Author: dimuthul
Date: Thu Jan 3 23:53:26 2008
New Revision: 11832
Log:
Fixing two bugs for Registry.
Fix1 - Disallowing multiple Authorization Entries in the um_user_permission
table
Fix2 - Code copy error - getUserId instead of getRoleId.
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/readwrite/DefaultAccessControlAdmin.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/readwrite/DefaultAuthorizer.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/resources.properties
trunk/commons/usermanager/modules/core/src/test/java/org/wso2/usermanager/readwrite/DefaultRealmTest.java
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/readwrite/DefaultAccessControlAdmin.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/readwrite/DefaultAccessControlAdmin.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/readwrite/DefaultAccessControlAdmin.java
Thu Jan 3 23:53:26 2008
@@ -91,6 +91,13 @@
if (dbConnection == null) {
throw new UserManagerException("null_connection");
}
+
+ PreparedStatement clearUPStmt = dbConnection
+
.prepareStatement(data.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_USER_PERMISSION));
+ clearUPStmt.setString(1, userId);
+ clearUPStmt.setString(2, permissionId);
+ clearUPStmt.executeUpdate();
+
PreparedStatement addUserPermissionStmt = dbConnection
.prepareStatement(data.getAccessControlAdminSQL(DefaultRealmConstants.ADD_USER_PERMISSION));
addUserPermissionStmt.setString(1, permissionId);
@@ -100,6 +107,7 @@
addUserPermissionStmt.executeUpdate();
dbConnection.commit();
addUserPermissionStmt.close();
+ clearUPStmt.close();
} catch (SQLException e) {
log.debug(e);
throw new UserManagerException("errorModifyingUserStore", e);
@@ -132,6 +140,12 @@
if (dbConnection == null) {
throw new UserManagerException("null_connection");
}
+ PreparedStatement deleteRolesStmt = dbConnection
+
.prepareStatement(data.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_ROLE_PERMISSION));
+ deleteRolesStmt.setString(1, roleId);
+ deleteRolesStmt.setString(2, permissionId);
+ deleteRolesStmt.executeUpdate();
+
PreparedStatement addRolePermissionStmt = dbConnection
.prepareStatement(data.getAccessControlAdminSQL(DefaultRealmConstants.ADD_ROLE_PERMISSION));
addRolePermissionStmt.setString(1, permissionId);
@@ -141,6 +155,7 @@
addRolePermissionStmt.executeUpdate();
dbConnection.commit();
addRolePermissionStmt.close();
+ deleteRolesStmt.close();
} catch (SQLException e) {
log.debug(e);
throw new UserManagerException("errorModifyingUserStore", e);
@@ -157,8 +172,9 @@
public void denyRole(String roleName, String resourceId, String action)
throws UserManagerException {
+
String roleId = data.getRoleId(roleName);
-
+
if (roleId == null) {
throw new UserManagerException("nullRole");
}
@@ -172,6 +188,14 @@
if (dbConnection == null) {
throw new UserManagerException("null_connection");
}
+ // There can be only one permission for a role and a permission
+ PreparedStatement deleteRolesStmt = dbConnection
+
.prepareStatement(data.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_ROLE_PERMISSION));
+ deleteRolesStmt.setString(1, roleId);
+ deleteRolesStmt.setString(2, permissionId);
+ deleteRolesStmt.executeUpdate();
+
+
PreparedStatement addRolePermissionStmt = dbConnection
.prepareStatement(data.getAccessControlAdminSQL(DefaultRealmConstants.ADD_ROLE_PERMISSION));
addRolePermissionStmt.setString(1, permissionId);
@@ -181,6 +205,7 @@
addRolePermissionStmt.executeUpdate();
dbConnection.commit();
addRolePermissionStmt.close();
+ deleteRolesStmt.close();
} catch (SQLException e) {
log.debug(e);
throw new UserManagerException("errorModifyingUserStore", e);
@@ -216,7 +241,7 @@
throw new UserManagerException("nullData");
}
- String rid = data.getUserId(roleName);
+ String rid = data.getRoleId(roleName);
PreparedStatement deleteRolesStmt = dbConnection
.prepareStatement(data.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_ROLE_PERMISSION));
@@ -392,6 +417,14 @@
if (dbConnection == null) {
throw new UserManagerException("null_connection");
}
+
+ PreparedStatement clearUPStmt = dbConnection
+
.prepareStatement(data.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_USER_PERMISSION));
+ clearUPStmt.setString(1, userId);
+ clearUPStmt.setString(2, permissionId);
+ clearUPStmt.executeUpdate();
+
+
PreparedStatement addUserPermissionStmt = dbConnection
.prepareStatement(data.getAccessControlAdminSQL(DefaultRealmConstants.ADD_USER_PERMISSION));
addUserPermissionStmt.setString(1, permissionId);
@@ -401,6 +434,7 @@
addUserPermissionStmt.executeUpdate();
dbConnection.commit();
addUserPermissionStmt.close();
+ clearUPStmt.close();
} catch (SQLException e) {
log.debug(e);
throw new UserManagerException("errorModifyingUserStore", e);
@@ -473,7 +507,8 @@
}
-
+
+
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/readwrite/DefaultAuthorizer.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/readwrite/DefaultAuthorizer.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/readwrite/DefaultAuthorizer.java
Thu Jan 3 23:53:26 2008
@@ -268,8 +268,8 @@
isRoleAuthorizedStmt.setString(3, roleName);
ResultSet rs = isRoleAuthorizedStmt.executeQuery();
if (rs.next()) {
- isAuthorized = Boolean.valueOf(rs
-
.getBoolean(data.getColumnName(DefaultRealmConstants.COLUMN_ID_IS_ALLOWED)));
+ boolean isAuth
=rs.getBoolean(data.getColumnName(DefaultRealmConstants.COLUMN_ID_IS_ALLOWED));
+ isAuthorized = Boolean.valueOf(isAuth);
}
isRoleAuthorizedStmt.close();
} catch (SQLException e) {
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/resources.properties
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/resources.properties
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/resources.properties
Thu Jan 3 23:53:26 2008
@@ -26,6 +26,9 @@
unAuthorized = User is unauthorized to perform the action
authorizerNullatAuthorizer = Authorizer is null at AuthorizingRealm. This
cannot be
errorClosingConnection = Error closing connection!
+oldPasswordIncorrect = Cannot update password of user. Invalid user name
password!
+nullRealm = Null Realm not permitted.
+verifierUserDatabaseInit = Cannot create the Email Verifier Database
#validation errors
jdbcConfigValidation = UserTable, UserNameColumn, UserCredentialColumn,
ConnectionURL cannot be null or empty
acegiConfigValidation = AuthProviderId, AuthenticationProviderBeanMappingFile
cannot be null or empty
@@ -36,5 +39,4 @@
dbCreationNotSupported = Database creation not supported for this driver
nullConnection = Cannot get connection. Contact Administrator
unableToResetPool = Unable to reset realm. There are people holding instances
of PoolManager
-oldPasswordIncorrect = Cannot update password of user. Invalid user name
password!
-nullRealm = Null Realm not permitted.
\ No newline at end of file
+
Modified:
trunk/commons/usermanager/modules/core/src/test/java/org/wso2/usermanager/readwrite/DefaultRealmTest.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/test/java/org/wso2/usermanager/readwrite/DefaultRealmTest.java
(original)
+++
trunk/commons/usermanager/modules/core/src/test/java/org/wso2/usermanager/readwrite/DefaultRealmTest.java
Thu Jan 3 23:53:26 2008
@@ -154,7 +154,7 @@
String[] names = reader.getAllRoleNames();
TestCase.assertEquals(3, names.length);
- // addusertorole
+ // addusertorole
admin.addUserToRole("dimuthu", "admin");
admin.addUserToRole("dimuthu", "hora");
admin.addUserToRole("vajira", "admin");
@@ -181,6 +181,7 @@
+ reader.getUserRoles("dimuthu").length);
// restore stuff for further testing
+ //dimuthu is a admin.
admin.addRole("normal");
admin.addRole("hora");
admin.addUserToRole("dimuthu", "normal");
@@ -199,6 +200,7 @@
acAdmin.authorizeRole("admin", "server", "login");
acAdmin.authorizeUser("vajira", "floor", "dance");
acAdmin.denyUser("dimuthu", "denyResource", "deny");
+ acAdmin.authorizeRole("admin", "denyResource", "deny");
acAdmin.denyRole("admin", "denyResource", "deny");
TestCase
@@ -230,12 +232,16 @@
"deny");
TestCase.assertEquals(1,deniedUsers.length);
+ TestCase.assertTrue(athzr
+ .isRoleAuthorized("admin", "server", "login"));
acAdmin.clearRoleAuthorization("admin", "server", "login");
TestCase.assertFalse(athzr
- .isUserAuthorized("dimuthu", "floor", "dance"));
+ .isRoleAuthorized("admin", "server", "login"));
+
TestCase.assertTrue(athzr.isUserAuthorized("vajira", "floor",
"dance"));
+
acAdmin.authorizeUser("juhia", "floor", "dance");
TestCase.assertTrue(authen.authenticate("dimuthu", "password"));
TestCase
_______________________________________________
Commons-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/commons-dev
