tdraier 2005/09/16 19:13:11 CEST
Modified files:
core/src/java/org/apache/slide/security
JahiaWebdavSecurity.java
core/src/java/org/apache/slide/webdav JahiaWebdavServlet.java
core/src/java/org/jahia/engines/filemanager
DAVFilemanager_Engine.java
core/src/java/org/jahia/services/webdav/stores
JahiaDescriptorsStore.java
core/src/java/org/jahia/services/webdav DAVFileAccess.java
HttpRequestWrapper.java
core/src/webapp/WEB-INF/etc/slide conf.xml data.xml
core/src/webapp/WEB-INF/var/db
default_corporate_portal_templates.values
default_corporate_portal_templates_postgres.values
core/src/webapp/jsp/jahia/engines/shared
embedded_flat_filemanager.jsp
Log:
updated role names to slide2,
added 403 error page when accessing slide files
Revision Changes Path
1.10 +10 -36
jahia/core/src/java/org/apache/slide/security/JahiaWebdavSecurity.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/apache/slide/security/JahiaWebdavSecurity.java.diff?r1=1.9&r2=1.10&f=h
1.9 +30 -8
jahia/core/src/java/org/apache/slide/webdav/JahiaWebdavServlet.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/apache/slide/webdav/JahiaWebdavServlet.java.diff?r1=1.8&r2=1.9&f=h
1.18 +3 -3
jahia/core/src/java/org/jahia/engines/filemanager/DAVFilemanager_Engine.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/engines/filemanager/DAVFilemanager_Engine.java.diff?r1=1.17&r2=1.18&f=h
1.23 +10 -4
jahia/core/src/java/org/jahia/services/webdav/DAVFileAccess.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/services/webdav/DAVFileAccess.java.diff?r1=1.22&r2=1.23&f=h
1.8 +0 -5
jahia/core/src/java/org/jahia/services/webdav/HttpRequestWrapper.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/services/webdav/HttpRequestWrapper.java.diff?r1=1.7&r2=1.8&f=h
1.11 +7 -7
jahia/core/src/java/org/jahia/services/webdav/stores/JahiaDescriptorsStore.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/services/webdav/stores/JahiaDescriptorsStore.java.diff?r1=1.10&r2=1.11&f=h
1.10 +3 -1 jahia/core/src/webapp/WEB-INF/etc/slide/conf.xml
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/webapp/WEB-INF/etc/slide/conf.xml.diff?r1=1.9&r2=1.10&f=h
1.6 +3 -3 jahia/core/src/webapp/WEB-INF/etc/slide/data.xml
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/webapp/WEB-INF/etc/slide/data.xml.diff?r1=1.5&r2=1.6&f=h
1.16 +2 -2
jahia/core/src/webapp/WEB-INF/var/db/default_corporate_portal_templates.values
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/webapp/WEB-INF/var/db/default_corporate_portal_templates.values.diff?r1=1.15&r2=1.16&f=h
1.5 +3 -3
jahia/core/src/webapp/WEB-INF/var/db/default_corporate_portal_templates_postgres.values
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/webapp/WEB-INF/var/db/default_corporate_portal_templates_postgres.values.diff?r1=1.4&r2=1.5&f=h
1.13 +0 -0
jahia/core/src/webapp/jsp/jahia/engines/shared/embedded_flat_filemanager.jsp
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/webapp/jsp/jahia/engines/shared/embedded_flat_filemanager.jsp.diff?r1=1.12&r2=1.13&f=h
Index: JahiaWebdavSecurity.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/apache/slide/security/JahiaWebdavSecurity.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- JahiaWebdavSecurity.java 30 Aug 2005 14:28:05 -0000 1.9
+++ JahiaWebdavSecurity.java 16 Sep 2005 17:13:08 -0000 1.10
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/repository/jahia/core/src/java/org/apache/slide/security/JahiaWebdavSecurity.java,v
1.9 2005/08/30 14:28:05 tdraier Exp $
- * $Revision: 1.9 $
- * $Date: 2005/08/30 14:28:05 $
+ * $Header:
/home/cvs/repository/jahia/core/src/java/org/apache/slide/security/JahiaWebdavSecurity.java,v
1.10 2005/09/16 17:13:08 tdraier Exp $
+ * $Revision: 1.10 $
+ * $Date: 2005/09/16 17:13:08 $
*
* ====================================================================
*
@@ -67,12 +67,11 @@
* Security helper.
*
* @author <a href="mailto:[EMAIL PROTECTED]">Remy Maucherat</a>
- * @version $Revision: 1.9 $
+ * @version $Revision: 1.10 $
*/
-public class JahiaWebdavSecurity implements Security {
+public class JahiaWebdavSecurity extends SecurityImpl {
private static final String LOG_CHANNEL = SecurityImpl.class.getName();
- protected Logger logger;
private static final String actions[] =
{"/actions/read","/actions/write","/actions/manage"};
@@ -92,37 +91,12 @@
}
public void init(Namespace namespace, NamespaceConfig namespaceConfig) {
- this.namespace = namespace;
- this.namespaceConfig = namespaceConfig;
- this.rolesCache = new Hashtable();
- aclInheritanceType = namespaceConfig.getAclInheritanceType();
- logger = namespace.getLogger();
+ super.init(namespace, namespaceConfig);
loadActionsCache(namespace, namespaceConfig);
}
// ----------------------------------------------------- Instance
Variables
-
- /**
- * Namespace.
- */
- protected Namespace namespace;
-
-
- /**
- * Namespace configuration.
- */
- protected NamespaceConfig namespaceConfig;
-
-
- /**
- * Roles cache.
- * Role name -> Role interface.
- */
- protected Hashtable rolesCache;
-
- protected int aclInheritanceType;
-
/**
* Cached all actions exsiting at namespace initialization
* and their aggregated actions
@@ -1306,15 +1280,15 @@
String subject = permission.getSubjectUri();
// translate special groups to slide roles
if
(("+/groups/"+JahiaGroupManagerService.GUEST_GROUPNAME+"/members").equals(subject))
{
- subject = "nobody";
+ subject = "all";
} else if
(("+/groups/"+JahiaGroupManagerService.ADMINISTRATORS_GROUPNAME+"/members").equals(subject))
{
subject = "root";
} else if
(("+/groups/"+JahiaGroupManagerService.USERS_GROUPNAME+"/members").equals(subject))
{
- subject = "user";
+ subject = "authenticated";
} else if
(("/users/"+JahiaUserManagerService.GUEST_USERNAME).equals(subject)) {
- subject = "guest";
+ subject = "unauthenticated";
}
permission.setSubject(subject);
}
-}
+}
\ No newline at end of file
Index: JahiaWebdavServlet.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/apache/slide/webdav/JahiaWebdavServlet.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- JahiaWebdavServlet.java 22 Aug 2005 08:40:35 -0000 1.8
+++ JahiaWebdavServlet.java 16 Sep 2005 17:13:09 -0000 1.9
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/repository/jahia/core/src/java/org/apache/slide/webdav/JahiaWebdavServlet.java,v
1.8 2005/08/22 08:40:35 knguyen Exp $
- * $Revision: 1.8 $
- * $Date: 2005/08/22 08:40:35 $
+ * $Header:
/home/cvs/repository/jahia/core/src/java/org/apache/slide/webdav/JahiaWebdavServlet.java,v
1.9 2005/09/16 17:13:09 tdraier Exp $
+ * $Revision: 1.9 $
+ * $Date: 2005/09/16 17:13:09 $
*
* ====================================================================
*
@@ -67,7 +67,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">Remy Maucherat</a>
* @author Dirk Verbeeck
* @author <a href="mailto:[EMAIL PROTECTED]">Christopher Lenz</a>
- * @version $Revision: 1.8 $
+ * @version $Revision: 1.9 $
*/
public class JahiaWebdavServlet
extends HttpServlet {
@@ -295,8 +295,14 @@
SlideToken slideToken = new
SlideTokenWrapper(WebdavUtils.getSlideToken(req));
directoryIndexGenerator.generate(req, res, slideToken);
} catch (AccessDeniedException e) {
- res.addHeader("WWW-Authenticate", "BASIC realm=\"" +
((NamespaceAccessToken)
req.getAttribute(HttpRequestWrapper.TOKEN_ATTRIBUTE)).getName() + "\"");
- res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ if (req.getUserPrincipal() == null) {
+ res.addHeader("WWW-Authenticate", "BASIC realm=\"" +
((NamespaceAccessToken)
req.getAttribute(HttpRequestWrapper.TOKEN_ATTRIBUTE)).getName() + "\"");
+ res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ } else {
+ res.setStatus(WebdavStatus.SC_FORBIDDEN);
+ RequestDispatcher r =
req.getRequestDispatcher("/jsp/jahia/errors/error_403.jsp");
+ r.include(req,res);
+ }
} catch (ObjectNotFoundException e) {
res.sendError(WebdavStatus.SC_NOT_FOUND);
} catch (LinkedObjectNotFoundException e) {
@@ -306,7 +312,9 @@
}
}
} else {
- res.sendError(WebdavStatus.SC_FORBIDDEN);
+ res.setStatus(WebdavStatus.SC_FORBIDDEN);
+ RequestDispatcher r =
req.getRequestDispatcher("/jsp/jahia/errors/error_403.jsp");
+ r.include(req,res);
}
}
@@ -320,7 +328,21 @@
}
if (name.equals("GET")) {
- return new GetMethod(token, config);
+ return new GetMethod(token, config) {
+ protected void sendError( int statusCode, Throwable t ) {
+ if (statusCode == WebdavStatus.SC_FORBIDDEN) {
+ resp.setStatus(WebdavStatus.SC_FORBIDDEN);
+ RequestDispatcher r =
req.getRequestDispatcher("/jsp/jahia/errors/error_403.jsp");
+ try {
+ r.include(req,resp);
+ } catch (Exception e) {
+ super.sendError(statusCode, t);
+ }
+ } else {
+ super.sendError(statusCode, t);
+ }
+ }
+ };
} else if (name.equals("PROPFIND")) {
return new PropFindMethod(token, config);
} else if (name.equals("HEAD")) {
Index: DAVFilemanager_Engine.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/engines/filemanager/DAVFilemanager_Engine.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- DAVFilemanager_Engine.java 26 Aug 2005 14:54:33 -0000 1.17
+++ DAVFilemanager_Engine.java 16 Sep 2005 17:13:09 -0000 1.18
@@ -854,14 +854,14 @@
permissions |= getPermissionsAsInt (s, 2, writePerms);
permissions |= getPermissionsAsInt (s, 4, adminPerms);
- if (s.equals ("nobody")) {
+ if (s.equals ("nobody") || s.equals ("all")) {
s = "+/groups/" + JahiaGroupManagerService.GUEST_GROUPNAME +
"/members";
} else if (s.equals ("root")) {
s = "+/groups/" +
JahiaGroupManagerService.ADMINISTRATORS_GROUPNAME +
"/members";
- } else if (s.equals ("user")) {
+ } else if (s.equals ("user") || s.equals ("authenticated")) {
s = "+/groups/" + JahiaGroupManagerService.USERS_GROUPNAME +
"/members";
- } else if (s.equals ("guest")) {
+ } else if (s.equals ("guest") || s.equals ("unauthenticated")) {
s = "/users/" + JahiaUserManagerService.GUEST_USERNAME +
"/members";
}
if (s.startsWith ("+/groups/")) {
Index: JahiaDescriptorsStore.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/services/webdav/stores/JahiaDescriptorsStore.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- JahiaDescriptorsStore.java 24 Aug 2005 16:25:15 -0000 1.10
+++ JahiaDescriptorsStore.java 16 Sep 2005 17:13:09 -0000 1.11
@@ -56,7 +56,7 @@
*
* @author <a href="mailto:[EMAIL PROTECTED]">Remy Maucherat</a>
* @author Dirk Verbeeck
- * @version $Revision: 1.10 $
+ * @version $Revision: 1.11 $
*/
public class JahiaDescriptorsStore extends AbstractRDBMSStore
@@ -826,20 +826,20 @@
}
private void denyGuest (Uri uri, Vector perms) {
- perms.add (new NodePermission (uri.toString (), null, "nobody",
+ perms.add (new NodePermission (uri.toString (), null, "all",
"/actions/read", true, true));
- perms.add (new NodePermission (uri.toString (), null, "nobody",
+ perms.add (new NodePermission (uri.toString (), null, "all",
"/actions/write", true, true));
- perms.add (new NodePermission (uri.toString (), null, "nobody",
+ perms.add (new NodePermission (uri.toString (), null, "all",
"/actions/manage", true, true));
}
private void denyChanges (Uri uri, Vector perms) {
- perms.add (new NodePermission (uri.toString (), null, "nobody",
+ perms.add (new NodePermission (uri.toString (), null, "all",
"/actions/read", true, false));
- perms.add (new NodePermission (uri.toString (), null, "nobody",
+ perms.add (new NodePermission (uri.toString (), null, "all",
"/actions/write", true, true));
- perms.add (new NodePermission (uri.toString (), null, "nobody",
+ perms.add (new NodePermission (uri.toString (), null, "all",
"/actions/manage", true, true));
}
Index: DAVFileAccess.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/services/webdav/DAVFileAccess.java,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- DAVFileAccess.java 30 Aug 2005 14:28:05 -0000 1.22
+++ DAVFileAccess.java 16 Sep 2005 17:13:09 -0000 1.23
@@ -290,12 +290,12 @@
.startsWith (permissionSubject))) ||
(!permissionSubject.startsWith ("/") && (
ns.security.hasRole (subjectNode,
permissionSubject) ||
- (permissionSubject.equals ("nobody") &&
subjectNode.getUri ()
+ ((permissionSubject.equals
("nobody")||permissionSubject.equals ("all")) && subjectNode.getUri ()
.equals (
"/groups/" +
JahiaGroupManagerService.GUEST_GROUPNAME + "/members")) ||
- (permissionSubject.equals ("guest") &&
subjectNode.getUri ().equals (
- "/users/" +
JahiaUserManagerService.GUEST_USERNAME)) ||
- (permissionSubject.equals ("user") &&
subjectNode.getUri ().equals (
+ ((permissionSubject.equals
("guest")||permissionSubject.equals ("unauthenticated")) && subjectNode.getUri
().equals (
+ "/users/" +
JahiaUserManagerService.GUEST_USERNAME)) ||
+ ((permissionSubject.equals
("user")||permissionSubject.equals ("authenticated")) && subjectNode.getUri
().equals (
"/groups/" +
JahiaGroupManagerService.USERS_GROUPNAME + "/members")) ||
(permissionSubject.equals ("root") &&
subjectNode.getUri ().equals (
"/groups/" +
JahiaGroupManagerService.ADMINISTRATORS_GROUPNAME + "/members"))
@@ -683,10 +683,16 @@
NodePermission r = new NodePermission (objectNode.getUri (), user,
"/actions/read");
NodePermission w = new NodePermission (objectNode.getUri (), user,
"/actions/write");
NodePermission a = new NodePermission (objectNode.getUri (), user,
"/actions/manage");
+ NodePermission r2 = new NodePermission (objectNode.getUri (), user,
"/actions/read",true,true);
+ NodePermission w2 = new NodePermission (objectNode.getUri (), user,
"/actions/write",true,true);
+ NodePermission a2 = new NodePermission (objectNode.getUri (), user,
"/actions/manage",true,true);
try {
ns.security.revokePermission (slideToken, r);
ns.security.revokePermission (slideToken, w);
ns.security.revokePermission (slideToken, a);
+ ns.security.revokePermission (slideToken, r2);
+ ns.security.revokePermission (slideToken, w2);
+ ns.security.revokePermission (slideToken, a2);
} catch (Exception e) {
logger.debug("Exception occured during permission change",e);
return false;
Index: HttpRequestWrapper.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/services/webdav/HttpRequestWrapper.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- HttpRequestWrapper.java 5 Jul 2005 15:46:32 -0000 1.7
+++ HttpRequestWrapper.java 16 Sep 2005 17:13:10 -0000 1.8
@@ -229,11 +229,6 @@
}
public Principal getUserPrincipal() {
- Enumeration enum = getSession(true).getAttributeNames();
- while (enum.hasMoreElements()) {
- String s = (String) enum.nextElement();
- }
-
Principal user = getJahiaUserPrincipal();
if (user == null) {
user = getHttpUserPrincipal();
Index: conf.xml
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/webapp/WEB-INF/etc/slide/conf.xml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- conf.xml 12 Aug 2005 15:43:09 -0000 1.9
+++ conf.xml 16 Sep 2005 17:13:10 -0000 1.10
@@ -42,7 +42,9 @@
<role name="root">slideroles.basic.RootRole</role>
<role name="user">slideroles.basic.UserRole</role>
<role name="guest">slideroles.basic.GuestRole</role>
-
+ <role name="authenticated">slideroles.basic.UserRole</role>
+ <role name="unauthenticated">slideroles.basic.GuestRole</role>
+
<content-interceptor
class="org.jahia.services.webdav.listeners.CMSSlideContentListener" />
<!-- Office Document Property Mapping -->
Index: data.xml
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/webapp/WEB-INF/etc/slide/data.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- data.xml 4 May 2005 16:36:48 -0000 1.5
+++ data.xml 16 Sep 2005 17:13:10 -0000 1.6
@@ -26,9 +26,9 @@
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/shared">
- <permission action="/actions/read" subject="nobody" />
- <permission action="/actions/read" subject="user" />
- <permission action="/actions/write" subject="user" />
+ <permission action="/actions/read" subject="all" />
+ <permission action="/actions/read" subject="authenticated" />
+ <permission action="/actions/write" subject="authenticated" />
</objectnode>
<!-- DeltaV: default history and workspace paths -->
Index: default_corporate_portal_templates.values
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/webapp/WEB-INF/var/db/default_corporate_portal_templates.values,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- default_corporate_portal_templates.values 30 Aug 2005 14:39:14 -0000
1.15
+++ default_corporate_portal_templates.values 16 Sep 2005 17:13:10 -0000
1.16
@@ -537,8 +537,8 @@
INSERT INTO jahia_sl2_uri VALUES(8,'/shared/import/Home',1);
INSERT INTO jahia_sl2_uri VALUES(9,'/shared/import/Home/banner_home.gif',1);
INSERT INTO jahia_sl2_uri VALUES(10,'/shared/import/Home/portal.gif',1);
-INSERT INTO jahia_sl2_uri VALUES(11,'nobody',1);
-INSERT INTO jahia_sl2_uri VALUES(12,'user',1);
+INSERT INTO jahia_sl2_uri VALUES(11,'all',1);
+INSERT INTO jahia_sl2_uri VALUES(12,'authenticated',1);
INSERT INTO jahia_sl2_object
VALUES(1,'org.apache.slide.structure.SubjectNode');
INSERT INTO jahia_sl2_object
VALUES(2,'org.apache.slide.structure.ActionNode');
INSERT INTO jahia_sl2_object
VALUES(3,'org.apache.slide.structure.ActionNode');
Index: default_corporate_portal_templates_postgres.values
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/webapp/WEB-INF/var/db/default_corporate_portal_templates_postgres.values,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- default_corporate_portal_templates_postgres.values 30 Aug 2005
14:39:15 -0000 1.4
+++ default_corporate_portal_templates_postgres.values 16 Sep 2005
17:13:10 -0000 1.5
@@ -537,8 +537,8 @@
INSERT INTO jahia_sl2_uri VALUES(8,'/shared/import/Home',1);
INSERT INTO jahia_sl2_uri VALUES(9,'/shared/import/Home/banner_home.gif',1);
INSERT INTO jahia_sl2_uri VALUES(10,'/shared/import/Home/portal.gif',1);
-INSERT INTO jahia_sl2_uri VALUES(11,'nobody',1);
-INSERT INTO jahia_sl2_uri VALUES(12,'user',1);
+INSERT INTO jahia_sl2_uri VALUES(11,'all',1);
+INSERT INTO jahia_sl2_uri VALUES(12,'authenticated',1);
INSERT INTO jahia_sl2_object
VALUES(1,'org.apache.slide.structure.SubjectNode');
INSERT INTO jahia_sl2_object
VALUES(2,'org.apache.slide.structure.ActionNode');
INSERT INTO jahia_sl2_object
VALUES(3,'org.apache.slide.structure.ActionNode');
@@ -679,7 +679,7 @@
INSERT INTO jahia_sl2_permissions VALUES(1,11,4,NULL,'1','0',2);
INSERT INTO jahia_sl2_permissions VALUES(1,11,5,NULL,'1','1',1);
INSERT INTO jahia_sl2_permissions VALUES(2,11,3,NULL,'1','1',3);
-INSERT INTO jahia_sl2_permissions VALUES(2,11,4,NULL,'1','1',2);
+INSERT INTO jahia_sl2_permissions VALUES(2,11,4,NULL,'1','0',2);
INSERT INTO jahia_sl2_permissions VALUES(2,11,5,NULL,'1','1',1);
INSERT INTO jahia_sl2_permissions VALUES(6,11,3,NULL,'1','1',6);
INSERT INTO jahia_sl2_permissions VALUES(6,11,4,NULL,'1','0',5);
