morciuch 2003/06/09 15:06:58
Modified: src/java/org/apache/jetspeed/services/security/turbine
TurbineGroupManagement.java
TurbinePermissionManagement.java
TurbineRoleManagement.java
TurbineUserManagement.java
webapp/WEB-INF/conf JetspeedSecurity.properties
JetspeedSecurity.template
webapp/WEB-INF/templates/vm/portlets/html group-browser.vm
permission-browser.vm role-browser.vm
user-browser.vm
xdocs changes.xml
Log:
It is no longer possible to remove predefined system users/roles/groups/permissions
(see Bugzilla bug# 15684):
users = admin,anon
roles = admin,user
groups=Jetspeed
Revision Changes Path
1.8 +12 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineGroupManagement.java
Index: TurbineGroupManagement.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineGroupManagement.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- TurbineGroupManagement.java 7 May 2003 15:16:53 -0000 1.7
+++ TurbineGroupManagement.java 9 Jun 2003 22:06:57 -0000 1.8
@@ -58,6 +58,7 @@
import java.util.Iterator;
import java.util.List;
import java.util.HashMap;
+import java.util.Vector;
import javax.servlet.ServletConfig;
@@ -122,8 +123,10 @@
private final static String CONFIG_DEFAULT_ROLE = "role.default";
String defaultRole = "user";
private final static String CASCADE_DELETE = "programmatic.cascade.delete";
+ private final static String CONFIG_SYSTEM_GROUPS = "system.groups";
private final static boolean DEFAULT_CASCADE_DELETE = true;
private boolean cascadeDelete;
+ private Vector systemGroups = null;
///////////////////////////////////////////////////////////////////////////
// Group Management Interfaces
@@ -351,6 +354,12 @@
Connection conn = null;
try
{
+
+ if (systemGroups.contains(groupname))
+ {
+ throw new GroupException("[" + groupname + "] is a system group and
cannot be removed");
+ }
+
conn = Torque.getConnection();
Group group = this.getGroup(groupname);
@@ -391,7 +400,7 @@
{
Torque.closeConnection(conn);
}
- catch (Exception e)
+ catch (Throwable e)
{
Log.error( "Error closing Torque connection", e );
}
@@ -617,6 +626,7 @@
defaultRole = serviceConf.getString(CONFIG_DEFAULT_ROLE, defaultRole);
cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE,
DEFAULT_CASCADE_DELETE );
+ systemGroups = serviceConf.getVector( CONFIG_SYSTEM_GROUPS, new Vector() );
setInit(true);
}
1.8 +12 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbinePermissionManagement.java
Index: TurbinePermissionManagement.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbinePermissionManagement.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- TurbinePermissionManagement.java 7 May 2003 15:16:53 -0000 1.7
+++ TurbinePermissionManagement.java 9 Jun 2003 22:06:57 -0000 1.8
@@ -58,6 +58,7 @@
import java.util.Iterator;
import java.util.List;
import java.util.HashMap;
+import java.util.Vector;
import javax.servlet.ServletConfig;
@@ -113,9 +114,11 @@
private JetspeedRunDataService runDataService = null;
private final static String CASCADE_DELETE = "programmatic.cascade.delete";
private final static boolean DEFAULT_CASCADE_DELETE = true;
+ private final static String CONFIG_SYSTEM_PERMISSIONS = "system.permissions";
private boolean cascadeDelete;
private final static String CACHING_ENABLE = "caching.enable";
private boolean cachingEnable = true;
+ private Vector systemPermissions = null;
///////////////////////////////////////////////////////////////////////////
// Permission Management Interfaces
@@ -300,6 +303,12 @@
Connection conn = null;
try
{
+
+ if (systemPermissions.contains(permissionName))
+ {
+ throw new PermissionException("[" + permissionName + "] is a system
permission and cannot be removed");
+ }
+
conn = Torque.getConnection();
Permission permission = this.getPermission(permissionName);
@@ -342,7 +351,7 @@
{
Torque.closeConnection(conn);
}
- catch (Exception e)
+ catch (Throwable e)
{
Log.error( "Error closing Torque connection", e );
}
@@ -584,6 +593,7 @@
cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE,
DEFAULT_CASCADE_DELETE );
cachingEnable = serviceConf.getBoolean( CACHING_ENABLE, cachingEnable );
+ systemPermissions = serviceConf.getVector( CONFIG_SYSTEM_PERMISSIONS, new
Vector() );
setInit(true);
}
1.10 +12 -3
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineRoleManagement.java
Index: TurbineRoleManagement.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineRoleManagement.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- TurbineRoleManagement.java 7 May 2003 15:16:53 -0000 1.9
+++ TurbineRoleManagement.java 9 Jun 2003 22:06:57 -0000 1.10
@@ -58,6 +58,7 @@
import java.util.Iterator;
import java.util.List;
import java.util.HashMap;
+import java.util.Vector;
import javax.servlet.ServletConfig;
@@ -123,10 +124,12 @@
{
private JetspeedRunDataService runDataService = null;
private final static String CASCADE_DELETE = "programmatic.cascade.delete";
+ private final static String CONFIG_SYSTEM_ROLES = "system.roles";
private final static boolean DEFAULT_CASCADE_DELETE = true;
private boolean cascadeDelete;
private final static String CACHING_ENABLE = "caching.enable";
private boolean cachingEnable = true;
+ private Vector systemRoles = null;
///////////////////////////////////////////////////////////////////////////
@@ -364,6 +367,11 @@
Connection conn = null;
try
{
+ if (systemRoles.contains(rolename))
+ {
+ throw new RoleException("[" + rolename + "] is a system role and
cannot be removed");
+ }
+
conn = Torque.getConnection();
Role role = this.getRole(rolename);
@@ -412,9 +420,9 @@
{
Torque.closeConnection(conn);
}
- catch (Exception e)
+ catch (Throwable t)
{
- Log.error( "Error closing Torque connection", e );
+ Log.error( "Error closing Torque connection", t );
}
}
@@ -656,6 +664,7 @@
cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE,
DEFAULT_CASCADE_DELETE );
cachingEnable = serviceConf.getBoolean( CACHING_ENABLE, cachingEnable );
+ systemRoles = serviceConf.getVector( CONFIG_SYSTEM_ROLES, new Vector() );
setInit(true);
}
1.10 +10 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineUserManagement.java
Index: TurbineUserManagement.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineUserManagement.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- TurbineUserManagement.java 7 May 2003 15:16:53 -0000 1.9
+++ TurbineUserManagement.java 9 Jun 2003 22:06:57 -0000 1.10
@@ -59,6 +59,7 @@
import java.util.Date;
import javax.servlet.ServletConfig;
import java.security.Principal;
+import java.util.Vector;
// Torque
import org.apache.torque.util.Criteria;
@@ -122,9 +123,11 @@
{
private final static String CONFIG_SECURE_PASSWORDS_KEY = "secure.passwords";
private final static String CONFIG_SECURE_PASSWORDS_ALGORITHM =
"secure.passwords.algorithm";
+ private final static String CONFIG_SYSTEM_USERS = "system.users";
boolean securePasswords = false;
String passwordsAlgorithm = "SHA";
+ Vector systemUsers = null;
private final static String CONFIG_NEWUSER_ROLES = "newuser.roles";
private final static String [] DEFAULT_CONFIG_NEWUSER_ROLES =
@@ -380,6 +383,11 @@
public void removeUser(Principal principal)
throws JetspeedSecurityException
{
+ if (systemUsers.contains(principal.getName()))
+ {
+ throw new UserException("[" + principal.getName() + "] is a system user
and cannot be removed");
+ }
+
JetspeedUser user = getUser(principal);
Criteria criteria = new Criteria();
@@ -555,6 +563,7 @@
securePasswords);
passwordsAlgorithm =
serviceConf.getString(CONFIG_SECURE_PASSWORDS_ALGORITHM,
passwordsAlgorithm);
+ systemUsers = serviceConf.getVector(CONFIG_SYSTEM_USERS, new Vector());
try
{
1.67 +35 -1 jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.properties
Index: JetspeedSecurity.properties
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.properties,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- JetspeedSecurity.properties 19 May 2003 23:19:15 -0000 1.66
+++ JetspeedSecurity.properties 9 Jun 2003 22:06:57 -0000 1.67
@@ -126,6 +126,40 @@
#
services.JetspeedSecurity.password.expiration.period=0
+#
+# Comma separated list of system users. System users cannot
+# be deleted because they are essential to security service.
+#
+# Default: admin, anon
+#
+services.JetspeedSecurity.system.users = admin
+services.JetspeedSecurity.system.users = anon
+
+#
+# Comma separated list of system roles. System roles cannot
+# be deleted because they are essential to security service.
+#
+# Default: user, admin
+#
+services.JetspeedSecurity.system.roles = user
+services.JetspeedSecurity.system.roles = admin
+
+#
+# Comma separated list of system groups. System groups cannot
+# be deleted because they are essential to security service.
+#
+# Default: jetspeed
+#
+services.JetspeedSecurity.system.groups = Jetspeed
+
+#
+# Comma separated list of system permissions. System permissions cannot
+# be deleted because they are essential to security service.
+#
+# Default: <none>
+#
+services.JetspeedSecurity.system.permissions =
+
#########################################
# Action buttons #
#########################################
1.12 +35 -1 jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.template
Index: JetspeedSecurity.template
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.template,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- JetspeedSecurity.template 25 Mar 2003 19:35:21 -0000 1.11
+++ JetspeedSecurity.template 9 Jun 2003 22:06:58 -0000 1.12
@@ -126,6 +126,40 @@
#
services.JetspeedSecurity.password.expiration.period=0
+#
+# Comma separated list of system users. System users cannot
+# be deleted because they are essential to security service.
+#
+# Default: admin, anon
+#
+services.JetspeedSecurity.system.users = admin
+services.JetspeedSecurity.system.users = anon
+
+#
+# Comma separated list of system roles. System roles cannot
+# be deleted because they are essential to security service.
+#
+# Default: user, admin
+#
+services.JetspeedSecurity.system.roles = user
+services.JetspeedSecurity.system.roles = admin
+
+#
+# Comma separated list of system groups. System groups cannot
+# be deleted because they are essential to security service.
+#
+# Default: jetspeed
+#
+services.JetspeedSecurity.system.groups = Jetspeed
+
+#
+# Comma separated list of system permissions. System permissions cannot
+# be deleted because they are essential to security service.
+#
+# Default: <none>
+#
+services.JetspeedSecurity.system.permissions =
+
#########################################
# Action buttons #
#########################################
1.6 +2 -2
jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/group-browser.vm
Index: group-browser.vm
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/group-browser.vm,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- group-browser.vm 23 May 2003 17:03:17 -0000 1.5
+++ group-browser.vm 9 Jun 2003 22:06:58 -0000 1.6
@@ -22,7 +22,7 @@
<tr>
#entryCell ($group.Name)
<td>
- #if ($group.Name != "Jetspeed")
+ #if
($config.getVector("services.JetspeedSecurity.system.groups").contains($group.Name) ==
false)
<a
href="$jslink.getPaneByName("GroupForm").addPathInfo("entityid",$group.Name).addQueryData("mode","delete")">Remove</a>
#else
1.5 +5 -1
jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/permission-browser.vm
Index: permission-browser.vm
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/permission-browser.vm,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- permission-browser.vm 14 May 2002 04:37:19 -0000 1.4
+++ permission-browser.vm 9 Jun 2003 22:06:58 -0000 1.5
@@ -23,7 +23,11 @@
<tr>
#entryCell ($permission.Name)
<td>
+ #if
($config.getVector("services.JetspeedSecurity.system.permissions").contains($permission.Name)
== false)
<a
href="$jslink.getPaneByName("PermissionForm").addPathInfo("entityid",$permission.Name).addQueryData("mode","delete")">Remove</a>
+ #else
+
+ #end
</td>
</tr>
#end
1.4 +5 -1
jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/role-browser.vm
Index: role-browser.vm
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/role-browser.vm,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- role-browser.vm 14 May 2002 04:39:00 -0000 1.3
+++ role-browser.vm 9 Jun 2003 22:06:58 -0000 1.4
@@ -24,7 +24,11 @@
#entryCell ($role.Name)
<td>
<a
href="$jslink.getPaneByName("RolePermissionForm").addPathInfo("entityid",$role.Name)">Permissions</a>
+ #if
($config.getVector("services.JetspeedSecurity.system.roles").contains($role.Name) ==
false)
<a
href="$jslink.getPaneByName("RoleForm").addPathInfo("entityid",$role.Name).addQueryData("mode","delete")">Remove</a>
+ #else
+
+ #end
</td>
</tr>
#end
1.9 +6 -1
jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/user-browser.vm
Index: user-browser.vm
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/templates/vm/portlets/html/user-browser.vm,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- user-browser.vm 6 Dec 2002 21:42:34 -0000 1.8
+++ user-browser.vm 9 Jun 2003 22:06:58 -0000 1.9
@@ -10,6 +10,7 @@
#set ( $filter = $data.getRequest().getParameter("filter_value") )
#set ( $filter_type = $data.getRequest().getParameter("filter_type") )
#set ( $regexp = $data.getRequest().getParameter("filter_regexp") )
+#set ( $systemUsers = $config.getVector("services.JetspeedSecurity.system.users"))
#if ($pagelinks) <p align=right>$pagelinks</p> #end
<form method="post">
@@ -44,7 +45,11 @@
<a
href="$jslink.getPaneByName("UserForm").addPathInfo("entityid",$user.UserName).addQueryData("mode","update")">Edit</a>
<a
href="$jslink.getPaneByName("UserRoleForm").addPathInfo("entityid",$user.UserName)">Roles</a>
<a
href="$jslink.getPaneByName("UserGroupForm").addPathInfo("entityid",$user.UserName)">Groups</a>
+ #if ($systemUsers.contains($user.UserName) == false)
<a
href="$jslink.getPaneByName("UserForm").addPathInfo("entityid",$user.UserName).addQueryData("mode","delete")">Remove</a>
+ #else
+
+ #end
</td>
</tr>
#end
1.169 +4 -1 jakarta-jetspeed/xdocs/changes.xml
Index: changes.xml
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/xdocs/changes.xml,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -r1.168 -r1.169
--- changes.xml 6 Jun 2003 17:33:03 -0000 1.168
+++ changes.xml 9 Jun 2003 22:06:58 -0000 1.169
@@ -24,6 +24,9 @@
</li>
-->
<li>
+ Add - Bug # 15684 - 2003/06/09 - It is no longer possible to remove predefined
system users/roles/groups/permissions (MO)
+</li>
+<li>
Add - Bug # 15413 - 2003/06/06 - Fix for deleting references in portlet set
customizer (MO)
</li>
<li>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
