You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by re...@locus.apache.org on 2000/12/26 07:28:25 UTC
cvs commit: jakarta-slide/src/share/org/apache/slide/security Security.java SecurityImpl.java NodePermissions.java
remm 00/12/25 22:28:25
Modified: src/share/org/apache/slide/security Security.java
SecurityImpl.java
Removed: src/share/org/apache/slide/security NodePermissions.java
Log:
- Add self permissions.
- Add role resolution.
- Removed an API call, as well as the NodePermissions object.
- Add hasRole calls in the Security interface.
Revision Changes Path
1.9 +40 -19 jakarta-slide/src/share/org/apache/slide/security/Security.java
Index: Security.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/Security.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- Security.java 2000/11/25 01:34:54 1.8
+++ Security.java 2000/12/26 06:28:24 1.9
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/Security.java,v 1.8 2000/11/25 01:34:54 remm Exp $
- * $Revision: 1.8 $
- * $Date: 2000/11/25 01:34:54 $
+ * $Header: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/Security.java,v 1.9 2000/12/26 06:28:24 remm Exp $
+ * $Revision: 1.9 $
+ * $Date: 2000/12/26 06:28:24 $
*
* ====================================================================
*
@@ -73,7 +73,7 @@
* Security helper.
*
* @author <a href="mailto:remm@apache.org">Remy Maucherat</a>
- * @version $Revision: 1.8 $
+ * @version $Revision: 1.9 $
*/
public interface Security {
@@ -112,21 +112,6 @@
/**
- * Enumerates permissions on an object.
- *
- * @param token Credentials token
- * @param object Object on which permission is granted
- * @exception ServiceAccessException DataSource access error
- * @exception ObjectNotFoundException Specified object was not found
- * in the DataSource
- * @exception AccessDeniedException Insufficent credentials
- */
- NodePermissions getPermissions(SlideToken token, ObjectNode object)
- throws ServiceAccessException, ObjectNotFoundException,
- AccessDeniedException;
-
-
- /**
* Grants a new permission.
*
* @param token Credentials token
@@ -284,5 +269,41 @@
ActionNode action)
throws ServiceAccessException, AccessDeniedException,
ObjectNotFoundException;
+
+
+ /**
+ * Check whether or not the current user has the specified role.
+ *
+ * @param token Credentials token
+ * @param role Role
+ * @exception ServiceAccessException DataSource access error
+ * @exception ObjectNotFoundException Specified object was not found
+ * in the DataSource
+ */
+ boolean hasRole(SlideToken token, String role)
+ throws ServiceAccessException, ObjectNotFoundException;
+
+
+ /**
+ * Check whether or not the current user has the specified role.
+ *
+ * @param object Object node
+ * @param role Role
+ * @exception ServiceAccessException DataSource access error
+ * @exception ObjectNotFoundException Specified object was not found
+ * in the DataSource
+ */
+ boolean hasRole(ObjectNode object, String role)
+ throws ServiceAccessException, ObjectNotFoundException;
+
+
+ /**
+ * Get the principal associated with the credentials token.
+ *
+ * @param token Creadentials token
+ */
+ ObjectNode getPrincipal(SlideToken token)
+ throws ServiceAccessException, ObjectNotFoundException;
+
}
1.12 +112 -30 jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java
Index: SecurityImpl.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- SecurityImpl.java 2000/11/25 01:34:54 1.11
+++ SecurityImpl.java 2000/12/26 06:28:24 1.12
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v 1.11 2000/11/25 01:34:54 remm Exp $
- * $Revision: 1.11 $
- * $Date: 2000/11/25 01:34:54 $
+ * $Header: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v 1.12 2000/12/26 06:28:24 remm Exp $
+ * $Revision: 1.12 $
+ * $Date: 2000/12/26 06:28:24 $
*
* ====================================================================
*
@@ -73,7 +73,7 @@
* Security helper.
*
* @author <a href="mailto:remm@apache.org">Remy Maucherat</a>
- * @version $Revision: 1.11 $
+ * @version $Revision: 1.12 $
*/
public final class SecurityImpl implements Security {
@@ -305,13 +305,7 @@
Uri objectUri = namespace.getUri(object.getUri());
ObjectNode realObject = objectUri.getStore()
.retrieveObject(objectUri);
- Uri subjectUri = null;
- subjectUri =
- namespace.getUri
- (namespaceConfig.getUsersPath() + "/"
- + token.getCredentialsToken().getPublicCredentials());
- SubjectNode subject = (SubjectNode) subjectUri
- .getStore().retrieveObject(subjectUri);
+ SubjectNode subject = (SubjectNode) getPrincipal(token);
checkPermission(realObject, subject, action);
}
} catch (ObjectNotFoundException e) {
@@ -355,7 +349,11 @@
Enumeration permissions = courUri.getStore()
.enumeratePermissions(courUri);
- while ((!granted) && (permissions.hasMoreElements())) {
+ while (permissions.hasMoreElements()) {
+
+ boolean oldGranted = granted;
+ boolean oldDenied = denied;
+
NodePermission permission =
(NodePermission) permissions.nextElement();
@@ -365,17 +363,56 @@
//&& (actionUri.isParent(permission.getActionUri()));
if (permission.isInheritable()
|| permission.getObjectUri().equals(object.getUri())) {
- granted = (!permission.isNegative())
- && (subjectUri.toString()
- .startsWith(permission.getSubjectUri()))
- && (actionUri.toString()
- .startsWith(permission.getActionUri()));
- denied = (permission.isNegative())
- && (subjectUri.toString()
- .startsWith(permission.getSubjectUri()))
- && (actionUri.toString()
- .startsWith(permission.getActionUri()));
+
+ String permissionSubject = permission.getSubjectUri();
+
+ if (permissionSubject.startsWith("/")) {
+
+ // Node permission
+ granted = (!permission.isNegative())
+ && (subjectUri.toString()
+ .startsWith(permission.getSubjectUri()))
+ && (actionUri.toString()
+ .startsWith(permission.getActionUri()));
+ denied = (permission.isNegative())
+ && (subjectUri.toString()
+ .startsWith(permission.getSubjectUri()))
+ && (actionUri.toString()
+ .startsWith(permission.getActionUri()));
+
+ } else if (permissionSubject.equals("~")) {
+
+ // Self permission
+ granted = (!permission.isNegative())
+ && (subjectUri.toString()
+ .startsWith(permission.getObjectUri()))
+ && (actionUri.toString()
+ .startsWith(permission.getActionUri()));
+ denied = (permission.isNegative())
+ && (subjectUri.toString()
+ .startsWith(permission.getObjectUri()))
+ && (actionUri.toString()
+ .startsWith(permission.getActionUri()));
+
+ } else {
+
+ // Role permission
+ granted = (!permission.isNegative())
+ && (hasRole(subject, permissionSubject))
+ && (actionUri.toString()
+ .startsWith(permission.getActionUri()));
+ denied = (permission.isNegative())
+ && (hasRole(subject, permissionSubject))
+ && (actionUri.toString()
+ .startsWith(permission.getActionUri()));
+
+ }
+
}
+
+ granted = granted | oldGranted;
+ denied = denied | oldDenied;
+
}
Uri parentUri = courUri.getParentUri();
@@ -440,20 +477,65 @@
/**
- * Enumerates permissions on an object.
+ * Check whether or not the current user has the specified role.
*
* @param token Credentials token
- * @param object Object on which permission is granted
+ * @param role Role
* @exception ServiceAccessException DataSource access error
* @exception ObjectNotFoundException Specified object was not found
* in the DataSource
- * @exception AccessDeniedException Insufficent credentials
*/
- public NodePermissions getPermissions(SlideToken token,
- ObjectNode object)
- throws ServiceAccessException, ObjectNotFoundException,
- AccessDeniedException {
- return null;
+ public boolean hasRole(SlideToken token, String role)
+ throws ServiceAccessException, ObjectNotFoundException {
+
+ ObjectNode subject = getPrincipal(token);
+
+ return hasRole(subject, role);
+
+ }
+
+
+ /**
+ * Check whether or not the current user has the specified role.
+ *
+ * @param object Object node
+ * @param role Role
+ * @exception ServiceAccessException DataSource access error
+ * @exception ObjectNotFoundException Specified object was not found
+ * in the DataSource
+ */
+ public boolean hasRole(ObjectNode object, String role)
+ throws ServiceAccessException, ObjectNotFoundException {
+
+ Class roleClass = null;
+ try {
+ roleClass = Class.forName(role);
+ } catch (ClassNotFoundException e) {
+ return false;
+ }
+
+ if (roleClass.isInstance(object))
+ return true;
+
+ return false;
+
}
+
+
+ /**
+ * Get the principal associated with the credentials token.
+ *
+ * @param token Creadentials token
+ */
+ public ObjectNode getPrincipal(SlideToken token)
+ throws ServiceAccessException, ObjectNotFoundException {
+
+ Uri subjectUri = namespace.getUri
+ (namespaceConfig.getUsersPath() + "/"
+ + token.getCredentialsToken().getPublicCredentials());
+ return subjectUri.getStore().retrieveObject(subjectUri);
+
+ }
+
}