
+ String roleName = (String)roles.next();
+ Role userRole = roleManager.getRole(roleName);
+ if (userRole != null)
+ {
+ Permission permission = new PortletPermission(paName + "::*", "view, edit");
+ if (permissionManager.permissionExists(permission))
+ {
+ permissionManager.removePermission(permission);
+ }
+
+ }
+ }
+ }
+ catch (SecurityException e)
+ {
+ log.error("Error revoking default permissions for " + paName, e);
+ }
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org