You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2007/01/31 01:44:13 UTC
svn commit: r501661 - in /portals/jetspeed-2/trunk:
components/page-manager/src/java/org/apache/jetspeed/page/
components/page-manager/src/java/org/apache/jetspeed/page/impl/
components/page-manager/src/java/org/apache/jetspeed/page/psml/
components/po...
Author: taylor
Date: Tue Jan 30 16:44:12 2007
New Revision: 501661
URL: http://svn.apache.org/viewvc?view=rev&rev=501661
Log:
https://issues.apache.org/jira/browse/JS2-645
Portlet Security constraints via the jetspeed-portlet.xml
This completes the main development
I have identified another related task as a side-effect of this feature:
we can now make the Security Permissions completely optional and configurable
This means that all Security checks can run thru the constraints --or--
all Security checks can run thru permissions
Running all checks through constraints can be useful if you don't want to use a Java Security policy
I am now going to update the portlet selectors to optionally use either permission checks / constraint checks based on configuration
Added:
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java
Modified:
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/DelegatingPageManager.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/impl/DatabasePageManager.java
portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/psml/CastorXmlPageManager.java
portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/PortletRendererImpl.java
portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/page/PageManager.java
portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/aggregation.xml
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/DelegatingPageManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/DelegatingPageManager.java?view=diff&rev=501661&r1=501660&r2=501661
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/DelegatingPageManager.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/DelegatingPageManager.java Tue Jan 30 16:44:12 2007
@@ -89,6 +89,11 @@
return null;
}
+ public boolean checkConstraint(String securityConstraintName, String actions)
+ {
+ return false;
+ }
+
/* (non-Javadoc)
* @see org.apache.jetspeed.page.PageManager#getFolder(java.lang.String)
*/
Added: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java?view=auto&rev=501661
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java (added)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java Tue Jan 30 16:44:12 2007
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2000-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.page;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.apache.jetspeed.JetspeedActions;
+import org.apache.jetspeed.om.page.SecurityConstraintImpl;
+import org.apache.jetspeed.om.page.SecurityConstraintsDef;
+import org.apache.jetspeed.page.document.DocumentException;
+import org.apache.jetspeed.security.GroupPrincipal;
+import org.apache.jetspeed.security.JSSubject;
+import org.apache.jetspeed.security.RolePrincipal;
+import org.apache.jetspeed.security.UserPrincipal;
+
+
+/**
+ * PageManagerUtils
+ *
+ * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
+ * @version $Id: $
+ */
+public class PageManagerSecurityUtils
+{
+ public static boolean checkConstraint(SecurityConstraintsDef def, String actions)
+ throws DocumentException
+ {
+ List viewActionList = SecurityConstraintImpl.parseCSVList(actions);
+ List otherActionsList = null;
+ if (viewActionList.size() == 1)
+ {
+ if (!viewActionList.contains(JetspeedActions.VIEW))
+ {
+ otherActionsList = viewActionList;
+ viewActionList = null;
+ }
+ }
+ else
+ {
+ otherActionsList = viewActionList;
+ viewActionList = null;
+ if (otherActionsList.remove(JetspeedActions.VIEW))
+ {
+ viewActionList = new ArrayList(1);
+ viewActionList.add(JetspeedActions.VIEW);
+ }
+ }
+
+ // get current request context subject
+ Subject subject = JSSubject.getSubject(AccessController.getContext());
+ if (subject == null)
+ {
+ throw new SecurityException("Security Consraint Check: Missing JSSubject");
+ }
+
+ // get user/group/role principal names
+ List userPrincipals = null;
+ List rolePrincipals = null;
+ List groupPrincipals = null;
+ Iterator principals = subject.getPrincipals().iterator();
+ while (principals.hasNext())
+ {
+ Principal principal = (Principal) principals.next();
+ if (principal instanceof UserPrincipal)
+ {
+ if (userPrincipals == null)
+ {
+ userPrincipals = new LinkedList();
+ }
+ userPrincipals.add(principal.getName());
+ }
+ else if (principal instanceof RolePrincipal)
+ {
+ if (rolePrincipals == null)
+ {
+ rolePrincipals = new LinkedList();
+ }
+ rolePrincipals.add(principal.getName());
+ }
+ else if (principal instanceof GroupPrincipal)
+ {
+ if (groupPrincipals == null)
+ {
+ groupPrincipals = new LinkedList();
+ }
+ groupPrincipals.add(principal.getName());
+ }
+ }
+
+ boolean result = false;
+
+ // check constraints using parsed action and access lists
+ if (viewActionList != null)
+ {
+ result = checkConstraints(viewActionList, userPrincipals, rolePrincipals, groupPrincipals, def);
+ }
+ if (otherActionsList != null)
+ {
+ result = checkConstraints(otherActionsList, userPrincipals, rolePrincipals, groupPrincipals, def);
+ }
+ return result;
+ }
+ /**
+ * check access for the constraints list of a security constraints definition
+ *
+ * @param actions given actions
+ * @param userPrincipals set of user principals
+ * @param rolePrincipals set of role principals
+ * @param groupPrincipals set oof group principals
+ * @param def the security constraint definition
+ * @throws SecurityException
+ */
+ public static boolean checkConstraints(List actions, List userPrincipals, List rolePrincipals, List groupPrincipals, SecurityConstraintsDef def)
+ throws DocumentException
+ {
+
+ List checkConstraints = def.getSecurityConstraints();
+ // SecurityConstraint c =(SecurityConstraint)constraints.next();
+ // skip missing or empty constraints: permit all access
+ //List checkConstraints = getAllSecurityConstraints(pageSecurity);
+ if ((checkConstraints != null) && !checkConstraints.isEmpty())
+ {
+ // test each action, constraints check passes only
+ // if all actions are permitted for principals
+ Iterator actionsIter = actions.iterator();
+ while (actionsIter.hasNext())
+ {
+ // check each action:
+ // - if any actions explicity permitted, (including owner),
+ // assume no permissions are permitted by default
+ // - if all constraints do not specify a permission, assume
+ // access is permitted by default
+ String action = (String)actionsIter.next();
+ boolean actionPermitted = false;
+ boolean actionNotPermitted = false;
+ boolean anyActionsPermitted = true; // TODO:(getOwner() != null);
+
+ // check against constraints
+ Iterator checkConstraintsIter = checkConstraints.iterator();
+ while (checkConstraintsIter.hasNext())
+ {
+ SecurityConstraintImpl constraint = (SecurityConstraintImpl)checkConstraintsIter.next();
+
+ // if permissions specified, attempt to match constraint
+ if (constraint.getPermissions() != null)
+ {
+ // explicit actions permitted
+ anyActionsPermitted = true;
+
+ // test action permission match and user/role/group principal match
+ if (constraint.actionMatch(action) &&
+ constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, true))
+ {
+ actionPermitted = true;
+ break;
+ }
+ }
+ else
+ {
+ // permissions not specified: not permitted if any principal matched
+ if (constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, false))
+ {
+ actionNotPermitted = true;
+ break;
+ }
+ }
+ }
+
+ // fail if any action not permitted
+ if ((!actionPermitted && anyActionsPermitted) || actionNotPermitted)
+ {
+ //throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + action + " not permitted.");
+ return false;
+ }
+ }
+ }
+ else
+ {
+ // fail for any action if owner specified
+ // since no other constraints were found
+ if (/*(getOwner() != null) && */ !actions.isEmpty())
+ {
+ //String action = (String)actions.get(0);
+ //throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + action + " not permitted, (not owner).");
+ return false;
+ }
+ }
+ return true;
+ }
+}
\ No newline at end of file
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/impl/DatabasePageManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/impl/DatabasePageManager.java?view=diff&rev=501661&r1=501660&r2=501661
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/impl/DatabasePageManager.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/impl/DatabasePageManager.java Tue Jan 30 16:44:12 2007
@@ -73,6 +73,7 @@
import org.apache.jetspeed.page.LinkNotUpdatedException;
import org.apache.jetspeed.page.PageManager;
import org.apache.jetspeed.page.PageManagerEventListener;
+import org.apache.jetspeed.page.PageManagerSecurityUtils;
import org.apache.jetspeed.page.PageManagerUtils;
import org.apache.jetspeed.page.PageNotFoundException;
import org.apache.jetspeed.page.PageNotRemovedException;
@@ -554,6 +555,28 @@
}
}
+ /**
+ * Given a securityConstraintName definition and a set of actions,
+ * run a security constraint checks
+ */
+ public boolean checkConstraint(String securityConstraintName, String actions)
+ {
+ try
+ {
+ PageSecurity security = this.getPageSecurity();
+ SecurityConstraintsDef def = security.getSecurityConstraintsDef(securityConstraintName);
+ if (def != null)
+ {
+ return PageManagerSecurityUtils.checkConstraint(def, actions);
+ }
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ }
+ return false;
+ }
+
/* (non-Javadoc)
* @see org.apache.jetspeed.page.PageManager#getPageSecurity()
*/
Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/psml/CastorXmlPageManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/psml/CastorXmlPageManager.java?view=diff&rev=501661&r1=501660&r2=501661
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/psml/CastorXmlPageManager.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/psml/CastorXmlPageManager.java Tue Jan 30 16:44:12 2007
@@ -19,7 +19,6 @@
import java.io.FileNotFoundException;
import java.util.HashMap;
import java.util.Iterator;
-import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
@@ -29,7 +28,6 @@
import org.apache.jetspeed.cache.file.FileCacheEntry;
import org.apache.jetspeed.cache.file.FileCacheEventListener;
import org.apache.jetspeed.idgenerator.IdGenerator;
-import org.apache.jetspeed.om.common.SecuredResource;
import org.apache.jetspeed.om.folder.Folder;
import org.apache.jetspeed.om.folder.FolderNotFoundException;
import org.apache.jetspeed.om.folder.InvalidFolderException;
@@ -46,6 +44,7 @@
import org.apache.jetspeed.om.page.Page;
import org.apache.jetspeed.om.page.PageSecurity;
import org.apache.jetspeed.om.page.SecurityConstraintImpl;
+import org.apache.jetspeed.om.page.SecurityConstraintsDef;
import org.apache.jetspeed.om.page.psml.FragmentImpl;
import org.apache.jetspeed.om.page.psml.FragmentPreferenceImpl;
import org.apache.jetspeed.om.page.psml.LinkImpl;
@@ -53,10 +52,10 @@
import org.apache.jetspeed.om.page.psml.PageSecurityImpl;
import org.apache.jetspeed.om.page.psml.SecurityConstraintsDefImpl;
import org.apache.jetspeed.om.page.psml.SecurityConstraintsImpl;
-import org.apache.jetspeed.om.preference.FragmentPreference;
import org.apache.jetspeed.page.AbstractPageManager;
import org.apache.jetspeed.page.FolderNotUpdatedException;
import org.apache.jetspeed.page.PageManager;
+import org.apache.jetspeed.page.PageManagerSecurityUtils;
import org.apache.jetspeed.page.PageNotFoundException;
import org.apache.jetspeed.page.document.DocumentException;
import org.apache.jetspeed.page.document.DocumentHandlerFactory;
@@ -448,6 +447,24 @@
}
}
+ public boolean checkConstraint(String securityConstraintName, String actions)
+ {
+ try
+ {
+ PageSecurity security = this.getPageSecurity();
+ SecurityConstraintsDef def = security.getSecurityConstraintsDef(securityConstraintName);
+ if (def != null)
+ {
+ return PageManagerSecurityUtils.checkConstraint(def, actions);
+ }
+ }
+ catch (Exception e)
+ {
+ log.error(e.getMessage(), e);
+ }
+ return false;
+ }
+
/**
* <p>
* getPageSecurity
Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/PortletRendererImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/PortletRendererImpl.java?view=diff&rev=501661&r1=501660&r2=501661
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/PortletRendererImpl.java (original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/PortletRendererImpl.java Tue Jan 30 16:44:12 2007
@@ -15,10 +15,10 @@
*/
package org.apache.jetspeed.aggregator.impl;
-import java.util.HashMap;
-import java.util.Map;
import java.util.Collection;
+import java.util.HashMap;
import java.util.Iterator;
+import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -30,6 +30,7 @@
import org.apache.jetspeed.aggregator.ContentDispatcher;
import org.apache.jetspeed.aggregator.ContentDispatcherCtrl;
import org.apache.jetspeed.aggregator.FailedToRenderFragmentException;
+import org.apache.jetspeed.aggregator.PortletAccessDeniedException;
import org.apache.jetspeed.aggregator.PortletContent;
import org.apache.jetspeed.aggregator.PortletRenderer;
import org.apache.jetspeed.aggregator.RenderingJob;
@@ -38,16 +39,18 @@
import org.apache.jetspeed.components.portletentity.PortletEntityNotStoredException;
import org.apache.jetspeed.container.window.FailedToRetrievePortletWindow;
import org.apache.jetspeed.container.window.PortletWindowAccessor;
+import org.apache.jetspeed.om.common.LocalizedField;
+import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
import org.apache.jetspeed.om.common.portlet.MutablePortletEntity;
import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
-import org.apache.jetspeed.om.common.GenericMetadata;
-import org.apache.jetspeed.om.common.LocalizedField;
import org.apache.jetspeed.om.page.ContentFragment;
+import org.apache.jetspeed.page.PageManager;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.services.title.DynamicTitleService;
import org.apache.jetspeed.statistics.PortalStatistics;
import org.apache.pluto.PortletContainer;
import org.apache.pluto.om.entity.PortletEntity;
+import org.apache.pluto.om.portlet.PortletApplicationDefinition;
import org.apache.pluto.om.window.PortletWindow;
/**
@@ -70,14 +73,30 @@
protected PortletWindowAccessor windowAccessor;
protected PortalStatistics statistics;
protected DynamicTitleService addTitleService;
- protected long defaultPortletTimeout;
-
+ /**
+ * when rendering a portlet, the default timeout period in milliseconds
+ * setting to zero will disable (no timeout) the timeout
+ *
+ */
+ protected long defaultPortletTimeout;
+ /**
+ * flag indicating whether to check jetspeed-portlet.xml security constraints
+ * before rendering a portlet. If security check fails, do not display portlet content
+ */
+ protected boolean checkSecurityConstraints;
+ /**
+ * For security constraint checks
+ */
+ protected PageManager pageManager;
+
public PortletRendererImpl(PortletContainer container,
PortletWindowAccessor windowAccessor,
WorkerMonitor workMonitor,
PortalStatistics statistics,
DynamicTitleService addTitleService,
- long defaultPortletTimeout)
+ long defaultPortletTimeout,
+ boolean checkSecurityConstraints,
+ PageManager pageManager)
{
this.container = container;
this.windowAccessor = windowAccessor;
@@ -85,6 +104,8 @@
this.statistics = statistics;
this.addTitleService = addTitleService;
this.defaultPortletTimeout = defaultPortletTimeout;
+ this.checkSecurityConstraints = checkSecurityConstraints;
+ this.pageManager = pageManager;
}
public PortletRendererImpl(PortletContainer container,
@@ -93,7 +114,7 @@
PortalStatistics statistics,
DynamicTitleService addTitleService)
{
- this( container, windowAccessor, workMonitor, statistics, null, 0 );
+ this(container, windowAccessor, workMonitor, statistics, null, 0, false, null);
}
public PortletRendererImpl(PortletContainer container,
@@ -144,13 +165,17 @@
servletRequest = requestContext.getRequestForWindow(portletWindow);
servletResponse = dispatcherCtrl.getResponseForWindow(portletWindow, requestContext);
- RenderingJob rJob = buildRenderingJob(fragment, servletRequest, servletResponse, requestContext, false);
+ RenderingJob rJob = buildRenderingJob(portletWindow, fragment, servletRequest, servletResponse, requestContext, false);
rJob.execute();
addTitleToHeader( portletWindow, fragment, servletRequest, servletResponse );
}
+ catch (PortletAccessDeniedException e)
+ {
+ fragment.overrideRenderedContent(e.getLocalizedMessage());
+ }
catch (Exception e)
{
- fragment.overrideRenderedContent(e.toString());
+ fragment.overrideRenderedContent(e.getLocalizedMessage());
log.error(e.toString(), e);
}
}
@@ -178,13 +203,17 @@
HttpServletRequest servletRequest = requestContext.getRequestForWindow(portletWindow);
HttpServletResponse servletResponse = dispatcherCtrl.getResponseForWindow(portletWindow, requestContext);
- RenderingJob rJob = buildRenderingJob(fragment, servletRequest, servletResponse, requestContext, false);
+ RenderingJob rJob = buildRenderingJob(portletWindow, fragment, servletRequest, servletResponse, requestContext, false);
rJob.execute();
addTitleToHeader( portletWindow, fragment, servletRequest, servletResponse );
}
+ catch (PortletAccessDeniedException e)
+ {
+ fragment.overrideRenderedContent(e.getLocalizedMessage());
+ }
catch (Exception e)
{
- fragment.overrideRenderedContent(e.toString());
+ fragment.overrideRenderedContent(e.getLocalizedMessage());
log.error(e.toString(), e);
}
}
@@ -214,7 +243,7 @@
portletWindow = getPortletWindow(fragment);
servletRequest = requestContext.getRequestForWindow(portletWindow);
servletResponse = dispatcherCtrl.getResponseForWindow(portletWindow, requestContext);
- rJob = buildRenderingJob(fragment, servletRequest, servletResponse, requestContext, true);
+ rJob = buildRenderingJob(portletWindow, fragment, servletRequest, servletResponse, requestContext, true);
if (rJob.getTimeout() > 0)
{
@@ -227,14 +256,16 @@
addTitleToHeader( portletWindow, fragment, servletRequest, servletResponse );
}
+ catch (PortletAccessDeniedException e)
+ {
+ fragment.overrideRenderedContent(e.getLocalizedMessage());
+ }
catch (Exception e1)
{
servletRequest = requestContext.getRequest();
servletResponse = dispatcherCtrl.getResponseForFragment(fragment, requestContext);
log.error("render() failed: " + e1.toString(), e1);
- fragment.overrideRenderedContent(e1.toString());
-// ObjectID oid = JetspeedObjectID.createFromString(fragment.getId());
- // ((ContentDispatcherImpl) dispatcherCtrl).notify(oid);
+ fragment.overrideRenderedContent(e1.getLocalizedMessage());
}
return rJob;
}
@@ -274,17 +305,20 @@
return portletWindow;
}
-
- protected RenderingJob buildRenderingJob( ContentFragment fragment, HttpServletRequest request,
+
+ protected RenderingJob buildRenderingJob( PortletWindow portletWindow, ContentFragment fragment, HttpServletRequest request,
HttpServletResponse response, RequestContext requestContext, boolean isParallel )
- throws FailedToRetrievePortletWindow, FailedToRenderFragmentException, PortletEntityNotStoredException
+ throws PortletAccessDeniedException, FailedToRetrievePortletWindow, FailedToRenderFragmentException, PortletEntityNotStoredException
{
RenderingJob rJob = null;
ContentDispatcher dispatcher = null;
-
- PortletWindow portletWindow = getPortletWindow(fragment);
+
PortletDefinitionComposite portletDefinition =
(PortletDefinitionComposite) portletWindow.getPortletEntity().getPortletDefinition();
+ if (checkSecurityConstraints && !checkSecurityConstraint(portletDefinition, fragment))
+ {
+ throw new PortletAccessDeniedException("Access Denied.");
+ }
ContentDispatcherCtrl dispatcherCtrl = getDispatcherCtrl(requestContext, true);
dispatcher = getDispatcher(requestContext, true);
request = requestContext.getRequestForWindow(portletWindow);
@@ -382,4 +416,28 @@
}
}
}
+
+ protected boolean checkSecurityConstraint(PortletDefinitionComposite portlet, ContentFragment fragment)
+ {
+ // TODO: check all kinds of fragments, or at least make this optional
+ if (fragment.getType().equals(ContentFragment.PORTLET))
+ {
+ String constraintRef = portlet.getJetspeedSecurityConstraint();
+ if (constraintRef == null)
+ {
+ constraintRef = ((MutablePortletApplication)portlet.getPortletApplicationDefinition()).getJetspeedSecurityConstraint();
+ if (constraintRef == null)
+ {
+ return true; // allow access
+ }
+ }
+ return pageManager.checkConstraint(constraintRef, "view");
+ //log.info("Portlet " + portlet.getName() + " failed security check.");
+ }
+ else
+ {
+ return true;
+ }
+ }
+
}
Modified: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/page/PageManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/page/PageManager.java?view=diff&rev=501661&r1=501660&r2=501661
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/page/PageManager.java (original)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/page/PageManager.java Tue Jan 30 16:44:12 2007
@@ -43,6 +43,7 @@
import org.apache.jetspeed.page.document.NodeSet;
import org.apache.jetspeed.page.document.UnsupportedDocumentTypeException;
+
/**
* This service is responsible for loading and saving Pages into
* the selected persistent store.
@@ -682,4 +683,14 @@
*/
public int addPages(Page[] pages)
throws NodeException;
+
+ /**
+ * For a given security constraint definition name, and the given action(s),
+ * make a constraint check for the current user subject
+ *
+ * @param securityConstraintName the name of the security constraint definition
+ * @param actions one or more portlet actions (view,edit,help,..)
+ * @return
+ */
+ public boolean checkConstraint(String securityConstraintName, String actions);
}
Modified: portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/aggregation.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/aggregation.xml?view=diff&rev=501661&r1=501660&r2=501661
==============================================================================
--- portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/aggregation.xml (original)
+++ portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/aggregation.xml Tue Jan 30 16:44:12 2007
@@ -54,6 +54,15 @@
<constructor-arg>
<value>0</value>
</constructor-arg>
+ <!-- flag indicating whether to check jetspeed-portlet.xml security constraints
+ before rendering a portlet. If security check fails, do not display portlet content
+ -->
+ <constructor-arg type="boolean">
+ <value>true</value>
+ </constructor-arg>
+ <constructor-arg>
+ <ref bean="org.apache.jetspeed.page.PageManager" />
+ </constructor-arg>
</bean>
<!-- Portlet Renderer w/title in http response header -->
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org