You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2001/06/04 09:16:08 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/services/security AccessControl.java JetspeedDBSecurityService.java JetspeedSecurityService.java
taylor 01/06/04 00:16:08
Added: src/java/org/apache/jetspeed/services/security
AccessControl.java JetspeedDBSecurityService.java
JetspeedSecurityService.java
Log:
- start of implementation of security service.
Revision Changes Path
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/AccessControl.java
Index: AccessControl.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.services.security;
import org.apache.turbine.util.RunData;
import org.apache.jetspeed.portal.Portlet;
import org.apache.jetspeed.om.profile.Profile;
/**
* <P>Interface defines access control methods specific to Jetspeed for
* accessing portal resources such as portlets and panes</P>
*
* @see org.apache.jetspeed.services.security.JetspeedSecurityService
* @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
* @version $Id: AccessControl.java,v 1.1 2001/06/04 07:16:07 taylor Exp $
*/
public interface AccessControl {
boolean checkPermission(RunData runData, String permission, Portlet portlet);
boolean checkPermission(String user, String action, Portlet portlet);
// TODO: get requirements for controlling access to other OM elements
// boolean checkPermission(User user, String action, Profile profile);
}
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java
Index: JetspeedDBSecurityService.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.services.security;
import org.apache.turbine.services.security.db.*;
import org.apache.jetspeed.portal.Portlet;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.om.newregistry.*;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.security.AccessControlList;
/**
* <p>This is an implementation of the <code>JetspeedSecurityService</code> interface.
*
*
* @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
* @author <a href="mailto:sgala@hisitech.com">Santiago Gala</a>
* @version $Id: JetspeedDBSecurityService.java,v 1.1 2001/06/04 07:16:07 taylor Exp $
*/
public class JetspeedDBSecurityService extends DBSecurityService
implements JetspeedSecurityService
{
/**
* given a user, checks if a user has access to a given portlet for the given action
*
* @param user the username.
* @param permission the permission for which permission is being checked.
* @param portlet the portlet resource
* @exception Sends a RegistryException if the manager can't add
* the provided entry
*/
public boolean checkPermission(String user, String permission, Portlet portlet)
{
// TODO: for a user, you will need to build the ACLs
// since Turbine only builds the ACLs for the currently logged on user
return false;
}
/**
* given the rundata, checks if the currently logged on user has access to a given portlet for the given action
*
* @param user the username.
* @param permission the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
* @param portlet the portlet resource
* @exception Sends a RegistryException if the manager can't add
* the provided entry
*/
public boolean checkPermission(RunData runData, String permission, Portlet portlet)
{
String portletName = portlet.getName();
PortletEntry entry = (PortletEntry)Registry.getEntry(Registry.PORTLET, portletName);
Security security = entry.getSecurity();
if (null == security)
return true; // grant permission if no security role given
String securityRole = security.getRole();
if (null == securityRole)
return true; // grant permission if no security role given
// TODO:
// the portlet name by itself may not be a unique enough identifier since
// other resources (panes, configs) may have the same name
// we may need to prefix the portletName with something like:
// "portlet_" + portletName
// the alternative would be to add a column to the turbine database
// but this would mean deviating from the basic turbine security model
// determine if Portlet has specified role
AccessControlList acl = runData.getACL();
if (null == acl)
return false;
if (!acl.hasRole( securityRole, portletName ))
return false;
// check for role having permission
if (null != permission) // specifying null - skip permission check
{
// first check the global permission - which overrides other permissions
if ( acl.hasPermission( permission ) )
return true;
if ( !acl.hasPermission( permission, portletName ) )
return false;
}
return true;
}
}
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java
Index: JetspeedSecurityService.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.services.security;
import org.apache.turbine.services.security.SecurityService;
/**
* The Security Service manages Users, Groups Roles and Permissions in the
* system. The Jetspeed Security Service extends the interface of the Turbine
* Security Service, adding on the Jetspeed specific interface: AccessControl
* for controlling access to portal resources (portlets, panes).
*
* @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
* @version $Id: JetspeedSecurityService.java,v 1.1 2001/06/04 07:16:07 taylor Exp $
*/
public interface JetspeedSecurityService extends SecurityService, AccessControl
{
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org