You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by dl...@apache.org on 2004/05/08 18:17:23 UTC
cvs commit: jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security GroupManager.java RoleManager.java SecurityHelper.java
dlestrat 2004/05/08 09:17:23
Modified: components/security/src/java/org/apache/jetspeed/security
GroupManager.java RoleManager.java
SecurityHelper.java
Log:
Modified Security service to support declarative security. Declarative security
prevents using "/" in declared security roles. To support declarative security,
hierarchical principals are now expressed as {principal}.{subprincipal}.
Revision Changes Path
1.3 +26 -22 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/GroupManager.java
Index: GroupManager.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/GroupManager.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- GroupManager.java 25 Mar 2004 21:39:55 -0000 1.2
+++ GroupManager.java 8 May 2004 16:17:23 -0000 1.3
@@ -20,7 +20,10 @@
* <p>Describes the service interface for managing groups.</p>
* <p>Group hierarchy elements are being returned as a {@link Group}
* collection. The backing implementation must appropriately map
- * the group hierarchy to a preferences sub-tree.</p>
+ * the group hierarchy to a preferences sub-tree.</p>
+ * <p>The convention {principal}.{subprincipal} has been chosen to name
+ * groups hierachies. Implementation follow the conventions enforced
+ * by the Preferences API.</p>
* @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
*/
public interface GroupManager
@@ -28,41 +31,42 @@
/**
* <p>Add a new group.</p>
- * <p>Group principal names are relative to the /group node.</p>
+ * <p>Group principal names are expressed as {principal}.{subprincipal} where
+ * "." is the separator expressing the hierarchical nature of a group.</p>
* <p>Group principal path names are stored leveraging the {@link Preferences}
* api. Groups will be stored under /group/theGroupName/theGroupNameChild
- * when given the full path name /theGroupName/theGroupNameChild.
- * @param groupFullPathName The group name full path relative to the
- * /group node (e.g. /theGroupName/theGroupNameChild).
+ * when given the full path name theGroupName.theGroupNameChild.
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupNameChild).
* @throws Throws a security exception.
*/
void addGroup(String groupFullPathName) throws SecurityException;
/**
* <p>Remove a group.</p>
- * <p>Group principal names are relative to the {@link Preferences}
- * /group node.</p>
+ * <p>Group principal names are expressed as {principal}.{subprincipal} where
+ * "." is the separator expressing the hierarchical nature of a group.</p>
* <p>Group principal path names are stored leveraging the {@link Preferences}
* api. Groups will be stored under /group/theGroupName/theGroupNameChild
- * when given the full path name /theGroupName/theGroupNameChild.
- * @param groupFullPathName The group name full path relative to the
- * /group node. (e.g. /theGroupName/theGroupNameChild)
+ * when given the full path name theGroupName.theGroupNameChild.
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupNameChild)
* @throws Throws a security exception.
*/
void removeGroup(String groupFullPathName) throws SecurityException;
/**
* <p>Whether or not a group exists.</p>
- * @param groupFullPathName The group name full path relative to the
- * /group node. (e.g. /theGroupName/theGroupNameChild)
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupNameChild)
* @return Whether or not a group exists.
*/
boolean groupExists(String groupFullPathName);
/**
* <p>Get a group {@link Group} for a given group full path name.
- * @param groupFullPathName The group name full path relative to the
- * /group node (e.g. /theGroupName/theGroupChildName).
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupChildName).
* @return The {@link Preferences} node.
* @throws Throws security exception if the group does not exist.
*/
@@ -79,8 +83,8 @@
/**
* <p>A collection of {@link User} for a specific group.</p>
- * @param groupFullPathName The group name full path relative to the
- * /group node (e.g. /theGroupName/theGroupChildName).
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupChildName).
* @return A collection of {@link User}.
* @throws Throws security exception if the group does not exist.
*/
@@ -89,8 +93,8 @@
/**
* <p>Add a user to a group.</p>
* @param username The user name.
- * @param groupFullPathName The group name full path relative to the
- * /group node (e.g. /theGroupName/theGroupChildName).
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupChildName).
* @throws Throws a security exception.
*/
void addUserToGroup(String username, String groupFullPathName) throws SecurityException;
@@ -98,8 +102,8 @@
/**
* <p>Remove a user from a group.</p>
* @param username The user name.
- * @param groupFullPathName The group name full path relative to the
- * /group node (e.g. /theGroupName/theGroupChildName).
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupChildName).
* @throws Throws a security exception.
*/
void removeUserFromGroup(String username, String groupFullPathName) throws SecurityException;
@@ -107,8 +111,8 @@
/**
* <p>Whether or not a user is in a group.</p>
* @param username The user name.
- * @param groupFullPathName The group name full path relative to the
- * /group node (e.g. /theGroupName/theGroupChildName).
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupChildName).
* @return Whether or not a user is in a group.
* @throws Throws security exception if the user or group does not exist.
*/
1.3 +41 -36 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/RoleManager.java
Index: RoleManager.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/RoleManager.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- RoleManager.java 25 Mar 2004 21:39:55 -0000 1.2
+++ RoleManager.java 8 May 2004 16:17:23 -0000 1.3
@@ -21,6 +21,9 @@
* <p>Role hierarchy elements are being returned as a {@link Role}
* collection. The backing implementation must appropriately map
* the role hierarchy to a preferences sub-tree.</p>
+ * <p>The convention {principal}.{subprincipal} has been chosen to name
+ * roles hierachies in order to support declarative security. Implementation
+ * follow the conventions enforced by the preferences API.</p>
* @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
*/
public interface RoleManager
@@ -28,40 +31,42 @@
/**
* <p>Add a new role.</p>
- * <p>Role principal names are relative to the /role node.</p>
+ * <p>Role principal names are expressed as {principal}.{subprincipal} where
+ * "." is the separator expressing the hierarchical nature of a role.</p>
* <p>Role principal path names are stored leveraging the {@link Preferences}
* api. Roles will be stored under /role/theGroupName/theGroupNameChild
- * when given the full path name /theRoleName/theRoleNameChild.
- * @param roleFullPathName The role name full path relative to the
- * /role node (e.g. /theRoleName/theRoleNameChild).
+ * when given the full path name theRoleName.theRoleNameChild.
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleNameChild).
* @throws Throws a security exception if the role already exists.
*/
void addRole(String roleFullPathName) throws SecurityException;
/**
* <p>Remove a given role and all the children of that role.</p>
- * <p>Role principal names are relative to the /role node.</p>
+ * <p>Role principal names are expressed as {principal}.{subprincipal} where
+ * "." is the separator expressing the hierarchical nature of a role.</p>
* <p>Role principal path names are stored leveraging the {@link Preferences}
* api. Roles will be stored under /role/theGroupName/theGroupNameChild
- * when given the full path name /theRoleName/theRoleNameChild.
- * @param roleFullPathName The role name full path relative to the
- * /role node (e.g. /theRoleName/theRoleNameChild).
+ * when given the full path name theRoleName.theRoleNameChild.
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleNameChild).
* @throws Throws a security exception.
*/
void removeRole(String roleFullPathName) throws SecurityException;
/**
* <p>Whether or not a role exists.</p>
- * @param roleFullPathName The role name full path relative to the
- * /role node. (e.g. /theRoleName/theRoleNameChild)
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleNameChild).
* @return Whether or not a role exists.
*/
boolean roleExists(String roleFullPathName);
/**
* <p>Get a role {@link Role} for a given role full path name.
- * @param roleFullPathName The role name full path relative to the
- * /role node (e.g. /theRoleName/theRoleChildName).
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleNameChild).
* @return The {@link Preferences} node.
* @throws Throws a security exception if the role does not exist.
*/
@@ -79,8 +84,8 @@
/**
* <p>A collection of {@link User} for all the users
* in a specific role.</p>
- * @param roleFullPathName The role full path relative to
- * the /role node (e.g. /theRoleName/theRoleChildName)..
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleNameChild).
* @return A Collection of {@link User}.
* @throws Throws a security exception if the role does not exist.
*/
@@ -88,9 +93,9 @@
/**
* <p>A collection of {@link Role} for all the roles
- * associated to a specific group.
- * @param groupFullPathName The group full path relative to the
- * /group node (e.g. /theGroupName/theGroupChildName).
+ * associated to a specific group.</p>
+ * @param groupFullPathName The group full path
+ * (e.g. theGroupName.theGroupChildName).
* @return A Collection of {@link Role}.
* @throws Throws a security exception if the group does not exist.
*/
@@ -98,9 +103,9 @@
/**
* <p>A collection of {@link Group} for all the groups
- * in a specific role.
- * @param roleFullPathName The role full path relative to
- * the /role node (e.g. /theRoleName/theRoleChildName)..
+ * in a specific role.</p>
+ * @param roleFullPathName The role full path
+ * (e.g. theRoleName.theRoleChildName)..
* @return A Collection of {@link Group}.
* @throws Throws a security exception if the role does not exist.
*/
@@ -109,8 +114,8 @@
/**
* <p>Add a role to a user.</p>
* @param username The user name.
- * @param roleFullPathName The role name full path relative to the
- * /role node (e.g. /theRoleName/theRoleChildName).
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleChildName).
* @throws Throws a security exception if the role or the user do not exist.
*/
void addRoleToUser(String username, String roleFullPathName) throws SecurityException;
@@ -127,8 +132,8 @@
/**
* <p>Whether or not a user is in a role.</p>
* @param username The user name.
- * @param roleFullPathName The role name full path relative to the
- * /role node (e.g. /theRoleName/theRoleChildName).
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleChildName).
* @return Whether or not a user is in a role.
* @throws Throws a security exception if the role or the user does not exist.
*/
@@ -136,30 +141,30 @@
/**
* <p>Add a role to a group.</p>
- * @param roleFullPathName The role full path relative to the
- * /role node (e.g. /theRoleName/theRoleChildName).
- * @param groupFullPathName The group name full path relative to the
- * /group node (e.g. /theGroupName/theGroupChildName).
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleChildName).
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupChildName).
* @throws Throws a security exception.
*/
void addRoleToGroup(String roleFullPathName, String groupFullPathName) throws SecurityException;
/**
* <p>Remove a role from a group.</p>
- * @param roleFullPathName The role full path relative to the
- * /role node (e.g. /theRoleName/theRoleChildName).
- * @param groupFullPathName The group name full path relative to the
- * /group node (e.g. /theGroupName/theGroupChildName).
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleChildName).
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupChildName).
* @throws Throws a security exception.
*/
void removeRoleFromGroup(String roleFullPathName, String groupFullPathName) throws SecurityException;
/**
* <p>Whether or not a role is in a group.</p>
- * @param groupFullPathName The group name full path relative to the
- * /group node (e.g. /theGroupName/theGroupChildName).
- * @param roleFullPathName The role full path relative to the
- * /role node (e.g. /theRoleName/theRoleChildName).
+ * @param groupFullPathName The group name full path
+ * (e.g. theGroupName.theGroupChildName).
+ * @param roleFullPathName The role name full path
+ * (e.g. theRoleName.theRoleChildName).
* @return Whether or not a role is in a group.
* @throws Throws a security exception if the role or the group does not exist.
*/
1.2 +8 -2 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/SecurityHelper.java
Index: SecurityHelper.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/SecurityHelper.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SecurityHelper.java 10 Mar 2004 06:08:50 -0000 1.1
+++ SecurityHelper.java 8 May 2004 16:17:23 -0000 1.2
@@ -85,7 +85,13 @@
return principal;
}
- public static String getPrincipalFullPath(Principal principal)
+ /**
+ * <p>Utility method used to retrieve the Preferences API absolute/full
+ * path from a given principal.</p>
+ * @param principal The principal.
+ * @return The Preferences absolute/full path.
+ */
+ public static String getPreferencesFullPath(Principal principal)
{
if ((UserPrincipal.class).isInstance(principal))
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org