You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2008/11/19 23:28:42 UTC
svn commit: r719097 - in
/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya: ac/
ac/attr/ cms/ac/ cms/cocoon/acting/ cms/observation/ cms/workflow/
Author: andreas
Date: Wed Nov 19 14:28:41 2008
New Revision: 719097
URL: http://svn.apache.org/viewvc?rev=719097&view=rev
Log:
Committing changes to src/java.
Added:
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AbstractUserReference.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/IdentityImpl.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUser.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUserReference.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserReference.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Attribute.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeManager.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeOwner.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRule.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluator.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluatorFactory.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeSet.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ErrorHandler.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Message.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/SimpleErrorHandler.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ValidationResult.java
Modified:
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Accreditable.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AccreditableManager.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Group.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identifiable.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identity.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Machine.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Policy.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/User.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserManager.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/World.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/ac/PolicyUtil.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/observation/RepositoryEvent.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/DocumentWorkflowable.java
lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/RoleCondition.java
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AbstractUserReference.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AbstractUserReference.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AbstractUserReference.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AbstractUserReference.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.lenya.ac.attr.AttributeOwner;
+import org.apache.lenya.util.Assert;
+
+/**
+ * An identifiable which represents a user.
+ */
+public abstract class AbstractUserReference implements UserReference {
+
+ private static final long serialVersionUID = 1L;
+ private String userId;
+ private String managerId;
+
+ /**
+ * @param userId The ID of the user.
+ * @param accrMgrId The ID of the accreditable manager.
+ * @see Item#getId()
+ */
+ public AbstractUserReference(String userId, String accrMgrId) {
+ Assert.notNull("user ID", userId);
+ Assert.notNull("accreditable manager ID", accrMgrId);
+ this.userId = userId;
+ this.managerId = accrMgrId;
+ }
+
+ /**
+ * @return The ID of the referenced user.
+ */
+ public String getId() {
+ return this.userId;
+ }
+
+ public Accreditable[] getAccreditables(AccreditableManager accrMgr) {
+ Set accreditables = new HashSet();
+ if (belongsToAccreditableManager(accrMgr.getId())) {
+ ManagedUser user = (ManagedUser) getUser(accrMgr);
+ accreditables.add(user);
+ if (user instanceof Groupable) {
+ accreditables.addAll(Arrays.asList(((Groupable) user).getGroups()));
+ }
+ accreditables.addAll(getMatchingGroups(accrMgr, user));
+ }
+ return (Accreditable[]) accreditables.toArray(new Accreditable[accreditables.size()]);
+ }
+
+ /**
+ * @param accrMgr The accreditable manager.
+ * @return The user of the accreditable's user manager which is represented by this user
+ * reference.
+ * @throws RuntimeException if the accreditable manager doesn't contain a user which is
+ * represented by this user reference.
+ */
+ public abstract User getUser(AccreditableManager accrMgr);
+
+ /**
+ * @param accrMgr The accreditable manager.
+ * @param user The user.
+ * @return All groups of the accreditable manager which have a rule matching the user.
+ */
+ protected Set getMatchingGroups(AccreditableManager accrMgr, AttributeOwner user) {
+ Set matchingGroups = new HashSet();
+ if (user.getAttributeNames().length > 0) {
+ try {
+ Group[] groups = accrMgr.getGroupManager().getGroups();
+ for (int i = 0; i < groups.length; i++) {
+ if (groups[i].matches(user)) {
+ matchingGroups.add(groups[i]);
+ }
+ }
+ } catch (AccessControlException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ return matchingGroups;
+ }
+
+ public boolean belongsToAccreditableManager(String accrMgrId) {
+ Assert.notNull("accreditable manager ID", accrMgrId);
+ return accrMgrId.equals(this.managerId);
+ }
+
+}
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Accreditable.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Accreditable.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Accreditable.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Accreditable.java Wed Nov 19 14:28:41 2008
@@ -26,11 +26,21 @@
* using a {@link org.apache.lenya.ac.Credential}.
*/
public interface Accreditable {
+
+ /**
+ * @return The name of this accreditable.
+ */
+ String getName();
+
/**
- * Returns the set of accreditables of this accreditable.
- * The set contains the accreditable itself and all collections it belongs to.
- * @return An array of accreditables.
+ * <p>
+ * Returns an array of all {@link Accreditable}s belonging to this accreditable. The
+ * credentials of all of these {@link Accreditable}s have to be considered when making an
+ * authorization decision about the accreditable.
+ * </p>
+ *
+ * @return An array of {@link Accreditable}s.
*/
- Accreditable[] getAccreditables();
+ Accreditable[] getAccreditablesToAuthorize();
}
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AccreditableManager.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AccreditableManager.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AccreditableManager.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/AccreditableManager.java Wed Nov 19 14:28:41 2008
@@ -19,6 +19,7 @@
package org.apache.lenya.ac;
import org.apache.avalon.framework.component.Component;
+import org.apache.lenya.ac.attr.AttributeManager;
/**
* An AccreditableManager combines a UserManager, a GroupManager, an IPRangeManager and a
@@ -84,4 +85,9 @@
*/
String getId();
+ /**
+ * @return The attribute manager of this application.
+ */
+ AttributeManager getAttributeManager();
+
}
\ No newline at end of file
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Group.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Group.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Group.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Group.java Wed Nov 19 14:28:41 2008
@@ -18,11 +18,14 @@
package org.apache.lenya.ac;
+import org.apache.lenya.ac.attr.AttributeOwner;
+import org.apache.lenya.ac.attr.AttributeRule;
+
/**
* A group.
* @version $Id$
*/
-public interface Group extends Identifiable, Item {
+public interface Group extends Accreditable, Item {
/**
* Returns the members of this group.
@@ -66,4 +69,20 @@
*/
void save() throws AccessControlException;
+ /**
+ * @param rule The rule. A <code>null</code> value means that no rule should be used.
+ */
+ void setRule(AttributeRule rule);
+
+ /**
+ * @return The rule or <code>null</code> if no rule is set.
+ */
+ AttributeRule getRule();
+
+ /**
+ * @param user The user.
+ * @return if the group's rule matches this user.
+ */
+ boolean matches(AttributeOwner user);
+
}
\ No newline at end of file
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identifiable.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identifiable.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identifiable.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identifiable.java Wed Nov 19 14:28:41 2008
@@ -16,13 +16,25 @@
*
*/
-/* $Id$ */
-
package org.apache.lenya.ac;
+import java.io.Serializable;
+
/**
- * A marker interface to mark an {@link Accreditable} as identifiable.
+ * An identifiable object which can be put into the session.
*/
-public interface Identifiable extends Accreditable {
- // implement here
+public interface Identifiable extends Serializable {
+
+ /**
+ * @param manager The accreditable manager.
+ * @return The accreditables represented by this identifiable.
+ */
+ Accreditable[] getAccreditables(AccreditableManager manager);
+
+ /**
+ * @param accreditableManagerId The ID of an accreditable manager.
+ * @return if the accreditable is valid wrt the accreditable manager.
+ */
+ boolean belongsToAccreditableManager(String accreditableManagerId);
+
}
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identity.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identity.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identity.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Identity.java Wed Nov 19 14:28:41 2008
@@ -20,198 +20,49 @@
package org.apache.lenya.ac;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
-
-import org.apache.avalon.framework.container.ContainerUtil;
-import org.apache.avalon.framework.logger.AbstractLogEnabled;
-import org.apache.avalon.framework.logger.Logger;
-import org.apache.cocoon.environment.Session;
/**
* Identity object. Used to store the authenticated accreditables in the session.
*/
-public class Identity extends AbstractLogEnabled implements Identifiable, Serializable {
- /**
- *
- */
- private static final long serialVersionUID = 1L;
- private Set identifiables = new HashSet();
-
- /**
- * Ctor.
- * @param logger The logger.
- */
- public Identity(Logger logger) {
- ContainerUtil.enableLogging(this, logger);
- }
-
- /**
- * Initializes this identity.
- */
- public void initialize() {
- addIdentifiable(World.getInstance());
- }
-
- /**
- * In the case of Tomcat the object will be serialized to TOMCAT/work/Standalone/localhost/lenya/SESSIONS.ser
- * @param out OutputStream to hold the serialized identity
- * @throws IOException
- */
- private void writeObject(ObjectOutputStream out) throws IOException {
- out.defaultWriteObject();
- out.writeObject(this.identifiables);
- }
-
- /**
- * In case of Tomcat the object will be restored from TOMCAT/work/Standalone/localhost/lenya/SESSIONS.ser
- * @param in InputStream that holds the serialized identity
- * @throws IOException
- * @throws ClassNotFoundException
- */
- private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
- in.defaultReadObject();
- this.identifiables = (Set) in.readObject();
- }
+public interface Identity extends Identifiable {
/**
* Returns the identifiables of this identity.
* @return An array of identifiables.
*/
- public Identifiable[] getIdentifiables() {
- return (Identifiable[]) this.identifiables.toArray(new Identifiable[this.identifiables.size()]);
- }
+ Identifiable[] getIdentifiables();
/**
* Adds a new identifiable to this identity.
* @param identifiable The identifiable to add.
*/
- public void addIdentifiable(Identifiable identifiable) {
- assert identifiable != null;
- assert identifiable != this;
- assert !this.identifiables.contains(identifiable);
-
- if (getLogger().isDebugEnabled()) {
- getLogger().debug("Adding identifiable: [" + identifiable + "]");
- }
-
- this.identifiables.add(identifiable);
- }
-
- /**
- * @see Accreditable#getAccreditables()
- */
- public Accreditable[] getAccreditables() {
- Set accreditables = new HashSet();
- Identifiable[] _identifiables = getIdentifiables();
-
- for (int i = 0; i < _identifiables.length; i++) {
- Accreditable[] groupAccreditables = _identifiables[i].getAccreditables();
- accreditables.addAll(Arrays.asList(groupAccreditables));
- }
-
- return (Accreditable[]) accreditables.toArray(new Accreditable[accreditables.size()]);
- }
-
+ void addIdentifiable(Identifiable identifiable);
+
/**
- * @see java.lang.Object#toString()
+ * Returns the user reference of this identity or <code>null</code> if no user reference is
+ * contained.
+ * @return A user reference.
*/
- public String toString() {
- StringBuffer buf = new StringBuffer();
- Accreditable[] accreditables = getAccreditables();
-
- for (int i = 0; i < accreditables.length; i++) {
- buf.append(" " + accreditables[i]);
- }
-
- String string = "[identity:" + buf.toString() + "]";
+ UserReference getUserReference();
- return string;
- }
-
- /**
- * Checks if this identity belongs to a certain accreditable manager.
- * @param manager The accreditable manager to check for.
- * @return A boolean value.
- * @throws AccessControlException if an error occurs
- */
- public boolean belongsTo(AccreditableManager manager) throws AccessControlException {
- User user = getUser();
- if (user == null) {
- return true;
- }
- else {
- String thisId = user.getAccreditableManager().getId();
- String otherId = manager.getId();
- return thisId.equals(otherId);
- }
- }
-
- /**
- * Returns the user of this identity.
- * @return A user.
- */
- public User getUser() {
- User user = null;
- Identifiable[] _identifiables = getIdentifiables();
- int i = 0;
- while (user == null && i < _identifiables.length) {
- if (_identifiables[i] instanceof User) {
- user = (User) _identifiables[i];
- }
- i++;
- }
- return user;
- }
/**
* Returns the machine of this identity.
* @return A machine.
*/
- public Machine getMachine() {
- Machine machine = null;
- Identifiable[] _identifiables = getIdentifiables();
- int i = 0;
- while (machine == null && i < _identifiables.length) {
- if (_identifiables[i] instanceof Machine) {
- machine = (Machine) _identifiables[i];
- }
- i++;
- }
- return machine;
- }
+ Machine getMachine();
/**
* Checks if this identity contains a certain identifiable.
* @param identifiable The identifiable to look for.
* @return A boolean value.
*/
- public boolean contains(Identifiable identifiable) {
- return this.identifiables.contains(identifiable);
- }
-
- /**
- * Fetches the identity from a session.
- * @param session The session.
- * @return An identity.
- */
- public static Identity getIdentity(Session session) {
- Identity identity = (Identity) session.getAttribute(Identity.class.getName());
- return identity;
- }
+ boolean contains(Identifiable identifiable);
/**
- * Removes a certain identifiable from the idenity.
+ * Removes a particular identifiable from the identity.
* @param identifiable An identifiable.
*/
- public void removeIdentifiable(Identifiable identifiable) {
- assert this.identifiables.contains(identifiable);
- this.identifiables.remove(identifiable);
- }
+ void removeIdentifiable(Identifiable identifiable);
}
\ No newline at end of file
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/IdentityImpl.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/IdentityImpl.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/IdentityImpl.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/IdentityImpl.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,224 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+/* $Id: Identity.java 499017 2007-01-23 13:25:22Z andreas $ */
+
+package org.apache.lenya.ac;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+import org.apache.avalon.framework.container.ContainerUtil;
+import org.apache.avalon.framework.logger.AbstractLogEnabled;
+import org.apache.avalon.framework.logger.Logger;
+import org.apache.cocoon.environment.Session;
+import org.apache.lenya.util.Assert;
+
+/**
+ * Identity object. Used to store the authenticated {@link Accreditable}s in the
+ * session.
+ */
+public class IdentityImpl extends AbstractLogEnabled implements Identity, Serializable {
+
+ private static final long serialVersionUID = 1L;
+ private Set identifiables = new HashSet();
+ private String managerId;
+
+ /**
+ * Ctor.
+ * @param accreditableManagerId The accreditable manager ID.
+ * @param logger The logger.
+ */
+ public IdentityImpl(String accreditableManagerId, Logger logger) {
+ ContainerUtil.enableLogging(this, logger);
+ Assert.notNull("accreditable manager ID", accreditableManagerId);
+ this.managerId = accreditableManagerId;
+ this.initialize();
+ }
+
+ /**
+ * Initializes this identity.
+ */
+ protected void initialize() {
+ addIdentifiable(World.getInstance());
+ }
+
+ /**
+ * In the case of Tomcat the object will be serialized to
+ * TOMCAT/work/Standalone/localhost/lenya/SESSIONS.ser
+ *
+ * @param out OutputStream to hold the serialized identity
+ * @throws IOException
+ */
+ private void writeObject(ObjectOutputStream out) throws IOException {
+ out.defaultWriteObject();
+ out.writeObject(this.identifiables);
+ }
+
+ /**
+ * In case of Tomcat the object will be restored from
+ * TOMCAT/work/Standalone/localhost/lenya/SESSIONS.ser
+ *
+ * @param in InputStream that holds the serialized identity
+ * @throws IOException
+ * @throws ClassNotFoundException
+ */
+ private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
+ in.defaultReadObject();
+ this.identifiables = (Set) in.readObject();
+ }
+
+ /**
+ * Returns the identifiables of this identity.
+ * @return An array of identifiables.
+ */
+ public Identifiable[] getIdentifiables() {
+ return (Identifiable[]) this.identifiables.toArray(new Identifiable[this.identifiables
+ .size()]);
+ }
+
+ /**
+ * Adds a new identifiable to this identity.
+ * @param identifiable The identifiable to add.
+ */
+ public void addIdentifiable(Identifiable identifiable) {
+ assert identifiable != null;
+ assert identifiable != this;
+ assert !this.identifiables.contains(identifiable);
+
+ Assert.isTrue("Identifiable belongs to same accreditable manager", identifiable
+ .belongsToAccreditableManager(this.managerId));
+
+ if (getLogger().isDebugEnabled()) {
+ getLogger().debug("Adding identifiable: [" + identifiable + "]");
+ }
+
+ this.identifiables.add(identifiable);
+ }
+
+ /**
+ * <p>
+ * Returns an array of all {@link Accreditable}s belonging to the
+ * identifiables of this identity. The credentials of all of these
+ * {@link Accreditable}s have to be considered when making an authorization
+ * decision about the identity, i.e. the credential set of the identity is
+ * the union of all credential sets of all accreditables.
+ * </p>
+ *
+ * @see Identifiable#getAccreditables(AccreditableManager)
+ * @param manager The accreditable manager.
+ * @return An array of {@link Accreditable}s.
+ */
+ public Accreditable[] getAccreditables(AccreditableManager manager) {
+ Set accreditables = new HashSet();
+ Identifiable[] identifiables = getIdentifiables();
+
+ for (int i = 0; i < identifiables.length; i++) {
+ Accreditable accrs[] = identifiables[i].getAccreditables(manager);
+ accreditables.addAll(Arrays.asList(accrs));
+ }
+
+ return (Accreditable[]) accreditables.toArray(new Accreditable[accreditables.size()]);
+ }
+
+ /**
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ Identifiable[] identifiables = getIdentifiables();
+ StringBuffer buf = new StringBuffer("[identity:");
+ for (int i = 0; i < identifiables.length; i++) {
+ buf.append(" ").append(identifiables[i]);
+ }
+ buf.append("]");
+ return buf.toString();
+ }
+
+ /**
+ * Returns the user reference of this identity or <code>null</code> if no
+ * user reference is contained.
+ * @return A user reference.
+ */
+ public UserReference getUserReference() {
+ UserReference user = null;
+ Identifiable[] identifiables = getIdentifiables();
+ int i = 0;
+ while (user == null && i < identifiables.length) {
+ if (identifiables[i] instanceof UserReference) {
+ user = (UserReference) identifiables[i];
+ }
+ i++;
+ }
+ return user;
+ }
+
+ /**
+ * Returns the machine of this identity.
+ * @return A machine.
+ */
+ public Machine getMachine() {
+ Machine machine = null;
+ Identifiable[] _identifiables = getIdentifiables();
+ int i = 0;
+ while (machine == null && i < _identifiables.length) {
+ if (_identifiables[i] instanceof Machine) {
+ machine = (Machine) _identifiables[i];
+ }
+ i++;
+ }
+ return machine;
+ }
+
+ /**
+ * Checks if this identity contains a certain identifiable.
+ * @param identifiable The identifiable to look for.
+ * @return A boolean value.
+ */
+ public boolean contains(Identifiable identifiable) {
+ return this.identifiables.contains(identifiable);
+ }
+
+ /**
+ * Fetches the identity from a session.
+ * @param session The session.
+ * @return An identity.
+ */
+ public static Identity getIdentity(Session session) {
+ Identity identity = (Identity) session.getAttribute(Identity.class.getName());
+ return identity;
+ }
+
+ /**
+ * Removes a particular identifiable from the identity.
+ * @param identifiable An identifiable.
+ */
+ public void removeIdentifiable(Identifiable identifiable) {
+ assert this.identifiables.contains(identifiable);
+ this.identifiables.remove(identifiable);
+ }
+
+ public boolean belongsToAccreditableManager(String accreditableManagerId) {
+ return this.managerId.equals(accreditableManagerId);
+ }
+
+}
\ No newline at end of file
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Machine.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Machine.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Machine.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Machine.java Wed Nov 19 14:28:41 2008
@@ -18,24 +18,22 @@
package org.apache.lenya.ac;
-import java.io.Serializable;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.lenya.util.Assert;
/**
- * A machine (representing an IP address).
+ * A machine, representing an IP address.
* @version $Id$
*/
-public class Machine implements Identifiable, Serializable {
+public class Machine implements Identifiable {
- /**
- *
- */
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 1L;
- /**
+ /**
* Creates a new machine object. This method accepts
* numeric IPv4 addresses like <code>"129.168.0.32"</code>,
* numeric IPv6 addresses like <code>"1080::8:800:200C:417A"</code>
@@ -49,6 +47,7 @@
* <code>String</code> to an <code>InetAddress</code> failed
*/
public Machine(String ip) throws AccessControlException {
+ Assert.notNull("IP address", ip);
try {
setAddress(InetAddress.getByName(ip));
} catch(UnknownHostException uhe) {
@@ -81,16 +80,17 @@
}
/**
- * @see org.apache.lenya.ac.Accreditable#getAccreditables()
- */
- public Accreditable[] getAccreditables() {
- Accreditable[] ranges = getIPRanges();
- Accreditable[] accreditables = new Accreditable[ranges.length + 1];
- accreditables[0] = this;
+ * This method returns all IP ranges which contain the machine's IP address.
+ * @see org.apache.lenya.ac.Identifiable#getAccreditables(org.apache.lenya.ac.AccreditableManager)
+ * @see #getIpRanges(AccreditableManager)
+ */
+ public Accreditable[] getAccreditables(AccreditableManager manager) {
+ IPRange[] ranges = getIpRanges(manager);
+ Set accrs = new HashSet();
for (int i = 0; i < ranges.length; i++) {
- accreditables[i+1] = ranges[i];
+ accrs.add(ranges[i]);
}
- return accreditables;
+ return (Accreditable[]) accrs.toArray(new Accreditable[accrs.size()]);
}
/**
@@ -102,10 +102,11 @@
}
/**
- * Converts a string to an IP addres.
+ * Converts a string to an IP address.
* @param string The IP address, represented by a string.
* @return An InetAddress object.
* @throws AccessControlException when something went wrong.
+ *
* @deprecated This method is unnecessary and does not work for IPv6.
* Use <code>InetAddress.getByName(string)</code> instead!
*/
@@ -125,14 +126,10 @@
}
address = InetAddress.getByAddress(numbers);
- } catch (final NumberFormatException e1) {
+ } catch (Exception e) {
throw new AccessControlException(
- "Failed to convert address [" + string + "]: ",
- e1);
- } catch (final UnknownHostException e1) {
- throw new AccessControlException(
- "Failed to convert address [" + string + "]: ",
- e1);
+ "Failed to convert address [" + string + "]: ",
+ e);
}
return address;
}
@@ -154,30 +151,35 @@
/**
* Sets the IP address.
- * @param _address An IP address.
+ * @param address An IP address.
*/
- public void setAddress(InetAddress _address) {
- this.address = _address;
+ public void setAddress(InetAddress address) {
+ this.address = address;
}
-
- private List ipRanges = new ArrayList();
/**
- * Adds an IP range to this machine.
- * @param range An IP range this machine belongs to.
- */
- public void addIPRange(IPRange range) {
- assert range != null;
- assert !this.ipRanges.contains(range);
- this.ipRanges.add(range);
- }
-
- /**
- * Returns the IP ranges this machine belongs to.
+ * Returns the IP ranges which contain the IP address of this machine.
+ * @param manager The accreditable manager to obtain the IP ranges from.
* @return An array of IP ranges.
*/
- public IPRange[] getIPRanges() {
- return (IPRange[]) this.ipRanges.toArray(new IPRange[this.ipRanges.size()]);
+ public IPRange[] getIpRanges(AccreditableManager manager) {
+ Set ranges = new HashSet();
+ try {
+ IPRange[] allRanges = manager.getIPRangeManager().getIPRanges();
+ for (int i = 0; i < allRanges.length; i++) {
+ if (allRanges[i].contains(this)) {
+ ranges.add(allRanges[i]);
+ }
+ }
+ } catch (AccessControlException e) {
+ throw new RuntimeException(e);
+ }
+
+ return (IPRange[]) ranges.toArray(new IPRange[ranges.size()]);
}
-
+
+ public boolean belongsToAccreditableManager(String accreditableManagerId) {
+ return true;
+ }
+
}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUser.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUser.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUser.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUser.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac;
+
+/**
+ * A user which is managed by the Lenya CMS itself, i.e. it belongs to a {@link UserManager}.
+ */
+public interface ManagedUser extends User, Accreditable {
+
+ /**
+ * Delete this user.
+ * @throws AccessControlException if the delete failed
+ */
+ void delete() throws AccessControlException;
+
+ /**
+ * Authenticate this user. This is done by encrypting the given password and comparing this to
+ * the encrypted password.
+ * @param password The plain text password.
+ * @return true if the given password matches the password of this user.
+ */
+ boolean authenticate(String password);
+
+ /**
+ * Sets the password.
+ * @param plainTextPassword The plain text password.
+ */
+ void setPassword(String plainTextPassword);
+
+ /**
+ * Saves this user.
+ * @throws AccessControlException if the user could not be saved.
+ */
+ void save() throws AccessControlException;
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUserReference.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUserReference.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUserReference.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/ManagedUserReference.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac;
+
+/**
+ * A reference to a managed user.
+ */
+public class ManagedUserReference extends AbstractUserReference {
+
+ /**
+ * @param userId The user ID.
+ * @param managerId The ID of the accreditable manager the user belongs to.
+ */
+ public ManagedUserReference(String userId, String managerId) {
+ super(userId, managerId);
+ }
+
+ private static final long serialVersionUID = 1L;
+
+ public User getUser(AccreditableManager accrMgr) {
+ try {
+ if (belongsToAccreditableManager(accrMgr.getId())) {
+ return accrMgr.getUserManager().getUser(getId());
+ } else {
+ throw new RuntimeException("Invalid accreditable manager.");
+ }
+ } catch (AccessControlException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+}
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Policy.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Policy.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Policy.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/Policy.java Wed Nov 19 14:28:41 2008
@@ -19,59 +19,62 @@
package org.apache.lenya.ac;
/**
- * A policy assigns roles to accreditables using credentials.
- * Additionally, SSL protection is defined.
+ * A policy assigns roles to accreditables using credentials. Additionally, SSL protection is
+ * defined.
*
* @version $Id$
*/
public interface Policy {
-
+
/**
* The identity was not matched in this policy.
*/
int RESULT_NOT_MATCHED = 0;
-
+
/**
* The role is denied for the identity.
*/
int RESULT_DENIED = 1;
-
+
/**
* The role is granted for the identity.
*/
int RESULT_GRANTED = 2;
-
+
/**
* Checks if a certain role is granted for a certain policy.
* @param identity The identity.
* @param role The role to check.
+ * @param accrMgr The accreditable manager.
* @return A result code.
* @throws AccessControlException when something went wrong.
*/
- int check(Identity identity, Role role) throws AccessControlException;
-
+ int check(Identity identity, Role role, AccreditableManager accrMgr)
+ throws AccessControlException;
+
/**
* Returns if this policy requires SSL protection.
* @return A boolean value.
* @throws AccessControlException when something went wrong.
*/
boolean isSSLProtected() throws AccessControlException;
-
+
/**
- * Returns if the policy is empty. A policy is empty if it does
- * not contain any credentials.
+ * Returns if the policy is empty. A policy is empty if it does not contain any credentials.
* @return A boolean value.
* @throws AccessControlException when something went wrong.
*/
boolean isEmpty() throws AccessControlException;
-
+
/**
* @param identity The identity.
+ * @param accrMgr The accreditable manager to obtain the accreditables from.
* @return All credentials defined by this policy for this identity.
* @throws AccessControlException if an error occurs.
*/
- Credential[] getCredentials(Identity identity) throws AccessControlException;
-
+ Credential[] getCredentials(Identity identity, AccreditableManager accrMgr)
+ throws AccessControlException;
+
/**
* @return All credentials defined by this policy.
* @throws AccessControlException if an error occurs.
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/User.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/User.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/User.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/User.java Wed Nov 19 14:28:41 2008
@@ -18,11 +18,13 @@
package org.apache.lenya.ac;
+import org.apache.lenya.ac.attr.AttributeOwner;
+
/**
* A user.
* @version $Id$
*/
-public interface User extends Identifiable, Item, Groupable {
+public interface User extends Accreditable, Item, Groupable, AttributeOwner {
/**
* Get the email address
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserManager.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserManager.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserManager.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserManager.java Wed Nov 19 14:28:41 2008
@@ -63,4 +63,9 @@
*/
User getUser(String userId);
+ /**
+ * @param userId A user ID.
+ * @return If a user with this ID exists.
+ */
+ boolean contains(String userId);
}
\ No newline at end of file
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserReference.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserReference.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserReference.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/UserReference.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac;
+
+/**
+ * An identifiable which represents a user.
+ */
+public interface UserReference extends Identifiable {
+
+ /**
+ * @return The ID of the referenced user.
+ */
+ String getId();
+
+}
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/World.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/World.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/World.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/World.java Wed Nov 19 14:28:41 2008
@@ -19,24 +19,23 @@
package org.apache.lenya.ac;
import java.io.Serializable;
-import java.util.Collections;
/**
- * The world.
+ * The world. This class uses the Singleton pattern.
* @version $Id$
*/
-public final class World implements Identifiable, Serializable {
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
+public final class World implements Identifiable, Accreditable, Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ private static final String NAME = "everyone";
- /**
- * Creates a new World object.
+ /**
+ * Creates a new World object. The constructor is private to ensure that only one instance can
+ * be created.
+ * @see #getInstance()
*/
private World() {
- // do nothing
}
private static World instance;
@@ -53,10 +52,21 @@
return instance;
}
- /**
- * @see org.apache.lenya.ac.Accreditable#getAccreditables()
- */
- public Accreditable[] getAccreditables() {
- return (Accreditable[]) Collections.singleton(this).toArray(new Accreditable[1]);
+ public String getName() {
+ return NAME;
+ }
+
+ public Accreditable[] getAccreditables(AccreditableManager manager) {
+ Accreditable[] accrs = { this };
+ return accrs;
+ }
+
+ public boolean belongsToAccreditableManager(String accrMgrId) {
+ return true;
+ }
+
+ public Accreditable[] getAccreditablesToAuthorize() {
+ Accreditable[] accrs = { this };
+ return accrs;
}
}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Attribute.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Attribute.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Attribute.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Attribute.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+/**
+ * A definition of a single user attribute.
+ */
+public interface Attribute {
+
+ /**
+ * @return The name of the attribute as provided by the identity provider.
+ */
+ String getName();
+
+ /**
+ * @return The alias of the attribute as used in rules.
+ */
+ String getAlias();
+
+ /**
+ * @return The description of the attribute.
+ */
+ String getDescription();
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeManager.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeManager.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeManager.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeManager.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+/**
+ * Manager for attribute sets and evaluators.
+ */
+public interface AttributeManager {
+
+ String ROLE = AttributeManager.class.getName();
+
+ /**
+ * @return The attribute rule evaluator used by this application.
+ */
+ AttributeRuleEvaluator getEvaluator();
+
+ /**
+ * @param name The name.
+ * @return The attribute set with this name.
+ */
+ AttributeSet getAttributeSet(String name);
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeOwner.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeOwner.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeOwner.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeOwner.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+import org.apache.lenya.ac.AccessControlException;
+import org.apache.lenya.ac.Group;
+
+/**
+ * An attribute owner provides a map of key-value pairs which are used for authorization decisions.
+ * The values are string arrays, i.e. the AttributeOwner can provide multiple values for each key.
+ *
+ * @see Group#matches(AttributeOwner)
+ * @see AttributeRuleEvaluator
+ */
+public interface AttributeOwner {
+
+ /**
+ * @return The names of all possible attributes.
+ */
+ String[] getAttributeNames();
+
+ /**
+ * @param name The attribute name.
+ * @return The attribute values or <code>null</code> if no value is available for the
+ * attribute.
+ * @throws AccessControlException if the attribute is not supported.
+ */
+ String[] getAttributeValues(String name) throws AccessControlException;
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRule.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRule.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRule.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRule.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ *
+ */
+
+package org.apache.lenya.ac.attr;
+
+/**
+ * A rule to evaluate attributes.
+ */
+public interface AttributeRule {
+
+ /**
+ * @return The actual rule.
+ */
+ String getRule();
+
+ /**
+ * @return The attribute set this rule applies to.
+ */
+ AttributeSet getAttributeSet();
+
+ /**
+ * @param owner The attribute owner.
+ * @return If the rule matches the owner.
+ */
+ boolean matches(AttributeOwner owner);
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluator.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluator.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluator.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluator.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+/**
+ * Service to evaluate attribute rules.
+ */
+public interface AttributeRuleEvaluator {
+
+ /**
+ * @param user The user.
+ * @param rule The rule.
+ * @return if the rule is complied by the user's attributes.
+ */
+ public boolean isComplied(AttributeOwner user, String rule);
+
+ /**
+ * @param rule The rule to validate.
+ * @param attributes The available attributes.
+ * @return If the rule is valid, i.e. if it is syntactically correct and doesn't reference any
+ * attributes which are not supported by the {@link AttributeSet} that is
+ * provided by the {@link AttributeSetRegistry}.
+ */
+ public ValidationResult validate(String rule, AttributeSet attributes);
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluatorFactory.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluatorFactory.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluatorFactory.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeRuleEvaluatorFactory.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+/**
+ * Factory for attribute rule evaluators.
+ */
+public interface AttributeRuleEvaluatorFactory {
+
+ /**
+ * The service role.
+ */
+ String ROLE = AttributeRuleEvaluatorFactory.class.getName();
+
+ /**
+ * @return An evaluator.
+ */
+ AttributeRuleEvaluator getEvaluator();
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeSet.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeSet.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeSet.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/AttributeSet.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+/**
+ * Definition of user attribute names.
+ */
+public interface AttributeSet {
+
+ /**
+ * The service role.
+ */
+ String ROLE = AttributeSet.class.getName();
+
+ /**
+ * @return All available attribute names.
+ */
+ String[] getAttributeNames();
+
+ /**
+ * @param name An attribute name.
+ * @return An attribute.
+ */
+ Attribute getAttribute(String name);
+
+ /**
+ * @return The name of the attribute set.
+ */
+ String getName();
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ErrorHandler.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ErrorHandler.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ErrorHandler.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ErrorHandler.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+/**
+ * Error handler for parsing.
+ */
+public interface ErrorHandler {
+
+ /**
+ * Register an error.
+ * @param message The error message.
+ */
+ void error(String message);
+
+ /**
+ * Register an error.
+ * @param message The error message.
+ */
+ void error(Message message);
+
+ /**
+ * @return The error messages.
+ */
+ Message[] getErrors();
+
+}
\ No newline at end of file
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Message.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Message.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Message.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/Message.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * A message for i18n-ized user feedback.
+ */
+public class Message implements Serializable {
+
+ private static final long serialVersionUID = 1L;
+ private String text;
+ private List parameters = new ArrayList();
+
+ /**
+ * @param text The message text.
+ */
+ public Message(String text) {
+ this.text = text;
+ }
+
+ /**
+ * @param text The message text.
+ * @param params The parameters.
+ */
+ public Message(String text, String[] params) {
+ this(text);
+ this.parameters.addAll(Arrays.asList(params));
+ }
+
+ /**
+ * @return The message text.
+ */
+ public String getText() {
+ return this.text;
+ }
+
+ /**
+ * @return The message parameters.
+ */
+ public String[] getParameters() {
+ return (String[]) this.parameters.toArray(new String[this.parameters.size()]);
+ }
+
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/SimpleErrorHandler.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/SimpleErrorHandler.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/SimpleErrorHandler.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/SimpleErrorHandler.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+import java.util.ArrayList;
+import java.util.List;
+
+
+/**
+ * Error handler for parsing.
+ */
+public class SimpleErrorHandler implements ErrorHandler {
+
+ private List messages = new ArrayList();
+
+ public void error(String message) {
+ this.messages.add(new Message(message));
+ }
+
+ public Message[] getErrors() {
+ return (Message[]) this.messages.toArray(new Message[this.messages.size()]);
+ }
+
+ public void error(Message message) {
+ this.messages.add(message);
+ }
+
+}
Added: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ValidationResult.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ValidationResult.java?rev=719097&view=auto
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ValidationResult.java (added)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/ac/attr/ValidationResult.java Wed Nov 19 14:28:41 2008
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.lenya.ac.attr;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Validation result.
+ */
+public class ValidationResult {
+
+ private boolean succeeded;
+
+ /**
+ * @param succeeded if the validation was successful.
+ */
+ public ValidationResult(boolean succeeded) {
+ this.succeeded = succeeded;
+ }
+
+ /**
+ * @param messages The error messages. If the array is empty, the validation succeeded.
+ */
+ public ValidationResult(Message[] messages) {
+ this(messages.length == 0);
+ for (int i = 0; i < messages.length; i++) {
+ addMessage(messages[i]);
+ }
+ }
+
+ private List messages = new ArrayList();
+
+ /**
+ * @param message The message.
+ */
+ public void addMessage(String message) {
+ this.messages.add(new Message(message));
+ }
+
+ /**
+ * @param message The message.
+ */
+ public void addMessage(Message message) {
+ this.messages.add(message);
+ }
+
+ /**
+ * @return The message.
+ */
+ public Message[] getMessages() {
+ return (Message[]) this.messages.toArray(new Message[this.messages.size()]);
+ }
+
+ /**
+ * @return if the validation was successful.
+ */
+ public boolean succeeded() {
+ return this.succeeded;
+ }
+
+}
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/ac/PolicyUtil.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/ac/PolicyUtil.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/ac/PolicyUtil.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/ac/PolicyUtil.java Wed Nov 19 14:28:41 2008
@@ -33,6 +33,8 @@
import org.apache.lenya.ac.AccessControllerResolver;
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Identity;
+import org.apache.lenya.ac.IdentityImpl;
+import org.apache.lenya.ac.ManagedUserReference;
import org.apache.lenya.ac.PolicyManager;
import org.apache.lenya.ac.Role;
import org.apache.lenya.ac.User;
@@ -136,8 +138,8 @@
Role roleObject = accreditableManager.getRoleManager().getRole(role);
for (int i = 0; i < users.length; i++) {
- Identity identity = new Identity(logger);
- identity.addIdentifiable(users[i]);
+ Identity identity = new IdentityImpl(accreditableManager.getId(), logger);
+ identity.addIdentifiable(new ManagedUserReference(users[i].getId(), accreditableManager.getId()));
Role[] roles = policyManager.getGrantedRoles(accreditableManager, identity,
webappUrl);
if (Arrays.asList(roles).contains(roleObject)) {
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java Wed Nov 19 14:28:41 2008
@@ -30,7 +30,7 @@
import org.apache.cocoon.environment.SourceResolver;
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.Identity;
-import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.cms.publication.Document;
import org.apache.lenya.cms.publication.DocumentFactory;
import org.apache.lenya.cms.publication.DocumentUtil;
@@ -151,9 +151,9 @@
this.username = null;
if (identity != null) {
- User user = identity.getUser();
- if (user != null) {
- this.username = user.getId();
+ UserReference userRef = identity.getUserReference();
+ if (userRef != null) {
+ this.username = userRef.getId();
}
} else {
getLogger().error(".act(): No identity yet");
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/observation/RepositoryEvent.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/observation/RepositoryEvent.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/observation/RepositoryEvent.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/observation/RepositoryEvent.java Wed Nov 19 14:28:41 2008
@@ -58,7 +58,7 @@
}
public String toString() {
- return "user:" + getSession().getIdentity().getUser() + " " + getNodeUri() + " " + getDescriptor();
+ return "user:" + getSession().getIdentity().getUserReference().getId() + " " + getNodeUri() + " " + getDescriptor();
}
private String nodeUri;
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/DocumentWorkflowable.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/DocumentWorkflowable.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/DocumentWorkflowable.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/DocumentWorkflowable.java Wed Nov 19 14:28:41 2008
@@ -32,7 +32,7 @@
import org.apache.avalon.framework.logger.Logger;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.lenya.ac.Identity;
-import org.apache.lenya.ac.User;
+import org.apache.lenya.ac.UserReference;
import org.apache.lenya.cms.metadata.MetaData;
import org.apache.lenya.cms.observation.RepositoryEvent;
import org.apache.lenya.cms.observation.RepositoryEventFactory;
@@ -209,9 +209,9 @@
stringBuf.append(" state:").append(version.getState());
Identity identity = getSession().getIdentity();
- User user = identity.getUser();
- if (user != null) {
- stringBuf.append(" user:").append(identity.getUser().getId());
+ UserReference userRef = identity.getUserReference();
+ if (userRef != null) {
+ stringBuf.append(" user:").append(userRef.getId());
}
stringBuf.append(" machine:").append(identity.getMachine().getIp());
Modified: lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/RoleCondition.java
URL: http://svn.apache.org/viewvc/lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/RoleCondition.java?rev=719097&r1=719096&r2=719097&view=diff
==============================================================================
--- lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/RoleCondition.java (original)
+++ lenya/sandbox/access_control_redesign/src/java/org/apache/lenya/cms/workflow/RoleCondition.java Wed Nov 19 14:28:41 2008
@@ -61,12 +61,10 @@
}
/**
- * Returns if the condition is complied in a certain situation. The
- * condition is complied when the current user has the role that is required
- * by the RoleCondition.
+ * Returns if the condition is complied in a certain situation. The condition is complied when
+ * the current user has the role that is required by the RoleCondition.
*
- * @see org.apache.lenya.workflow.impl.AbstractCondition#isComplied(Workflow,
- * Workflowable)
+ * @see org.apache.lenya.workflow.impl.AbstractCondition#isComplied(Workflow, Workflowable)
*/
public boolean isComplied(Workflow workflow, Workflowable instance) {
@@ -86,17 +84,16 @@
PolicyManager policyManager = accessController.getPolicyManager();
Identity identity = workflowable.getSession().getIdentity();
- AccreditableManager accreditableMgr = accessController
- .getAccreditableManager();
+ AccreditableManager accreditableMgr = accessController.getAccreditableManager();
Policy policy = policyManager.getPolicy(accreditableMgr, url);
RoleManager roleManager = accreditableMgr.getRoleManager();
-
+
boolean complied = false;
-
- for (Iterator i = this.roleIds.iterator(); i.hasNext(); ) {
+
+ for (Iterator i = this.roleIds.iterator(); i.hasNext();) {
String roleId = (String) i.next();
Role role = roleManager.getRole(roleId);
- if (policy.check(identity, role) == Policy.RESULT_GRANTED) {
+ if (policy.check(identity, role, accreditableMgr) == Policy.RESULT_GRANTED) {
complied = true;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org