Update of
/var/cvs/contributions/CMSContainer/cmsc/portlets/src/java/com/finalist/cmsc/portlets
In directory
james.mmbase.org:/tmp/cvs-serv32624/cmsc/portlets/src/java/com/finalist/cmsc/portlets
Modified Files:
Tag: b1_5
CmscPortlet.java
Log Message:
CMSC-1138 There was no way at all to authorize access to portlet editing modi.
See also:
http://cvs.mmbase.org/viewcvs/contributions/CMSContainer/cmsc/portlets/src/java/com/finalist/cmsc/portlets
See also: http://www.mmbase.org/jira/browse/CMSC-1138
Index: CmscPortlet.java
===================================================================
RCS file:
/var/cvs/contributions/CMSContainer/cmsc/portlets/src/java/com/finalist/cmsc/portlets/CmscPortlet.java,v
retrieving revision 1.24
retrieving revision 1.24.2.1
diff -u -b -r1.24 -r1.24.2.1
--- CmscPortlet.java 29 Jul 2008 21:28:02 -0000 1.24
+++ CmscPortlet.java 6 Nov 2008 08:51:21 -0000 1.24.2.1
@@ -77,52 +77,98 @@
}
/**
+ * Answers whether the given [EMAIL PROTECTED] PortletMode} is restricted
for this [EMAIL PROTECTED] Portlet} instance.
+ * If a certain mode is restricted, an authorized user is required to
continue the request.
+ *
+ * @param mode
+ * the mode to check
+ * @return <code>true</code> if the given mode is restricted,
<code>false</code> otherwise.
+ */
+ protected boolean isRestrictedPortletMode(PortletMode mode) {
+ return mode == null || PortletMode.EDIT.equals(mode)
+ || CmscPortletMode.EDIT_DEFAULTS.equals(mode);
+ }
+
+ /**
+ * Answers whether the given [EMAIL PROTECTED] PortletRequest} is allowed.
A request is allowed if:
+ * <ol>
+ * <li>it's [EMAIL PROTECTED] PortletMode} is not restricted. See also
+ * [EMAIL PROTECTED] #isRestrictedPortletMode(PortletMode)}.</li>
+ * <li>it's [EMAIL PROTECTED] PortletMode} is restricted and the current
user is allowed to request the
+ * portlet in that mode.</li>
+ * </ol>
+ * Subclasses may override this method for different behavior.
+ *
+ * @param request
+ * the request to check
+ * @return <code>true</code> if the request is allowed, <code>false</code>
otherwise.
+ */
+ protected boolean isRequestAllowed(PortletRequest request) {
+ // TODO Move to a service?
+
+ PortletMode mode = request.getPortletMode();
+ if (isRestrictedPortletMode(mode)) {
+
+ Cloud cloud = CloudUtil.getCloudFromThread();
+ if (cloud != null) {
+ Node userNode = SecurityUtil.getUserNode(cloud);
+ if (userNode != null) {
+ return SecurityUtil.isLoggedInUser(cloud, userNode);
+ }
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+
+ /*
* @see
javax.portlet.GenericPortlet#processAction(javax.portlet.ActionRequest,
* javax.portlet.ActionResponse)
*/
@Override
- public void processAction(ActionRequest req, ActionResponse res) throws
PortletException,
- IOException {
+ public void processAction(ActionRequest req, ActionResponse res) throws
PortletException, IOException {
if (getLogger().isDebugEnabled()) {
getLogger().debug("===> process " + getPortletName() + " mode = " +
req.getPortletMode());
}
+
+ if (isRequestAllowed(req)) {
+
PortletMode mode = req.getPortletMode();
if (mode.equals(PortletMode.VIEW)) {
processView(req, res);
}
- else
- if (mode.equals(CmscPortletMode.ABOUT)) {
+ else if (mode.equals(CmscPortletMode.ABOUT)) {
processAbout(req, res);
}
- else
- if (mode.equals(CmscPortletMode.CONFIG)) {
+ else if (mode.equals(CmscPortletMode.CONFIG)) {
processConfig(req, res);
}
- else
- if (mode.equals(PortletMode.EDIT)) {
+ else if (mode.equals(PortletMode.EDIT)) {
processEdit(req, res);
}
- else
- if (mode.equals(CmscPortletMode.EDIT_DEFAULTS)) {
+ else if (mode.equals(CmscPortletMode.EDIT_DEFAULTS)) {
processEditDefaults(req, res);
}
- else
- if (mode.equals(PortletMode.HELP)) {
+ else if (mode.equals(PortletMode.HELP)) {
processHelp(req, res);
}
- else
- if (mode.equals(CmscPortletMode.PREVIEW)) {
+ else if (mode.equals(CmscPortletMode.PREVIEW)) {
processPreview(req, res);
}
- else
- if (mode.equals(CmscPortletMode.PRINT)) {
+ else if (mode.equals(CmscPortletMode.PRINT)) {
processPrint(req, res);
}
else {
throw new PortletException(mode.toString());
}
}
+ else {
+ getLogger().warn("Prevented unauthorised access to portlet: " +
getPortletName());
+ }
+ }
public void processPrint(ActionRequest req, ActionResponse res) throws
PortletException,
IOException {
@@ -192,13 +238,11 @@
// convenience method
}
- /**
- * @see javax.portlet.GenericPortlet#doDispatch(javax.portlet.RenderRequest,
- * javax.portlet.RenderResponse)
+ /*
+ * @see
javax.portlet.GenericPortlet#doDispatch(javax.portlet.RenderRequest,
javax.portlet.RenderResponse)
*/
@Override
- protected void doDispatch(RenderRequest req, RenderResponse res) throws
IOException,
- PortletException {
+ protected void doDispatch(RenderRequest req, RenderResponse res) throws
IOException, PortletException {
if (getLogger().isDebugEnabled()) {
getLogger().debug(
@@ -206,6 +250,8 @@
+ req.getWindowState());
}
+ if (isRequestAllowed(req)) {
+
WindowState state = req.getWindowState();
if (!state.equals(WindowState.MINIMIZED)) {
@@ -214,32 +260,25 @@
if (mode.equals(PortletMode.VIEW)) {
doView(req, res);
}
- else
- if (mode.equals(CmscPortletMode.ABOUT)) {
+ else if (mode.equals(CmscPortletMode.ABOUT)) {
doAbout(req, res);
}
- else
- if (mode.equals(CmscPortletMode.CONFIG)) {
+ else if (mode.equals(CmscPortletMode.CONFIG)) {
doConfig(req, res);
}
- else
- if (mode.equals(PortletMode.EDIT)) {
+ else if (mode.equals(PortletMode.EDIT)) {
doEdit(req, res);
}
- else
- if (mode.equals(CmscPortletMode.EDIT_DEFAULTS)) {
+ else if (mode.equals(CmscPortletMode.EDIT_DEFAULTS)) {
doEditDefaults(req, res);
}
- else
- if (mode.equals(PortletMode.HELP)) {
+ else if (mode.equals(PortletMode.HELP)) {
doHelp(req, res);
}
- else
- if (mode.equals(CmscPortletMode.PREVIEW)) {
+ else if (mode.equals(CmscPortletMode.PREVIEW)) {
doPreview(req, res);
}
- else
- if (mode.equals(CmscPortletMode.PRINT)) {
+ else if (mode.equals(CmscPortletMode.PRINT)) {
doPrint(req, res);
}
else {
@@ -247,6 +286,10 @@
}
}
}
+ else {
+ getLogger().warn("Prevented unauthorised access to portlet: " +
getPortletName());
+ }
+ }
protected List<Locale> getLocales(RenderRequest request) {
PortletMode mode = request.getPortletMode();
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs