You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2005/03/13 10:42:07 UTC
svn commit: r157325 - in lenya/trunk/src/java/org/apache/lenya:
ac/AccessController.java ac/Authorizer.java
ac/impl/DefaultAccessController.java ac/impl/PolicyAuthorizer.java
cms/ac/usecase/UsecaseAuthorizer.java cms/ac/workflow/WorkflowAuthorizer.java
Author: andreas
Date: Sun Mar 13 01:42:06 2005
New Revision: 157325
URL: http://svn.apache.org/viewcvs?view=rev&rev=157325
Log:
added methods to authorize a request with a custom URL
Modified:
lenya/trunk/src/java/org/apache/lenya/ac/AccessController.java
lenya/trunk/src/java/org/apache/lenya/ac/Authorizer.java
lenya/trunk/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java
lenya/trunk/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java
lenya/trunk/src/java/org/apache/lenya/cms/ac/usecase/UsecaseAuthorizer.java
lenya/trunk/src/java/org/apache/lenya/cms/ac/workflow/WorkflowAuthorizer.java
Modified: lenya/trunk/src/java/org/apache/lenya/ac/AccessController.java
URL: http://svn.apache.org/viewcvs/lenya/trunk/src/java/org/apache/lenya/ac/AccessController.java?view=diff&r1=157324&r2=157325
==============================================================================
--- lenya/trunk/src/java/org/apache/lenya/ac/AccessController.java (original)
+++ lenya/trunk/src/java/org/apache/lenya/ac/AccessController.java Sun Mar 13 01:42:06 2005
@@ -30,12 +30,12 @@
* The access control namespace URI.
*/
String NAMESPACE = "http://apache.org/cocoon/lenya/ac/1.0";
-
+
/**
* The default prefix for the access control namespace.
*/
String DEFAULT_PREFIX = "ac";
-
+
/**
* The Avalon role.
*/
@@ -56,7 +56,17 @@
* @throws AccessControlException when something went wrong.
*/
boolean authorize(Request request) throws AccessControlException;
-
+
+ /**
+ * Authorizes a request using a different URL.
+ * @param request The request.
+ * @param webappUrl The URL to authorize.
+ * @return A boolean value.
+ * @throws AccessControlException if an error occurs.
+ */
+ boolean authorize(Request request, String webappUrl)
+ throws AccessControlException;
+
/**
* Initializes the identity for this access controller.
* @param request The request that contains the identity information.
@@ -64,4 +74,4 @@
*/
void setupIdentity(Request request) throws AccessControlException;
-}
+}
\ No newline at end of file
Modified: lenya/trunk/src/java/org/apache/lenya/ac/Authorizer.java
URL: http://svn.apache.org/viewcvs/lenya/trunk/src/java/org/apache/lenya/ac/Authorizer.java?view=diff&r1=157324&r2=157325
==============================================================================
--- lenya/trunk/src/java/org/apache/lenya/ac/Authorizer.java (original)
+++ lenya/trunk/src/java/org/apache/lenya/ac/Authorizer.java Sun Mar 13 01:42:06 2005
@@ -40,4 +40,13 @@
boolean authorize(Request request)
throws AccessControlException;
+ /**
+ * Authorizes a request using a different URL.
+ * @param request The request.
+ * @param webappUrl The URL to authorize.
+ * @return A boolean value.
+ * @throws AccessControlException if an error occurs.
+ */
+ boolean authorize(Request request, String webappUrl)
+ throws AccessControlException;
}
Modified: lenya/trunk/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java
URL: http://svn.apache.org/viewcvs/lenya/trunk/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java?view=diff&r1=157324&r2=157325
==============================================================================
--- lenya/trunk/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java (original)
+++ lenya/trunk/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java Sun Mar 13 01:42:06 2005
@@ -50,6 +50,7 @@
import org.apache.lenya.ac.ItemManagerListener;
import org.apache.lenya.ac.Machine;
import org.apache.lenya.ac.PolicyManager;
+import org.apache.lenya.util.ServletHelper;
/**
* Default access controller implementation.
@@ -88,50 +89,7 @@
* @see org.apache.lenya.ac.AccessController#authorize(org.apache.cocoon.environment.Request)
*/
public boolean authorize(Request request) throws AccessControlException {
-
- assert request != null;
-
- boolean authorized = false;
-
- getLogger().debug("=========================================================");
- getLogger().debug("Beginning authorization.");
-
- if (hasAuthorizers()) {
- Authorizer[] _authorizers = getAuthorizers();
- int i = 0;
- authorized = true;
-
- while ((i < _authorizers.length) && authorized) {
-
- if (getLogger().isDebugEnabled()) {
- getLogger().debug("---------------------------------------------------------");
- getLogger().debug("Invoking authorizer [" + _authorizers[i] + "]");
- }
-
- if (_authorizers[i] instanceof PolicyAuthorizer) {
- PolicyAuthorizer authorizer = (PolicyAuthorizer) _authorizers[i];
- authorizer.setAccreditableManager(this.accreditableManager);
- authorizer.setPolicyManager(this.policyManager);
- }
-
- authorized = authorized && _authorizers[i].authorize(request);
-
- if (getLogger().isDebugEnabled()) {
- getLogger().debug(
- "Authorizer [" + _authorizers[i] + "] returned [" + authorized + "]");
- }
-
- i++;
- }
- }
-
- if (getLogger().isDebugEnabled()) {
- getLogger().debug("=========================================================");
- getLogger().debug("Authorization complete, result: [" + authorized + "]");
- getLogger().debug("=========================================================");
- }
-
- return authorized;
+ return authorize(request, ServletHelper.getWebappURI(request));
}
/**
@@ -448,6 +406,55 @@
getLogger().debug("Notifying policy manager");
}
getPolicyManager().accreditableRemoved(getAccreditableManager(), (Accreditable) item);
+ }
+
+ /**
+ * @see org.apache.lenya.ac.AccessController#authorize(org.apache.cocoon.environment.Request, java.lang.String)
+ */
+ public boolean authorize(Request request, String webappUrl) throws AccessControlException {
+ assert request != null;
+
+ boolean authorized = false;
+
+ getLogger().debug("=========================================================");
+ getLogger().debug("Beginning authorization.");
+
+ if (hasAuthorizers()) {
+ Authorizer[] _authorizers = getAuthorizers();
+ int i = 0;
+ authorized = true;
+
+ while ((i < _authorizers.length) && authorized) {
+
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug("---------------------------------------------------------");
+ getLogger().debug("Invoking authorizer [" + _authorizers[i] + "]");
+ }
+
+ if (_authorizers[i] instanceof PolicyAuthorizer) {
+ PolicyAuthorizer authorizer = (PolicyAuthorizer) _authorizers[i];
+ authorizer.setAccreditableManager(this.accreditableManager);
+ authorizer.setPolicyManager(this.policyManager);
+ }
+
+ authorized = authorized && _authorizers[i].authorize(request, webappUrl);
+
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug(
+ "Authorizer [" + _authorizers[i] + "] returned [" + authorized + "]");
+ }
+
+ i++;
+ }
+ }
+
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug("=========================================================");
+ getLogger().debug("Authorization complete, result: [" + authorized + "]");
+ getLogger().debug("=========================================================");
+ }
+
+ return authorized;
}
}
Modified: lenya/trunk/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java
URL: http://svn.apache.org/viewcvs/lenya/trunk/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java?view=diff&r1=157324&r2=157325
==============================================================================
--- lenya/trunk/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java (original)
+++ lenya/trunk/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java Sun Mar 13 01:42:06 2005
@@ -31,6 +31,7 @@
import org.apache.lenya.ac.Policy;
import org.apache.lenya.ac.PolicyManager;
import org.apache.lenya.ac.Role;
+import org.apache.lenya.util.ServletHelper;
/**
* Policy-based authorizer.
@@ -88,53 +89,24 @@
*/
public boolean authorize(Request request)
throws AccessControlException {
-
- Session session = request.getSession(true);
- Identity identity = (Identity) session.getAttribute(Identity.class.getName());
-
- if (getLogger().isDebugEnabled()) {
- getLogger().debug("Trying to authorize identity: " + identity);
- }
-
- boolean authorized;
-
- if (identity.belongsTo(getAccreditableManager())) {
- authorized = authorizePolicy(identity, request);
- } else {
- getLogger().debug(
- "Identity ["
- + identity
- + "] not authorized - belongs to wrong accreditable manager.");
- authorized = false;
- }
-
- getLogger().debug("Authorized: " + authorized);
-
- return authorized;
+ return authorize(request, ServletHelper.getWebappURI(request));
}
/**
* Authorizes an request for an identity depending on a policy.
* @param identity The identity to authorize.
* @param request The request to authorize.
+ * @param webappUrl The web application URL.
* @return A boolean value.
* @throws AccessControlException when something went wrong.
*/
protected boolean authorizePolicy(
Identity identity,
- Request request)
+ Request request,
+ String webappUrl)
throws AccessControlException {
- String requestUri = request.getRequestURI();
- String context = request.getContextPath();
-
- if (context == null) {
- context = "";
- }
-
- String url = requestUri.substring(context.length());
-
- Policy policy = getPolicyManager().getPolicy(getAccreditableManager(), url);
+ Policy policy = getPolicyManager().getPolicy(getAccreditableManager(), webappUrl);
Role[] roles = policy.getRoles(identity);
saveRoles(request, roles);
@@ -178,6 +150,34 @@
Role[] roles = (Role[]) roleList.toArray(new Role[roleList.size()]);
return roles;
+ }
+
+ /**
+ * @see org.apache.lenya.ac.Authorizer#authorize(org.apache.cocoon.environment.Request, java.lang.String)
+ */
+ public boolean authorize(Request request, String webappUrl) throws AccessControlException {
+ Session session = request.getSession(true);
+ Identity identity = (Identity) session.getAttribute(Identity.class.getName());
+
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug("Trying to authorize identity: " + identity);
+ }
+
+ boolean authorized;
+
+ if (identity.belongsTo(getAccreditableManager())) {
+ authorized = authorizePolicy(identity, request, webappUrl);
+ } else {
+ getLogger().debug(
+ "Identity ["
+ + identity
+ + "] not authorized - belongs to wrong accreditable manager.");
+ authorized = false;
+ }
+
+ getLogger().debug("Authorized: " + authorized);
+
+ return authorized;
}
}
Modified: lenya/trunk/src/java/org/apache/lenya/cms/ac/usecase/UsecaseAuthorizer.java
URL: http://svn.apache.org/viewcvs/lenya/trunk/src/java/org/apache/lenya/cms/ac/usecase/UsecaseAuthorizer.java?view=diff&r1=157324&r2=157325
==============================================================================
--- lenya/trunk/src/java/org/apache/lenya/cms/ac/usecase/UsecaseAuthorizer.java (original)
+++ lenya/trunk/src/java/org/apache/lenya/cms/ac/usecase/UsecaseAuthorizer.java Sun Mar 13 01:42:06 2005
@@ -219,4 +219,11 @@
return authorizeUsecase(usecase, roles, getConfigurationURI(publication));
}
+ /**
+ * @see org.apache.lenya.ac.Authorizer#authorize(org.apache.cocoon.environment.Request, java.lang.String)
+ */
+ public boolean authorize(Request request, String webappUrl) throws AccessControlException {
+ return authorize(request);
+ }
+
}
Modified: lenya/trunk/src/java/org/apache/lenya/cms/ac/workflow/WorkflowAuthorizer.java
URL: http://svn.apache.org/viewcvs/lenya/trunk/src/java/org/apache/lenya/cms/ac/workflow/WorkflowAuthorizer.java?view=diff&r1=157324&r2=157325
==============================================================================
--- lenya/trunk/src/java/org/apache/lenya/cms/ac/workflow/WorkflowAuthorizer.java (original)
+++ lenya/trunk/src/java/org/apache/lenya/cms/ac/workflow/WorkflowAuthorizer.java Sun Mar 13 01:42:06 2005
@@ -34,6 +34,7 @@
import org.apache.lenya.cms.publication.PublicationException;
import org.apache.lenya.cms.publication.PublicationFactory;
import org.apache.lenya.cms.workflow.WorkflowResolver;
+import org.apache.lenya.util.ServletHelper;
import org.apache.lenya.workflow.Situation;
import org.apache.lenya.workflow.Workflow;
import org.apache.lenya.workflow.WorkflowEngine;
@@ -41,8 +42,8 @@
import org.apache.lenya.workflow.impl.WorkflowEngineImpl;
/**
- * If the client requested invoking a workflow event, this authorizer checks if the current document
- * state and identity roles allow this transition.
+ * If the client requested invoking a workflow event, this authorizer checks if
+ * the current document state and identity roles allow this transition.
*/
public class WorkflowAuthorizer extends AbstractLogEnabled implements Authorizer, Serviceable {
@@ -52,17 +53,24 @@
* @see org.apache.lenya.ac.Authorizer#authorize(org.apache.cocoon.environment.Request)
*/
public boolean authorize(Request request) throws AccessControlException {
+ return authorize(request, ServletHelper.getWebappURI(request));
+ }
- boolean authorized = true;
-
- String requestUri = request.getRequestURI();
- String context = request.getContextPath();
+ private ServiceManager manager;
- if (context == null) {
- context = "";
- }
+ /**
+ * @see org.apache.avalon.framework.service.Serviceable#service(org.apache.avalon.framework.service.ServiceManager)
+ */
+ public void service(ServiceManager _manager) throws ServiceException {
+ this.manager = _manager;
+ }
- String url = requestUri.substring(context.length());
+ /**
+ * @see org.apache.lenya.ac.Authorizer#authorize(org.apache.cocoon.environment.Request,
+ * java.lang.String)
+ */
+ public boolean authorize(Request request, String webappUrl) throws AccessControlException {
+ boolean authorized = true;
String event = request.getParameter(EVENT_PARAMETER);
SourceResolver resolver = null;
@@ -79,10 +87,11 @@
PublicationFactory pubFactory = PublicationFactory.getInstance(getLogger());
Publication publication = pubFactory.getPublication(resolver, request);
DocumentIdentityMap map = new DocumentIdentityMap();
- if (map.getFactory().isDocument(publication, url)) {
+ if (map.getFactory().isDocument(publication, webappUrl)) {
- Document document = map.getFactory().getFromURL(publication, url);
- workflowResolver = (WorkflowResolver) this.manager.lookup(WorkflowResolver.ROLE);
+ Document document = map.getFactory().getFromURL(publication, webappUrl);
+ workflowResolver = (WorkflowResolver) this.manager
+ .lookup(WorkflowResolver.ROLE);
if (workflowResolver.hasWorkflow(document)) {
Workflow workflow = workflowResolver.getWorkflowSchema(document);
@@ -111,15 +120,6 @@
}
return authorized;
- }
-
- private ServiceManager manager;
-
- /**
- * @see org.apache.avalon.framework.service.Serviceable#service(org.apache.avalon.framework.service.ServiceManager)
- */
- public void service(ServiceManager _manager) throws ServiceException {
- this.manager = _manager;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org