You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2004/08/11 23:23:59 UTC
cvs commit: jakarta-jetspeed/fusion/src/java/org/apache/jetspeed/fusion/security/impl FusionSecurityValveImpl.java FusionUserPrincipalImpl.java
taylor 2004/08/11 14:23:59
Added: fusion/src/java/org/apache/jetspeed/fusion/security/impl
FusionSecurityValveImpl.java
FusionUserPrincipalImpl.java
Log:
Suport Portlet API Security PLT.20 in Fusion
- implemented Fusion security valve to handle J1 specific security in JSR168 Portlets
- added a user principal with knowledge of JetspeedUser
CVS: ----------------------------------------------------------------------
CVS: PR:
CVS: If this change addresses a PR in the problem report tracking
CVS: database, then enter the PR number(s) here.
CVS: Obtained from:
CVS: If this change has been taken from another system, such as NCSA,
CVS: then name the system in this line, otherwise delete it.
CVS: Submitted by:
CVS: If this code has been contributed to Apache by someone else; i.e.,
CVS: they sent us a patch or a new module, then include their name/email
CVS: address here. If this is your work then delete this line.
CVS: Reviewed by:
CVS: If we are doing pre-commit code reviews and someone else has
CVS: reviewed your changes, include their name(s) here.
CVS: If you have not had it reviewed then delete this line.
Revision Changes Path
1.1 jakarta-jetspeed/fusion/src/java/org/apache/jetspeed/fusion/security/impl/FusionSecurityValveImpl.java
Index: FusionSecurityValveImpl.java
===================================================================
/*
* Copyright 2001,2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.fusion.security.impl;
import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.pipeline.PipelineException;
import org.apache.jetspeed.pipeline.valve.AbstractValve;
import org.apache.jetspeed.pipeline.valve.SecurityValve;
import org.apache.jetspeed.pipeline.valve.ValveContext;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.services.rundata.RunDataService;
/**
* Security Valve for use J2 and populating expected Principal and
* Subjects as expected by JSR 168 portlets from the J1 JetspeedUser
*
* @see TemplateSecureSessionValidator
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
* @version $Id: FusionSecurityValveImpl.java,v 1.1 2004/08/11 21:23:59 taylor Exp $
*/
public class FusionSecurityValveImpl extends AbstractValve implements
SecurityValve
{
public static final String FUSION_SUBJECT = "org.apache.jetspeed.fusion.subject";
private JetspeedRunDataService runDataService = null;
/* (non-Javadoc)
* @see org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext, org.apache.jetspeed.pipeline.valve.ValveContext)
*/
public void invoke(RequestContext request, ValveContext context)
throws PipelineException
{
JetspeedRunData data = getRunDataService().getCurrentRunData();
JetspeedUser user = (JetspeedUser)data.getUser();
Subject subject = (Subject) user.getTemp(FUSION_SUBJECT);
if (null == subject)
{
Principal principal = new FusionUserPrincipalImpl(user.getUserName(), user);
Set principals = new HashSet();
principals.add(principal);
subject = new Subject(true, principals, new HashSet(), new HashSet());
user.setTemp(FUSION_SUBJECT, subject);
}
request.setSubject(subject);
// Pass control to the next Valve in the Pipeline
context.invokeNext(request);
}
private JetspeedRunDataService getRunDataService()
{
if (runDataService == null)
{
runDataService =
(JetspeedRunDataService) TurbineServices.getInstance().getService(RunDataService.SERVICE_NAME);
}
return runDataService;
}
}
1.1 jakarta-jetspeed/fusion/src/java/org/apache/jetspeed/fusion/security/impl/FusionUserPrincipalImpl.java
Index: FusionUserPrincipalImpl.java
===================================================================
/* Copyright 2004 Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.fusion.security.impl;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.security.UserPrincipal;
/**
* <p>The user principal for J2.</p>
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
* @version $Id: FusionUserPrincipalImpl.java,v 1.1 2004/08/11 21:23:59 taylor Exp $
*/
public class FusionUserPrincipalImpl implements UserPrincipal
{
private String userName;
private JetspeedUser user;
public FusionUserPrincipalImpl(String userName, JetspeedUser user)
{
this.userName = userName;
this.user = user;
}
/* (non-Javadoc)
* @see org.apache.jetspeed.security.BasePrincipal#getFullPath()
*/
public String getFullPath()
{
// not supported
return "";
}
/* (non-Javadoc)
* @see java.security.Principal#getName()
*/
public String getName()
{
return userName;
}
public JetspeedUser getUser()
{
return user;
}
public String toString()
{
return userName;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org