You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by ev...@apache.org on 2007/03/06 14:55:17 UTC
svn commit: r515121 - in /maven/continuum/trunk/continuum-webapp/src/main:
java/org/apache/maven/continuum/web/action/
java/org/apache/maven/continuum/web/action/admin/
webapp/WEB-INF/jsp/navigations/
Author: evenisse
Date: Tue Mar 6 05:55:16 2007
New Revision: 515121
URL: http://svn.apache.org/viewvc?view=rev&rev=515121
Log:
Fix some security issues
Modified:
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AboutAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java
maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java
maven/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/Menu.jsp
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AboutAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AboutAction.java?view=diff&rev=515121&r1=515120&r2=515121
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AboutAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/AboutAction.java Tue Mar 6 05:55:16 2007
@@ -32,7 +32,7 @@
public class AboutAction
extends ContinuumActionSupport
{
- public String doDefault()
+ public String execute()
throws Exception
{
return SUCCESS;
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java?view=diff&rev=515121&r1=515120&r2=515121
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/ConfigureAppearanceAction.java Tue Mar 6 05:55:16 2007
@@ -23,15 +23,18 @@
import org.apache.maven.artifact.metadata.ArtifactMetadataRetrievalException;
import org.apache.maven.continuum.execution.maven.m2.MavenBuilderHelper;
import org.apache.maven.continuum.execution.maven.m2.SettingsConfigurationException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.apache.maven.continuum.web.action.ContinuumActionSupport;
-import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
-import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
import org.apache.maven.model.Model;
import org.apache.maven.project.ProjectBuildingException;
import org.apache.maven.shared.app.company.CompanyPomHandler;
import org.apache.maven.shared.app.configuration.Configuration;
import org.apache.maven.shared.app.configuration.MavenAppConfiguration;
import org.codehaus.plexus.registry.RegistryException;
+import org.codehaus.plexus.security.rbac.Resource;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
import java.io.IOException;
@@ -42,7 +45,7 @@
*/
public class ConfigureAppearanceAction
extends ContinuumActionSupport
- implements ModelDriven
+ implements ModelDriven, SecureAction
{
/**
* @plexus.requirement
@@ -69,21 +72,6 @@
public String execute()
throws IOException, RegistryException
{
- try
- {
- checkManageConfigurationAuthorization();
- }
- catch ( AuthorizationRequiredException authzE )
- {
- addActionError( authzE.getMessage() );
- return REQUIRES_AUTHORIZATION;
- }
- catch ( AuthenticationRequiredException e )
- {
- addActionError( e.getMessage() );
- return REQUIRES_AUTHENTICATION;
- }
-
appConfiguration.save( configuration );
return SUCCESS;
@@ -92,21 +80,6 @@
public String input()
throws IOException, RegistryException
{
- try
- {
- checkManageConfigurationAuthorization();
- }
- catch ( AuthorizationRequiredException authzE )
- {
- addActionError( authzE.getMessage() );
- return REQUIRES_AUTHORIZATION;
- }
- catch ( AuthenticationRequiredException e )
- {
- addActionError( e.getMessage() );
- return REQUIRES_AUTHENTICATION;
- }
-
return INPUT;
}
@@ -127,5 +100,15 @@
public Model getCompanyModel()
{
return companyModel;
+ }
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+ bundle.setRequiresAuthentication( true );
+ bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION, Resource.GLOBAL );
+
+ return bundle;
}
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java?view=diff&rev=515121&r1=515120&r2=515121
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/java/org/apache/maven/continuum/web/action/admin/EditPomAction.java Tue Mar 6 05:55:16 2007
@@ -27,12 +27,17 @@
import org.apache.maven.continuum.web.action.ContinuumActionSupport;
import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.apache.maven.model.Model;
import org.apache.maven.project.ProjectBuildingException;
import org.apache.maven.shared.app.company.CompanyPomHandler;
import org.apache.maven.shared.app.configuration.CompanyPom;
import org.apache.maven.shared.app.configuration.Configuration;
import org.apache.maven.shared.app.configuration.MavenAppConfiguration;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.rbac.Resource;
import java.io.IOException;
@@ -43,7 +48,7 @@
*/
public class EditPomAction
extends ContinuumActionSupport
- implements ModelDriven
+ implements ModelDriven, SecureAction
{
/**
* @plexus.requirement
@@ -70,21 +75,6 @@
public String execute()
throws IOException, ArtifactInstallationException, SettingsConfigurationException
{
- try
- {
- checkManageConfigurationAuthorization();
- }
- catch ( AuthorizationRequiredException authzE )
- {
- addActionError( authzE.getMessage() );
- return REQUIRES_AUTHORIZATION;
- }
- catch ( AuthenticationRequiredException e )
- {
- addActionError( e.getMessage() );
- return REQUIRES_AUTHENTICATION;
- }
-
// TODO: hack for passed in String[]
String[] logo = (String[]) companyModel.getProperties().get( "organization.logo" );
if ( logo != null )
@@ -99,21 +89,6 @@
public String input()
{
- try
- {
- checkManageConfigurationAuthorization();
- }
- catch ( AuthorizationRequiredException authzE )
- {
- addActionError( authzE.getMessage() );
- return REQUIRES_AUTHORIZATION;
- }
- catch ( AuthenticationRequiredException e )
- {
- addActionError( e.getMessage() );
- return REQUIRES_AUTHENTICATION;
- }
-
return INPUT;
}
@@ -148,4 +123,14 @@
{
return companyModel;
}
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+ bundle.setRequiresAuthentication( true );
+ bundle.addRequiredAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION, Resource.GLOBAL );
+
+ return bundle;
+ }
}
Modified: maven/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/Menu.jsp
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/Menu.jsp?view=diff&rev=515121&r1=515120&r2=515121
==============================================================================
--- maven/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/Menu.jsp (original)
+++ maven/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/jsp/navigations/Menu.jsp Tue Mar 6 05:55:16 2007
@@ -48,14 +48,14 @@
</div>
<div>
<div class="body">
- <ww:url id="addMavenTwoProjectUrl" action="addMavenTwoProject" method="default" namespace="/"
+ <ww:url id="addMavenTwoProjectUrl" action="addMavenTwoProject" method="input" namespace="/"
includeParams="none"/>
<ww:a href="%{addMavenTwoProjectUrl}">
<ww:text name="menu.add.m2Project"/>
</ww:a>
</div>
<div class="body">
- <ww:url id="addMavenOneProjectUrl" action="addMavenOneProject" method="default" namespace="/"
+ <ww:url id="addMavenOneProjectUrl" action="addMavenOneProject" method="input" namespace="/"
includeParams="none"/>
<ww:a href="%{addMavenOneProjectUrl}">
<ww:text name="menu.add.m1Project"/>
@@ -97,7 +97,7 @@
</div>
</pss:ifAuthorized>
<pss:ifAuthorized permission="continuum-manage-configuration">
- <ww:url id="configurationUrl" action="configuration" namespace="/admin" method="default" includeParams="none"/>
+ <ww:url id="configurationUrl" action="configuration" namespace="/admin" method="input" includeParams="none"/>
<div class="body">
<ww:a href="%{configurationUrl}">
<ww:text name="menu.administration.configuration"/>