You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by ev...@apache.org on 2007/05/14 18:24:00 UTC
svn commit: r537900 - in
/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server:
AbstractContinuumSecureService.java ContinuumServiceImpl.java
Author: evenisse
Date: Mon May 14 09:23:53 2007
New Revision: 537900
URL: http://svn.apache.org/viewvc?view=rev&rev=537900
Log:
Move security code in parent abtract class
Added:
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java (with props)
Modified:
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
Added: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java?view=auto&rev=537900
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java (added)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java Mon May 14 09:23:53 2007
@@ -0,0 +1,134 @@
+package org.apache.maven.continuum.xmlrpc.server;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
+import org.apache.maven.continuum.xmlrpc.ContinuumService;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.util.StringUtils;
+
+/**
+ * @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
+ * @version $Id$
+ */
+public abstract class AbstractContinuumSecureService
+ implements ContinuumService, ContinuumXmlRpcComponent
+{
+ /**
+ * @plexus.requirement role-hint="default"
+ */
+ private SecuritySystem securitySystem;
+
+ private ContinuumXmlRpcConfig config;
+
+ public void setConfig( ContinuumXmlRpcConfig config )
+ {
+ this.config = config;
+ }
+
+ public SecuritySystem getSecuritySystem()
+ {
+ return securitySystem;
+ }
+
+ /**
+ * Check if the current user is authorized to do the action
+ *
+ * @param role the role
+ * @throws ContinuumException if the user isn't authorized
+ */
+ protected void checkAuthorization( String role )
+ throws ContinuumException
+ {
+ checkAuthorization( role, null, false );
+ }
+
+ /**
+ * Check if the current user is authorized to do the action
+ *
+ * @param role the role
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized
+ */
+ protected void checkAuthorization( String role, String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( role, resource, true );
+ }
+
+ /**
+ * Check if the current user is authorized to do the action
+ *
+ * @param role the role
+ * @param resource the operation resource
+ * @param requiredResource true if resource can't be null
+ * @throws ContinuumException if the user isn't authorized
+ */
+ protected void checkAuthorization( String role, String resource, boolean requiredResource )
+ throws ContinuumException
+ {
+ try
+ {
+ if ( resource != null && StringUtils.isNotEmpty( resource.trim() ) )
+ {
+ if ( !getSecuritySystem().isAuthorized( config.getSecuritySession(), role, resource ) )
+ {
+ throw new ContinuumException( "You're not authorized to execute this action." );
+ }
+ }
+ else
+ {
+ if ( requiredResource || !getSecuritySystem().isAuthorized( config.getSecuritySession(), role ) )
+ {
+ throw new ContinuumException( "You're not authorized to execute this action." );
+ }
+ }
+ }
+ catch ( AuthorizationException ae )
+ {
+ throw new ContinuumException( "error authorizing request." );
+ }
+ }
+
+ /**
+ * Check if the current user is authorized to add a project group
+ *
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkAddProjectGroupAuthorization()
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION );
+ }
+
+ /**
+ * Check if the current user is authorized to add a project to a specific project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkAddProjectToGroupAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION, resource );
+ }
+}
Propchange: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java?view=diff&rev=537900&r1=537899&r2=537900
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java Mon May 14 09:23:53 2007
@@ -23,7 +23,6 @@
import org.apache.maven.continuum.ContinuumException;
import org.apache.maven.continuum.project.ContinuumProjectState;
import org.apache.maven.continuum.project.builder.ContinuumProjectBuildingResult;
-import org.apache.maven.continuum.xmlrpc.ContinuumService;
import org.apache.maven.continuum.xmlrpc.project.AddingResult;
import org.apache.maven.continuum.xmlrpc.project.BuildResult;
import org.apache.maven.continuum.xmlrpc.project.BuildResultSummary;
@@ -32,8 +31,6 @@
import org.apache.maven.continuum.xmlrpc.project.ProjectGroup;
import org.apache.maven.continuum.xmlrpc.project.ProjectGroupSummary;
import org.apache.maven.continuum.xmlrpc.project.ProjectSummary;
-import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.system.SecuritySystem;
import java.util.ArrayList;
import java.util.Collection;
@@ -46,25 +43,13 @@
* @plexus.component role="org.apache.maven.continuum.xmlrpc.server.ContinuumXmlRpcComponent" role-hint="org.apache.maven.continuum.xmlrpc.ContinuumService"
*/
public class ContinuumServiceImpl
- implements ContinuumService, ContinuumXmlRpcComponent
+ extends AbstractContinuumSecureService
{
/**
* @plexus.requirement
*/
private Continuum continuum;
- /**
- * @plexus.requirement role-hint="default"
- */
- private SecuritySystem securitySystem;
-
- private ContinuumXmlRpcConfig config;
-
- public void setConfig( ContinuumXmlRpcConfig config )
- {
- this.config = config;
- }
-
// ----------------------------------------------------------------------
// Projects
// ----------------------------------------------------------------------
@@ -211,27 +196,18 @@
public AddingResult addMavenTwoProject( String url )
throws ContinuumException
{
- try
- {
- if ( securitySystem.isAuthorized( config.getSecuritySession(), "continuum-add-group" ) )
- {
- ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url );
- return populateAddingResult( result );
- }
- else
- {
- throw new ContinuumException( "unauthorized add project request" );
- }
- }
- catch (AuthorizationException e )
- {
- throw new ContinuumException( "error authorizing request", e );
- }
+ checkAddProjectGroupAuthorization();
+
+ ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url );
+ return populateAddingResult( result );
}
public AddingResult addMavenTwoProject( String url, int projectGroupId )
throws ContinuumException
{
+ ProjectGroupSummary pgs = getProjectGroupSummary( projectGroupId );
+ checkAddProjectToGroupAuthorization( pgs.getName() );
+
ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url, projectGroupId );
return populateAddingResult( result );
}