You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2008/11/19 23:37:21 UTC
svn commit: r719102 [2/2] - in
/lenya/sandbox/access_control_redesign/src/modules-core/ac/java: src/
src/org/apache/lenya/ac/attr/ src/org/apache/lenya/ac/attr/antlr/
src/org/apache/lenya/ac/attr/impl/ src/org/apache/lenya/ac/file/
src/org/apache/lenya...
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/AnonymousAuthenticator.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/AnonymousAuthenticator.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/AnonymousAuthenticator.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/AnonymousAuthenticator.java Wed Nov 19 14:37:20 2008
@@ -23,18 +23,21 @@
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Authenticator;
import org.apache.lenya.ac.Identity;
-import org.apache.lenya.ac.User;
-
+import org.apache.lenya.ac.ManagedUserReference;
+import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
/**
- * The anonymous authenticator authenticates to an anonymous user with no password
- * (you just have to add a user named 'anonymous' with an arbitrary password and the permissions
- * you'd like via the admin screen). This is useful in conjunction with client certificates.
- * @version $Id$
+ * The anonymous authenticator authenticates to an anonymous user with no
+ * password (you just have to add a user named 'anonymous' with an arbitrary
+ * password and the permissions you'd like via the admin screen). This is useful
+ * in conjunction with client certificates.
+ *
+ * @version $Id: AnonymousAuthenticator.java 473861 2006-11-12 03:51:14Z gregor
+ * $
*/
public class AnonymousAuthenticator extends AbstractLogEnabled implements Authenticator {
-
/**
* @see org.apache.lenya.ac.Authenticator#authenticate(org.apache.lenya.ac.AccreditableManager,
* org.apache.cocoon.environment.Request)
@@ -42,39 +45,34 @@
public boolean authenticate(AccreditableManager accreditableManager, Request request)
throws AccessControlException {
- String username = "anonymous";
+ String username = "anonymous";
if (getLogger().isDebugEnabled()) {
- getLogger().debug(
- "Authenticating username [" + username + "]");
+ getLogger().debug("Authenticating username [" + username + "]");
}
- Identity identity = (Identity) request.getSession(false).getAttribute(Identity.class.getName());
-
- User user = accreditableManager.getUserManager().getUser(username);
+ Identity identity = (Identity) request.getSession(false).getAttribute(
+ Identity.class.getName());
+ UserManager userManager = accreditableManager.getUserManager();
boolean authenticated = false;
- if (user != null) {
+ if (userManager.contains(username)) {
if (getLogger().isDebugEnabled()) {
- getLogger().debug("User [" + user + "] authenticated.");
+ getLogger().debug("User [" + username + "] authenticated.");
}
- if (!identity.contains(user)) {
- User oldUser = identity.getUser();
- if (oldUser != null) {
- if (getLogger().isDebugEnabled()) {
- getLogger().debug("Removing user [" + oldUser + "] from identity.");
- }
- identity.removeIdentifiable(oldUser);
+ UserReference oldUser = identity.getUserReference();
+ if (oldUser != null) {
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug("Removing user [" + oldUser + "] from identity.");
}
- identity.addIdentifiable(user);
+ identity.removeIdentifiable(oldUser);
}
+ identity.addIdentifiable(new ManagedUserReference(username, accreditableManager.getId()));
authenticated = true;
} else {
if (getLogger().isDebugEnabled()) {
- if (user == null) {
- getLogger().debug("No such user: [" + username + "]");
- }
+ getLogger().debug("No such user: [" + username + "]");
getLogger().debug("User [" + username + "] not authenticated.");
}
}
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/DefaultAccessController.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/DefaultAccessController.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/DefaultAccessController.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/DefaultAccessController.java Wed Nov 19 14:37:20 2008
@@ -47,8 +47,8 @@
import org.apache.lenya.ac.AccreditableManagerFactory;
import org.apache.lenya.ac.Authenticator;
import org.apache.lenya.ac.Authorizer;
-import org.apache.lenya.ac.IPRange;
import org.apache.lenya.ac.Identity;
+import org.apache.lenya.ac.IdentityImpl;
import org.apache.lenya.ac.Item;
import org.apache.lenya.ac.ItemManagerListener;
import org.apache.lenya.ac.Machine;
@@ -141,7 +141,7 @@
Identity identity = (Identity) session.getAttribute(Identity.class.getName());
Role[] roles;
- if (identity.belongsTo(this.accreditableManager)) {
+ if (identity.belongsToAccreditableManager(this.accreditableManager.getId())) {
roles = this.policyManager.getGrantedRoles(this.accreditableManager, identity, webappUrl);
} else {
roles = new Role[0];
@@ -397,7 +397,7 @@
* @throws AccessControlException when something went wrong.
*/
public boolean ownsIdenity(Identity identity) throws AccessControlException {
- return identity.belongsTo(getAccreditableManager());
+ return identity.belongsToAccreditableManager(getAccreditableManager().getId());
}
/**
@@ -406,8 +406,7 @@
public void setupIdentity(Request request) throws AccessControlException {
Session session = request.getSession(true);
if (!hasValidIdentity(session)) {
- Identity identity = new Identity(getLogger());
- identity.initialize();
+ Identity identity = new IdentityImpl(getAccreditableManager().getId(), getLogger());
String remoteAddress = request.getRemoteAddr();
String clientAddress = request.getHeader("x-forwarded-for");
@@ -423,13 +422,6 @@
getLogger().info("Remote Address to use: [" + remoteAddress + "]");
Machine machine = new Machine(remoteAddress);
- IPRange[] ranges = this.accreditableManager.getIPRangeManager().getIPRanges();
- for (int i = 0; i < ranges.length; i++) {
- if (ranges[i].contains(machine)) {
- machine.addIPRange(ranges[i]);
- }
- }
-
identity.addIdentifiable(machine);
session.setAttribute(Identity.class.getName(), identity);
}
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/DefaultPolicy.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/DefaultPolicy.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/DefaultPolicy.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/DefaultPolicy.java Wed Nov 19 14:37:20 2008
@@ -29,6 +29,7 @@
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.Accreditable;
+import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Credential;
import org.apache.lenya.ac.Identity;
import org.apache.lenya.ac.ModifiablePolicy;
@@ -72,13 +73,11 @@
}
/**
- * Removes a role from this policy for a certain accreditable and a certain
- * role.
+ * Removes a role from this policy for a certain accreditable and a certain role.
*
* @param accreditable An accreditable.
* @param role A role.
- * @throws AccessControlException if the accreditable-role pair is not
- * contained.
+ * @throws AccessControlException if the accreditable-role pair is not contained.
*/
public void removeRole(Accreditable accreditable, Role role) throws AccessControlException {
assert accreditable != null;
@@ -154,8 +153,7 @@
* Removes all roles for a certain accreditable.
*
* @param accreditable The accreditable to remove all roles for.
- * @throws AccessControlException If no credential exists for this
- * accreditable.
+ * @throws AccessControlException If no credential exists for this accreditable.
*/
public void removeRoles(Accreditable accreditable) throws AccessControlException {
Credential[] credentials = getCredentials();
@@ -167,8 +165,9 @@
}
}
- public Credential[] getCredentials(Identity identity) throws AccessControlException {
- Accreditable[] accreditables = identity.getAccreditables();
+ public Credential[] getCredentials(Identity identity, AccreditableManager accrMgr)
+ throws AccessControlException {
+ Accreditable[] accreditables = identity.getAccreditables(accrMgr);
Credential[] credentials = getCredentials();
Set returnCredential = new LinkedHashSet();
for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
@@ -205,12 +204,13 @@
moveRole(accreditable, role, false);
}
- public int check(Identity identity, Role role) throws AccessControlException {
+ public int check(Identity identity, Role role, AccreditableManager mgr)
+ throws AccessControlException {
Credential[] credentials = getCredentials();
for (int i = credentials.length - 1; i >= 0; i--) {
- if (matches(identity, credentials[i].getAccreditable())
+ if (matches(identity, credentials[i].getAccreditable(), mgr)
&& credentials[i].getRole().equals(role)) {
- if (credentials[i].getMethod().equals(CredentialImpl.GRANT)) {
+ if (credentials[i].getMethod().equals(Credential.GRANT)) {
return Policy.RESULT_GRANTED;
} else {
return Policy.RESULT_DENIED;
@@ -220,8 +220,8 @@
return Policy.RESULT_NOT_MATCHED;
}
- protected boolean matches(Identity identity, Accreditable accreditable) {
- Accreditable[] accrs = identity.getAccreditables();
+ protected boolean matches(Identity identity, Accreditable accreditable, AccreditableManager mgr) {
+ Accreditable[] accrs = identity.getAccreditables(mgr);
return Arrays.asList(accrs).contains(accreditable);
}
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/PolicyBuilder.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/PolicyBuilder.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/PolicyBuilder.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/PolicyBuilder.java Wed Nov 19 14:37:20 2008
@@ -132,7 +132,7 @@
CredentialImpl credential = new CredentialImpl(accreditable, role);
String method = roleElements[j].getAttribute(METHOD_ATTRIBUTE);
// If method is not set, we assume DENY
- if (method.length() == 0) method = CredentialImpl.DENY;
+ if (method.length() == 0) method = Credential.DENY;
credential.setMethod(method);
policy.addCredential(credential);
}
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/URLPolicy.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/URLPolicy.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/URLPolicy.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/URLPolicy.java Wed Nov 19 14:37:20 2008
@@ -33,24 +33,19 @@
import org.apache.lenya.ac.Role;
/**
- * A policy at a certain URL. The final policy is computed by merging the
- * subtree policies of all ancestor-or-self directories with the URL policy of
- * the actual URL.
+ * A policy at a certain URL. The final policy is computed by merging the subtree policies of all
+ * ancestor-or-self directories with the URL policy of the actual URL.
*/
public class URLPolicy implements Policy {
/**
* Returns the resulting policy for a certain URL.
*
- * @param controller
- * The acccess controller.
- * @param _url
- * The URL.
- * @param manager
- * The policy manager.
+ * @param controller The acccess controller.
+ * @param _url The URL.
+ * @param manager The policy manager.
*/
- public URLPolicy(AccreditableManager controller, String _url,
- InheritingPolicyManager manager) {
+ public URLPolicy(AccreditableManager controller, String _url, InheritingPolicyManager manager) {
assert _url != null;
this.url = _url;
@@ -72,49 +67,46 @@
private Credential[] credentials = null;
/**
- * Obtains the policies from the policy manager. This method is expensive
- * and therefore only called when needed.
+ * Obtains the policies from the policy manager. This method is expensive and therefore only
+ * called when needed.
*
- * @throws AccessControlException
- * when something went wrong.
+ * @throws AccessControlException when something went wrong.
*/
protected void obtainPolicies() throws AccessControlException {
if (this.policies == null) {
- this.policies = getPolicyManager().getPolicies(
- getAccreditableManager(), getUrl());
+ this.policies = getPolicyManager().getPolicies(getAccreditableManager(), getUrl());
}
}
/**
- * Obtains the credentials from the policy manager. This method is expensive
- * and therefore only called when needed.
+ * Obtains the credentials from the policy manager. This method is expensive and therefore only
+ * called when needed.
*
- * @throws AccessControlException
- * when something went wrong.
+ * @throws AccessControlException when something went wrong.
*/
protected void obtainCredentials() throws AccessControlException {
if (this.credentials == null) {
- this.credentials = getPolicyManager().getCredentials(
- getAccreditableManager(), getUrl());
+ this.credentials = getPolicyManager()
+ .getCredentials(getAccreditableManager(), getUrl());
}
}
static final String[] VISITOR_ROLES = { "visitor", "visit" };
- static final String[] ADMINISTRATOR_ROLES = { "administrator", "admin",
- "organize" };
+ static final String[] ADMINISTRATOR_ROLES = { "administrator", "admin", "organize" };
static final String[] AUTHOR_ROLES = { "author", "edit" };
/**
- * @see org.apache.lenya.ac.Policy#check(org.apache.lenya.ac.Identity, org.apache.lenya.ac.Role)
- * Iterate the policy tree bottom-up.
+ * @see org.apache.lenya.ac.Policy#check(org.apache.lenya.ac.Identity, org.apache.lenya.ac.Role,
+ * AccreditableManager) Iterate the policy tree bottom-up.
*/
- public int check(Identity identity, Role role) throws AccessControlException {
+ public int check(Identity identity, Role role, AccreditableManager mgr)
+ throws AccessControlException {
obtainPolicies();
-
+
for (int i = 0; i < this.policies.length; i++) {
- int result = this.policies[i].check(identity, role);
+ int result = this.policies[i].check(identity, role, mgr);
if (result == Policy.RESULT_GRANTED || result == Policy.RESULT_DENIED) {
return result;
}
@@ -125,14 +117,11 @@
/**
* Returns the visitor role.
*
- * @param manager
- * The accreditable manager.
+ * @param manager The accreditable manager.
* @return A role.
- * @throws AccessControlException
- * when something went wrong.
+ * @throws AccessControlException when something went wrong.
*/
- public static Role getVisitorRole(AccreditableManager manager)
- throws AccessControlException {
+ public static Role getVisitorRole(AccreditableManager manager) throws AccessControlException {
Role visitorRole = null;
for (int i = 0; i < VISITOR_ROLES.length; i++) {
Role role = manager.getRoleManager().getRole(VISITOR_ROLES[i]);
@@ -146,18 +135,15 @@
/**
* Returns the administrator role.
*
- * @param manager
- * The accreditable manager.
+ * @param manager The accreditable manager.
* @return A role.
- * @throws AccessControlException
- * when something went wrong.
+ * @throws AccessControlException when something went wrong.
*/
public static Role getAdministratorRole(AccreditableManager manager)
throws AccessControlException {
Role administratorRole = null;
for (int i = 0; i < ADMINISTRATOR_ROLES.length; i++) {
- Role role = manager.getRoleManager()
- .getRole(ADMINISTRATOR_ROLES[i]);
+ Role role = manager.getRoleManager().getRole(ADMINISTRATOR_ROLES[i]);
if (role != null) {
administratorRole = role;
}
@@ -168,14 +154,11 @@
/**
* Returns the author role.
*
- * @param manager
- * The accreditable manager.
+ * @param manager The accreditable manager.
* @return A role.
- * @throws AccessControlException
- * when something went wrong.
+ * @throws AccessControlException when something went wrong.
*/
- public static Role getAuthorRole(AccreditableManager manager)
- throws AccessControlException {
+ public static Role getAuthorRole(AccreditableManager manager) throws AccessControlException {
Role administratorRole = null;
for (int i = 0; i < AUTHOR_ROLES.length; i++) {
Role role = manager.getRoleManager().getRole(AUTHOR_ROLES[i]);
@@ -214,8 +197,7 @@
}
/**
- * The URL policy requires SSL protection if one of its member policies
- * requires SSL protection.
+ * The URL policy requires SSL protection if one of its member policies requires SSL protection.
*
* @see org.apache.lenya.ac.Policy#isSSLProtected()
*/
@@ -255,19 +237,18 @@
for (int accrIndex = 0; accrIndex < this.credentials.length; accrIndex++) {
credentials.add(this.credentials[accrIndex]);
}
- return (Credential[]) credentials.toArray(new Credential[credentials
- .size()]);
+ return (Credential[]) credentials.toArray(new Credential[credentials.size()]);
}
- public Credential[] getCredentials(Identity identity)
+ public Credential[] getCredentials(Identity identity, AccreditableManager mgr)
throws AccessControlException {
- Accreditable[] accreditables = identity.getAccreditables();
+ Accreditable[] accreditables = identity.getAccreditables(mgr);
Credential[] credentials = getCredentials();
Set returnCredential = new LinkedHashSet();
for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
Credential credential = credentials[credIndex];
-
+
for (int accrIndex = 0; accrIndex < accreditables.length; accrIndex++) {
Accreditable accreditable = accreditables[accrIndex];
@@ -277,8 +258,7 @@
}
}
- return (Credential[]) returnCredential
- .toArray(new Credential[returnCredential.size()]);
+ return (Credential[]) returnCredential.toArray(new Credential[returnCredential.size()]);
}
}
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/UserAuthenticator.java Wed Nov 19 14:37:20 2008
@@ -24,7 +24,10 @@
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Authenticator;
import org.apache.lenya.ac.Identity;
+import org.apache.lenya.ac.ManagedUserReference;
import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
/**
* User authenticator.
@@ -96,7 +99,8 @@
protected boolean authenticate(AccreditableManager accreditableManager, String username,
String password, Identity identity) throws AccessControlException {
- User user = accreditableManager.getUserManager().getUser(username);
+ UserManager userManager = accreditableManager.getUserManager();
+ User user = userManager.getUser(username);
if (getLogger().isDebugEnabled()) {
getLogger().debug("Authenticating user: [" + user + "]");
}
@@ -107,16 +111,14 @@
getLogger().debug("User [" + user + "] authenticated.");
}
- if (!identity.contains(user)) {
- User oldUser = identity.getUser();
- if (oldUser != null) {
- if (getLogger().isDebugEnabled()) {
- getLogger().debug("Removing user [" + oldUser + "] from identity.");
- }
- identity.removeIdentifiable(oldUser);
+ UserReference oldUser = identity.getUserReference();
+ if (oldUser != null) {
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug("Removing user [" + oldUser + "] from identity.");
}
- identity.addIdentifiable(user);
+ identity.removeIdentifiable(oldUser);
}
+ identity.addIdentifiable(new ManagedUserReference(user.getId(), accreditableManager.getId()));
authenticated = true;
} else {
if (getLogger().isDebugEnabled()) {
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/cms/ac/SitemapPolicyManager.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/cms/ac/SitemapPolicyManager.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/cms/ac/SitemapPolicyManager.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/cms/ac/SitemapPolicyManager.java Wed Nov 19 14:37:20 2008
@@ -157,7 +157,7 @@
Set grantedRoles = new HashSet();
Policy policy = getPolicy(accreditableManager, url);
for (int i = 0; i < roles.length; i++) {
- if (policy.check(identity, roles[i]) == Policy.RESULT_GRANTED) {
+ if (policy.check(identity, roles[i], accreditableManager) == Policy.RESULT_GRANTED) {
grantedRoles.add(roles[i]);
}
}
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/cms/cocoon/components/modules/input/AccessControlModule.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/cms/cocoon/components/modules/input/AccessControlModule.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/cms/cocoon/components/modules/input/AccessControlModule.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/src/org/apache/lenya/cms/cocoon/components/modules/input/AccessControlModule.java Wed Nov 19 14:37:20 2008
@@ -46,6 +46,7 @@
import org.apache.lenya.ac.Role;
import org.apache.lenya.ac.User;
import org.apache.lenya.ac.UserManager;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.cms.ac.PolicyUtil;
import org.apache.lenya.util.ServletHelper;
@@ -156,7 +157,7 @@
if (identity != null) {
if (name.equals(USER_ID)) {
- User currentUser = identity.getUser();
+ UserReference currentUser = identity.getUserReference();
if (currentUser != null) {
value = currentUser.getId();
}
@@ -236,14 +237,18 @@
protected User getUser(Request request, String[] parameters, Identity identity)
throws ConfigurationException {
User user = null;
+ UserManager userManager = (UserManager) getItemManager(request, USER_MANAGER);
if (parameters.length == 1) {
if (identity != null) {
- user = identity.getUser();
+ UserReference ref = identity.getUserReference();
+ if (ref != null) {
+ String id = ref.getId();
+ user = userManager.getUser(id);
+ }
}
} else {
String userId = parameters[1];
if (!userId.equals("")) {
- UserManager userManager = (UserManager) getItemManager(request, USER_MANAGER);
user = userManager.getUser(userId);
}
}
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/test/org/apache/lenya/ac/impl/IdentityTest.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/test/org/apache/lenya/ac/impl/IdentityTest.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/test/org/apache/lenya/ac/impl/IdentityTest.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/test/org/apache/lenya/ac/impl/IdentityTest.java Wed Nov 19 14:37:20 2008
@@ -19,6 +19,8 @@
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Identity;
+import org.apache.lenya.ac.IdentityImpl;
+import org.apache.lenya.ac.ManagedUserReference;
import org.apache.lenya.ac.User;
/**
@@ -37,12 +39,13 @@
* @throws AccessControlException if an error occurs
*/
public void testIdentity() throws AccessControlException {
- Identity identity = new Identity(getLogger());
- User user = getAccessController().getAccreditableManager().getUserManager().getUser(USER_ID);
+ AccreditableManager mgr = getAccessController().getAccreditableManager();
+ Identity identity = new IdentityImpl(mgr.getId(), getLogger());
+ User user = mgr.getUserManager().getUser(USER_ID);
getLogger().info("Adding user to identity: [" + user + "]");
- identity.addIdentifiable(user);
+ identity.addIdentifiable(new ManagedUserReference(user.getId(), mgr.getId()));
- assertSame(user, identity.getUser());
+ assertSame(user.getId(), identity.getUserReference().getId());
}
/**
@@ -57,17 +60,17 @@
User testUser = testMgr.getUserManager().getUser(userId);
User defaultUser = defaultMgr.getUserManager().getUser(userId);
- Identity testIdentity = new Identity(getLogger());
- testIdentity.addIdentifiable(testUser);
+ Identity testIdentity = new IdentityImpl(testMgr.getId(), getLogger());
+ testIdentity.addIdentifiable(new ManagedUserReference(testUser.getId(), testMgr.getId()));
- Identity defaultIdentity = new Identity(getLogger());
- defaultIdentity.addIdentifiable(defaultUser);
+ Identity defaultIdentity = new IdentityImpl(defaultMgr.getId(), getLogger());
+ defaultIdentity.addIdentifiable(new ManagedUserReference(defaultUser.getId(), defaultMgr.getId()));
- assertTrue(testIdentity.belongsTo(testMgr));
- assertTrue(defaultIdentity.belongsTo(defaultMgr));
+ assertTrue(testIdentity.belongsToAccreditableManager(testMgr.getId()));
+ assertTrue(defaultIdentity.belongsToAccreditableManager(defaultMgr.getId()));
- assertTrue(testIdentity.belongsTo(defaultMgr));
- assertTrue(defaultIdentity.belongsTo(testMgr));
+ assertTrue(testIdentity.belongsToAccreditableManager(defaultMgr.getId()));
+ assertTrue(defaultIdentity.belongsToAccreditableManager(testMgr.getId()));
}
}
Modified: lenya/sandbox/access_control_redesign/src/modules-core/ac/java/test/org/apache/lenya/ac/impl/PolicyTest.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/modules-core/ac/java/test/org/apache/lenya/ac/impl/PolicyTest.java?rev=719102&r1=719101&r2=719102&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/modules-core/ac/java/test/org/apache/lenya/ac/impl/PolicyTest.java (original)
+++ lenya/sandbox/access_control_redesign/src/modules-core/ac/java/test/org/apache/lenya/ac/impl/PolicyTest.java Wed Nov 19 14:37:20 2008
@@ -52,7 +52,7 @@
getLogger().info("Roles: ");
for (int i = 0; i < allRoles.length; i++) {
- int result = policy.check(getIdentity(), allRoles[i]);
+ int result = policy.check(getIdentity(), allRoles[i], getAccreditableManager());
if (result == Policy.RESULT_GRANTED) {
getLogger().info(allRoles[i].getId() + ": granted");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org