You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2001/06/07 08:24:39 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/services/security JetspeedDBSecurityService.java
taylor 01/06/06 23:24:39
Modified: src/java/org/apache/jetspeed/services/security
JetspeedDBSecurityService.java
Log:
modified security service to only use one group, the Jetspeed group.
all acls are role-based. if a user is in a role, and if the user has permission, access is granted
Revision Changes Path
1.2 +7 -11 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java
Index: JetspeedDBSecurityService.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JetspeedDBSecurityService.java 2001/06/04 07:16:07 1.1
+++ JetspeedDBSecurityService.java 2001/06/07 06:24:39 1.2
@@ -67,13 +67,17 @@
*
* @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
* @author <a href="mailto:sgala@hisitech.com">Santiago Gala</a>
- * @version $Id: JetspeedDBSecurityService.java,v 1.1 2001/06/04 07:16:07 taylor Exp $
+ * @version $Id: JetspeedDBSecurityService.java,v 1.2 2001/06/07 06:24:39 taylor Exp $
*/
public class JetspeedDBSecurityService extends DBSecurityService
implements JetspeedSecurityService
{
+ // Jetspeed security only has one group.
+ // Access Control checks are only role-based.
+ // If a user has the specified role for the resource, then the user can access that resource
+ public static final String JETSPEED_GROUP = "Jetspeed";
/**
* given a user, checks if a user has access to a given portlet for the given action
@@ -111,20 +115,12 @@
if (null == securityRole)
return true; // grant permission if no security role given
- // TODO:
- // the portlet name by itself may not be a unique enough identifier since
- // other resources (panes, configs) may have the same name
- // we may need to prefix the portletName with something like:
- // "portlet_" + portletName
- // the alternative would be to add a column to the turbine database
- // but this would mean deviating from the basic turbine security model
-
// determine if Portlet has specified role
AccessControlList acl = runData.getACL();
if (null == acl)
return false;
- if (!acl.hasRole( securityRole, portletName ))
+ if (!acl.hasRole( securityRole, JETSPEED_GROUP ))
return false;
// check for role having permission
@@ -134,7 +130,7 @@
if ( acl.hasPermission( permission ) )
return true;
- if ( !acl.hasPermission( permission, portletName ) )
+ if ( !acl.hasPermission( permission, JETSPEED_GROUP ) )
return false;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org