You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by pa...@apache.org on 2002/06/01 22:29:06 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine TestAccessController.java TurbineAccessController.java
paulsp 2002/06/01 13:29:06
Modified: src/java/org/apache/jetspeed/services/security Tag:
security_14 PortalAccessController.java
src/java/org/apache/jetspeed/services Tag: security_14
JetspeedPortalAccessController.java
src/java/org/apache/jetspeed/services/security/turbine Tag:
security_14 TestAccessController.java
TurbineAccessController.java
Added: src/java/org/apache/jetspeed/services/security Tag:
security_14 PortalResource.java
Log:
Add support for authorization on PortalResources, i.e. parameters.
Revision Changes Path
No revision
No revision
1.1.2.3 +15 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/PortalAccessController.java
Index: PortalAccessController.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/PortalAccessController.java,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- PortalAccessController.java 27 May 2002 13:04:25 -0000 1.1.2.2
+++ PortalAccessController.java 1 Jun 2002 20:29:05 -0000 1.1.2.3
@@ -58,6 +58,7 @@
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.profile.Entry;
import org.apache.jetspeed.portal.Portlet;
+import org.apache.jetspeed.services.security.PortalResource;
// Turbine imports
import org.apache.turbine.services.Service;
@@ -70,7 +71,7 @@
*
*
* @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
- * @version $Id: PortalAccessController.java,v 1.1.2.2 2002/05/27 13:04:25 paulsp Exp $
+ * @version $Id: PortalAccessController.java,v 1.1.2.3 2002/06/01 20:29:05 paulsp Exp $
*/
public interface PortalAccessController extends Service
@@ -116,6 +117,19 @@
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, int resourceType, String resource, String action);
+
+ /**
+ * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
+ * the given resource. If the user does not have
+ * sufficient privilege to perform the action on the resource, the check returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param resources requesting an action
+ * @param action the secured action to be performed on the resource by the user.
+ * @return boolean true if the user has sufficient privilege.
+ */
+ public boolean checkPermission(JetspeedUser user, PortalResource resource, String action);
}
No revision
No revision
1.1.2.1 +193 -0 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/PortalResource.java
No revision
No revision
1.1.2.2 +6 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/services/Attic/JetspeedPortalAccessController.java
Index: JetspeedPortalAccessController.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/Attic/JetspeedPortalAccessController.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- JetspeedPortalAccessController.java 27 May 2002 13:04:24 -0000 1.1.2.1
+++ JetspeedPortalAccessController.java 1 Jun 2002 20:29:05 -0000 1.1.2.2
@@ -59,6 +59,7 @@
import org.apache.jetspeed.om.profile.Entry;
import org.apache.jetspeed.portal.Portlet;
import org.apache.jetspeed.services.security.PortalAccessController;
+import org.apache.jetspeed.services.security.PortalResource;
// Turbine
import org.apache.turbine.services.TurbineServices;
@@ -67,7 +68,7 @@
* Static accessor for the PortalAccessController service
*
* @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
- * @version $Id: JetspeedPortalAccessController.java,v 1.1.2.1 2002/05/27 13:04:24 paulsp Exp $
+ * @version $Id: JetspeedPortalAccessController.java,v 1.1.2.2 2002/06/01 20:29:05 paulsp Exp $
*/
public abstract class JetspeedPortalAccessController
{
@@ -100,6 +101,10 @@
public static boolean checkPermission(JetspeedUser user, int resourceType, String resource, String action)
{
return getService().checkPermission(user, resourceType, resource, action);
+ }
+ public static boolean checkPermission(JetspeedUser user, PortalResource resource, String action)
+ {
+ return getService().checkPermission(user, resource, action);
}
}
No revision
No revision
1.1.2.4 +71 -43 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TestAccessController.java
Index: TestAccessController.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TestAccessController.java,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -r1.1.2.3 -r1.1.2.4
--- TestAccessController.java 29 May 2002 04:15:08 -0000 1.1.2.3
+++ TestAccessController.java 1 Jun 2002 20:29:05 -0000 1.1.2.4
@@ -72,10 +72,18 @@
import org.apache.jetspeed.om.profile.psml.PsmlRole;
import org.apache.jetspeed.om.profile.psml.PsmlSkin;
import org.apache.jetspeed.om.security.JetspeedUser;
+import org.apache.jetspeed.om.registry.base.BaseSecurity;
+import org.apache.jetspeed.om.registry.base.BasePortletEntry;
+import org.apache.jetspeed.om.registry.base.BaseParameter;
+import org.apache.jetspeed.om.registry.Parameter;
+import org.apache.jetspeed.om.registry.PortletEntry;
+import org.apache.jetspeed.om.registry.Security;
+
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.JetspeedPortalAccessController;
import org.apache.jetspeed.services.Profiler;
import org.apache.jetspeed.services.resources.JetspeedResources;
+import org.apache.jetspeed.services.security.PortalResource;
// Turbine imports
import org.apache.turbine.services.TurbineServices;
@@ -92,7 +100,7 @@
* TestAccessController
*
* @author <a href="paulsp@apache.org">Paul Spencer</a>
- * @version $Id: TestAccessController.java,v 1.1.2.3 2002/05/29 04:15:08 paulsp Exp $
+ * @version $Id: TestAccessController.java,v 1.1.2.4 2002/06/01 20:29:05 paulsp Exp $
*/
public class TestAccessController extends TestCase
{
@@ -150,49 +158,7 @@
assertNotNull( "Getting turbine user", JetspeedSecurity.getUser("turbine"));
assertNotNull( "Getting anonymous user", JetspeedSecurity.getAnonymousUser());
}
-
- public void xtestCreateTestPSML() throws Exception
- {
- Portlets rootPortletSet = null;
- ProfileLocator currentLocator = null;
- ProfileLocator newLocator = null;
- PsmlController controller = null;
- PsmlPortlets portlets = null;
- PsmlSkin skin = null;
-
- // Create the RunData object to be used during testing.
- newLocator = new BaseProfileLocator();
- newLocator.setGroupByName(TEST_GROUP);
- newLocator.setName(TEST_SECURITY_PAGE);
-
- // Create portlet set
- portlets = new PsmlPortlets();
- controller = new PsmlController();
- controller.setName("RowController");
- portlets.setController(controller);
- skin = new PsmlSkin();
- skin.setName("orange-red");
- portlets.setSkin(skin);
- rootPortletSet = portlets;
-
- portlets = new PsmlPortlets();
- // Add entries
- portlets.addEntry( createEntry("HelloVelocity", "ST_01.all"));
- portlets.addEntry( createEntry("SkinBrowser", "ST_01.user"));
- portlets.addEntry( createEntry("GlobalAdminPortlet", "ST_01.admin"));
- rootPortletSet.addPortlets(portlets);
-
- Profile newProfile = Profiler.createProfile(newLocator, rootPortletSet);
- PSMLDocument doc = newProfile.getDocument();
- // System.out.println("doc = " + doc.getName());
-
- // this only works with the default configuration (Castor/Filebased)
- File file = new File(doc.getName());
- assertTrue(file.exists());
- //file.delete();
- }
-
public void testRequiredActions() throws Exception
{
JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin");
@@ -223,6 +189,68 @@
assertEquals( "Turbine user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view"));
assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view"));
assertEquals( "null user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, allEntry, "view"));
+ }
+
+ public void testRegistryActions() throws Exception
+ {
+ JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin");
+ assertNotNull( "Getting admin user", adminUser);
+ adminUser.setHasLoggedIn(Boolean.TRUE);
+
+ JetspeedUser turbineUser = (JetspeedUser) JetspeedSecurity.getUser("turbine");
+ assertNotNull( "Getting turbine user", turbineUser);
+ turbineUser.setHasLoggedIn(Boolean.TRUE);
+
+ JetspeedUser anonymousUser = (JetspeedUser) JetspeedSecurity.getAnonymousUser();
+ assertNotNull( "Getting anonymous user", anonymousUser);
+ // Create security objects
+ Security adminSecurity = new BaseSecurity("admin");
+ assertNotNull( "Have admin security", adminSecurity);
+ Security userSecurity = new BaseSecurity("user");
+ assertNotNull( "Have user security", userSecurity);
+
+ PortletEntry userPortletEntry = new BasePortletEntry();
+ assertNotNull( "Have userPortletEntry", userPortletEntry);
+ userPortletEntry.setName( USER_PORTLET);
+ userPortletEntry.setSecurity( userSecurity);
+ Parameter adminParam = new BaseParameter();
+ assertNotNull( "Have adminParameter", adminParam);
+ adminParam.setName("AdminParam");
+ adminParam.setValue("adminValue");
+ adminParam.setSecurity(adminSecurity);
+ userPortletEntry.addParameter(adminParam);
+
+ Parameter userParam = new BaseParameter();
+ assertNotNull( "Have userParameter", userParam);
+ userParam.setName("UserParam");
+ userParam.setValue("userValue");
+ userParam.setSecurity(userSecurity);
+ userPortletEntry.addParameter(userParam);
+ assertEquals( "Admin user customize access to admin parameter", true, JetspeedPortalAccessController.checkPermission( adminUser, new PortalResource( userPortletEntry, adminParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
+ assertEquals( "Turbine user customize access to admin parameter", false, JetspeedPortalAccessController.checkPermission( turbineUser, new PortalResource( userPortletEntry, adminParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
+ assertEquals( "Admin user customize access to admin parameter", true, JetspeedPortalAccessController.checkPermission( adminUser, new PortalResource( userPortletEntry, userParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
+ assertEquals( "Turbine user customize access to admin parameter", true, JetspeedPortalAccessController.checkPermission( turbineUser, new PortalResource( userPortletEntry, userParam), JetspeedSecurity.PERMISSION_CUSTOMIZE));
+
+/*
+ RegistryEntry adminEntry = createRegistryEntry( ADMIN_PORTLET, "ST_01.admin");
+ RegistryEntry userEntry = createRegistryEntry( USER_PORTLET, "ST_01.user");
+ RegistryEntry allEntry = createRegistryEntry( ALL_PORTLET, "ST_01.all");
+
+ assertEquals( "Admin user has view access to " + ADMIN_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, adminEntry, "view"));
+ assertEquals( "Turbine user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry, "view"));
+ assertEquals( "Anonymous user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, adminEntry, "view"));
+ assertEquals( "null user DOES NOT have view access to " + ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, adminEntry, "view"));
+
+ assertEquals( "Admin user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, userEntry, "view"));
+ assertEquals( "Turbine user has view access to " + USER_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, userEntry, "view"));
+ assertEquals( "Anonymous user DOES NOT have view access to " + USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser, userEntry, "view"));
+ assertEquals( "null user DOES NOT have view access to " + USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, userEntry, "view"));
+
+ assertEquals( "Admin user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( adminUser, allEntry, "view"));
+ assertEquals( "Turbine user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view"));
+ assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view"));
+ assertEquals( "null user has view access to " + ALL_PORTLET, true, JetspeedPortalAccessController.checkPermission( (JetspeedUser) null, allEntry, "view"));
+*/
}
/*
* Setup Turbine environment
1.1.2.3 +43 -11 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAccessController.java
Index: TurbineAccessController.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAccessController.java,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- TurbineAccessController.java 27 May 2002 13:04:25 -0000 1.1.2.2
+++ TurbineAccessController.java 1 Jun 2002 20:29:05 -0000 1.1.2.3
@@ -69,6 +69,7 @@
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.services.security.PortalAccessController;
+import org.apache.jetspeed.services.security.PortalResource;
// Turbine imports
import org.apache.turbine.services.TurbineBaseService;
@@ -80,14 +81,14 @@
* TurbineAccessController
*
* @author <a href="paulsp@apache.org">Paul Spencer</a>
- * @version $Id: TurbineAccessController.java,v 1.1.2.2 2002/05/27 13:04:25 paulsp Exp $
+ * @version $Id: TurbineAccessController.java,v 1.1.2.3 2002/06/01 20:29:05 paulsp Exp $
*/
public class TurbineAccessController extends TurbineBaseService
implements PortalAccessController
{
private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN = "services.JetspeedSecurity.permission.default.loggedin";
private final static String CONFIG_DEFAULT_PERMISSION_ANONYMOUS = "services.JetspeedSecurity.permission.default.anonymous";
-
+
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given resource of the specified resource type. If the user does not have
@@ -165,6 +166,31 @@
/**
+ * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
+ * the given resource. If the user does not have
+ * sufficient privilege to perform the action on the resource, the check returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param resources requesting an action
+ * @param action the secured action to be performed on the resource by the user.
+ * @return boolean true if the user has sufficient privilege.
+ */
+ public boolean checkPermission(JetspeedUser user, PortalResource resource, String action)
+ {
+ switch (resource.getResourceType())
+ {
+ case PortalResource.TYPE_ENTRY:
+ return checkPermission(user, resource.getEntry(), action);
+ case PortalResource.TYPE_REGISTRY:
+ return checkPermission(user, resource.getRegistryEntry(), action);
+ case PortalResource.TYPE_REGISTRY_PARAMETER:
+ return checkPermission(user, resource.getRegistryParameter(), action);
+ }
+ return false;
+ }
+
+ /**
* Checks if the user has access to a given portlet for the given action
*
* @param user the requesting user.
@@ -182,7 +208,7 @@
String securityRole = security.getRole();
if (null == securityRole)
return checkDefaultPermission( user, action);
-
+
// determine if Portlet has specified role
try
{
@@ -194,7 +220,7 @@
}
if (null == acl)
return false;
-
+
if (!acl.hasRole( securityRole, JetspeedSecurity.JETSPEED_GROUP ))
return false;
@@ -218,7 +244,7 @@
* @exception Sends a RegistryException if the manager can't add
* the provided entry
*/
- private boolean checkPermission(JetspeedUser user, String action)
+ private boolean checkPermission(JetspeedUser user, String action)
{
AccessControlList acl = null;
// determine if user has specified role
@@ -246,20 +272,25 @@
return true;
}
-
+
private boolean checkDefaultPermission(JetspeedUser user, String action)
{
String defaultPermissions[] = null;
- try {
- if ( (user == null) || !user.hasLoggedIn() ) {
+ try
+ {
+ if ( (user == null) || !user.hasLoggedIn() )
+ {
defaultPermissions = JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_ANONYMOUS);
- } else {
+ } else
+ {
defaultPermissions = JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_LOGGEDIN);
}
- } catch (Exception e) {
+ } catch (Exception e)
+ {
e.printStackTrace();
}
- for (int i = 0; i < defaultPermissions.length; i++) {
+ for (int i = 0; i < defaultPermissions.length; i++)
+ {
if (defaultPermissions[i].equals("*"))
return true;
if (defaultPermissions[i].equals(action))
@@ -288,4 +319,5 @@
setInit(true);
}
+
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>