You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by wo...@apache.org on 2010/02/11 15:32:04 UTC
svn commit: r908997 -
/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java
Author: woonsan
Date: Thu Feb 11 14:32:03 2010
New Revision: 908997
URL: http://svn.apache.org/viewvc?rev=908997&view=rev
Log:
JS2-1057: Set forbidden status on security exception
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java
Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java?rev=908997&r1=908996&r2=908997&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java Thu Feb 11 14:32:03 2010
@@ -35,6 +35,7 @@
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;
+import javax.ws.rs.core.Response.Status;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
@@ -106,7 +107,16 @@
@Context UriInfo uriInfo)
{
RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
- ContentPage contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+ ContentPage contentPage = null;
+ try
+ {
+ contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+ }
+ catch (SecurityException e)
+ {
+ throw new WebApplicationException(e, Status.FORBIDDEN);
+ }
+
return new ContentPageBean(contentPage);
}
@@ -122,7 +132,15 @@
}
RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
- ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ ContentPage contentPage = null;
+ try
+ {
+ contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+ }
+ catch (SecurityException e)
+ {
+ throw new WebApplicationException(e, Status.FORBIDDEN);
+ }
ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
if (contentFragment == null)
@@ -149,7 +167,15 @@
}
RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
- ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ ContentPage contentPage = null;
+ try
+ {
+ contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ }
+ catch (SecurityException e)
+ {
+ throw new WebApplicationException(e, Status.FORBIDDEN);
+ }
int row = NumberUtils.toInt(rowParam, -1);
int col = NumberUtils.toInt(colParam, -1);
@@ -202,7 +228,15 @@
}
RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
- ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ ContentPage contentPage = null;
+ try
+ {
+ contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ }
+ catch (SecurityException e)
+ {
+ throw new WebApplicationException(e, Status.FORBIDDEN);
+ }
ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
if (contentFragment == null)
@@ -254,7 +288,15 @@
}
RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
- ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ ContentPage contentPage = null;
+ try
+ {
+ contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ }
+ catch (SecurityException e)
+ {
+ throw new WebApplicationException(e, Status.FORBIDDEN);
+ }
ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
if (contentFragment == null)
@@ -432,7 +474,15 @@
}
RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
- ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ ContentPage contentPage = null;
+ try
+ {
+ contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ }
+ catch (SecurityException e)
+ {
+ throw new WebApplicationException(e, Status.FORBIDDEN);
+ }
ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
if (contentFragment == null)
@@ -460,7 +510,15 @@
}
RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
- ContentPage contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+ ContentPage contentPage = null;
+ try
+ {
+ contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+ }
+ catch (SecurityException e)
+ {
+ throw new WebApplicationException(e, Status.FORBIDDEN);
+ }
ContentFragment contentFragment = contentPage.getFragmentById(fragmentId);
if (contentFragment == null)
@@ -477,30 +535,23 @@
return new DecorationBean(decoration);
}
-
+
/**
* Returns the content page of the current portal request context with security check.
*
* @param requestContext the portal request context
* @param action the action to check the security against.
* @return
- * @throws WebApplicationException
+ * @throws SecurityException
*/
- private ContentPage getContentPage(RequestContext requestContext, String action) throws WebApplicationException
+ private ContentPage getContentPage(RequestContext requestContext, String action) throws SecurityException
{
- try
+ if (securityBehavior != null && !securityBehavior.checkAccess(requestContext, action))
{
- if (securityBehavior != null && !securityBehavior.checkAccess(requestContext, action))
- {
- throw new SecurityException("Insufficient access to view page");
- }
-
- return requestContext.getPage();
- }
- catch (Exception e)
- {
- throw new WebApplicationException(e);
+ throw new SecurityException("Insufficient access to view page");
}
+
+ return requestContext.getPage();
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org