You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by pn...@apache.org on 2004/01/17 22:48:00 UTC
cvs commit: jakarta-slide/src/webdav/server/org/apache/slide/webdav/util PropertyHelper.java
pnever 2004/01/17 13:48:00
Modified: src/webdav/server/org/apache/slide/webdav/util/resourcekind
AbstractResourceKind.java
src/share/org/apache/slide/security ACLSecurityImpl.java
Security.java SecurityImpl.java
src/share/org/apache/slide/common NamespaceConfig.java
XMLUnmarshaller.java
src/webdav/server/org/apache/slide/webdav/util
PropertyHelper.java
Log:
Fixed bug with property DAV:group-membership.
Also fixed DAV:resourcetype for principals which must contain DAV:principal
Revision Changes Path
1.26 +4 -4 jakarta-slide/src/webdav/server/org/apache/slide/webdav/util/resourcekind/AbstractResourceKind.java
Index: AbstractResourceKind.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/webdav/server/org/apache/slide/webdav/util/resourcekind/AbstractResourceKind.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- AbstractResourceKind.java 1 Dec 2003 12:10:51 -0000 1.25
+++ AbstractResourceKind.java 17 Jan 2004 21:48:00 -0000 1.26
@@ -193,6 +193,7 @@
computedProperties.add( P_CURRENT_USER_PRIVILEGE_SET);
computedProperties.add( P_CURRENT_WORKSPACE_SET );
computedProperties.add( P_ECLIPSED_SET );
+ computedProperties.add( P_GROUP_MEMBERSHIP );
computedProperties.add( P_INHERITED_ACL_SET );
computedProperties.add( P_LOCKDISCOVERY );
computedProperties.add( P_MODIFICATIONUSER );
@@ -226,7 +227,6 @@
// protectedProperties.add( P_GETCONTENTTYPE ); // so what ... let the client set the content-type via PROPPATCH
protectedProperties.add( P_GETCONTENTLENGTH );
protectedProperties.add( P_GETETAG );
- protectedProperties.add( P_GROUP_MEMBERSHIP ); // TODO: make computed??
protectedProperties.add( P_LABEL_NAME_SET );
protectedProperties.add( P_PARENT_SET );
protectedProperties.add( P_PREDECESSOR_SET );
1.7 +152 -16 jakarta-slide/src/share/org/apache/slide/security/ACLSecurityImpl.java
Index: ACLSecurityImpl.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/ACLSecurityImpl.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- ACLSecurityImpl.java 14 Jan 2004 15:56:07 -0000 1.6
+++ ACLSecurityImpl.java 17 Jan 2004 21:48:00 -0000 1.7
@@ -63,6 +63,7 @@
package org.apache.slide.security;
import java.util.Enumeration;
+import java.util.List;
import java.util.Vector;
import org.apache.slide.common.Namespace;
import org.apache.slide.common.NamespaceConfig;
@@ -77,7 +78,9 @@
import org.apache.slide.structure.ObjectNode;
import org.apache.slide.structure.ObjectNotFoundException;
import org.apache.slide.structure.SubjectNode;
+import org.apache.slide.util.XMLValue;
import org.apache.slide.util.logger.Logger;
+import org.jdom.JDOMException;
/**
* WebDAV/ACL compliant security helper implementation (draft-12)
@@ -160,11 +163,27 @@
return evaluateAcl(token, objectNode, actionNode, permissions);
}
- // overwrites super
public boolean hasRole(SlideToken token, String role) throws ServiceAccessException, ObjectNotFoundException {
- SubjectNode subjectNode = (SubjectNode)getPrincipal(token);
- SubjectNode roleNode = SubjectNode.getSubjectNode(namespaceConfig.getRolesPath()+"/"+role);
- return matchPrincipal(token, subjectNode, roleNode);
+ return hasRole(token, (SubjectNode)getPrincipal(token), role);
+ }
+
+ // overwrites super
+ public boolean hasRole(SlideToken token, SubjectNode subjectNode, String role) throws ServiceAccessException, ObjectNotFoundException {
+ SubjectNode roleNode = null;
+ if (namespaceConfig.getRolesPath() != null && namespaceConfig.getRolesPath().length() != 0) {
+ roleNode = SubjectNode.getSubjectNode(namespaceConfig.getRolesPath()+"/"+role);
+ }
+ if (roleNode != null && matchPrincipal(token, subjectNode, roleNode)) {
+ return true;
+ }
+ else {
+ // check groups
+ SubjectNode groupNode = null;
+ if (namespaceConfig.getGroupsPath() != null && namespaceConfig.getGroupsPath().length() != 0) {
+ groupNode = SubjectNode.getSubjectNode(namespaceConfig.getGroupsPath()+"/"+role);
+ }
+ return (groupNode != null && matchPrincipal(token, subjectNode, groupNode));
+ }
}
// overwrites super
@@ -174,15 +193,132 @@
// overwrites super
public Enumeration getRoles(SlideToken token) throws ServiceAccessException, ObjectNotFoundException {
+ return getRoles(token, (SubjectNode)getPrincipal(token));
+ }
+
+ /**
+ * Get the role names the specified subject has (deeply over nested roles, if there)
+ *
+ * @param token a SlideToken
+ * @param subjectNode a SubjectNode
+ * @return an Enumeration of role names
+ * @throws ServiceAccessException
+ * @throws ObjectNotFoundException
+ */
+ public Enumeration getRoles(SlideToken token, SubjectNode subjectNode) throws ServiceAccessException, ObjectNotFoundException {
+ // check the principal exists
+ Uri subjectUri = namespace.getUri(token, subjectNode.getUri());
+ subjectUri.getStore().retrieveObject(subjectUri);
+
Vector result = new Vector();
- Uri rolesUri = namespace.getUri(token, namespaceConfig.getRolesPath());
- ObjectNode rolesNode = rolesUri.getStore().retrieveObject(rolesUri);
- Enumeration rolesEnum = rolesNode.enumerateBindings();
- while (rolesEnum.hasMoreElements()) {
- ObjectNode.Binding b = (ObjectNode.Binding)rolesEnum.nextElement();
- String role = b.getName();
- if (hasRole(token, role)) {
- result.add(role);
+ Uri rolesUri = null;
+ ObjectNode rolesNode = null;
+ if (namespaceConfig.getRolesPath() != null && namespaceConfig.getRolesPath().length() != 0) {
+ rolesUri = namespace.getUri(token, namespaceConfig.getRolesPath());
+ try {
+ rolesNode = rolesUri.getStore().retrieveObject(rolesUri);
+ } catch (ObjectNotFoundException e) {}
+ if (rolesNode != null) {
+ Enumeration rolesEnum = rolesNode.enumerateBindings();
+ while (rolesEnum.hasMoreElements()) {
+ ObjectNode.Binding b = (ObjectNode.Binding)rolesEnum.nextElement();
+ String role = b.getName();
+ if (hasRole(token, subjectNode, role)) {
+ result.add(role);
+ }
+ }
+ }
+ }
+ Uri groupsUri = null;
+ ObjectNode groupsNode = null;
+ if (namespaceConfig.getGroupsPath() != null && namespaceConfig.getGroupsPath().length() != 0) {
+ groupsUri = namespace.getUri(token, namespaceConfig.getGroupsPath());
+ groupsNode = groupsUri.getStore().retrieveObject(groupsUri);
+ if (groupsNode != null) {
+ Enumeration groupsEnum = groupsNode.enumerateBindings();
+ while (groupsEnum.hasMoreElements()) {
+ ObjectNode.Binding b = (ObjectNode.Binding)groupsEnum.nextElement();
+ String group = b.getName();
+ if (hasRole(token, subjectNode, group)) {
+ result.add(group);
+ }
+ }
+ }
+ }
+ return result.elements();
+ }
+
+ /**
+ * Get enumeration of paths according to property DAV:group-membership
+ *
+ * @param token a SlideToken
+ * @param subjectNode a SubjectNode
+ * @return an Enumeration of paths (String)
+ * @throws ServiceAccessException
+ * @throws ObjectNotFoundException
+ */
+ public Enumeration getGroupMembership(SlideToken token, SubjectNode subjectNode) throws ServiceAccessException, ObjectNotFoundException {
+ // check the principal exists
+ Uri subjectUri = namespace.getUri(token, subjectNode.getUri());
+ subjectUri.getStore().retrieveObject(subjectUri);
+
+ Vector result = new Vector();
+ Uri rolesUri = null;
+ ObjectNode rolesNode = null;
+ if (namespaceConfig.getRolesPath() != null && namespaceConfig.getRolesPath().length() != 0) {
+ rolesUri = namespace.getUri(token, namespaceConfig.getRolesPath());
+ try {
+ rolesNode = rolesUri.getStore().retrieveObject(rolesUri);
+ } catch (ObjectNotFoundException e) {}
+ if (rolesNode != null) {
+ Enumeration rolesEnum = rolesNode.enumerateBindings();
+ while (rolesEnum.hasMoreElements()) {
+ ObjectNode.Binding b = (ObjectNode.Binding)rolesEnum.nextElement();
+ String role = b.getName();
+ Uri roleUri = namespace.getUri(token, namespaceConfig.getRolesPath()+"/"+role);
+ try {
+ NodeRevisionDescriptor nrd =
+ roleUri.getStore().retrieveRevisionDescriptor(roleUri, new NodeRevisionNumber());
+ NodeProperty membersetProp = nrd.getProperty("group-member-set");
+ if (membersetProp != null && membersetProp.getValue() != null) {
+ XMLValue xmlVal = new XMLValue((String)membersetProp.getValue());
+ List memberNodes = xmlVal.getHrefNodes();
+ if (memberNodes.contains(subjectNode)) {
+ result.add(roleUri.toString());
+ }
+ }
+ } catch (RevisionDescriptorNotFoundException e) {
+ } catch (JDOMException e) {}
+ }
+ }
+ }
+ Uri groupsUri = null;
+ ObjectNode groupsNode = null;
+ if (namespaceConfig.getGroupsPath() != null && namespaceConfig.getGroupsPath().length() != 0) {
+ groupsUri = namespace.getUri(token, namespaceConfig.getGroupsPath());
+ try {
+ groupsNode = groupsUri.getStore().retrieveObject(groupsUri);
+ } catch (ObjectNotFoundException e) {}
+ if (groupsNode != null) {
+ Enumeration rolesEnum = groupsNode.enumerateBindings();
+ while (rolesEnum.hasMoreElements()) {
+ ObjectNode.Binding b = (ObjectNode.Binding)rolesEnum.nextElement();
+ String group = b.getName();
+ Uri roleUri = namespace.getUri(token, namespaceConfig.getGroupsPath()+"/"+group);
+ try {
+ NodeRevisionDescriptor nrd =
+ roleUri.getStore().retrieveRevisionDescriptor(roleUri, new NodeRevisionNumber());
+ NodeProperty membersetProp = nrd.getProperty("group-member-set");
+ if (membersetProp != null && membersetProp.getValue() != null) {
+ XMLValue xmlVal = new XMLValue((String)membersetProp.getValue());
+ List memberNodes = xmlVal.getHrefNodes();
+ if (memberNodes.contains(subjectNode)) {
+ result.add(roleUri.toString());
+ }
+ }
+ } catch (RevisionDescriptorNotFoundException e) {
+ } catch (JDOMException e) {}
+ }
}
}
return result.elements();
1.24 +6 -4 jakarta-slide/src/share/org/apache/slide/security/Security.java
Index: Security.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/Security.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- Security.java 12 Dec 2003 02:48:30 -0000 1.23
+++ Security.java 17 Jan 2004 21:48:00 -0000 1.24
@@ -436,6 +436,8 @@
Enumeration getRoles(SlideToken token)
throws ServiceAccessException, ObjectNotFoundException;
+ Enumeration getRoles(SlideToken token, SubjectNode subjectNode)
+ throws ServiceAccessException, ObjectNotFoundException;
/**
* Get the principal associated with the credentials token.
1.44 +13 -5 jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java
Index: SecurityImpl.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- SecurityImpl.java 15 Jan 2004 11:54:42 -0000 1.43
+++ SecurityImpl.java 17 Jan 2004 21:48:00 -0000 1.44
@@ -993,6 +993,10 @@
return getRoles(getPrincipal(token));
}
+ public Enumeration getRoles(SlideToken token, SubjectNode subjectNode)
+ throws ServiceAccessException, ObjectNotFoundException {
+ return getRoles(subjectNode);
+ }
/**
* Get the SubjectNode associated with the credentials token.
@@ -1255,7 +1259,11 @@
Iterator i = memberNodes.iterator();
while (!match && i.hasNext()) {
SubjectNode nextMatchNode = (SubjectNode)i.next();
- match = matchPrincipal(token, checkSubject, nextMatchNode, nextLevel);
+ if (namespaceConfig.isRole(nextMatchNode.getUri())
+ || namespaceConfig.isGroup(nextMatchNode.getUri())) {
+
+ match = matchPrincipal(token, checkSubject, nextMatchNode, nextLevel);
+ }
}
return match;
}
1.34 +29 -4 jakarta-slide/src/share/org/apache/slide/common/NamespaceConfig.java
Index: NamespaceConfig.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/share/org/apache/slide/common/NamespaceConfig.java,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- NamespaceConfig.java 15 Jan 2004 11:54:42 -0000 1.33
+++ NamespaceConfig.java 17 Jan 2004 21:48:00 -0000 1.34
@@ -239,6 +239,11 @@
protected String groupsPath = null;
protected String rolesPath = null;
+ private UriPath
+ usersUriPath,
+ groupsUriPath,
+ rolesUriPath;
+
/**
* Guest user path.
@@ -633,6 +638,23 @@
public boolean isAutoCreateUsers() {
return autoCreateUsers;
}
+
+ public boolean isPrincipal(String uri) {
+ UriPath uriPath = new UriPath(uri);
+ return (usersUriPath != null && usersUriPath.equals(uriPath.parent()) ||
+ rolesUriPath != null && rolesUriPath.equals(uriPath.parent()) ||
+ groupsUriPath != null && groupsUriPath.equals(uriPath.parent()));
+ }
+
+ public boolean isRole(String uri) {
+ UriPath uriPath = new UriPath(uri);
+ return (rolesUriPath != null && rolesUriPath.equals(uriPath.parent()));
+ }
+
+ public boolean isGroup(String uri) {
+ UriPath uriPath = new UriPath(uri);
+ return (groupsUriPath != null && groupsUriPath.equals(uriPath.parent()));
+ }
/**
@@ -830,18 +852,21 @@
private void setPathsAndConfigValues(Configuration config) {
try {
usersPath = config.getConfiguration("userspath").getValue();
+ usersUriPath = new UriPath(usersPath);
} catch (ConfigurationException e) {
usersPath = "";
}
try {
groupsPath = config.getConfiguration("groupspath").getValue();
+ groupsUriPath = new UriPath(groupsPath);
} catch (ConfigurationException e) {
groupsPath = "";
}
try {
rolesPath = config.getConfiguration("rolespath").getValue();
+ rolesUriPath = new UriPath(rolesPath);
} catch (ConfigurationException e) {
rolesPath = "";
}
1.26 +26 -23 jakarta-slide/src/share/org/apache/slide/common/XMLUnmarshaller.java
Index: XMLUnmarshaller.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/share/org/apache/slide/common/XMLUnmarshaller.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- XMLUnmarshaller.java 12 Dec 2003 02:48:30 -0000 1.25
+++ XMLUnmarshaller.java 17 Jan 2004 21:48:00 -0000 1.26
@@ -109,6 +109,11 @@
private final static String LOG_CHANNEL = XMLUnmarshaller.class.getName();
+ private static UriPath
+ usersPath,
+ rolesPath,
+ groupsPath;
+
// --------------------------------------------------------- Public Methods
@@ -245,7 +250,7 @@
String actionUri =
permissionDefinition.getAttribute("action");
-
+
if (accessToken.getNamespaceConfig().getActionsPath().equals(actionUri)) {
actionUri = ActionNode.ALL_URI;
}
@@ -349,14 +354,13 @@
* @exception SlideException A data access error occured
*/
private static void loadDefaultObjectRevision(NamespaceAccessToken accessToken,
- SlideToken token, String uri)
+ SlideToken token, String uri)
throws ServiceAccessException, ConfigurationException,
AccessDeniedException, ObjectNotFoundException,
LinkedObjectNotFoundException {
- try
- {
+ try {
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setNamespaceAware(false);
factory.setValidating(false);
@@ -364,18 +368,18 @@
Populate pop = new Populate();
Configuration slideConfiguration =
new ConfigurationElement(
- pop.load(
- new InputSource(
- new StringReader("<revision/>")), parser.getXMLReader()));
+ pop.load(
+ new InputSource(
+ new StringReader("<revision/>")), parser.getXMLReader()));
loadObjectRevision(accessToken, token, uri, slideConfiguration);
}
catch (IOException e) { e.printStackTrace(); }
catch (SAXException e) { e.printStackTrace(); }
catch (javax.xml.parsers.ParserConfigurationException e) {e.printStackTrace(); }
}
-
-
-
+
+
+
/**
* Create the SlideProperties object associated with a ObjectNode.
*
@@ -394,13 +398,13 @@
// Retrieving the list of properties
Enumeration propertyDefinitions =
revisionDefinition.getConfigurations("property");
-
+
// Retrieving the revision number, if any
NodeRevisionNumber revisionNumber = null;
// Now creating the new revision descriptor object
NodeRevisionDescriptor revisionDescriptor = null;
-
+
NodeRevisionDescriptors revisionDescriptors = null;
try {
revisionDescriptors = accessToken.getContentHelper().retrieve
@@ -421,6 +425,9 @@
}
if (revisionDescriptor == null) {
revisionDescriptor = new NodeRevisionDescriptor(0);
+ if (accessToken.getNamespaceConfig().isPrincipal(uri)) {
+ revisionDescriptor.setResourceType("<collection/><principal/>");
+ }
}
while (propertyDefinitions.hasMoreElements()) {
@@ -441,7 +448,7 @@
if ((revisionDescriptors != null)
&& (revisionDescriptors.hasRevisions())) {
-
+
try {
revisionContent = accessToken.getContentHelper()
.retrieve(token, uri, revisionDescriptor);
@@ -468,9 +475,9 @@
} catch (ObjectLockedException e) {
// Ignore
}
-
+
} else {
-
+
try {
accessToken.getContentHelper().create
(token, uri, revisionDescriptor, revisionContent);
@@ -485,10 +492,6 @@
accessToken.getLogger().log
(e.toString(),LOG_CHANNEL,Logger.WARNING);
}
-
}
-
}
-
-
}
1.62 +28 -3 jakarta-slide/src/webdav/server/org/apache/slide/webdav/util/PropertyHelper.java
Index: PropertyHelper.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/webdav/server/org/apache/slide/webdav/util/PropertyHelper.java,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- PropertyHelper.java 12 Dec 2003 08:51:15 -0000 1.61
+++ PropertyHelper.java 17 Jan 2004 21:48:00 -0000 1.62
@@ -102,6 +102,7 @@
import org.apache.slide.search.Search;
import org.apache.slide.search.SearchQuery;
import org.apache.slide.search.SearchQueryResult;
+import org.apache.slide.security.ACLSecurityImpl;
import org.apache.slide.security.AccessDeniedException;
import org.apache.slide.security.NodePermission;
import org.apache.slide.security.Security;
@@ -663,6 +664,9 @@
else if (P_ACL_RESTRICTIONS.equals(propertyName)) {
property = new NodeProperty(propertyName, computeAclRestrictions(revisionDescriptors, revisionDescriptor, contextPath, serverURL));
}
+ else if (P_GROUP_MEMBERSHIP.equals(propertyName)) {
+ property = new NodeProperty(propertyName, computeGroupMembership(revisionDescriptors, revisionDescriptor, contextPath, serverURL));
+ }
return property;
}
@@ -2051,6 +2055,27 @@
}
else {
return new XMLValue();
+ }
+ }
+
+ public XMLValue computeGroupMembership(NodeRevisionDescriptors revisionDescriptors, NodeRevisionDescriptor revisionDescriptor, String contextPath, String serverURL) throws ObjectLockedException, RevisionDescriptorNotFoundException, ServiceAccessException, LinkedObjectNotFoundException, AccessDeniedException, ObjectNotFoundException, LockTokenNotFoundException, JDOMException {
+ if (revisionDescriptor.getProperty(P_GROUP_MEMBERSHIP) != null) {
+ Object v = revisionDescriptor.getProperty(P_GROUP_MEMBERSHIP).getValue();
+ return (v instanceof XMLValue)
+ ? (XMLValue)v
+ : new XMLValue((String)v);
+ }
+ else {
+ XMLValue xmlValue = new XMLValue();
+ Uri principalUri = nsaToken.getUri(sToken, revisionDescriptors.getUri());
+ SubjectNode principalNode = (SubjectNode)principalUri.getStore().retrieveObject(principalUri);
+ Enumeration roles = ((ACLSecurityImpl)nsaToken.getSecurityHelper()).getGroupMembership(sToken, principalNode);
+ while (roles.hasMoreElements()) {
+ String rolePath = (String)roles.nextElement();
+ String roleHref = contextPath+rolePath;
+ xmlValue.addHref(roleHref);
+ }
+ return xmlValue;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org