You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by dl...@apache.org on 2006/01/28 20:09:59 UTC
svn commit: r373218 [1/2] - in /portals/jetspeed-2/trunk:
applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/
applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/
commons/src/java/org/apache/jetspeed/security/ compo...
Author: dlestrat
Date: Sat Jan 28 11:09:33 2006
New Revision: 373218
URL: http://svn.apache.org/viewcvs?rev=373218&view=rev
Log:
Committing contribution from David Jencks.
For detail, see https://issues.apache.org/jira/browse/JS2-475.
Modified:
portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java
portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java
portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java
portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java
portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java
portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java
portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/psml/AbstractNode.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/impl/DatabasePageManager.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/psml/CastorXmlPageManager.java
portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/TestCastorXmlPageManager.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/PortletAggregatorFragmentImpl.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/AddPortletAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/BasePortletAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPageAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPagesAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPortletsAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/MovePortletAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityPathBehavior.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/RemovePortletAction.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/velocity/PageActionAccess.java
portals/jetspeed-2/trunk/components/portal/src/test/resources/assembly/test-layout-api.xml
portals/jetspeed-2/trunk/components/registry/src/test/org/apache/jetspeed/components/portletentity/TestPortletEntityDAO.java
portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/om/common/SecuredResource.java
Modified: portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java (original)
+++ portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java Sat Jan 28 11:09:33 2006
@@ -15,52 +15,34 @@
*/
package org.apache.jetspeed.portlets.customizer;
-import java.io.File;
import java.io.IOException;
-import java.io.Serializable;
-import java.sql.Types;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
+import java.security.AccessControlException;
+import java.security.AccessController;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
-import java.util.Map;
-import java.util.ResourceBundle;
-import javax.portlet.ActionRequest;
-import javax.portlet.ActionResponse;
import javax.portlet.PortletConfig;
import javax.portlet.PortletContext;
import javax.portlet.PortletException;
-import javax.portlet.PortletRequest;
-import javax.portlet.PortletResponse;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.security.auth.Subject;
import org.apache.jetspeed.CommonPortletServices;
+import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.PortalReservedParameters;
import org.apache.jetspeed.components.portletregistry.PortletRegistry;
-import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
import org.apache.jetspeed.page.PageManager;
import org.apache.jetspeed.portlets.PortletInfo;
import org.apache.jetspeed.portlets.pam.PortletApplicationResources;
import org.apache.jetspeed.request.RequestContext;
-import org.apache.jetspeed.search.ParsedObject;
-import org.apache.jetspeed.search.SearchEngine;
-import org.apache.jetspeed.security.PermissionManager;
import org.apache.jetspeed.security.PortletPermission;
-import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.User;
-import org.apache.jetspeed.security.UserManager;
-import org.apache.portals.bridges.frameworks.model.ModelBean;
import org.apache.portals.bridges.velocity.AbstractVelocityMessagingPortlet;
import org.apache.portals.gems.util.StatusMessage;
-import org.apache.portals.gems.util.ValidationHelper;
import org.apache.portals.messaging.PortletMessaging;
import org.apache.velocity.context.Context;
@@ -73,7 +55,6 @@
public class CustomizerPortlet extends AbstractVelocityMessagingPortlet
{
protected PortletRegistry registry;
- protected PermissionManager permissionManager;
protected PageManager pageManager;
public void init(PortletConfig config)
@@ -86,11 +67,6 @@
{
throw new PortletException("Failed to find the Portlet Registry on portlet initialization");
}
- permissionManager = (PermissionManager)context.getAttribute(CommonPortletServices.CPS_PERMISSION_MANAGER);
- if (null == permissionManager)
- {
- throw new PortletException("Failed to find the Permission Manager on portlet initialization");
- }
pageManager = (PageManager)context.getAttribute(CommonPortletServices.CPS_PAGE_MANAGER_COMPONENT);
if (null == pageManager)
{
@@ -154,14 +130,14 @@
// SECURITY filtering
String uniqueName = appName + "::" + portlet.getName();
- if (subject != null)
+ try
+ {
+ AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), JetspeedActions.MASK_VIEW));
+ list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale), portlet.getDescriptionText(locale)));
+ }
+ catch (AccessControlException ace)
{
- if (permissionManager.checkPermission(subject,
- new PortletPermission(portlet.getUniqueName(),
- SecuredResource.VIEW_ACTION, subject )))
- {
- list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale), portlet.getDescriptionText(locale)));
- }
+ //continue
}
}
this.publishRenderMessage(request, PORTLET_LIST, list);
Modified: portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java (original)
+++ portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java Sat Jan 28 11:09:33 2006
@@ -15,6 +15,8 @@
package org.apache.jetspeed.portlets.selector;
import java.io.IOException;
+import java.security.AccessControlException;
+import java.security.AccessController;
import java.sql.Types;
import java.util.ArrayList;
import java.util.Collection;
@@ -35,9 +37,9 @@
import javax.security.auth.Subject;
import org.apache.jetspeed.CommonPortletServices;
+import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.PortalReservedParameters;
import org.apache.jetspeed.components.portletregistry.PortletRegistry;
-import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
import org.apache.jetspeed.portlets.PortletInfo;
@@ -45,7 +47,6 @@
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.search.ParsedObject;
import org.apache.jetspeed.search.SearchEngine;
-import org.apache.jetspeed.security.PermissionManager;
import org.apache.jetspeed.security.PortletPermission;
import org.apache.portals.gems.browser.BrowserIterator;
import org.apache.portals.gems.browser.BrowserPortlet;
@@ -67,7 +68,6 @@
protected PortletRegistry registry;
protected SearchEngine searchEngine;
- protected PermissionManager permissionManager;
public void init(PortletConfig config)
throws PortletException
@@ -83,11 +83,6 @@
if (null == searchEngine)
{
throw new PortletException("Failed to find the Search Engine on portlet initialization");
- }
- permissionManager = (PermissionManager)context.getAttribute(CommonPortletServices.CPS_PERMISSION_MANAGER);
- if (null == permissionManager)
- {
- throw new PortletException("Failed to find the Permission Manager on portlet initialization");
}
}
@@ -261,19 +256,19 @@
// SECURITY filtering
String uniqueName = appName + "::" + portlet.getName();
- if (subject != null)
+ try
{
- if (permissionManager.checkPermission(subject,
- new PortletPermission(portlet.getUniqueName(),
- SecuredResource.VIEW_ACTION, subject )))
+ AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), JetspeedActions.MASK_VIEW));
+ String name = portlet.getDisplayNameText(locale);
+ if (name == null)
{
- String name = portlet.getDisplayNameText(locale);
- if (name == null)
- {
- name = portlet.getName();
- }
- list.add(new PortletInfo(uniqueName, name, portlet.getDescriptionText(locale)));
+ name = portlet.getName();
}
+ list.add(new PortletInfo(uniqueName, name, portlet.getDescriptionText(locale)));
+ }
+ catch (AccessControlException ace)
+ {
+ //continue
}
}
BrowserIterator iterator = new PortletIterator(
Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java Sat Jan 28 11:09:33 2006
@@ -15,36 +15,26 @@
package org.apache.jetspeed.security;
import java.security.Permission;
-import java.security.PermissionCollection;
-import java.util.StringTokenizer;
-
-import javax.security.auth.Subject;
-
-//import org.apache.commons.logging.Log;
-//import org.apache.commons.logging.LogFactory;
-import org.apache.jetspeed.JetspeedActions;
-import org.apache.jetspeed.security.PortalResourcePermission;
-import org.apache.jetspeed.security.PortalResourcePermissionCollection;
/**
* <p>Folder permission.</p>
* <p>This code was partially inspired from:</p>
* <ul>
- * <li>The article : <a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- * Extend JAAS for class instance-level authorization.</a></li>
- * <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
+ * <li>The article : <a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
+ * <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
* </ul>
- *
+ * <p/>
* This class represents access to a portal content/folder or document. A FolderPermission consists
* of a pathname and a set of actions valid for that pathname.
- * <P>
+ * <p/>
* Pathname is the pathname of the folder or document granted the specified
* actions. A pathname that ends in "/*" (where "/" is
- * the separator character) indicates all the folders and documents contained in that folder.
+ * the separator character) indicates all the folders and documents contained in that folder.
* A pathname that ends with "/-" indicates (recursively) all documents
* and subfolders contained in that directory. A pathname consisting of
* the special token "<<ALL FILES>>" matches <b>any</b> folder or document.
- * <P>
+ * <p/>
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
* @author <a href="mailto:christophe.lombart@sword-technologies.com">Christophe Lombart</a>
@@ -52,241 +42,203 @@
*/
public class FolderPermission extends PortalResourcePermission
{
- public static final char RECURSIVE_CHAR = '-';
- public static final char WILD_CHAR = '*';
- public static final String WILD_CHAR_STR = new String(new char[]{WILD_CHAR});
- public static final char FOLDER_SEPARATOR = '/';
- public static final String FOLDER_SEPARATOR_STR = new String(new char[]{FOLDER_SEPARATOR});
-
- //private final static Log log = LogFactory.getLog(FolderPermission.class);
-
- // does path indicate a folder? (wildcard or recursive)
- private transient boolean folder;
-
- // is it a recursive directory specification?
- private transient boolean recursive;
-
- private transient String cpath;
-
- /**
- * <p>Constructor for FolderPermission.</p>
- * @param name The portlet name.
- * @param actions The actions on the portlet.
- */
- public FolderPermission(String name, String actions)
- {
- this(name, actions, null);
- }
-
- /**
- * <p>Constructor for FolderPermission.</p>
- * @param name The portlet name.
- * @param actions The actions on the portlet.
- */
- public FolderPermission(String name, String actions, Subject subject)
- {
- super(name, actions, subject);
- parseActions(actions);
- this.subject = subject;
- }
-
-
- /**
- * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
- * @see java.security.Permission#newPermissionCollection()
- */
- public PermissionCollection newPermissionCollection()
- {
- return new PortalResourcePermissionCollection();
- }
-
- /**
- * <p>Parses the actions string.</p>
- * <p>Actions are separated by commas or white space.</p>
- * @param actions The actions
- */
- private void parseActions(String actions)
- {
- mask = 0;
- if (actions != null)
- {
- StringTokenizer tokenizer = new StringTokenizer(actions, ",\t ");
- while (tokenizer.hasMoreTokens())
- {
- String token = tokenizer.nextToken();
- if (token.equals(JetspeedActions.VIEW))
- mask |= JetspeedActions.MASK_VIEW;
- else if (token.equals(JetspeedActions.VIEW) || token.equals(JetspeedActions.RESTORE))
- mask |= JetspeedActions.MASK_VIEW;
- else if (token.equals(JetspeedActions.EDIT))
- mask |= JetspeedActions.MASK_EDIT;
- else if (token.equals(JetspeedActions.MINIMIZE))
- mask |= JetspeedActions.MASK_MINIMIZE;
- else if (token.equals(JetspeedActions.MAXIMIZE))
- mask |= JetspeedActions.MASK_MAXIMIZE;
- else if (token.equals(JetspeedActions.HELP))
- mask |= JetspeedActions.MASK_HELP;
- else if (token.equals(JetspeedActions.SECURE))
- mask |= JetspeedActions.MASK_SECURE;
- else
- throw new IllegalArgumentException("Unknown action: " + token);
- }
- }
-
- if ((cpath = getName()) == null)
- throw new NullPointerException("name can't be null");
-
- if (cpath.equals("<<ALL FILES>>"))
- {
- folder = true;
- recursive = true;
- cpath = "";
- return;
- }
- int len = cpath.length();
-
- if (len == 0)
- {
- throw new IllegalArgumentException("invalid folder reference");
- }
-
- char last = cpath.charAt(len - 1);
-
- if (last == RECURSIVE_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR))
- {
- folder = true;
- recursive = true;
- cpath = cpath.substring(0, --len);
- }
- else if (last == WILD_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR))
- {
- folder = true;
- //recursive = false;
- cpath = cpath.substring(0, --len);
- }
- }
-
- /**
- * Checks if this FolderPermission object "implies" the specified permission.
- * <P>
- * More specifically, this method returns true if:<p>
- * <ul>
- * <li> <i>p</i> is an instanceof FolderPermission,<p>
- * <li> <i>p</i>'s actions are a proper subset of this
- * object's actions, and <p>
- * <li> <i>p</i>'s pathname is implied by this object's
- * pathname. For example, "/tmp/*" implies "/tmp/foo", since
- * "/tmp/*" encompasses the "/tmp" folder and all subfolders or documents in that
- * directory, including the one named "foo".
- * </ul>
- * @param p the permission to check against.
- *
- * @return true if the specified permission is implied by this object,
- * false if not.
- */
- public boolean implies(Permission p)
- {
- if (!(p instanceof FolderPermission))
- {
- return false;
- }
-
- FolderPermission that = (FolderPermission) p;
- return ((this.mask & that.mask) == that.mask) && impliesIgnoreMask(that);
- }
-
- /**
- * Checks if the Permission's actions are a proper subset of the
- * this object's actions. Returns the effective mask iff the
- * this FolderPermission's path also implies that FolderPermission's path.
- *
- * @param that the FolderPermission to check against.
- * @return the effective mask
- */
- boolean impliesIgnoreMask(FolderPermission that)
- {
- if (this.folder)
- {
- if (this.recursive)
- {
- // make sure that.path is longer then path so
- // something like /foo/- does not imply /foo
- if (that.folder)
- {
- return (that.cpath.length() >= this.cpath.length()) && that.cpath.startsWith(this.cpath);
- }
- else
- {
- return ((that.cpath.length() > this.cpath.length()) && that.cpath.startsWith(this.cpath));
- }
- }
- else
- {
- if (that.folder)
- {
- // if the permission passed in is a folder
- // specification, make sure that a non-recursive
- // permission (i.e., this object) can't imply a recursive
- // permission.
- if (that.recursive)
- return false;
- else
- return (this.cpath.equals(that.cpath));
- }
- else
- {
- int last = that.cpath.lastIndexOf(FOLDER_SEPARATOR);
- if (last == -1)
- return false;
- else
- {
- // this.cpath.equals(that.cpath.substring(0, last+1));
- // Use regionMatches to avoid creating new string
-
- return (this.cpath.length() == (last + 1)) && this.cpath.regionMatches(0, that.cpath, 0, last + 1);
- }
- }
- }
- }
- else
- {
- return (this.cpath.equals(that.cpath));
- }
- }
-
- /**
- * Checks two FolderPermission objects for equality. Checks that <i>obj</i> is
- * a FolderPermission, and has the same pathname and actions as this object.
- * <P>
- * @param obj the object we are testing for equality with this object.
- * @return true if obj is a FolderPermission, and has the same pathname and
- * actions as this FolderPermission object.
- */
- public boolean equals(Object obj)
- {
- if (obj == this)
- return true;
-
- if (!(obj instanceof FolderPermission))
- return false;
-
- FolderPermission that = (FolderPermission) obj;
-
- return (this.mask == that.mask) && this.cpath.equals(that.cpath) && (this.folder == that.folder)
- && (this.recursive == that.recursive);
- }
-
- /**
- * Returns the hash code value for this object.
- *
- * @return a hash code value for this object.
- */
-
- public int hashCode()
- {
- return this.cpath.hashCode();
- }
-
-
+ public static final char RECURSIVE_CHAR = '-';
+ public static final char WILD_CHAR = '*';
+ public static final String WILD_CHAR_STR = new String(new char[]{WILD_CHAR});
+ public static final char FOLDER_SEPARATOR = '/';
+ public static final String FOLDER_SEPARATOR_STR = new String(new char[]{FOLDER_SEPARATOR});
+
+ // does path indicate a folder? (wildcard or recursive)
+ private boolean folder;
+
+ // is it a recursive directory specification?
+ private boolean recursive;
+
+ private String cpath;
+
+ /**
+ * <p>Constructor for FolderPermission.</p>
+ *
+ * @param name The portlet name.
+ * @param actions The actions on the portlet.
+ */
+ public FolderPermission(String name, String actions)
+ {
+ super(name, actions);
+ parsePath();
+ }
+
+ /**
+ * <p>Constructor for FolderPermission.</p>
+ *
+ * @param name The portlet name.
+ * @param mask The mask of actions on the portlet.
+ */
+ public FolderPermission(String name, int mask)
+ {
+ super(name, mask);
+ parsePath();
+ }
+
+ /**
+ * <p>Parses the path.</p>
+ */
+ private void parsePath()
+ {
+ if ((cpath = getName()) == null)
+ throw new NullPointerException("name can't be null");
+
+ if (cpath.equals("<<ALL FILES>>"))
+ {
+ folder = true;
+ recursive = true;
+ cpath = "";
+ return;
+ }
+ int len = cpath.length();
+
+ if (len == 0)
+ {
+ throw new IllegalArgumentException("invalid folder reference");
+ }
+
+ char last = cpath.charAt(len - 1);
+
+ if (last == RECURSIVE_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR))
+ {
+ folder = true;
+ recursive = true;
+ cpath = cpath.substring(0, --len);
+ }
+ else if (last == WILD_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR))
+ {
+ folder = true;
+ //recursive = false;
+ cpath = cpath.substring(0, --len);
+ }
+ }
+
+ /**
+ * Checks if this FolderPermission object "implies" the specified permission.
+ * <p/>
+ * More specifically, this method returns true if:<p>
+ * <ul>
+ * <li> <i>p</i> is an instanceof FolderPermission,<p>
+ * <li> <i>p</i>'s actions are a proper subset of this
+ * object's actions, and <p>
+ * <li> <i>p</i>'s pathname is implied by this object's
+ * pathname. For example, "/tmp/*" implies "/tmp/foo", since
+ * "/tmp/*" encompasses the "/tmp" folder and all subfolders or documents in that
+ * directory, including the one named "foo".
+ * </ul>
+ *
+ * @param p the permission to check against.
+ * @return true if the specified permission is implied by this object,
+ * false if not.
+ */
+ public boolean implies(Permission p)
+ {
+ if (!(p instanceof FolderPermission))
+ {
+ return false;
+ }
+
+ FolderPermission that = (FolderPermission) p;
+ return ((this.mask & that.mask) == that.mask) && impliesIgnoreMask(that);
+ }
+
+ /**
+ * Checks if the Permission's actions are a proper subset of the
+ * this object's actions. Returns the effective mask iff the
+ * this FolderPermission's path also implies that FolderPermission's path.
+ *
+ * @param that the FolderPermission to check against.
+ * @return the effective mask
+ */
+ boolean impliesIgnoreMask(FolderPermission that)
+ {
+ if (this.folder)
+ {
+ if (this.recursive)
+ {
+ // make sure that.path is longer then path so
+ // something like /foo/- does not imply /foo
+ if (that.folder)
+ {
+ return (that.cpath.length() >= this.cpath.length()) && that.cpath.startsWith(this.cpath);
+ }
+ else
+ {
+ return ((that.cpath.length() >= this.cpath.length()) && that.cpath.startsWith(this.cpath));
+ }
+ }
+ else
+ {
+ if (that.folder)
+ {
+ // if the permission passed in is a folder
+ // specification, make sure that a non-recursive
+ // permission (i.e., this object) can't imply a recursive
+ // permission.
+ if (that.recursive)
+ return false;
+ else
+ return (this.cpath.equals(that.cpath));
+ }
+ else
+ {
+ int last = that.cpath.lastIndexOf(FOLDER_SEPARATOR);
+ if (last == -1)
+ return false;
+ else
+ {
+ // this.cpath.equals(that.cpath.substring(0, last+1));
+ // Use regionMatches to avoid creating new string
+
+ return (this.cpath.length() == (last + 1)) && this.cpath.regionMatches(0, that.cpath, 0, last + 1);
+ }
+ }
+ }
+ }
+ else
+ {
+ return (this.cpath.equals(that.cpath));
+ }
+ }
+
+ /**
+ * Checks two FolderPermission objects for equality. Checks that <i>obj</i> is
+ * a FolderPermission, and has the same pathname and actions as this object.
+ * <p/>
+ *
+ * @param obj the object we are testing for equality with this object.
+ * @return true if obj is a FolderPermission, and has the same pathname and
+ * actions as this FolderPermission object.
+ */
+ public boolean equals(Object obj)
+ {
+ if (obj == this)
+ return true;
+
+ if (!(obj instanceof FolderPermission))
+ return false;
+
+ FolderPermission that = (FolderPermission) obj;
+
+ return (this.mask == that.mask) && this.cpath.equals(that.cpath) && (this.folder == that.folder)
+ && (this.recursive == that.recursive);
+ }
+
+ /**
+ * Returns the hash code value for this object.
+ *
+ * @return a hash code value for this object.
+ */
+
+ public int hashCode()
+ {
+ return this.cpath.hashCode();
+ }
+
-}
+}
\ No newline at end of file
Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java Sat Jan 28 11:09:33 2006
@@ -14,56 +14,53 @@
*/
package org.apache.jetspeed.security;
-import java.security.AccessControlContext;
-import java.security.AccessController;
import java.security.Permission;
-import java.security.PermissionCollection;
-
-import javax.security.auth.Subject;
/**
* <p>Fragment permission.</p>
* <p>This code was partially inspired from articles from:</p>
* <ul>
- * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- * Extend JAAS for class instance-level authorization.</a></li>
- * <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
+ * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
+ * <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
* </ul>
- *
+ * <p/>
* This class represents access to a fragment within a
* content document. A FragmentPermission consists
* of a path, fragment name, or a simple fragment name
* pattern and a set of actions valid for that pathname.
- * <P>
+ * <p/>
* Here are some examples of valid fragment permissions names:
- * <li>"/folder/page.psml/app::portlet" matches fragments
- * within a page for a specified portlet contained in a app<li>
- * <li>"security::*" matches fragments for portlets from the security app<li>
- * <li>"<<ALL FRAGMENTS>>" matches <b>any</b> fragment<li>
- * <P>
+ * <li>"/folder/page.psml/app::portlet" matches fragments
+ * within a page for a specified portlet contained in a app<li>
+ * <li>"security::*" matches fragments for portlets from the security app<li>
+ * <li>"<<ALL FRAGMENTS>>" matches <b>any</b> fragment<li>
+ * <p/>
*
* @author <a href="mailto:rwatler@apache.org">Randy Watler</a>
*/
public class FragmentPermission extends PortalResourcePermission
-{
+{
/**
* <p>Constructor for FragmentPermission.</p>
- * @param name The fragment name.
+ *
+ * @param name The fragment name.
* @param actions The actions on the fragment.
*/
public FragmentPermission(String name, String actions)
{
- this(name, actions, null);
+ super(name, actions);
}
/**
* <p>Constructor for FragmentPermission.</p>
+ *
* @param name The fragment name.
- * @param actions The actions on the fragment.
+ * @param mask The mask of actions on the fragment.
*/
- public FragmentPermission(String name, String actions, Subject subject)
+ public FragmentPermission(String name, int mask)
{
- super(name, actions, subject);
+ super(name, mask);
}
public boolean implies(Permission permission)
@@ -89,16 +86,16 @@
ruleName = ruleName.substring(0, ruleName.length() - 3);
testName = testName.substring(0, testNamesSeparator);
}
-
+
// trim path components from test name if rule
// is not prefixed with the path
if (!ruleName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR) &&
- testName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR))
+ testName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR))
{
int testPathIndex = testName.lastIndexOf(FolderPermission.FOLDER_SEPARATOR);
testName = testName.substring(testPathIndex + 1);
}
-
+
// remaining name parts must match
if (!ruleName.equals(testName))
{
@@ -106,37 +103,22 @@
}
}
- // Get the subject.
- // It was either provide in the constructor.
- Subject user = fragmentPerm.getSubject();
- // Or we get it from the AccessControlContext.
- if (null == user)
- {
- AccessControlContext context = AccessController.getContext();
- user = Subject.getSubject(context);
- }
- // No user was passed. The permission must be denied.
- if (null == user)
- {
- return false;
- }
-
- // The action bits in FragmentPerm (permission)
+ // The action bits in FragmentPerm (permission)
// must be set in the current mask permission.
- if ((mask & fragmentPerm.mask) != fragmentPerm.mask)
- {
- return false;
- }
+ return (mask & fragmentPerm.mask) == fragmentPerm.mask;
- return true;
}
/**
- * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
- * @see java.security.Permission#newPermissionCollection()
+ * @see java.security.Permission#equals(Object)
*/
- public PermissionCollection newPermissionCollection()
+ public boolean equals(Object object)
{
- return new PortalResourcePermissionCollection();
+ if (!(object instanceof FragmentPermission))
+ return false;
+
+ FragmentPermission p = (FragmentPermission) object;
+ return ((p.mask == mask) && (p.getName().equals(getName())));
}
-}
+
+}
\ No newline at end of file
Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java Sat Jan 28 11:09:33 2006
@@ -14,42 +14,40 @@
*/
package org.apache.jetspeed.security;
-import java.security.AccessControlContext;
-import java.security.AccessController;
import java.security.Permission;
-import java.security.PermissionCollection;
-
-import javax.security.auth.Subject;
/**
* <p>Folder permission.</p>
* <p>This code was partially inspired from articles from:</p>
* <ul>
- * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- * Extend JAAS for class instance-level authorization.</a></li>
+ * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
* </ul>
+ *
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class PagePermission extends PortalResourcePermission
-{
+{
/**
* <p>Constructor for PagePermission.</p>
- * @param name The portlet name.
+ *
+ * @param name The portlet name.
* @param actions The actions on the portlet.
*/
public PagePermission(String name, String actions)
{
- this(name, actions, null);
+ super(name, actions);
}
/**
* <p>Constructor for PagePermission.</p>
+ *
* @param name The portlet name.
- * @param actions The actions on the portlet.
+ * @param mask The mask for actions on the portlet.
*/
- public PagePermission(String name, String actions, Subject subject)
+ public PagePermission(String name, int mask)
{
- super(name, actions, subject);
+ super(name, mask);
}
public boolean implies(Permission permission)
@@ -61,7 +59,7 @@
return false;
}
- // The portlet name must be the same.
+ // The page name must be the same.
if (!(permission.getName().equals(getName())))
{
return false;
@@ -69,38 +67,22 @@
PagePermission pagePerm = (PagePermission) permission;
- // Get the subject.
- // It was either provide in the constructor.
- Subject user = pagePerm.getSubject();
- // Or we get it from the AccessControlContext.
- if (null == user)
- {
- AccessControlContext context = AccessController.getContext();
- user = Subject.getSubject(context);
- }
- // No user was passed. The permission must be denied.
- if (null == user)
- {
- return false;
- }
-
- // The action bits in PagePerm (permission)
+ // The action bits in PagePerm (permission)
// must be set in the current mask permission.
- if ((mask & pagePerm.mask) != pagePerm.mask)
- {
- return false;
- }
+ return (mask & pagePerm.mask) == pagePerm.mask;
- return true;
}
/**
- * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
- * @see java.security.Permission#newPermissionCollection()
+ * @see java.security.Permission#equals(Object)
*/
- public PermissionCollection newPermissionCollection()
+ public boolean equals(Object object)
{
- return new PortalResourcePermissionCollection();
+ if (!(object instanceof PagePermission))
+ return false;
+
+ PagePermission p = (PagePermission) object;
+ return ((p.mask == mask) && (p.getName().equals(getName())));
}
}
Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java Sat Jan 28 11:09:33 2006
@@ -14,66 +14,64 @@
*/
package org.apache.jetspeed.security;
+import org.apache.jetspeed.JetspeedActions;
+
import java.security.Permission;
+import java.security.PermissionCollection;
import java.util.StringTokenizer;
-import javax.security.auth.Subject;
-
-import org.apache.jetspeed.JetspeedActions;
-
/**
* <p>Generalized Portlet Resoure permission.</p>
* <p>This code was partially inspired from articles from:</p>
* <ul>
- * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- * Extend JAAS for class instance-level authorization.</a></li>
+ * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
* </ul>
+ *
* @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public abstract class PortalResourcePermission extends Permission
{
- /** <p>Mask used for determining what action to perform.</p> */
- protected int mask;
+ /**
+ * <p>Mask used for determining what actions are allowed or requested.</p>
+ */
+ protected final int mask;
- /** <p>The subject the permission is being performed against.</p> */
- protected Subject subject;
-
/**
* <p>Constructor for PortletPermission.</p>
- * @param name The portlet name.
+ *
+ * @param name The portlet name.
* @param actions The actions on the portlet.
*/
- public PortalResourcePermission(String name, String actions, Subject subject)
+ public PortalResourcePermission(String name, String actions)
{
super(name);
- parseActions(actions);
- this.subject = subject;
+ mask = parseActions(actions);
}
/**
- * @see java.security.Permission#hashCode()
+ * <p>Constructor for PortletPermission.</p>
+ *
+ * @param name The portlet name.
+ * @param mask The mask representing actions on the portlet.
*/
- public int hashCode()
+ public PortalResourcePermission(String name, int mask)
{
- StringBuffer value = new StringBuffer(getName());
- return value.toString().hashCode() ^ mask;
+ super(name);
+ this.mask = mask;
}
/**
- * @see java.security.Permission#equals(Object)
+ * @see java.security.Permission#hashCode()
*/
- public boolean equals(Object object)
+ public int hashCode()
{
- if (!(object instanceof PortletPermission))
- return false;
-
- PortletPermission p = (PortletPermission) object;
- boolean isEqual = ((p.getName().equals(getName())) && (p.mask == mask));
- return isEqual;
+ StringBuffer value = new StringBuffer(getName());
+ return value.toString().hashCode() ^ mask;
}
-
+
/**
* @see java.security.Permission#getActions()
*/
@@ -130,18 +128,18 @@
*/
public boolean implies(Permission permission)
{
- // TODO Auto-generated method stub
- return false;
+ throw new IllegalStateException("Permission class did not implement implies");
}
/**
* <p>Parses the actions string.</p>
* <p>Actions are separated by commas or white space.</p>
+ *
* @param actions The actions
*/
- private void parseActions(String actions)
+ public static int parseActions(String actions)
{
- mask = 0;
+ int mask = 0;
if (actions != null)
{
StringTokenizer tokenizer = new StringTokenizer(actions, ",\t ");
@@ -150,7 +148,7 @@
String token = tokenizer.nextToken();
if (token.equals(JetspeedActions.VIEW))
mask |= JetspeedActions.MASK_VIEW;
- else if (token.equals(JetspeedActions.VIEW) || token.equals(JetspeedActions.RESTORE))
+ else if (token.equals(JetspeedActions.RESTORE))
mask |= JetspeedActions.MASK_VIEW;
else if (token.equals(JetspeedActions.EDIT))
mask |= JetspeedActions.MASK_EDIT;
@@ -161,20 +159,21 @@
else if (token.equals(JetspeedActions.HELP))
mask |= JetspeedActions.MASK_HELP;
else if (token.equals(JetspeedActions.SECURE))
- mask |= JetspeedActions.MASK_SECURE;
+ mask |= JetspeedActions.MASK_SECURE;
else
throw new IllegalArgumentException("Unknown action: " + token);
}
}
+ return mask;
}
-
+
/**
- * <p>Gets the subject.</p>
- * @return Returns a Subject
+ * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
+ *
+ * @see java.security.Permission#newPermissionCollection()
*/
- public Subject getSubject()
+ public PermissionCollection newPermissionCollection()
{
- return subject;
+ return new PortalResourcePermissionCollection();
}
-
}
Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java Sat Jan 28 11:09:33 2006
@@ -14,20 +14,16 @@
*/
package org.apache.jetspeed.security;
-import java.security.AccessController;
-import java.security.AccessControlContext;
import java.security.Permission;
-import java.security.PermissionCollection;
-
-import javax.security.auth.Subject;
/**
* <p>Portlet permission.</p>
* <p>This code was partially inspired from articles from:</p>
* <ul>
- * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- * Extend JAAS for class instance-level authorization.</a></li>
+ * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
* </ul>
+ *
* @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
*/
public class PortletPermission extends PortalResourcePermission
@@ -35,25 +31,26 @@
/**
* <p>Constructor for PortletPermission.</p>
- * @param name The portlet name.
+ *
+ * @param name The portlet name.
* @param actions The actions on the portlet.
*/
public PortletPermission(String name, String actions)
{
- this(name, actions, null);
+ super(name, actions);
}
/**
* <p>Constructor for PortletPermission.</p>
+ *
* @param name The portlet name.
- * @param actions The actions on the portlet.
+ * @param mask The mask of actions on the portlet.
*/
- public PortletPermission(String name, String actions, Subject subject)
+ public PortletPermission(String name, int mask)
{
- super(name, actions, subject);
+ super(name, mask);
}
-
public boolean implies(Permission permission)
{
// The permission must be an instance
@@ -63,58 +60,42 @@
return false;
}
- String name = getName();
- if (name != null)
+ String name = getName();
+ if (name != null)
{
- int index = name.indexOf('*');
+ int index = name.indexOf('*');
if (index > -1)
{
- if (!(permission.getName().startsWith(name.substring (0, index))))
+ if (!(permission.getName().startsWith(name.substring(0, index))))
{
return false;
}
- }
+ }
else if (!(permission.getName().equals(name)))
{
// The portlet name must be the same.
return false;
- }
+ }
}
-
- PortletPermission portletPerm = (PortletPermission) permission;
- // Get the subject.
- // It was either provide in the constructor.
- Subject user = portletPerm.getSubject();
- // Or we get it from the AccessControlContext.
- if (null == user)
- {
- AccessControlContext context = AccessController.getContext();
- user = Subject.getSubject(context);
- }
- // No user was passed. The permission must be denied.
- if (null == user)
- {
- return false;
- }
+ PortletPermission portletPerm = (PortletPermission) permission;
// The action bits in portletPerm (permission)
// must be set in the current mask permission.
- if ((mask & portletPerm.mask) != portletPerm.mask)
- {
- return false;
- }
+ return (mask & portletPerm.mask) == portletPerm.mask;
- return true;
}
/**
- * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
- * @see java.security.Permission#newPermissionCollection()
+ * @see java.security.Permission#equals(Object)
*/
- public PermissionCollection newPermissionCollection()
+ public boolean equals(Object object)
{
- return new PortalResourcePermissionCollection();
+ if (!(object instanceof PortletPermission))
+ return false;
+
+ PortletPermission p = (PortletPermission) object;
+ return ((p.mask == mask) && (p.getName().equals(getName())));
}
}
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java Sat Jan 28 11:09:33 2006
@@ -21,9 +21,8 @@
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
-import java.util.ListIterator;
-import org.apache.jetspeed.om.common.SecuredResource;
+import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.om.folder.Folder;
import org.apache.jetspeed.om.folder.FolderNotFoundException;
import org.apache.jetspeed.om.folder.MenuDefinition;
@@ -383,15 +382,15 @@
}
/* (non-Javadoc)
- * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean)
+ * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, int, boolean, boolean)
*/
- public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+ public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
{
// check granted folder permissions unless the check is
// to be skipped due to explicity granted access
if (!checkParentsOnly)
{
- FolderPermission permission = new FolderPermission(path, actions);
+ FolderPermission permission = new FolderPermission(path, mask);
AccessController.checkPermission(permission);
}
@@ -402,7 +401,7 @@
FolderImpl parentFolderImpl = (FolderImpl)ProxyHelper.getRealObject(getParent());
if (parentFolderImpl != null)
{
- parentFolderImpl.checkPermissions(actions, false, false);
+ parentFolderImpl.checkPermissions(mask, false, false);
}
}
}
@@ -569,7 +568,7 @@
}
// check for view access on folder
- folder.checkAccess(SecuredResource.VIEW_ACTION);
+ folder.checkAccess(JetspeedActions.VIEW);
return folder;
}
@@ -596,7 +595,7 @@
}
// check for view access on page
- page.checkAccess(SecuredResource.VIEW_ACTION);
+ page.checkAccess(JetspeedActions.VIEW);
return page;
}
@@ -623,7 +622,7 @@
}
// check for view access on link
- link.checkAccess(SecuredResource.VIEW_ACTION);
+ link.checkAccess(JetspeedActions.VIEW);
return link;
}
@@ -641,7 +640,7 @@
}
// check for view access on document
- pageSecurity.checkAccess(SecuredResource.VIEW_ACTION);
+ pageSecurity.checkAccess(JetspeedActions.VIEW);
return pageSecurity;
}
@@ -902,7 +901,7 @@
try
{
// check access
- node.checkAccess(SecuredResource.VIEW_ACTION);
+ node.checkAccess(JetspeedActions.VIEW);
// add to filteredNodes nodes if copying
if (filteredNodes != null)
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java Sat Jan 28 11:09:33 2006
@@ -23,8 +23,8 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.om.common.GenericMetadata;
-import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.common.SecurityConstraints;
import org.apache.jetspeed.om.folder.Folder;
import org.apache.jetspeed.om.folder.FolderNotFoundException;
@@ -37,7 +37,6 @@
import org.apache.jetspeed.om.page.Link;
import org.apache.jetspeed.om.page.Page;
import org.apache.jetspeed.om.page.PageSecurity;
-import org.apache.jetspeed.page.PageManager;
import org.apache.jetspeed.page.PageNotFoundException;
import org.apache.jetspeed.page.document.DocumentException;
import org.apache.jetspeed.page.document.DocumentHandlerFactory;
@@ -207,7 +206,7 @@
// filter node set by access
if (checkAccess)
{
- folders = checkAccess(folders, SecuredResource.VIEW_ACTION);
+ folders = checkAccess(folders, JetspeedActions.VIEW);
}
return folders;
}
@@ -246,7 +245,7 @@
// check access
if (checkAccess)
{
- folder.checkAccess(SecuredResource.VIEW_ACTION);
+ folder.checkAccess(JetspeedActions.VIEW);
}
return folder;
}
@@ -279,7 +278,7 @@
// filter node set by access
if (checkAccess)
{
- pages = checkAccess(pages, SecuredResource.VIEW_ACTION);
+ pages = checkAccess(pages, JetspeedActions.VIEW);
}
return pages;
}
@@ -318,7 +317,7 @@
// check access
if (checkAccess)
{
- page.checkAccess(SecuredResource.VIEW_ACTION);
+ page.checkAccess(JetspeedActions.VIEW);
}
return page;
}
@@ -351,7 +350,7 @@
// filter node set by access
if (checkAccess)
{
- links = checkAccess(links, SecuredResource.VIEW_ACTION);
+ links = checkAccess(links, JetspeedActions.VIEW);
}
return links;
}
@@ -390,7 +389,7 @@
// check access
if (checkAccess)
{
- link.checkAccess(SecuredResource.VIEW_ACTION);
+ link.checkAccess(JetspeedActions.VIEW);
}
return link;
}
@@ -422,7 +421,7 @@
// of access to page security document
if (checkAccess)
{
- checkAccess(SecuredResource.VIEW_ACTION);
+ checkAccess(JetspeedActions.VIEW);
}
// get pageSecurity
@@ -462,7 +461,7 @@
Node node = (Node)checkAccessIter.next();
try
{
- ((AbstractNode) node).checkAccess(SecuredResource.VIEW_ACTION);
+ ((AbstractNode) node).checkAccess(JetspeedActions.VIEW);
if (filteredNodes != null)
{
filteredNodes.add(node);
@@ -603,7 +602,7 @@
* </p>
*
* @see org.apache.jetspeed.page.document.AbstractNode#getMetadata()
- * @return
+ * @return metadata
*/
public GenericMetadata getMetadata()
{
@@ -671,18 +670,18 @@
* </p>
*
* @param path
- * @param actions
+ * @param mask
* @param checkNodeOnly
* @param checkParentsOnly
* @throws SecurityException
*/
- public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+ public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
{
// check granted folder permissions unless the check is
// to be skipped due to explicity granted access
if (!checkParentsOnly)
{
- FolderPermission permission = new FolderPermission(path, actions);
+ FolderPermission permission = new FolderPermission(path, mask);
AccessController.checkPermission(permission);
}
@@ -690,7 +689,7 @@
// all parent permissions in hierarchy
if (!checkNodeOnly && (getParent() != null))
{
- ((AbstractNode)getParent()).checkPermissions(actions, false, false);
+ ((AbstractNode)getParent()).checkPermissions(mask, false, false);
}
}
@@ -701,7 +700,7 @@
*
* @see org.apache.jetspeed.page.document.Node#getTitle(java.util.Locale)
* @param locale
- * @return
+ * @return title in specified locale
*/
public String getTitle( Locale locale )
{
@@ -713,7 +712,7 @@
* </p>
*
* @see org.apache.jetspeed.om.page.BaseElement#getTitle()
- * @return
+ * @return title
*/
public String getTitle()
{
@@ -738,7 +737,7 @@
*
* @see org.apache.jetspeed.page.document.Node#getShortTitle(java.util.Locale)
* @param locale
- * @return
+ * @return short title in supplied locate
*/
public String getShortTitle( Locale locale )
{
@@ -750,7 +749,7 @@
* </p>
*
* @see org.apache.jetspeed.om.page.BaseElement#getShortTitle()
- * @return
+ * @return short title
*/
public String getShortTitle()
{
@@ -774,7 +773,7 @@
* </p>
*
* @see org.apache.jetspeed.page.document.Node#getType()
- * @return
+ * @return type string
*/
public String getType()
{
@@ -786,7 +785,7 @@
* </p>
*
* @see org.apache.jetspeed.page.document.Node#isHidden()
- * @return
+ * @return whether folder is hidden
*/
public boolean isHidden()
{
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java Sat Jan 28 11:09:33 2006
@@ -67,6 +67,8 @@
if (portletContent != null)
{
+ //TODO are you sure? Intellij warns, synchronization on a non-final field is
+ //unlikely to have useful semantics.
synchronized (portletContent)
{
if (portletContent.isComplete())
@@ -348,12 +350,12 @@
}
/* (non-Javadoc)
- * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(java.lang.String)
+ * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int)
*/
- public void checkPermissions(String actions) throws SecurityException
+ public void checkPermissions(int mask) throws SecurityException
{
- fragment.checkPermissions(actions);
+ fragment.checkPermissions(mask);
}
/* (non-Javadoc)
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java Sat Jan 28 11:09:33 2006
@@ -375,12 +375,12 @@
}
/* (non-Javadoc)
- * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(java.lang.String)
+ * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int)
*/
- public void checkPermissions(String actions) throws SecurityException
+ public void checkPermissions(int mask) throws SecurityException
{
- page.checkPermissions(actions);
+ page.checkPermissions(mask);
}
/* (non-Javadoc)
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java Sat Jan 28 11:09:33 2006
@@ -35,6 +35,8 @@
import org.apache.jetspeed.security.PagePermission;
import org.apache.jetspeed.security.RolePrincipal;
import org.apache.jetspeed.security.UserPrincipal;
+import org.apache.jetspeed.security.PortalResourcePermission;
+import org.apache.jetspeed.JetspeedActions;
/**
* BaseElementImpl
@@ -138,7 +140,7 @@
// check node constraints if available
if ((constraints != null) && !constraints.isEmpty())
{
- ((SecurityConstraintsImpl)constraints).checkConstraints(actions, userPrincipals, rolePrincipals, groupPrincipals, getEffectivePageSecurity());
+ constraints.checkConstraints(actions, userPrincipals, rolePrincipals, groupPrincipals, getEffectivePageSecurity());
}
}
@@ -167,12 +169,12 @@
/**
* checkPermissions
*
- * @param actions actions to check
+ * @param mask mask of actions to check
* @param checkNodeOnly check node scope only
* @param checkParentsOnly check parent folder scope only
* @throws SecurityException
*/
- public void checkPermissions(String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+ public void checkPermissions(int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
{
// check page and folder permissions
String physicalPermissionPath = getPhysicalPermissionPath();
@@ -181,7 +183,7 @@
// check permissions using physical path
try
{
- checkPermissions(physicalPermissionPath, actions, checkNodeOnly, checkParentsOnly);
+ checkPermissions(physicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
}
catch (SecurityException physicalSE)
{
@@ -189,7 +191,7 @@
String logicalPermissionPath = getLogicalPermissionPath();
if ((logicalPermissionPath != null) && !logicalPermissionPath.equals(physicalPermissionPath))
{
- checkPermissions(logicalPermissionPath, actions, checkNodeOnly, checkParentsOnly);
+ checkPermissions(logicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
}
else
{
@@ -203,24 +205,24 @@
* checkPermissions
*
* @param path permissions path to check
- * @param actions actions to check
+ * @param mask mask of actions to check
* @param checkNodeOnly check node scope only
* @param checkParentsOnly check parent folder scope only
* @throws SecurityException
*/
- public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+ public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
{
// check actions permissions
try
{
// check for granted page permissions
- PagePermission permission = new PagePermission(path, actions);
+ PagePermission permission = new PagePermission(path, mask);
AccessController.checkPermission(permission);
}
catch (SecurityException se)
{
// fallback check for granted folder permissions
- FolderPermission permission = new FolderPermission(path, actions);
+ FolderPermission permission = new FolderPermission(path, mask);
AccessController.checkPermission(permission);
}
}
@@ -332,7 +334,7 @@
List otherActionsList = null;
if (viewActionList.size() == 1)
{
- if (!viewActionList.contains(SecuredResource.VIEW_ACTION))
+ if (!viewActionList.contains(JetspeedActions.VIEW))
{
otherActionsList = viewActionList;
viewActionList = null;
@@ -342,10 +344,10 @@
{
otherActionsList = viewActionList;
viewActionList = null;
- if (otherActionsList.remove(SecuredResource.VIEW_ACTION))
+ if (otherActionsList.remove(JetspeedActions.VIEW))
{
viewActionList = new ArrayList(1);
- viewActionList.add(SecuredResource.VIEW_ACTION);
+ viewActionList.add(JetspeedActions.VIEW);
}
}
@@ -424,7 +426,7 @@
/* (non-Javadoc)
* @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(java.lang.String)
*/
- public void checkPermissions(String actions) throws SecurityException
+ public void checkPermissions(int mask) throws SecurityException
{
// skip checks if not enabled
if (!getPermissionsEnabled())
@@ -433,42 +435,17 @@
}
// separate view and other actions to mimic file system permissions logic
- boolean viewAction = false;
- String otherActions = actions.trim();
- int viewActionIndex = otherActions.indexOf(SecuredResource.VIEW_ACTION);
- if (viewActionIndex != -1)
- {
- viewAction = true;
- if (viewActionIndex == 0)
- {
- if (otherActions.length() > SecuredResource.VIEW_ACTION.length())
- {
- // remove view action from other actions
- int nextDelimIndex = otherActions.indexOf(',', viewActionIndex + SecuredResource.VIEW_ACTION.length());
- otherActions = otherActions.substring(nextDelimIndex + 1);
- }
- else
- {
- // no other actions
- otherActions = null;
- }
- }
- else
- {
- // remove view action from other actions
- int prevDelimIndex = otherActions.lastIndexOf(',', viewActionIndex);
- otherActions = otherActions.substring(0, prevDelimIndex) + otherActions.substring(viewActionIndex + SecuredResource.VIEW_ACTION.length());
- }
- }
+ boolean viewAction = (mask & JetspeedActions.MASK_VIEW) == JetspeedActions.MASK_VIEW;
+ int otherMask = mask & ~JetspeedActions.MASK_VIEW;
// check permissions using parsed actions
if (viewAction)
{
- checkPermissions(SecuredResource.VIEW_ACTION, false, grantViewActionAccess());
+ checkPermissions(JetspeedActions.MASK_VIEW, false, grantViewActionAccess());
}
- if (otherActions != null)
+ if (otherMask != 0)
{
- checkPermissions(otherActions, true, false);
+ checkPermissions(otherMask, true, false);
}
}
@@ -480,7 +457,8 @@
// check access permissions and constraints as enabled
if (getPermissionsEnabled())
{
- checkPermissions(actions);
+ int mask = PortalResourcePermission.parseActions(actions);
+ checkPermissions(mask);
}
if (getConstraintsEnabled())
{
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java Sat Jan 28 11:09:33 2006
@@ -23,6 +23,7 @@
import java.util.List;
import java.util.Map;
+import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.folder.Folder;
import org.apache.jetspeed.om.page.Fragment;
@@ -454,12 +455,12 @@
}
/* (non-Javadoc)
- * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean)
+ * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, int, boolean, boolean)
*/
- public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+ public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
{
// always check for granted fragment permissions
- FragmentPermission permission = new FragmentPermission(path, actions);
+ FragmentPermission permission = new FragmentPermission(path, mask);
AccessController.checkPermission(permission);
}
@@ -740,7 +741,7 @@
try
{
// check access
- fragment.checkAccess(SecuredResource.VIEW_ACTION);
+ fragment.checkAccess(JetspeedActions.VIEW);
// add to filteredFragments fragments if copying
if (filteredFragments != null)
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java Sat Jan 28 11:09:33 2006
@@ -19,7 +19,7 @@
import java.util.Collection;
import java.util.List;
-import org.apache.jetspeed.om.common.SecuredResource;
+import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.om.folder.Folder;
import org.apache.jetspeed.om.folder.MenuDefinition;
import org.apache.jetspeed.om.folder.MenuExcludeDefinition;
@@ -263,7 +263,7 @@
{
try
{
- fragment.checkAccess(SecuredResource.VIEW_ACTION);
+ fragment.checkAccess(JetspeedActions.VIEW);
}
catch (SecurityException se)
{
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java Sat Jan 28 11:09:33 2006
@@ -42,6 +42,8 @@
import org.apache.jetspeed.security.PagePermission;
import org.apache.jetspeed.security.RolePrincipal;
import org.apache.jetspeed.security.UserPrincipal;
+import org.apache.jetspeed.security.PortalResourcePermission;
+import org.apache.jetspeed.JetspeedActions;
/**
@@ -107,7 +109,7 @@
* </p>
*
* @see org.apache.jetspeed.om.page.BaseElement#getShortTitle()
- * @return
+ * @return short title
*/
public String getShortTitle()
{
@@ -138,7 +140,7 @@
* </p>
*
* @see org.apache.jetspeed.om.common.SecureResource#getConstraintsEnabled()
- * @return
+ * @return whether security relies on PSML constraints
*/
public boolean getConstraintsEnabled()
{
@@ -163,7 +165,7 @@
* </p>
*
* @see org.apache.jetspeed.om.common.SecureResource#getSecurityConstraints()
- * @return
+ * @return the PSML security constraints
*/
public SecurityConstraints getSecurityConstraints()
{
@@ -176,7 +178,7 @@
* </p>
*
* @see org.apache.jetspeed.om.common.SecureResource#newSecurityConstraints()
- * @return security constraints
+ * @return a new security constraints object
*/
public SecurityConstraints newSecurityConstraints()
{
@@ -238,7 +240,7 @@
List otherActionsList = null;
if (viewActionList.size() == 1)
{
- if (!viewActionList.contains(SecuredResource.VIEW_ACTION))
+ if (!viewActionList.contains(JetspeedActions.VIEW))
{
otherActionsList = viewActionList;
viewActionList = null;
@@ -248,10 +250,10 @@
{
otherActionsList = viewActionList;
viewActionList = null;
- if (otherActionsList.remove(SecuredResource.VIEW_ACTION))
+ if (otherActionsList.remove(JetspeedActions.VIEW))
{
viewActionList = new ArrayList(1);
- viewActionList.add(SecuredResource.VIEW_ACTION);
+ viewActionList.add(JetspeedActions.VIEW);
}
}
@@ -359,11 +361,11 @@
* checkPermissions
* </p>
*
- * @see org.apache.jetspeed.om.common.SecureResource#checkPermissions(java.lang.String)
- * @param actions
+ * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int)
+ * @param mask Mask of actions requested
* @throws SecurityException
*/
- public void checkPermissions(String actions) throws SecurityException
+ public void checkPermissions(int mask) throws SecurityException
{
// skip checks if not enabled
if (!getPermissionsEnabled())
@@ -372,42 +374,17 @@
}
// separate view and other actions to mimic file system permissions logic
- boolean viewAction = false;
- String otherActions = actions.trim();
- int viewActionIndex = otherActions.indexOf(SecuredResource.VIEW_ACTION);
- if (viewActionIndex != -1)
- {
- viewAction = true;
- if (viewActionIndex == 0)
- {
- if (otherActions.length() > SecuredResource.VIEW_ACTION.length())
- {
- // remove view action from other actions
- int nextDelimIndex = otherActions.indexOf(',', viewActionIndex + SecuredResource.VIEW_ACTION.length());
- otherActions = otherActions.substring(nextDelimIndex + 1);
- }
- else
- {
- // no other actions
- otherActions = null;
- }
- }
- else
- {
- // remove view action from other actions
- int prevDelimIndex = otherActions.lastIndexOf(',', viewActionIndex);
- otherActions = otherActions.substring(0, prevDelimIndex) + otherActions.substring(viewActionIndex + SecuredResource.VIEW_ACTION.length());
- }
- }
+ boolean viewAction = (mask & JetspeedActions.MASK_VIEW) == JetspeedActions.MASK_VIEW;
+ int otherMask = mask & ~JetspeedActions.MASK_VIEW;
// check permissions using parsed actions
if (viewAction)
{
- checkPermissions(SecuredResource.VIEW_ACTION, false, grantViewActionAccess());
+ checkPermissions(JetspeedActions.MASK_VIEW, false, grantViewActionAccess());
}
- if (otherActions != null)
+ if (otherMask != 0)
{
- checkPermissions(otherActions, true, false);
+ checkPermissions(otherMask, true, false);
}
}
/**
@@ -415,12 +392,12 @@
* checkPermissions
* </p>
*
- * @param actions
+ * @param mask of actions
* @param checkNodeOnly
* @param checkParentsOnly
* @throws SecurityException
*/
- public void checkPermissions(String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+ public void checkPermissions(int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
{
// check page and folder permissions
String physicalPermissionPath = getPhysicalPermissionPath();
@@ -429,7 +406,7 @@
// check permissions using physical path
try
{
- checkPermissions(physicalPermissionPath, actions, checkNodeOnly, checkParentsOnly);
+ checkPermissions(physicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
}
catch (SecurityException physicalSE)
{
@@ -437,7 +414,7 @@
String logicalPermissionPath = getLogicalPermissionPath();
if ((logicalPermissionPath != null) && !logicalPermissionPath.equals(physicalPermissionPath))
{
- checkPermissions(logicalPermissionPath, actions, checkNodeOnly, checkParentsOnly);
+ checkPermissions(logicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
}
else
{
@@ -452,24 +429,24 @@
* </p>
*
* @param path
- * @param actions
+ * @param mask Mask of actions requested
* @param checkNodeOnly
* @param checkParentsOnly
* @throws SecurityException
*/
- public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+ public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
{
// check actions permissions
try
{
// check for granted page permissions
- PagePermission permission = new PagePermission(path, actions);
+ PagePermission permission = new PagePermission(path, mask);
AccessController.checkPermission(permission);
}
catch (SecurityException se)
{
// fallback check for granted folder permissions
- FolderPermission permission = new FolderPermission(path, actions);
+ FolderPermission permission = new FolderPermission(path, mask);
AccessController.checkPermission(permission);
}
}
@@ -514,7 +491,8 @@
// check access permissions and constraints as enabled
if (getPermissionsEnabled())
{
- checkPermissions(actions);
+ int mask = PortalResourcePermission.parseActions(actions);
+ checkPermissions(mask);
}
if (getConstraintsEnabled())
{
@@ -577,7 +555,7 @@
*
* @see java.lang.Object#equals(java.lang.Object)
* @param obj
- * @return
+ * @return whether the supplied object equals this one
*/
public boolean equals( Object obj )
{
@@ -598,7 +576,7 @@
* </p>
*
* @see java.lang.Object#hashCode()
- * @return
+ * @return the hashcode for this object
*/
public int hashCode()
{
@@ -611,7 +589,7 @@
* </p>
*
* @see java.lang.Object#toString()
- * @return
+ * @return the id as a string representation of this object
*/
public String toString()
{
@@ -620,12 +598,12 @@
/**
* <p>
- * checkAccess
+ * checkAccess returns a set of nodes we can access. It may be the passed in node set or a partial copy.
* </p>
*
* @param nodes
* @param actions
- * @return
+ * @return a NodeSet containing the nodes allowing access
*/
public static NodeSet checkAccess(NodeSet nodes, String actions)
{
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java Sat Jan 28 11:09:33 2006
@@ -24,7 +24,7 @@
import java.util.Map;
import java.util.Vector;
-import org.apache.jetspeed.om.common.SecuredResource;
+import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.om.folder.Folder;
import org.apache.jetspeed.om.page.Fragment;
import org.apache.jetspeed.om.page.PageSecurity;
@@ -389,12 +389,12 @@
}
/* (non-Javadoc)
- * @see org.apache.jetspeed.om.page.psml.AbstractElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean)
+ * @see org.apache.jetspeed.om.page.psml.AbstractElementImpl#checkPermissions(java.lang.String, int, boolean, boolean)
*/
- public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+ public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
{
// always check for granted fragment permissions
- FragmentPermission permission = new FragmentPermission(path, actions);
+ FragmentPermission permission = new FragmentPermission(path, mask);
AccessController.checkPermission(permission);
}
@@ -511,11 +511,11 @@
Iterator checkAccessIter = fragments.iterator();
while (checkAccessIter.hasNext())
{
- Fragment fragment = (Fragment)checkAccessIter.next();
+ Fragment fragment = (Fragment) checkAccessIter.next();
try
{
// check access
- fragment.checkAccess(SecuredResource.VIEW_ACTION);
+ fragment.checkAccess(JetspeedActions.VIEW);
// add to filteredFragments fragments if copying
if (filteredFragments != null)
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java Sat Jan 28 11:09:33 2006
@@ -277,15 +277,15 @@
}
/* (non-Javadoc)
- * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean)
+ * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, int, boolean, boolean)
*/
- public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+ public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
{
// check granted node permissions unless the check is
// to be skipped due to explicity granted access
if (!checkParentsOnly)
{
- super.checkPermissions(path, actions, true, false);
+ super.checkPermissions(path, mask, true, false);
}
// if not checking node only, recursively check
@@ -295,7 +295,7 @@
NodeImpl parentNodeImpl = (NodeImpl)ProxyHelper.getRealObject(parent);
if (parentNodeImpl != null)
{
- parentNodeImpl.checkPermissions(actions, false, false);
+ parentNodeImpl.checkPermissions(mask, false, false);
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org