You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2004/08/11 23:23:59 UTC

cvs commit: jakarta-jetspeed/fusion/src/java/org/apache/jetspeed/fusion/security/impl FusionSecurityValveImpl.java FusionUserPrincipalImpl.java

taylor      2004/08/11 14:23:59

  Added:       fusion/src/java/org/apache/jetspeed/fusion/security/impl
                        FusionSecurityValveImpl.java
                        FusionUserPrincipalImpl.java
  Log:
  Suport Portlet API Security PLT.20 in Fusion
  - implemented Fusion security valve to handle J1 specific security in JSR168 Portlets
  - added a user principal with knowledge of JetspeedUser
  
  CVS: ----------------------------------------------------------------------
  CVS: PR:
  CVS:   If this change addresses a PR in the problem report tracking
  CVS:   database, then enter the PR number(s) here.
  CVS: Obtained from:
  CVS:   If this change has been taken from another system, such as NCSA,
  CVS:   then name the system in this line, otherwise delete it.
  CVS: Submitted by:
  CVS:   If this code has been contributed to Apache by someone else; i.e.,
  CVS:   they sent us a patch or a new module, then include their name/email
  CVS:   address here. If this is your work then delete this line.
  CVS: Reviewed by:
  CVS:   If we are doing pre-commit code reviews and someone else has
  CVS:   reviewed your changes, include their name(s) here.
  CVS:   If you have not had it reviewed then delete this line.
  
  Revision  Changes    Path
  1.1                  jakarta-jetspeed/fusion/src/java/org/apache/jetspeed/fusion/security/impl/FusionSecurityValveImpl.java
  
  Index: FusionSecurityValveImpl.java
  ===================================================================
  /*
   * Copyright 2001,2004 The Apache Software Foundation.
   * 
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   * 
   *      http://www.apache.org/licenses/LICENSE-2.0
   * 
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  package org.apache.jetspeed.fusion.security.impl;
  
  import java.security.Principal;
  import java.util.HashSet;
  import java.util.Set;
  
  import javax.security.auth.Subject;
  
  import org.apache.jetspeed.om.security.JetspeedUser;
  import org.apache.jetspeed.pipeline.PipelineException;
  import org.apache.jetspeed.pipeline.valve.AbstractValve;
  import org.apache.jetspeed.pipeline.valve.SecurityValve;
  import org.apache.jetspeed.pipeline.valve.ValveContext;
  import org.apache.jetspeed.request.RequestContext;
  import org.apache.jetspeed.services.rundata.JetspeedRunData;
  import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
  import org.apache.turbine.services.TurbineServices;
  import org.apache.turbine.services.rundata.RunDataService;
  
  
  /**
   * Security Valve for use J2 and populating expected Principal and 
   * Subjects as expected by JSR 168 portlets from the J1 JetspeedUser
   *
   * @see TemplateSecureSessionValidator
   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
   * @version $Id: FusionSecurityValveImpl.java,v 1.1 2004/08/11 21:23:59 taylor Exp $
   */
  public class FusionSecurityValveImpl extends AbstractValve implements
          SecurityValve
  {
      public static final String FUSION_SUBJECT = "org.apache.jetspeed.fusion.subject";
      
      private JetspeedRunDataService runDataService = null;
  
      /* (non-Javadoc)
       * @see org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext, org.apache.jetspeed.pipeline.valve.ValveContext)
       */
      public void invoke(RequestContext request, ValveContext context)
              throws PipelineException
      {        
          JetspeedRunData data = getRunDataService().getCurrentRunData();
          JetspeedUser user = (JetspeedUser)data.getUser();
          Subject subject = (Subject) user.getTemp(FUSION_SUBJECT);
          
          if (null == subject)
          {
              Principal principal = new FusionUserPrincipalImpl(user.getUserName(), user);            
              Set principals = new HashSet();
              principals.add(principal);
              subject = new Subject(true, principals, new HashSet(), new HashSet());
              user.setTemp(FUSION_SUBJECT, subject);                        
          }
          
          request.setSubject(subject);
          
          // Pass control to the next Valve in the Pipeline
          context.invokeNext(request);        
      }
  
      private JetspeedRunDataService getRunDataService()
      {
          if (runDataService == null)
          {
              runDataService =
                  (JetspeedRunDataService) TurbineServices.getInstance().getService(RunDataService.SERVICE_NAME);
          }
          return runDataService;
      }
      
  }
  
  
  
  1.1                  jakarta-jetspeed/fusion/src/java/org/apache/jetspeed/fusion/security/impl/FusionUserPrincipalImpl.java
  
  Index: FusionUserPrincipalImpl.java
  ===================================================================
  /* Copyright 2004 Apache Software Foundation
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
  package org.apache.jetspeed.fusion.security.impl;
  
  import org.apache.jetspeed.om.security.JetspeedUser;
  import org.apache.jetspeed.security.UserPrincipal;
  
  
  /**
   * <p>The user principal for J2.</p>
   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
   * @version $Id: FusionUserPrincipalImpl.java,v 1.1 2004/08/11 21:23:59 taylor Exp $
   */
  public class FusionUserPrincipalImpl implements UserPrincipal
  {
      private String userName;
      private JetspeedUser user;
      
      public FusionUserPrincipalImpl(String userName, JetspeedUser user)
      {
          this.userName = userName;   
          this.user = user;
      }
      
      /* (non-Javadoc)
       * @see org.apache.jetspeed.security.BasePrincipal#getFullPath()
       */
      public String getFullPath()
      {
          // not supported
          return "";
      }
  
      /* (non-Javadoc)
       * @see java.security.Principal#getName()
       */
      public String getName()
      {
          return userName;
      }
  
      public JetspeedUser getUser()
      {
          return user;
      }
      
      public String toString()
      {
          return userName;
      }
  }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org