You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2001/07/02 09:33:50 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security PermissionBrowserAction.java PermissionUpdateAction.java SecurityConstants.java RoleBrowserAction.java RoleUpdateAction.java UserBrowserAction.java UserUpdateAction.java
taylor 01/07/02 00:33:49
Modified: src/java/org/apache/jetspeed/modules/actions
CreateNewUserAndConfirm.java
src/java/org/apache/jetspeed/modules/actions/portlets
VelocityPortletAction.java
src/java/org/apache/jetspeed/modules/actions/portlets/security
RoleBrowserAction.java RoleUpdateAction.java
UserBrowserAction.java UserUpdateAction.java
Added: src/java/org/apache/jetspeed/modules/actions/portlets/security
PermissionBrowserAction.java
PermissionUpdateAction.java SecurityConstants.java
Log:
- added security permission browser and update actions
- completed work on security user and role browsers and update actions
- fixed bug in CreateNewUserAndConfirm to go to default page after adding new user (with email option disabled)
- put in checks for null into VelocityPortletAction, i was having some problems there
Revision Changes Path
1.19 +6 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/CreateNewUserAndConfirm.java
Index: CreateNewUserAndConfirm.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/CreateNewUserAndConfirm.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- CreateNewUserAndConfirm.java 2001/06/28 08:49:38 1.18
+++ CreateNewUserAndConfirm.java 2001/07/02 07:33:38 1.19
@@ -75,6 +75,7 @@
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.GenerateUniqueId;
import org.apache.turbine.util.StringUtils;
+import org.apache.turbine.util.DynamicURI;
// turbine.om
import org.apache.turbine.om.security.User;
@@ -244,7 +245,11 @@
// bring logged on user to homepage with internal redirect
//data.setScreenTemplate(TurbineTemplate.getDefaultScreen());
- data.setScreenTemplate("Home.vm");
+ //data.setScreenTemplate("Home.vm");
+ DynamicURI duri = new DynamicURI (data);
+ duri.addPathInfo(JetspeedResources.PATH_TEMPLATE_KEY, "Home.vm");
+ data.getResponse().sendRedirect(duri.toString());
+
}
catch ( Exception e )
{
1.3 +20 -15 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/VelocityPortletAction.java
Index: VelocityPortletAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/VelocityPortletAction.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- VelocityPortletAction.java 2001/06/25 10:53:39 1.2
+++ VelocityPortletAction.java 2001/07/02 07:33:42 1.3
@@ -111,7 +111,7 @@
catch (NoSuchMethodException e)
{
// no event selected
- doPerform(rundata);
+ doPerform(rundata, context);
}
}
}
@@ -143,22 +143,27 @@
public void doPerform( RunData rundata, Context context )
{
- VelocityPortlet portlet = (VelocityPortlet)context.get( "portlet" );
-
- // we're bein configured
- if ( portlet.getName().equals( PortalState.getCustomized( rundata ) ) )
- {
- buildConfigureContext( portlet, context, rundata);
- return;
- }
+ VelocityPortlet portlet = null;
- // we're maximized
- if ( portlet.getName().equals( PortalState.getMaximized( rundata ) ) )
+ if (context != null)
+ portlet = (VelocityPortlet)context.get( "portlet" );
+
+ if (portlet != null)
{
- buildMaximizedContext( portlet, context, rundata);
- return;
- }
-
+ // we're bein configured
+ if ( portlet.getName().equals( PortalState.getCustomized( rundata ) ) )
+ {
+ buildConfigureContext( portlet, context, rundata);
+ return;
+ }
+
+ // we're maximized
+ if ( portlet.getName().equals( PortalState.getMaximized( rundata ) ) )
+ {
+ buildMaximizedContext( portlet, context, rundata);
+ return;
+ }
+ }
buildNormalContext( portlet, context, rundata);
}
1.2 +38 -25 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java
Index: RoleBrowserAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- RoleBrowserAction.java 2001/06/11 07:09:02 1.1
+++ RoleBrowserAction.java 2001/07/02 07:33:44 1.2
@@ -54,27 +54,34 @@
package org.apache.jetspeed.modules.actions.portlets.security;
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.portal.portlets.VelocityPortlet;
-import org.apache.jetspeed.services.Registry;
-import org.apache.jetspeed.om.newregistry.RegistryEntry;
+// velocity
+import org.apache.velocity.context.Context;
-// Turbine stuff
+// turbine util
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
+import org.apache.turbine.util.DynamicURI;
-import org.apache.jetspeed.services.JetspeedSecurity;
-import org.apache.turbine.om.security.Role;
import org.apache.turbine.util.security.RoleSet;
import org.apache.turbine.util.db.Criteria;
+
+// turbine om
+import org.apache.turbine.om.security.Role;
+import org.apache.turbine.om.security.User;
+
+// turbine security
+import org.apache.turbine.util.security.EntityExistsException;
import org.apache.turbine.util.security.DataBackendException;
-// Velocity Stuff
-import org.apache.velocity.context.Context;
+// jetspeed services
+import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.resources.JetspeedResources;
+
+// jetspeed velocity
+import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
+import org.apache.jetspeed.portal.portlets.VelocityPortlet;
-import java.util.Vector;
-import java.util.Iterator;
/**
* This action sets up the template context for browsing of security roles in the Turbine database.
@@ -84,9 +91,11 @@
public class RoleBrowserAction extends VelocityPortletAction
{
/**
- * Subclasses should override this method if they wish to
- * build specific content when maximized. Default behavior is
- * to do the same as normal content.
+ * Build the maximized state content for this portlet. (Same as normal state).
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
@@ -96,9 +105,12 @@
}
/**
- * Subclasses should override this method if they wish to
- * provide their own customization behavior.
- * Default is to use Portal base customizer action
+ * Build the configure state content for this portlet.
+ * TODO: we could configure this portlet with configurable skins, etc..
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
@@ -106,12 +118,14 @@
{
buildNormalContext( portlet, context, rundata);
- setTemplate(rundata, "role-browser.vm");
}
/**
- * Subclasses must override this method to provide default behavior
- * for the portlet action
+ * Build the normal state content for this portlet.
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
@@ -121,18 +135,17 @@
{
Criteria criteria = new Criteria();
RoleSet roles = JetspeedSecurity.getRoles(criteria);
- context.put("roles", roles.getRolesArray());
+ context.put(SecurityConstants.CONTEXT_ROLES, roles.getRolesArray());
}
catch (DataBackendException e)
{
+ // log the error msg
+ Log.error(e);
+
rundata.setMessage("Error in Jetspeed Role Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
- }
-
- public void doUpdate(RunData data, Context context)
- {
}
}
1.2 +195 -89 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java
Index: RoleUpdateAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- RoleUpdateAction.java 2001/06/11 07:09:02 1.1
+++ RoleUpdateAction.java 2001/07/02 07:33:45 1.2
@@ -54,32 +54,30 @@
package org.apache.jetspeed.modules.actions.portlets.security;
-import java.util.Vector;
-import java.util.Iterator;
-import java.util.Date;
-
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.portal.portlets.VelocityPortlet;
-import org.apache.jetspeed.services.Registry;
-import org.apache.jetspeed.om.newregistry.RegistryEntry;
+// velocity
+import org.apache.velocity.context.Context;
-// Turbine stuff
+// turbine util
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
-import org.apache.turbine.modules.ActionLoader;
+import org.apache.turbine.util.DynamicURI;
-import org.apache.jetspeed.services.JetspeedSecurity;
+// turbine om
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.User;
-import org.apache.turbine.util.db.Criteria;
-import org.apache.turbine.util.security.DataBackendException;
+
+// turbine security
import org.apache.turbine.util.security.EntityExistsException;
-import org.apache.turbine.util.security.UnknownEntityException;
+// jetspeed services
+import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.resources.JetspeedResources;
-// Velocity Stuff
-import org.apache.velocity.context.Context;
+// jetspeed velocity
+import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
+import org.apache.jetspeed.portal.portlets.VelocityPortlet;
+
/**
* This action sets up the template context for editing security roles in the Turbine database.
@@ -88,10 +86,14 @@
*/
public class RoleUpdateAction extends VelocityPortletAction
{
+ private static final String TEMP_ROLE = "tempRole";
+
/**
- * Subclasses should override this method if they wish to
- * build specific content when maximized. Default behavior is
- * to do the same as normal content.
+ * Build the maximized state content for this portlet. (Same as normal state).
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
@@ -101,9 +103,12 @@
}
/**
- * Subclasses should override this method if they wish to
- * provide their own customization behavior.
- * Default is to use Portal base customizer action
+ * Build the configure state content for this portlet.
+ * TODO: we could configure this portlet with configurable skins, etc..
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
@@ -111,12 +116,14 @@
{
buildNormalContext( portlet, context, rundata);
- setTemplate(rundata, "role-form.vm");
}
/**
- * Subclasses must override this method to provide default behavior
- * for the portlet action
+ * Build the normal state content for this portlet.
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
@@ -129,118 +136,217 @@
/*
* Grab the mode for the user form.
*/
- String mode = rundata.getParameters().getString("mode");
-
- if (mode.equals("modify") || mode.equals("delete"))
+ String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
+
+ //
+ // if we are updating or deleting - put the name in the context
+ //
+ if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) ||
+ mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
{
- String rolename = rundata.getParameters().getString("rolename");
+ // get the primary key and put the object in the context
+ String rolename = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
role = JetspeedSecurity.getRole(rolename);
- context.put("role", role);
+ context.put(SecurityConstants.CONTEXT_ROLE, role);
}
-
- context.put("mode", mode);
+
+ //
+ // if there was an error, display the message
+ //
+ String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
+ if (msgid != null)
+ {
+ int id = Integer.parseInt(msgid);
+ if (id < SecurityConstants.MESSAGES.length)
+ context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
+
+ // get the bad entered data and put it back for convenient update
+ Role tempRole = (Role)rundata.getUser().getTemp(TEMP_ROLE);
+ if (tempRole != null)
+ context.put(SecurityConstants.CONTEXT_ROLE, tempRole);
+ }
+ context.put(SecurityConstants.PARAM_MODE, mode);
}
catch (Exception e)
{
+ Log.error(e);
rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
+ /**
+ * Database Insert Action for Security Roles. Performs inserts into security database.
+ *
+ * @param rundata The turbine rundata context for this request.
+ * @param context The velocity context for this request.
+ */
public void doInsert(RunData rundata, Context context)
throws Exception
{
- //Role role = new Role();
- Role role = JetspeedSecurity.getNewRole(null);
- rundata.getParameters().setProperties(role);
-
- String name = rundata.getParameters().getString("rolename");
-
+ Role role = null;
try
- {
+ {
+ //
+ // validate that its not an 'blank' rolename -- not allowed
+ //
+ String name = rundata.getParameters().getString("name");
+ if (name == null || name.trim().length() == 0)
+ {
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
+ rundata.getResponse().sendRedirect(duri.toString());
+ rundata.getUser().setTemp(TEMP_ROLE, null);
+ return;
+ }
+
+ //
+ // generate a new role
+ //
+ role = JetspeedSecurity.getNewRole(name);
+
+ //
+ // add the role
+ ///
JetspeedSecurity.addRole(role);
- // bring user back to browser
- // FIXME: this doesn't work
- ActionLoader.getInstance().exec( rundata, "portlets.security.RoleBrowserAction" );
+
+ //
+ // success -- bring user back to role browser
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_BROWSER);
+ rundata.getResponse().sendRedirect(duri.toString());
}
- catch (EntityExistsException eee)
+ catch (EntityExistsException e)
{
- context.put("rolename", name);
- // TODO: handle these errors
- context.put("errorTemplate", "/screens/role/FluxRoleAlreadyExists.vm");
- context.put("role", role);
- /*
- * We are still in insert mode. So keep this
- * value alive.
- */
- rundata.getParameters().add("mode", "insert");
- setTemplate(rundata, "/role/FluxRoleForm.vm");
- }
+ // log the error msg
+ Log.error(e);
+ //
+ // dup key found - display error message - bring back to same screen
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
+ rundata.getResponse().sendRedirect(duri.toString());
+
+ // save values that user just entered so they don't have to re-enter
+ if (role != null)
+ rundata.getUser().setTemp(TEMP_ROLE, role);
+ }
}
- /**
- * ActionEvent responsible updating a user
- * in the Tambora system. Must check the input
- * for integrity before allowing the user info
- * to be update in the database.
+ /**
+ * Database Update Action for Security Roles. Performs updates into security database.
+ *
+ * @param rundata The turbine rundata context for this request.
+ * @param context The velocity context for this request.
*/
public void doUpdate(RunData rundata, Context context)
throws Exception
{
- Role role = JetspeedSecurity.getRole(
- rundata.getParameters().getString("rolename"));
-
- rundata.getParameters().setProperties(role);
-
+ Role role = null;
try
{
+ //
+ // get the role object from the selected role entry in the browser
+ //
+ role = JetspeedSecurity.getRole(
+ rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
+
+ //
+ // update the role in the database
+ //
JetspeedSecurity.saveRole(role);
+
+ //
+ // success -- bring user back to role browser
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_BROWSER);
+ rundata.getResponse().sendRedirect(duri.toString());
+
}
- catch (UnknownEntityException uee)
+ catch (Exception e)
{
- /*
- * Should do something here but I still
- * think we should use the an id so that
- * this can't happen.
- */
- }
+ // log the error msg
+ Log.error(e);
- // bring user back to browser
- // FIXME: this doesn't work
- ActionLoader.getInstance().exec( rundata, "portlets.security.RoleBrowserAction" );
+ //
+ // error on update - display error message
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
+ if (role != null)
+ duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, role.getName());
+ duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
+ rundata.getResponse().sendRedirect(duri.toString());
+
+ // save values that user just entered so they don't have to re-enter
+ if (role != null)
+ rundata.getUser().setTemp(TEMP_ROLE, role);
+ }
}
- /**
- * ActionEvent responsible for removing a user
- * from the Tambora system.
+ /**
+ * Database Delete Action for Security Roles. Performs deletes into security database.
+ *
+ * @param rundata The turbine rundata context for this request.
+ * @param context The velocity context for this request.
*/
public void doDelete(RunData rundata, Context context)
throws Exception
{
- Role role = JetspeedSecurity.getRole(
- rundata.getParameters().getString("rolename"));
+ Role role = null;
try
{
+ //
+ // get the role object from the selected role entry in the browser
+ //
+ role = JetspeedSecurity.getRole(
+ rundata.getParameters().getString( SecurityConstants.PARAM_ENTITY_ID) );
+
+ //
+ // remove the role
+ //
JetspeedSecurity.removeRole(role);
+
+ //
+ // success -- bring user back to role browser
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_BROWSER);
+ rundata.getResponse().sendRedirect(duri.toString());
+
}
- catch (UnknownEntityException uee)
+ catch (Exception e)
{
- /*
- * Should do something here but I still
- * think we should use the an id so that
- * this can't happen.
- */
- }
+ // log the error msg
+ Log.error(e);
+
+ //
+ // error on delete - display error message
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
+ if (role != null)
+ duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, role.getName());
+ duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
+ rundata.getResponse().sendRedirect(duri.toString());
+
+ // save values that user just entered so they don't have to re-enter
+ if (role != null)
+ rundata.getUser().setTemp(TEMP_ROLE, role);
- // bring user back to browser
- // FIXME: this doesn't work
- ActionLoader.getInstance().exec( rundata, "portlets.security.RoleBrowserAction" );
+ }
}
1.2 +39 -27 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserBrowserAction.java
Index: UserBrowserAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserBrowserAction.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- UserBrowserAction.java 2001/06/11 07:09:03 1.1
+++ UserBrowserAction.java 2001/07/02 07:33:45 1.2
@@ -54,26 +54,32 @@
package org.apache.jetspeed.modules.actions.portlets.security;
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.portal.portlets.VelocityPortlet;
-import org.apache.jetspeed.services.Registry;
-import org.apache.jetspeed.om.newregistry.RegistryEntry;
+// velocity
+import org.apache.velocity.context.Context;
-// Turbine stuff
+// turbine util
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
+import org.apache.turbine.util.DynamicURI;
-import org.apache.jetspeed.services.JetspeedSecurity;
-import org.apache.turbine.om.security.User;
+import org.apache.turbine.util.security.RoleSet;
import org.apache.turbine.util.db.Criteria;
+
+// turbine om
+import org.apache.turbine.om.security.User;
+
+// turbine security
+import org.apache.turbine.util.security.EntityExistsException;
import org.apache.turbine.util.security.DataBackendException;
-// Velocity Stuff
-import org.apache.velocity.context.Context;
+// jetspeed services
+import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.resources.JetspeedResources;
-import java.util.Vector;
-import java.util.Iterator;
+// jetspeed velocity
+import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
+import org.apache.jetspeed.portal.portlets.VelocityPortlet;
/**
* This action sets up the template context for browsing of users in the Turbine database.
@@ -83,9 +89,11 @@
public class UserBrowserAction extends VelocityPortletAction
{
/**
- * Subclasses should override this method if they wish to
- * build specific content when maximized. Default behavior is
- * to do the same as normal content.
+ * Build the maximized state content for this portlet. (Same as normal state).
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
@@ -95,9 +103,12 @@
}
/**
- * Subclasses should override this method if they wish to
- * provide their own customization behavior.
- * Default is to use Portal base customizer action
+ * Build the configure state content for this portlet.
+ * TODO: we could configure this portlet with configurable skins, etc..
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
@@ -105,33 +116,34 @@
{
buildNormalContext( portlet, context, rundata);
- setTemplate(rundata, "user-browser.vm");
}
/**
- * Subclasses must override this method to provide default behavior
- * for the portlet action
+ * Build the normal state content for this portlet.
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
RunData rundata )
- {
+ {
try
{
Criteria criteria = new Criteria();
User[] users = JetspeedSecurity.getUsers(criteria);
- context.put("users", users);
+ context.put(SecurityConstants.CONTEXT_USERS, users);
}
catch (DataBackendException e)
{
+ // log the error msg
+ Log.error(e);
+
rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
-
- public void doUpdate(RunData data, Context context)
- {
- }
-
+
}
1.2 +254 -108 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java
Index: UserUpdateAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- UserUpdateAction.java 2001/06/11 07:09:03 1.1
+++ UserUpdateAction.java 2001/07/02 07:33:46 1.2
@@ -54,29 +54,32 @@
package org.apache.jetspeed.modules.actions.portlets.security;
-import java.util.Vector;
-import java.util.Iterator;
+// java util
import java.util.Date;
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.portal.portlets.VelocityPortlet;
-import org.apache.jetspeed.services.Registry;
-import org.apache.jetspeed.om.newregistry.RegistryEntry;
+// velocity context
+import org.apache.velocity.context.Context;
-// Turbine stuff
+// turbine util
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
-import org.apache.turbine.modules.ActionLoader;
+import org.apache.turbine.util.DynamicURI;
-import org.apache.jetspeed.services.JetspeedSecurity;
+// turbine om security
import org.apache.turbine.om.security.User;
import org.apache.turbine.util.db.Criteria;
import org.apache.turbine.util.security.DataBackendException;
+import org.apache.turbine.util.security.EntityExistsException;
-// Velocity Stuff
-import org.apache.velocity.context.Context;
+// jetspeed velocity
+import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
+import org.apache.jetspeed.portal.portlets.VelocityPortlet;
+// jetspeed security
+import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.resources.JetspeedResources;
+
/**
* This action sets up the template context for editing users in the Turbine database.
*
@@ -84,10 +87,13 @@
*/
public class UserUpdateAction extends VelocityPortletAction
{
+ private static final String TEMP_USER = "tempUser";
/**
- * Subclasses should override this method if they wish to
- * build specific content when maximized. Default behavior is
- * to do the same as normal content.
+ * Build the maximized state content for this portlet. (Same as normal state).
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
@@ -97,9 +103,12 @@
}
/**
- * Subclasses should override this method if they wish to
- * provide their own customization behavior.
- * Default is to use Portal base customizer action
+ * Build the configure state content for this portlet.
+ * TODO: we could configure this portlet with configurable skins, etc..
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
@@ -111,8 +120,11 @@
}
/**
- * Subclasses must override this method to provide default behavior
- * for the portlet action
+ * Build the normal state content for this portlet.
+ *
+ * @param portlet The velocity-based portlet that is being built.
+ * @param context The velocity context for this request.
+ * @param rundata The turbine rundata context for this request.
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
@@ -125,129 +137,263 @@
/*
* Grab the mode for the user form.
*/
- String mode = rundata.getParameters().getString("mode");
-
- if (mode.equals("modify") || mode.equals("delete"))
+ String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
+
+ if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) ||
+ mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
{
- String username = rundata.getParameters().getString("username");
+ // get the primary key and put the object in the context
+ String username = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
user = JetspeedSecurity.getUser(username);
- context.put("user", user);
+ context.put(SecurityConstants.CONTEXT_USER, user);
}
- context.put("mode", mode);
+ //
+ // if there was an error, display the message
+ //
+ String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
+ if (msgid != null)
+ {
+ int id = Integer.parseInt(msgid);
+ if (id < SecurityConstants.MESSAGES.length)
+ context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
+
+ // get the bad entered data and put it back for convenient update
+ User tempUser = (User)rundata.getUser().getTemp(TEMP_USER);
+ if (tempUser != null)
+ context.put(SecurityConstants.CONTEXT_USER, tempUser);
+
+ }
+
+ context.put(SecurityConstants.PARAM_MODE, mode);
}
catch (Exception e)
{
+ Log.error(e);
rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
- /**
- * ActionEvent responsible for inserting a new user
- * into the Turbine security system.
+ /**
+ * Database Insert Action for Users. Performs inserts into security database.
+ *
+ * @param rundata The turbine rundata context for this request.
+ * @param context The velocity context for this request.
*/
- public void doInsert(RunData data, Context context)
+ public void doInsert(RunData rundata, Context context)
throws Exception
{
- /*
- * Create a TamboraUser object here, it will be
- * used even if there is an error. It will be
- * fed back into the context to give the user
- * the chance to correct any errors.
- */
- User user = JetspeedSecurity.getUserInstance();
- data.getParameters().setProperties(user);
-
- /*
- * Grab the username entered in the form.
- */
- String username = data.getParameters().getString("username");
- String password = data.getParameters().getString("password");
-
- if (password == null)
- password = "";
-
- /*
- * Make sure this account doesn't already exist.
- * If the account already exists then alert
- * the user and make them change the username.
- */
- if (JetspeedSecurity.accountExists(username))
- {
- context.put("username", username);
- context.put("errorTemplate", "/screens/user/FluxUserAlreadyExists.vm");
- context.put("user", user);
- /*
- * We are still in insert mode. So keep this
- * value alive.
- */
- data.getParameters().add("mode", "insert");
- setTemplate(data, "/user/FluxUserForm.vm");
- }
- else
+ User user = null;
+ try
{
- /*
- * Set some default date properties, this needs
- * to be more rigourous.
- */
-
- Date now = new Date();
+ //
+ // validate that its not an 'blank' rolename -- not allowed
+ //
+ String name = rundata.getParameters().getString("username");
+ if (name == null || name.trim().length() == 0)
+ {
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
+ rundata.getResponse().sendRedirect(duri.toString());
+ // save values that user just entered so they don't have to re-enter
+ if (user != null)
+ rundata.getUser().setTemp(TEMP_USER, user);
+ return;
+ }
+
+
+ //
+ // create a new user
+ //
+ user = JetspeedSecurity.getUserInstance();
+ rundata.getParameters().setProperties(user);
+
+ String password = rundata.getParameters().getString("password");
+ if (password == null)
+ password = "";
- //user.setModifiedDate(now);
+ Date now = new Date();
user.setCreateDate(now);
- user.setLastLogin(new Date(0));
+ user.setLastLogin(now);
- JetspeedSecurity.addUser(user, password);
+ //
+ // add the user
+ ///
+ JetspeedSecurity.addUser(user, password, rundata);
+
+ //
+ // success -- bring user back to browser
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_BROWSER);
+ rundata.getResponse().sendRedirect(duri.toString());
+
+ }
+ catch (EntityExistsException e)
+ {
+ // log the error msg
+ Log.error(e);
- // bring user back to browser
- // FIXME: this doesn't work
- ActionLoader.getInstance().exec( data, "portlets.security.UserBrowserAction" );
+ //
+ // dup key found - display error message - bring back to same screen
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
+ rundata.getResponse().sendRedirect(duri.toString());
+ // save values that user just entered so they don't have to re-enter
+ if (user != null)
+ rundata.getUser().setTemp(TEMP_USER, user);
}
+
}
- /**
- * ActionEvent responsible updating a user
- * in the Tambora system. Must check the input
- * for integrity before allowing the user info
- * to be update in the database.
+ /**
+ * Database Update Action for Users. Performs updates into security database.
+ *
+ * @param rundata The turbine rundata context for this request.
+ * @param context The velocity context for this request.
*/
- public void doUpdate(RunData data, Context context)
+ public void doUpdate(RunData rundata, Context context)
throws Exception
{
- User user = JetspeedSecurity.getUser(data.getParameters().getString("username"));
- data.getParameters().setProperties(user);
+ User user = null;
+ try
+ {
+ //
+ // get the user object from the selected entry in the browser
+ //
+ user = JetspeedSecurity.getUser(
+ rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
+
+ String name = rundata.getParameters().getString("username");
+ if (name == null || name.trim().length() == 0)
+ {
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
+ if (user != null)
+ duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
+ duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
+ rundata.getResponse().sendRedirect(duri.toString());
+ // save values that user just entered so they don't have to re-enter
+ if (user != null)
+ rundata.getUser().setTemp(TEMP_USER, user);
+ return;
+ }
- Date now = new Date();
+ //
+ // pull the values off the form and into the user object
+ //
+ rundata.getParameters().setProperties(user);
+ user.setLastAccessDate();
+
+ //
+ // update the user in the database
+ //
+ JetspeedSecurity.saveUser(user);
+
+ //
+ // success -- bring user back to user browser
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_BROWSER);
+ rundata.getResponse().sendRedirect(duri.toString());
- //user.setModifiedDate(now);
- user.setCreateDate(now);
- user.setLastLogin(new Date(0));
-
- JetspeedSecurity.saveUser(user);
-
- // bring user back to browser
- // FIXME: this doesn't work
- ActionLoader.getInstance().exec( data, "portlets.security.UserBrowserAction" );
+ }
+ catch (Exception e)
+ {
+ // log the error msg
+ Log.error(e);
+
+ //
+ // error on update - display error message
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
+ if (user != null)
+ duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
+ duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
+ rundata.getResponse().sendRedirect(duri.toString());
+ // save values that user just entered so they don't have to re-enter
+ if (user != null)
+ rundata.getUser().setTemp(TEMP_USER, user);
+ }
+
}
- /**
- * ActionEvent responsible for removing a user
- * from the Tambora system.
+ /**
+ * Database Delete Action for Users. Performs deletes into security database.
+ *
+ * @param rundata The turbine rundata context for this request.
+ * @param context The velocity context for this request.
*/
- public void doDelete(RunData data, Context context)
+ public void doDelete(RunData rundata, Context context)
throws Exception
- {
- User user = JetspeedSecurity.getUser(
- data.getParameters().getString("username"));
-
- JetspeedSecurity.removeUser(user);
-
- // bring user back to browser
- // FIXME: this doesn't work
- ActionLoader.getInstance().exec( data, "portlets.security.UserBrowserAction" );
+ {
+ User user = null;
+ try
+ {
+ //
+ // get the user object from the selected entry in the browser
+ //
+ user = JetspeedSecurity.getUser(
+ rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
+
+ if (rundata.getUser().getUserName().equals(user.getUserName()))
+ {
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_CANT_DELETE_CURRENT);
+ if (user != null)
+ duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
+ duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
+ rundata.getResponse().sendRedirect(duri.toString());
+ // save values that user just entered so they don't have to re-enter
+ if (user != null)
+ rundata.getUser().setTemp(TEMP_USER, user);
+ return;
+ }
+
+ //
+ // remove the user
+ //
+ JetspeedSecurity.removeUser(user, rundata);
+
+ //
+ // success -- bring user back to user browser
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_BROWSER);
+ rundata.getResponse().sendRedirect(duri.toString());
+
+ }
+ catch (Exception e)
+ {
+ // log the error msg
+ Log.error(e);
+
+ //
+ // error on delete - display error message
+ //
+ DynamicURI duri = new DynamicURI (rundata);
+ duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
+ duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
+ if (user != null)
+ duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
+ duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
+ rundata.getResponse().sendRedirect(duri.toString());
+
+ // save values that user just entered so they don't have to re-enter
+ if (user != null)
+ rundata.getUser().setTemp(TEMP_USER, user);
+
+ }
}
}
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/PermissionBrowserAction.java
Index: PermissionBrowserAction.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.modules.actions.portlets.security;
// velocity
import org.apache.velocity.context.Context;
// turbine util
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
import org.apache.turbine.util.DynamicURI;
import org.apache.turbine.util.security.PermissionSet;
import org.apache.turbine.util.db.Criteria;
// turbine om
import org.apache.turbine.om.security.Permission;
import org.apache.turbine.om.security.User;
// turbine security
import org.apache.turbine.util.security.EntityExistsException;
import org.apache.turbine.util.security.DataBackendException;
// jetspeed services
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.resources.JetspeedResources;
// jetspeed velocity
import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
/**
* This action sets up the template context for browsing of permissions in the Turbine database.
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class PermissionBrowserAction extends VelocityPortletAction
{
/**
* Build the maximized state content for this portlet. (Same as normal state).
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Build the configure state content for this portlet.
* TODO: we could configure this portlet with configurable skins, etc..
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Build the normal state content for this portlet.
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
try
{
Criteria criteria = new Criteria();
PermissionSet permissions = JetspeedSecurity.getPermissions(criteria);
context.put(SecurityConstants.CONTEXT_PERMISSIONS, permissions.getPermissionsArray());
}
catch (DataBackendException e)
{
// log the error msg
Log.error(e);
rundata.setMessage("Error in Jetspeed Permission Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
}
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/PermissionUpdateAction.java
Index: PermissionUpdateAction.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.modules.actions.portlets.security;
// velocity
import org.apache.velocity.context.Context;
// turbine util
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
import org.apache.turbine.util.DynamicURI;
// turbine om
import org.apache.turbine.om.security.Permission;
import org.apache.turbine.om.security.User;
// turbine security
import org.apache.turbine.util.security.EntityExistsException;
// jetspeed services
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.resources.JetspeedResources;
// jetspeed velocity
import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
/**
* This action sets up the template context for editing security permissions in the Turbine database.
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class PermissionUpdateAction extends VelocityPortletAction
{
private static final String TEMP_PERMISSION = "tempPermission";
/**
* Build the maximized state content for this portlet. (Same as normal state).
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Build the configure state content for this portlet.
* TODO: we could configure this portlet with configurable skins, etc..
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Build the normal state content for this portlet.
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
try
{
Permission permission = null;
/*
* Grab the mode for the user form.
*/
String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
//
// if we are updating or deleting - put the name in the context
//
if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) ||
mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
{
// get the primary key and put the object in the context
String permissionname = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
permission = JetspeedSecurity.getPermission(permissionname);
context.put(SecurityConstants.CONTEXT_PERMISSION, permission);
}
//
// if there was an error, display the message
//
String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
if (msgid != null)
{
int id = Integer.parseInt(msgid);
if (id < SecurityConstants.MESSAGES.length)
context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
// get the bad entered data and put it back for convenient update
Permission tempPermission = (Permission)rundata.getUser().getTemp(TEMP_PERMISSION);
if (tempPermission != null)
context.put(SecurityConstants.CONTEXT_PERMISSION, tempPermission);
}
context.put(SecurityConstants.PARAM_MODE, mode);
}
catch (Exception e)
{
Log.error(e);
rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
/**
* Database Insert Action for Security Permissions. Performs inserts into security database.
*
* @param rundata The turbine rundata context for this request.
* @param context The velocity context for this request.
*/
public void doInsert(RunData rundata, Context context)
throws Exception
{
Permission permission = null;
try
{
//
// validate that its not an 'blank' permissionname -- not allowed
//
String name = rundata.getParameters().getString("name");
if (name == null || name.trim().length() == 0)
{
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
rundata.getResponse().sendRedirect(duri.toString());
rundata.getUser().setTemp(TEMP_PERMISSION, null);
return;
}
//
// generate a new permission
//
permission = JetspeedSecurity.getNewPermission(name);
//
// add the permission
///
JetspeedSecurity.addPermission(permission);
//
// success -- bring user back to permission browser
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_BROWSER);
rundata.getResponse().sendRedirect(duri.toString());
}
catch (EntityExistsException e)
{
// log the error msg
Log.error(e);
//
// dup key found - display error message - bring back to same screen
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
rundata.getResponse().sendRedirect(duri.toString());
// save values that user just entered so they don't have to re-enter
if (permission != null)
rundata.getUser().setTemp(TEMP_PERMISSION, permission);
}
}
/**
* Database Update Action for Security Permissions. Performs updates into security database.
*
* @param rundata The turbine rundata context for this request.
* @param context The velocity context for this request.
*/
public void doUpdate(RunData rundata, Context context)
throws Exception
{
Permission permission = null;
try
{
//
// get the permission object from the selected permission entry in the browser
//
permission = JetspeedSecurity.getPermission(
rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
//
// update the permission in the database
//
JetspeedSecurity.savePermission(permission);
//
// success -- bring user back to permission browser
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_BROWSER);
rundata.getResponse().sendRedirect(duri.toString());
}
catch (Exception e)
{
// log the error msg
Log.error(e);
//
// error on update - display error message
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
if (permission != null)
duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, permission.getName());
duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
rundata.getResponse().sendRedirect(duri.toString());
// save values that user just entered so they don't have to re-enter
if (permission != null)
rundata.getUser().setTemp(TEMP_PERMISSION, permission);
}
}
/**
* Database Delete Action for Security Permissions. Performs deletes into security database.
*
* @param rundata The turbine rundata context for this request.
* @param context The velocity context for this request.
*/
public void doDelete(RunData rundata, Context context)
throws Exception
{
Permission permission = null;
try
{
//
// get the permission object from the selected permission entry in the browser
//
permission = JetspeedSecurity.getPermission(
rundata.getParameters().getString( SecurityConstants.PARAM_ENTITY_ID) );
//
// remove the permission
//
JetspeedSecurity.removePermission(permission);
//
// success -- bring user back to permission browser
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_BROWSER);
rundata.getResponse().sendRedirect(duri.toString());
}
catch (Exception e)
{
// log the error msg
Log.error(e);
//
// error on delete - display error message
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
if (permission != null)
duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, permission.getName());
duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
rundata.getResponse().sendRedirect(duri.toString());
// save values that user just entered so they don't have to re-enter
if (permission != null)
rundata.getUser().setTemp(TEMP_PERMISSION, permission);
}
}
}
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/SecurityConstants.java
Index: SecurityConstants.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.modules.actions.portlets.security;
/**
* This class contains all the common constants used between data entry forms and browsers and actions
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class SecurityConstants
{
// msg id - for error or information messages on data entry forms
static final String PARAM_MSGID = "msgid";
// msg - the informational or form message in a form
static final String PARAM_MSG = "msg";
// unique entity id - parameter passed between browser forms and update forms
static final String PARAM_ENTITY_ID = "entityid";
// mode parameter
static final String PARAM_MODE = "mode";
// update mode parameter
static final String PARAM_MODE_UPDATE = "update";
// delete mode parameter
static final String PARAM_MODE_DELETE = "delete";
// insert mode parameter
static final String PARAM_MODE_INSERT = "insert";
//
// Context Constants
//
static final String CONTEXT_USER = "user";
static final String CONTEXT_USERS = "users";
static final String CONTEXT_ROLE = "role";
static final String CONTEXT_ROLES = "roles";
static final String CONTEXT_PERMISSION = "permission";
static final String CONTEXT_PERMISSIONS = "permissions";
static final String CONTEXT_GROUP = "group";
static final String CONTEXT_GROUPS = "groups";
// user browser pane id
static final String PANEID_USER_BROWSER = "User Browser";
// user form pane id
static final String PANEID_USER_UPDATE = "User";
// role browser pane id
static final String PANEID_ROLE_BROWSER = "Security Role Browser";
// role form pane id
static final String PANEID_ROLE_UPDATE = "Role";
// permission browser pane id
static final String PANEID_PERMISSION_BROWSER = "Permission Browser";
// permission form pane id
static final String PANEID_PERMISSION_UPDATE = "Permission";
// group browser pane id
static final String PANEID_GROUP_BROWSER = "Group Browser";
// group form pane id
static final String PANEID_GROUP_UPDATE = "Group";
//
// Informational and Error Messages for Security Forms
///
static final String MESSAGES[] =
{
"Database Update Failure. Please report this error to your Database Administrator.",
"Database Delete Failure. Please report this error to your Database Administrator.",
"Invalid Entity Name. Please enter a valid entity name.",
"Entity Name Already Exists. Please choose another unique, identifying name.",
"Deletion not allowed. You are trying to delete the currently logged on user."
};
//
// indexes into messages
//
static final int MID_UPDATE_FAILED = 0;
static final int MID_DELETE_FAILED = 1;
static final int MID_INVALID_ENTITY_NAME = 2;
static final int MID_ENTITY_ALREADY_EXISTS = 3;
static final int MID_CANT_DELETE_CURRENT = 4;
};
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org