You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by wo...@apache.org on 2010/02/11 15:32:04 UTC
svn commit: r908997 - /portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java

Author: woonsan
Date: Thu Feb 11 14:32:03 2010
New Revision: 908997

URL: http://svn.apache.org/viewvc?rev=908997&view=rev
Log:
JS2-1057: Set forbidden status on security exception

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java?rev=908997&r1=908996&r2=908997&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java Thu Feb 11 14:32:03 2010
@@ -35,6 +35,7 @@
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.UriInfo;
+import javax.ws.rs.core.Response.Status;
 
 import org.apache.commons.lang.BooleanUtils;
 import org.apache.commons.lang.StringUtils;
@@ -106,7 +107,16 @@
                                           @Context UriInfo uriInfo)
     {
         RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
+        
         return new ContentPageBean(contentPage);
     }
     
@@ -122,7 +132,15 @@
         }
         
         RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -149,7 +167,15 @@
         }
         
         RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         
         int row = NumberUtils.toInt(rowParam, -1);
         int col = NumberUtils.toInt(colParam, -1);
@@ -202,7 +228,15 @@
         }
         
         RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -254,7 +288,15 @@
         }
         
         RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -432,7 +474,15 @@
         }
         
         RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -460,7 +510,15 @@
         }
         
         RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -477,30 +535,23 @@
         
         return new DecorationBean(decoration);
     }
-        
+    
     /**
      * Returns the content page of the current portal request context with security check.
      * 
      * @param requestContext the portal request context
      * @param action the action to check the security against.
      * @return
-     * @throws WebApplicationException
+     * @throws SecurityException
      */
-    private ContentPage getContentPage(RequestContext requestContext, String action) throws WebApplicationException
+    private ContentPage getContentPage(RequestContext requestContext, String action) throws SecurityException
     {
-        try
+        if (securityBehavior != null && !securityBehavior.checkAccess(requestContext, action))
         {
-            if (securityBehavior != null && !securityBehavior.checkAccess(requestContext, action))
-            {
-                throw new SecurityException("Insufficient access to view page");
-            }
-            
-            return requestContext.getPage();
-        }
-        catch (Exception e)
-        {
-            throw new WebApplicationException(e);
+            throw new SecurityException("Insufficient access to view page");
         }
+        
+        return requestContext.getPage();
     }
     
     /**



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org