You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pluto-scm@portals.apache.org by dd...@apache.org on 2004/07/30 20:46:24 UTC
cvs commit: jakarta-pluto/container/src/java/org/apache/pluto/core/impl PortletRequestImpl.java
ddewolf 2004/07/30 11:46:23
Modified: container/src/java/org/apache/pluto/core/impl
PortletRequestImpl.java
Log:
Fixing Issue: PLUTO-46. isUserInRole now checks security-role-ref as declared in portlet.xml. Also including new test portlet page for testing security info like this.
Revision Changes Path
1.7 +33 -2 jakarta-pluto/container/src/java/org/apache/pluto/core/impl/PortletRequestImpl.java
Index: PortletRequestImpl.java
===================================================================
RCS file: /home/cvs/jakarta-pluto/container/src/java/org/apache/pluto/core/impl/PortletRequestImpl.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- PortletRequestImpl.java 19 Apr 2004 12:28:03 -0000 1.6
+++ PortletRequestImpl.java 30 Jul 2004 18:46:23 -0000 1.7
@@ -27,6 +27,7 @@
import java.util.Map;
import java.util.Set;
import java.util.Vector;
+import java.util.Locale;
import javax.portlet.PortalContext;
import javax.portlet.PortletMode;
@@ -40,6 +41,10 @@
import org.apache.pluto.core.InternalPortletRequest;
import org.apache.pluto.factory.PortletObjectAccess;
import org.apache.pluto.om.window.PortletWindow;
+import org.apache.pluto.om.common.SecurityRoleRef;
+import org.apache.pluto.om.common.SecurityRoleRefSet;
+import org.apache.pluto.om.entity.PortletEntity;
+import org.apache.pluto.om.portlet.PortletDefinition;
import org.apache.pluto.services.information.DynamicInformationProvider;
import org.apache.pluto.services.information.InformationProviderAccess;
import org.apache.pluto.services.property.PropertyManager;
@@ -258,9 +263,35 @@
return this._getHttpServletRequest().getUserPrincipal();
}
- public boolean isUserInRole(String role)
+ /**
+ * Determines whether a user is mapped to the specified
+ * role. As specified in PLT-20-3, we must reference
+ * the <security-role-ref> mappings within the
+ * deployment descriptor. If no mapping is available,
+ * then, and only then, do we check use the actual role
+ * name specified against the web application deployment
+ * descriptor.
+ *
+ * @param roleName the name of the role
+ * @return true if it is determined the user has the given role.
+ *
+ */
+ public boolean isUserInRole(String roleName)
{
- return this._getHttpServletRequest().isUserInRole(role);
+ PortletEntity entity = portletWindow.getPortletEntity();
+ PortletDefinition def = entity.getPortletDefinition();
+ SecurityRoleRefSet set = def.getInitSecurityRoleRefSet();
+ SecurityRoleRef ref = set.get(roleName);
+
+ String link = null;
+ if ( ref != null && ref.getRoleLink()!=null) {
+ link = ref.getRoleLink();
+ }
+ else {
+ link = roleName;
+ }
+
+ return this._getHttpServletRequest().isUserInRole(link);
}
public Object getAttribute(String name)