You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2008/12/26 13:42:22 UTC
svn commit: r729489 - in
/lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase:
UsecaseInvoker.java impl/UsecaseInvokerImpl.java
Author: andreas
Date: Fri Dec 26 04:42:21 2008
New Revision: 729489
URL: http://svn.apache.org/viewvc?rev=729489&view=rev
Log:
Let UsecaseInvoker authorize usecases before invocation.
Modified:
lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/UsecaseInvoker.java
lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/impl/UsecaseInvokerImpl.java
Modified: lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/UsecaseInvoker.java
URL: http://svn.apache.org/viewvc/lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/UsecaseInvoker.java?rev=729489&r1=729488&r2=729489&view=diff
==============================================================================
--- lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/UsecaseInvoker.java (original)
+++ lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/UsecaseInvoker.java Fri Dec 26 04:42:21 2008
@@ -104,6 +104,11 @@
int POSTCONDITIONS_FAILED = 4;
/**
+ * The authorization failed.
+ */
+ int AUTHORIZATION_FAILED = 5;
+
+ /**
* Returns the error messages from the previous operation. Error messages
* prevent the operation from being executed.
* @return A list of {@link UsecaseMessage} objects.
Modified: lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/impl/UsecaseInvokerImpl.java
URL: http://svn.apache.org/viewvc/lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/impl/UsecaseInvokerImpl.java?rev=729489&r1=729488&r2=729489&view=diff
==============================================================================
--- lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/impl/UsecaseInvokerImpl.java (original)
+++ lenya/trunk/src/modules-core/usecase/java/src/org/apache/lenya/cms/usecase/impl/UsecaseInvokerImpl.java Fri Dec 26 04:42:21 2008
@@ -26,7 +26,20 @@
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
+import org.apache.avalon.framework.service.ServiceSelector;
import org.apache.avalon.framework.service.Serviceable;
+import org.apache.cocoon.environment.Request;
+import org.apache.lenya.ac.AccessController;
+import org.apache.lenya.ac.AccessControllerResolver;
+import org.apache.lenya.ac.Authorizer;
+import org.apache.lenya.ac.Role;
+import org.apache.lenya.cms.ac.PolicyUtil;
+import org.apache.lenya.cms.ac.usecase.UsecaseAuthorizer;
+import org.apache.lenya.cms.cocoon.components.context.ContextUtility;
+import org.apache.lenya.cms.publication.DocumentFactory;
+import org.apache.lenya.cms.publication.DocumentUtil;
+import org.apache.lenya.cms.publication.Publication;
+import org.apache.lenya.cms.publication.URLInformation;
import org.apache.lenya.cms.repository.Session;
import org.apache.lenya.cms.usecase.Usecase;
import org.apache.lenya.cms.usecase.UsecaseException;
@@ -44,6 +57,54 @@
private String targetUrl;
/**
+ * @return if the identity is authorized to invoke the usecase.
+ * @throws Exception if an error occurs.
+ */
+ protected boolean isUsecaseAuthorized(String webappUrl, String usecaseName) throws Exception {
+ boolean authorized = false;
+ ServiceSelector selector = null;
+ AccessControllerResolver acResolver = null;
+ AccessController accessController = null;
+ ContextUtility contextUtil = null;
+ try {
+ selector = (ServiceSelector) this.manager.lookup(AccessControllerResolver.ROLE
+ + "Selector");
+ acResolver = (AccessControllerResolver) selector
+ .select(AccessControllerResolver.DEFAULT_RESOLVER);
+ accessController = acResolver.resolveAccessController(webappUrl);
+
+ contextUtil = (ContextUtility) this.manager.lookup(ContextUtility.ROLE);
+ Request request = contextUtil.getRequest();
+ DocumentFactory factory = DocumentUtil.getDocumentFactory(this.manager, request);
+ URLInformation info = new URLInformation(webappUrl);
+ Publication pub = factory.getPublication(info.getPublicationId());
+ Role[] roles = PolicyUtil.getRoles(request);
+
+ Authorizer[] authorizers = accessController.getAuthorizers();
+ for (int i = 0; i < authorizers.length; i++) {
+ if (authorizers[i] instanceof UsecaseAuthorizer) {
+ UsecaseAuthorizer authorizer = (UsecaseAuthorizer) authorizers[i];
+ authorized = authorizer.authorizeUsecase(usecaseName, roles, pub);
+ }
+ }
+ } finally {
+ if (selector != null) {
+ if (acResolver != null) {
+ if (accessController != null) {
+ acResolver.release(accessController);
+ }
+ selector.release(acResolver);
+ }
+ this.manager.release(selector);
+ }
+ if (contextUtil != null) {
+ this.manager.release(contextUtil);
+ }
+ }
+ return authorized;
+ }
+
+ /**
* @see org.apache.lenya.cms.usecase.UsecaseInvoker#invoke(java.lang.String, java.lang.String,
* java.util.Map)
*/
@@ -58,6 +119,13 @@
this.result = SUCCESS;
try {
+ if (!isUsecaseAuthorized(webappUrl, usecaseName)) {
+ this.errorMessages.add(new UsecaseMessage("Authorization of usecase " + usecaseName
+ + " failed."));
+ this.result = AUTHORIZATION_FAILED;
+ return;
+ }
+
resolver = (UsecaseResolver) this.manager.lookup(UsecaseResolver.ROLE);
usecase = resolver.resolve(webappUrl, usecaseName);
@@ -102,9 +170,9 @@
}
}
}
-
+
private Session testSession = null;
-
+
protected Session getTestSession() {
return this.testSession;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org