You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2002/06/20 03:17:40 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine TurbineGroupManagement.java TurbinePermissionManagement.java TurbineRoleManagement.java
taylor 2002/06/19 18:17:40
Modified: src/java/org/apache/jetspeed/modules/actions/portlets/security
Tag: security_14 RoleBrowserAction.java
RolePermissionUpdateAction.java
src/java/org/apache/jetspeed/services/security/turbine Tag:
security_14 TurbineGroupManagement.java
TurbinePermissionManagement.java
TurbineRoleManagement.java
Log:
Added cascade deletes as part of a transaction in
1. TurbineGroupManagement.removeGroup()
2. TurbinePermissionManagement.removePermission()
3. TurbineRoleManagement.removeRole()
Removed unnecessary turbine imports
Changed buildRolePermissionContext() in RolePermissionUpdateAction.java
Revision Changes Path
No revision
No revision
1.5.2.2 +1 -3 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java
Index: RoleBrowserAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- RoleBrowserAction.java 17 Jun 2002 21:27:01 -0000 1.5.2.1
+++ RoleBrowserAction.java 20 Jun 2002 01:17:39 -0000 1.5.2.2
@@ -67,12 +67,10 @@
// jetspeed om
-import org.apache.jetspeed.om.security.Role;
import org.apache.jetspeed.om.security.JetspeedUser;
// jetspeed services
import org.apache.jetspeed.services.JetspeedSecurity;
-import org.apache.jetspeed.services.security.RoleException;
import org.apache.jetspeed.services.resources.JetspeedResources;
// jetspeed velocity
1.4.2.3 +26 -25 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RolePermissionUpdateAction.java
Index: RolePermissionUpdateAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RolePermissionUpdateAction.java,v
retrieving revision 1.4.2.2
retrieving revision 1.4.2.3
diff -u -r1.4.2.2 -r1.4.2.3
--- RolePermissionUpdateAction.java 19 Jun 2002 21:41:24 -0000 1.4.2.2
+++ RolePermissionUpdateAction.java 20 Jun 2002 01:17:39 -0000 1.4.2.3
@@ -56,6 +56,8 @@
// java util
import java.util.Vector;
+import java.util.List;
+import java.util.Iterator;
// velocity
import org.apache.velocity.context.Context;
@@ -210,9 +212,8 @@
try
{
- Permission[] permissions =
- (Permission[])rundata.getUser().getTemp(SecurityConstants.CONTEXT_PERMISSIONS);
- Vector selected = (Vector)rundata.getUser().getTemp(SecurityConstants.CONTEXT_SELECTED);
+ List permissions = (List)rundata.getUser().getTemp(SecurityConstants.CONTEXT_PERMISSIONS);
+ List selected = (List)rundata.getUser().getTemp(SecurityConstants.CONTEXT_SELECTED);
if (permissions == null || selected == null)
{
@@ -227,21 +228,22 @@
// walk thru all the permissions, see if anything changed
// if changed, update the database
//
- for (int ix = 0; ix < permissions.length; ix++)
+ for (int ix = 0; ix < permissions.size(); ix++)
{
- boolean newValue = rundata.getParameters().getBoolean("box_" + permissions[ix].getName(), false);
- boolean oldValue = ((Boolean)selected.elementAt(ix + 1)).booleanValue();
+ String permissionName = ((Permission)permissions.get(ix)).getName();
+ boolean newValue = rundata.getParameters().getBoolean("box_" + permissionName, false);
+ boolean oldValue = ((Boolean)selected.get(ix + 1)).booleanValue();
if (newValue != oldValue)
{
if (newValue == true)
{
// grant a permission to a role
- // TODO - CONVERT: JetspeedSecurity.grant( role, permissions[ix] );
+ JetspeedSecurity.grantPermission(role.getName(), permissionName);
}
else
{
// revoke a permission from a role
- // TODO - CONVETRT: JetspeedSecurity.revoke( role, permissions[ix] );
+ JetspeedSecurity.revokePermission(role.getName(), permissionName);
}
}
}
@@ -284,10 +286,8 @@
String roleName)
throws JetspeedSecurityException
{
- /*
- // get master list of roles
- Criteria criteria = new Criteria();
- PermissionSet master = JetspeedSecurity.getPermissions(criteria);
+ // get master list of permissions
+ Iterator master = JetspeedSecurity.getPermissions();
// get the user object
Role role = JetspeedSecurity.getRole(roleName);
@@ -299,28 +299,29 @@
}
// get the permissions for this particular role
- PermissionSet subset = JetspeedSecurity.getPermissions(role);
+ Iterator subset = JetspeedSecurity.getPermissions(roleName);
- Permission[] permissions = master.getPermissionsArray();
- Vector selected = new Vector(master.size()+1);
-
- selected.add(0, new Boolean(false));
+ Vector permissions = new Vector();
+ Vector selected = new Vector();
boolean sel = false;
- for ( int ix = 0; ix < permissions.length; ix++ )
+ int ix = 0;
+ selected.add(0, new Boolean(sel));
+ while(master.hasNext())
{
- if (null != subset)
- sel = subset.contains(permissions[ix].getName());
- else
- sel = false;
- selected.add(ix + 1, new Boolean(sel));
+ Permission permission = (Permission) master.next();
+ permissions.add(permission);
+ sel = JetspeedSecurity.hasPermission(roleName, permission.getName());
+ ix = ix + 1;
+ selected.add(ix, new Boolean(sel));
}
+ selected.trimToSize();
+ permissions.trimToSize();
rundata.getUser().setTemp(SecurityConstants.CONTEXT_PERMISSIONS, permissions);
rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, selected);
context.put(SecurityConstants.CONTEXT_PERMISSIONS, permissions);
context.put(SecurityConstants.CONTEXT_SELECTED, selected);
context.put(SecurityConstants.CONTEXT_ROLE, role);
- */
}
No revision
No revision
1.1.2.5 +66 -44 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineGroupManagement.java
Index: TurbineGroupManagement.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineGroupManagement.java,v
retrieving revision 1.1.2.4
retrieving revision 1.1.2.5
diff -u -r1.1.2.4 -r1.1.2.5
--- TurbineGroupManagement.java 19 Jun 2002 05:14:12 -0000 1.1.2.4
+++ TurbineGroupManagement.java 20 Jun 2002 01:17:39 -0000 1.1.2.5
@@ -60,7 +60,6 @@
import javax.servlet.ServletConfig;
-
// Jetspeed Security
import org.apache.jetspeed.services.security.GroupManagement;
@@ -97,13 +96,16 @@
// Torque
import org.apache.torque.util.Criteria;
import org.apache.torque.om.NumberKey;
+import org.apache.torque.Torque;
+import org.apache.torque.TorqueException;
+import org.apache.torque.pool.DBConnection;
// Rundata
import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
import org.apache.turbine.services.rundata.RunDataService;
-// Turbine
+// Turbine
import org.apache.turbine.util.Log;
import org.apache.turbine.services.TurbineBaseService;
import org.apache.turbine.services.TurbineServices;
@@ -111,21 +113,23 @@
import org.apache.turbine.services.resources.ResourceService;
/**
- * Default Jetspeed-Turbine Group Management implementation
+ * Default Jetspeed-Turbine Group Management implementation
+ *
*
- *
* @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
* @version $Id$
*/
public class TurbineGroupManagement extends TurbineBaseService
- implements GroupManagement
+ implements GroupManagement
{
private JetspeedRunDataService runDataService = null;
private final static String CONFIG_DEFAULT_ROLE = "role.default";
-
String defaultRole = "user";
+ private final static String CASCADE_DELETE = "programmatic.cascade.delete";
+ private final static boolean DEFAULT_CASCADE_DELETE = true;
+ private boolean cascadeDelete;
///////////////////////////////////////////////////////////////////////////
// Group Management Interfaces
@@ -133,14 +137,14 @@
/**
* Retrieves all <code>Group</code>s for a given username principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param username a user principal identity to be retrieved.
* @return Iterator over all groups associated to the user principal.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getGroups(String username)
throws JetspeedSecurityException
@@ -179,19 +183,19 @@
catch(Exception e)
{
throw new GroupException("Failed to retrieve groups ", e);
- }
- return groups.values().iterator();
+ }
+ return groups.values().iterator();
}
/**
* Retrieves all <code>Group</code>s.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @return Iterator over all groups.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getGroups()
throws JetspeedSecurityException
@@ -205,12 +209,12 @@
catch(Exception e)
{
throw new GroupException("Failed to retrieve groups ", e);
- }
- return groups.iterator();
+ }
+ return groups.iterator();
}
/**
- * Adds a <code>Group</code> into permanent storage.
+ * Adds a <code>Group</code> into permanent storage.
*
* The security service can throw a <code>NotUniqueEntityException</code> when the public
* credentials fail to meet the security provider-specific unique constraints.
@@ -218,16 +222,16 @@
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure.
- * @exception NotUniqueEntityException when the public credentials fail to meet
+ * @exception NotUniqueEntityException when the public credentials fail to meet
* the security provider-specific unique constraints.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void addGroup(Group group)
throws JetspeedSecurityException
{
if(groupExists(group.getName()))
{
- throw new GroupException("The group '" +
+ throw new GroupException("The group '" +
group.getName() + "' already exists");
}
@@ -291,7 +295,7 @@
}
/**
- * Saves a <code>Group</code> into permanent storage.
+ * Saves a <code>Group</code> into permanent storage.
*
* The security service can throw a <code>NotUniqueEntityException</code> when the public
* credentials fail to meet the security provider-specific unique constraints.
@@ -299,14 +303,14 @@
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void saveGroup(Group group)
throws JetspeedSecurityException
{
if(!groupExists(group.getName()))
{
- throw new GroupException("The group '" +
+ throw new GroupException("The group '" +
group.getName() + "' doesn't exists");
}
@@ -338,40 +342,57 @@
*
* @param groupname the principal identity of the group to be retrieved.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void removeGroup(String groupname)
throws JetspeedSecurityException
{
+ DBConnection conn = null;
try
{
+ conn = Torque.getConnection();
Group group = this.getGroup(groupname);
Criteria criteria = new Criteria();
criteria.add(TurbineGroupPeer.GROUP_NAME, groupname);
- PsmlManager.removeGroupDocuments(group);
-
- // TODO: CASCADE TURBINE_USER_GROUP_GROUP, TURBINE_GROUP_PERMISSION
+ if(cascadeDelete)
+ {
+ //CASCADE TURBINE_USER_GROUP_ROLE
+ Criteria criteria1 = new Criteria();
+ criteria1.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
+ TurbineUserGroupRolePeer.doDelete(criteria1, conn);
+ }
- TurbineGroupPeer.doDelete(criteria);
+ TurbineGroupPeer.doDelete(criteria, conn);
+ PsmlManager.removeGroupDocuments(group);
+ conn.commit();
}
catch(Exception e)
{
+ conn.rollback();
throw new GroupException("Failed to remove group '" +
groupname + "'", e);
}
+ finally
+ {
+ try
+ {
+ Torque.releaseConnection(conn);
+ }
+ catch (Exception e){}
+ }
}
/**
- * Join a user to a group.
+ * Join a user to a group.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void joinGroup(String username, String groupname)
throws JetspeedSecurityException
@@ -381,9 +402,9 @@
JetspeedUser user = JetspeedSecurity.getUser(username);
Group group = this.getGroup(groupname);
Role role = JetspeedSecurity.getRole(defaultRole);
-
+
Criteria criteria = new Criteria();
- criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
TurbineUserGroupRolePeer.doInsert(criteria);
@@ -401,7 +422,7 @@
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void unjoinGroup(String username, String groupname)
throws JetspeedSecurityException
@@ -413,7 +434,7 @@
Role role = JetspeedSecurity.getRole(defaultRole);
Criteria criteria = new Criteria();
- criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
TurbineUserGroupRolePeer.doDelete(criteria);
@@ -421,7 +442,7 @@
catch(Exception e)
{
throw new GroupException("Unjoin group '" + groupname + "' to user '" + username + "' failed: ", e);
- }
+ }
}
@@ -432,7 +453,7 @@
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public boolean inGroup(String username, String groupname)
throws JetspeedSecurityException
@@ -445,7 +466,7 @@
Group group = this.getGroup(groupname);
Criteria criteria = new Criteria();
- criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
groups = TurbineUserGroupRolePeer.doSelect(criteria);
@@ -461,14 +482,14 @@
/**
* Retrieves a single <code>Group</code> for a given groupname principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param groupname a group principal identity to be retrieved.
* @return Group the group record retrieved.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Group getGroup(String groupname)
throws JetspeedSecurityException
@@ -521,12 +542,12 @@
*
* @param groupName the name of the group to check for existence.
* @return true if the specified account exists
- * @throws GroupException if there was a general db access error
- *
+ * @throws GroupException if there was a general db access error
+ *
*/
protected boolean groupExists(String groupName)
throws GroupException
- {
+ {
Criteria criteria = new Criteria();
criteria.add(TurbineGroupPeer.GROUP_NAME, groupName);
Vector groups;
@@ -552,14 +573,14 @@
/**
- * This is the early initialization method called by the
+ * This is the early initialization method called by the
* Turbine <code>Service</code> framework
* @param conf The <code>ServletConfig</code>
* @exception throws a <code>InitializationException</code> if the service
* fails to initialize
*/
- public synchronized void init(ServletConfig conf)
- throws InitializationException
+ public synchronized void init(ServletConfig conf)
+ throws InitializationException
{
if (getInit()) return;
@@ -574,6 +595,7 @@
.getService(RunDataService.SERVICE_NAME);
defaultRole = serviceConf.getString(CONFIG_DEFAULT_ROLE, defaultRole);
+ cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE, DEFAULT_CASCADE_DELETE );
setInit(true);
}
1.1.2.3 +65 -40 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbinePermissionManagement.java
Index: TurbinePermissionManagement.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbinePermissionManagement.java,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- TurbinePermissionManagement.java 19 Jun 2002 05:14:12 -0000 1.1.2.2
+++ TurbinePermissionManagement.java 20 Jun 2002 01:17:39 -0000 1.1.2.3
@@ -89,13 +89,16 @@
// Torque
import org.apache.torque.util.Criteria;
import org.apache.torque.om.NumberKey;
+import org.apache.torque.Torque;
+import org.apache.torque.TorqueException;
+import org.apache.torque.pool.DBConnection;
// Rundata
import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
import org.apache.turbine.services.rundata.RunDataService;
-// Turbine
+// Turbine
import org.apache.turbine.util.Log;
import org.apache.turbine.services.TurbineBaseService;
import org.apache.turbine.services.TurbineServices;
@@ -103,17 +106,20 @@
import org.apache.turbine.services.resources.ResourceService;
/**
- * Default Jetspeed-Turbine Permission Management implementation
+ * Default Jetspeed-Turbine Permission Management implementation
+ *
*
- *
* @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
* @version $Id$
*/
public class TurbinePermissionManagement extends TurbineBaseService
- implements PermissionManagement
+ implements PermissionManagement
{
private JetspeedRunDataService runDataService = null;
+ private final static String CASCADE_DELETE = "programmatic.cascade.delete";
+ private final static boolean DEFAULT_CASCADE_DELETE = true;
+ private boolean cascadeDelete;
///////////////////////////////////////////////////////////////////////////
@@ -122,14 +128,14 @@
/**
* Retrieves all <code>Permission</code>s for a given rolename principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param rolename a role name identity to be retrieved.
* @return Iterator over all permissions associated to the role principal.
* @exception PermissionException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getPermissions(String rolename)
throws JetspeedSecurityException
@@ -168,19 +174,19 @@
catch(Exception e)
{
throw new PermissionException("Failed to retrieve permissions ", e);
- }
- return perms.values().iterator();
+ }
+ return perms.values().iterator();
}
/**
* Retrieves all <code>Permission</code>s.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @return Iterator over all permissions.
* @exception PermissionException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getPermissions()
throws JetspeedSecurityException
@@ -194,25 +200,25 @@
catch(Exception e)
{
throw new PermissionException("Failed to retrieve permissions ", e);
- }
- return permissions.iterator();
+ }
+ return permissions.iterator();
}
/**
- * Adds a <code>Permission</code> into permanent storage.
+ * Adds a <code>Permission</code> into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception PermissionException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void addPermission(Permission permission)
throws JetspeedSecurityException
{
if(permissionExists(permission.getName()))
{
- throw new PermissionException("The permission '" +
+ throw new PermissionException("The permission '" +
permission.getName() + "' already exists");
}
@@ -233,20 +239,20 @@
/**
- * Saves a <code>Permission</code> into permanent storage.
+ * Saves a <code>Permission</code> into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception PermissionException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void savePermission(Permission permission)
throws JetspeedSecurityException
{
if(!permissionExists(permission.getName()))
{
- throw new PermissionException("The permission '" +
+ throw new PermissionException("The permission '" +
permission.getName() + "' doesn't exists");
}
@@ -278,33 +284,51 @@
*
* @param permissionName the principal identity of the permission to be retrieved.
* @exception PermissionException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void removePermission(String permissionName)
throws JetspeedSecurityException
{
+ DBConnection conn = null;
try
{
+ conn = Torque.getConnection();
Permission permission = this.getPermission(permissionName);
Criteria criteria = new Criteria();
criteria.add(TurbinePermissionPeer.PERMISSION_NAME, permissionName);
+ if(cascadeDelete)
+ {
+ System.out.println("cascadeDelete is true");
+ // CASCADE to TURBINE_ROLE_PERMISSION
+ Criteria critRolePerm = new Criteria();
+ critRolePerm.add(TurbineRolePermissionPeer.PERMISSION_ID, permission.getId());
+ TurbineRolePermissionPeer.doDelete(critRolePerm, conn);
+ }
- // TODO: CASCADE to ROLE_PERMISSION
-
- TurbinePermissionPeer.doDelete(criteria);
+ TurbinePermissionPeer.doDelete(criteria, conn);
+ conn.commit();
}
catch(Exception e)
{
+ conn.rollback();
throw new PermissionException("Failed to remove permission '" +
permissionName + "'", e);
}
+ finally
+ {
+ try
+ {
+ Torque.releaseConnection(conn);
+ }
+ catch (Exception e){}
+ }
}
/**
- * Grants a permission to a role.
+ * Grants a permission to a role.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
@@ -312,7 +336,7 @@
* @param roleName grant a permission to this role.
* @param permissionName the permission to grant to the role.
* @exception PermissionException when the security provider has a general failure retrieving permissions.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void grantPermission(String roleName, String permissionName)
throws JetspeedSecurityException
@@ -321,7 +345,7 @@
{
Role role = JetspeedSecurity.getRole(roleName);
Permission permission = this.getPermission(permissionName);
-
+
Criteria criteria = new Criteria();
criteria.add(TurbineRolePermissionPeer.ROLE_ID, role.getId());
criteria.add(TurbineRolePermissionPeer.PERMISSION_ID, permission.getId());
@@ -334,15 +358,15 @@
}
/**
- * Revokes a permission from a role.
+ * Revokes a permission from a role.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param roleName grant a permission to this role.
- * @param permissionName the permission to grant to the role.
+ * @param permissionName the permission to grant to the role.
* @exception PermissionException when the security provider has a general failure retrieving permissions.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void revokePermission(String roleName, String permissionName)
throws JetspeedSecurityException
@@ -360,7 +384,7 @@
catch(Exception e)
{
throw new PermissionException("Revoke permission '" + permissionName + "' to role '" + roleName + "' failed: ", e);
- }
+ }
}
@@ -371,9 +395,9 @@
* to determine if the requestor has permission to perform this action.
*
* @param roleName grant a permission to this role.
- * @param permissionName the permission to grant to the role.
+ * @param permissionName the permission to grant to the role.
* @exception PermissionException when the security provider has a general failure retrieving permissions.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public boolean hasPermission(String roleName, String permissionName)
throws JetspeedSecurityException
@@ -402,14 +426,14 @@
/**
* Retrieves a single <code>Permission</code> for a given permissionName principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param permissionName a permission principal identity to be retrieved.
* @return Permission the permission record retrieved.
* @exception PermissionException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Permission getPermission(String permissionName)
throws JetspeedSecurityException
@@ -462,12 +486,12 @@
*
* @param permissionName the name of the permission to check for existence.
* @return true if the specified account exists
- * @throws PermissionException if there was a general db access error
- *
+ * @throws PermissionException if there was a general db access error
+ *
*/
protected boolean permissionExists(String permissionName)
throws PermissionException
- {
+ {
Criteria criteria = new Criteria();
criteria.add(TurbinePermissionPeer.PERMISSION_NAME, permissionName);
Vector permissions;
@@ -493,14 +517,14 @@
/**
- * This is the early initialization method called by the
+ * This is the early initialization method called by the
* Turbine <code>Service</code> framework
* @param conf The <code>ServletConfig</code>
* @exception throws a <code>InitializationException</code> if the service
* fails to initialize
*/
- public synchronized void init(ServletConfig conf)
- throws InitializationException
+ public synchronized void init(ServletConfig conf)
+ throws InitializationException
{
if (getInit()) return;
@@ -514,6 +538,7 @@
(JetspeedRunDataService)TurbineServices.getInstance()
.getService(RunDataService.SERVICE_NAME);
+ cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE, DEFAULT_CASCADE_DELETE );
setInit(true);
}
1.1.2.6 +70 -41 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineRoleManagement.java
Index: TurbineRoleManagement.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineRoleManagement.java,v
retrieving revision 1.1.2.5
retrieving revision 1.1.2.6
diff -u -r1.1.2.5 -r1.1.2.6
--- TurbineRoleManagement.java 19 Jun 2002 05:14:12 -0000 1.1.2.5
+++ TurbineRoleManagement.java 20 Jun 2002 01:17:39 -0000 1.1.2.6
@@ -85,6 +85,7 @@
// Jetspeed Database OM
import org.apache.jetspeed.om.security.turbine.TurbineRole;
import org.apache.jetspeed.om.security.turbine.TurbineRolePeer;
+import org.apache.jetspeed.om.security.turbine.TurbineRolePermissionPeer;
import org.apache.jetspeed.om.security.turbine.TurbineUserGroupRole;
import org.apache.jetspeed.om.security.turbine.TurbineUserGroupRolePeer;
@@ -97,13 +98,16 @@
// Torque
import org.apache.torque.util.Criteria;
import org.apache.torque.om.NumberKey;
+import org.apache.torque.Torque;
+import org.apache.torque.TorqueException;
+import org.apache.torque.pool.DBConnection;
// Rundata
import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
import org.apache.turbine.services.rundata.RunDataService;
-// Turbine
+// Turbine
import org.apache.turbine.util.Log;
import org.apache.turbine.services.TurbineBaseService;
import org.apache.turbine.services.TurbineServices;
@@ -111,17 +115,20 @@
import org.apache.turbine.services.resources.ResourceService;
/**
- * Default Jetspeed-Turbine Role Management implementation
+ * Default Jetspeed-Turbine Role Management implementation
+ *
*
- *
* @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
* @version $Id$
*/
public class TurbineRoleManagement extends TurbineBaseService
- implements RoleManagement
+ implements RoleManagement
{
private JetspeedRunDataService runDataService = null;
+ private final static String CASCADE_DELETE = "programmatic.cascade.delete";
+ private final static boolean DEFAULT_CASCADE_DELETE = true;
+ private boolean cascadeDelete;
///////////////////////////////////////////////////////////////////////////
@@ -130,14 +137,14 @@
/**
* Retrieves all <code>Role</code>s for a given username principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param username a user principal identity to be retrieved.
* @return Iterator over all roles associated to the user principal.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getRoles(String username)
throws JetspeedSecurityException
@@ -176,19 +183,19 @@
catch(Exception e)
{
throw new RoleException("Failed to retrieve roles ", e);
- }
- return roles.values().iterator();
+ }
+ return roles.values().iterator();
}
/**
* Retrieves all <code>Role</code>s.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @return Iterator over all roles.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getRoles()
throws JetspeedSecurityException
@@ -202,25 +209,25 @@
catch(Exception e)
{
throw new RoleException("Failed to retrieve roles ", e);
- }
- return roles.iterator();
+ }
+ return roles.iterator();
}
/**
- * Adds a <code>Role</code> into permanent storage.
+ * Adds a <code>Role</code> into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void addRole(Role role)
throws JetspeedSecurityException
{
if(roleExists(role.getName()))
{
- throw new RoleException("The role '" +
+ throw new RoleException("The role '" +
role.getName() + "' already exists");
}
@@ -284,7 +291,7 @@
}
/**
- * Saves a <code>Role</code> into permanent storage.
+ * Saves a <code>Role</code> into permanent storage.
*
* The security service can throw a <code>NotUniqueEntityException</code> when the public
* credentials fail to meet the security provider-specific unique constraints.
@@ -292,14 +299,14 @@
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void saveRole(Role role)
throws JetspeedSecurityException
{
if(!roleExists(role.getName()))
{
- throw new RoleException("The role '" +
+ throw new RoleException("The role '" +
role.getName() + "' doesn't exists");
}
@@ -331,40 +338,61 @@
*
* @param rolename the principal identity of the role to be retrieved.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void removeRole(String rolename)
throws JetspeedSecurityException
{
+ DBConnection conn = null;
try
{
+ conn = Torque.getConnection();
Role role = this.getRole(rolename);
Criteria criteria = new Criteria();
criteria.add(TurbineRolePeer.ROLE_NAME, rolename);
- PsmlManager.removeRoleDocuments(role);
-
- // TODO: CASCADE TURBINE_USER_GROUP_ROLE, TURBINE_ROLE_PERMISSION
+ if(cascadeDelete)
+ {
+ // CASCADE TURBINE_USER_GROUP_ROLE, TURBINE_ROLE_PERMISSION
+ Criteria criteria1 = new Criteria();
+ criteria1.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
+ TurbineUserGroupRolePeer.doDelete(criteria1, conn);
+
+ Criteria criteria2 = new Criteria();
+ criteria2.add(TurbineRolePermissionPeer.ROLE_ID, role.getId());
+ TurbineRolePermissionPeer.doDelete(criteria2, conn);
+ }
- TurbineRolePeer.doDelete(criteria);
+ TurbineRolePeer.doDelete(criteria, conn);
+ PsmlManager.removeRoleDocuments(role);
+ conn.commit();
}
catch(Exception e)
{
+ conn.rollback();
throw new RoleException("Failed to remove role '" +
rolename + "'", e);
}
+ finally
+ {
+ try
+ {
+ Torque.releaseConnection(conn);
+ }
+ catch (Exception e){}
+ }
}
/**
- * Grants a role to a user.
+ * Grants a role to a user.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void grantRole(String username, String rolename)
throws JetspeedSecurityException
@@ -373,9 +401,9 @@
{
JetspeedUser user = JetspeedSecurity.getUser(username);
Role role = this.getRole(rolename);
-
+
Criteria criteria = new Criteria();
- criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
criteria.add(TurbineUserGroupRolePeer.GROUP_ID, JetspeedSecurity.JETSPEED_GROUP_ID);
criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
TurbineUserGroupRolePeer.doInsert(criteria);
@@ -387,13 +415,13 @@
}
/**
- * Revokes a role from a user.
+ * Revokes a role from a user.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void revokeRole(String username, String rolename)
throws JetspeedSecurityException
@@ -404,7 +432,7 @@
Role role = this.getRole(rolename);
Criteria criteria = new Criteria();
- criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
criteria.add(TurbineUserGroupRolePeer.GROUP_ID, JetspeedSecurity.JETSPEED_GROUP_ID);
criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
TurbineUserGroupRolePeer.doDelete(criteria);
@@ -423,7 +451,7 @@
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public boolean hasRole(String username, String rolename)
throws JetspeedSecurityException
@@ -436,7 +464,7 @@
Role role = this.getRole(rolename);
Criteria criteria = new Criteria();
- criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
criteria.add(TurbineUserGroupRolePeer.GROUP_ID, JetspeedSecurity.JETSPEED_GROUP_ID);
criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
roles = TurbineUserGroupRolePeer.doSelect(criteria);
@@ -453,14 +481,14 @@
/**
* Retrieves a single <code>Role</code> for a given rolename principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param rolename a role principal identity to be retrieved.
* @return Role the role record retrieved.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Role getRole(String rolename)
throws JetspeedSecurityException
@@ -513,12 +541,12 @@
*
* @param roleName the name of the role to check for existence.
* @return true if the specified account exists
- * @throws RoleException if there was a general db access error
- *
+ * @throws RoleException if there was a general db access error
+ *
*/
protected boolean roleExists(String roleName)
throws RoleException
- {
+ {
Criteria criteria = new Criteria();
criteria.add(TurbineRolePeer.ROLE_NAME, roleName);
Vector roles;
@@ -544,14 +572,14 @@
/**
- * This is the early initialization method called by the
+ * This is the early initialization method called by the
* Turbine <code>Service</code> framework
* @param conf The <code>ServletConfig</code>
* @exception throws a <code>InitializationException</code> if the service
* fails to initialize
*/
- public synchronized void init(ServletConfig conf)
- throws InitializationException
+ public synchronized void init(ServletConfig conf)
+ throws InitializationException
{
if (getInit()) return;
@@ -565,6 +593,7 @@
(JetspeedRunDataService)TurbineServices.getInstance()
.getService(RunDataService.SERVICE_NAME);
+ cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE, DEFAULT_CASCADE_DELETE );
setInit(true);
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>