You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by rw...@apache.org on 2006/01/24 06:31:14 UTC
svn commit: r371821 - in
/portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src:
java/org/apache/jetspeed/om/page/impl/ test/org/apache/jetspeed/page/
Author: rwatler
Date: Mon Jan 23 21:31:11 2006
New Revision: 371821
URL: http://svn.apache.org/viewcvs?rev=371821&view=rev
Log:
make security test cases more robust; correct two more minor security bugs related to fragments
Modified:
portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java
portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java
Modified: portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java?rev=371821&r1=371820&r2=371821&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java (original)
+++ portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java Mon Jan 23 21:31:11 2006
@@ -178,7 +178,13 @@
// be made for root fragment
if ((fragment != null) && !fragment.isEmpty())
{
- return (Fragment)fragment.iterator().next();
+ FragmentImpl rootFragment = (FragmentImpl)fragment.iterator().next();
+ if (rootFragment.getPage() == null)
+ {
+ // set page implementation in root and children fragments
+ rootFragment.setPage(this);
+ }
+ return rootFragment;
}
return null;
}
Modified: portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java?rev=371821&r1=371820&r2=371821&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java (original)
+++ portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java Mon Jan 23 21:31:11 2006
@@ -131,14 +131,14 @@
while (actionsIter.hasNext())
{
// check each action:
- // - if any actions explicity permitted, assume no permissions
- // are permitted by default
+ // - if any actions explicity permitted, (including owner),
+ // assume no permissions are permitted by default
// - if all constraints do not specify a permission, assume
// access is permitted by default
String action = (String)actionsIter.next();
boolean actionPermitted = false;
boolean actionNotPermitted = false;
- boolean anyActionsPermitted = false;
+ boolean anyActionsPermitted = (getOwner() != null);
// check against constraints
Iterator checkConstraintsIter = checkConstraints.iterator();
@@ -176,6 +176,16 @@
{
throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + action + " not permitted.");
}
+ }
+ }
+ else
+ {
+ // fail for any action if owner specified
+ // since no other constraints were found
+ if ((getOwner() != null) && !actions.isEmpty())
+ {
+ String action = (String)actions.get(0);
+ throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + action + " not permitted, (not owner).");
}
}
}
Modified: portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java?rev=371821&r1=371820&r2=371821&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java (original)
+++ portals/jetspeed-2/branches/JETSPEED-BRANCH-2.0.1/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java Mon Jan 23 21:31:11 2006
@@ -330,6 +330,9 @@
throw setup;
}
+ // reset page manager cache
+ pageManager.reset();
+
// access test as admin user
Exception adminAccess = (Exception)Subject.doAsPrivileged(adminSubject, new PrivilegedAction()
{
@@ -573,6 +576,9 @@
{
throw guestAccess;
}
+
+ // reset page manager cache
+ pageManager.reset();
// cleanup test as admin user
Exception cleanup = (Exception)Subject.doAsPrivileged(adminSubject, new PrivilegedAction()
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org