taylor      01/06/04 00:16:08

  Added:       src/java/org/apache/jetspeed/services/security
                        AccessControl.java JetspeedDBSecurityService.java
                        JetspeedSecurityService.java
  Log:
  - start of implementation of security service.
  
  Revision  Changes    Path
  1.1                  
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/AccessControl.java
  
  Index: AccessControl.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact [EMAIL PROTECTED]
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.jetspeed.services.security;
  
  import org.apache.turbine.util.RunData;
  import org.apache.jetspeed.portal.Portlet;
  import org.apache.jetspeed.om.profile.Profile;
  
  /**
   * <P>Interface defines access control methods specific to Jetspeed for
   * accessing portal resources such as portlets and panes</P>
   * 
   * @see org.apache.jetspeed.services.security.JetspeedSecurityService
   * @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
   * @version $Id: AccessControl.java,v 1.1 2001/06/04 07:16:07 taylor Exp $
   */
  
  public interface AccessControl {
  
      boolean checkPermission(RunData runData, String permission, Portlet portlet);
      boolean checkPermission(String user, String action, Portlet portlet);
  
      // TODO: get requirements for controlling access to other OM elements
      // boolean checkPermission(User user, String action, Profile profile);
  
  }
  
  
  
  1.1                  
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java
  
  Index: JetspeedDBSecurityService.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact [EMAIL PROTECTED]
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.jetspeed.services.security;
  
  import org.apache.turbine.services.security.db.*;
  import org.apache.jetspeed.portal.Portlet;
  import org.apache.jetspeed.services.Registry;
  import org.apache.jetspeed.om.newregistry.*;
  import org.apache.turbine.util.RunData;
  import org.apache.turbine.util.security.AccessControlList;
  
  /**
   * <p>This is an implementation of the <code>JetspeedSecurityService</code> 
interface.
   *
   *
   * @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
   * @author <a href="mailto:[EMAIL PROTECTED]";>Santiago Gala</a>
   * @version $Id: JetspeedDBSecurityService.java,v 1.1 2001/06/04 07:16:07 taylor Exp 
$
   */
  
  
  public class JetspeedDBSecurityService extends DBSecurityService
                                         implements JetspeedSecurityService
  {
  
      /**
       * given a user, checks if a user has access to a given portlet for the given 
action
       *
       * @param user the username.
       * @param permission the permission for which permission is being checked.
       * @param portlet the portlet resource
       * @exception Sends a RegistryException if the manager can't add
       *            the provided entry
       */
      public boolean checkPermission(String user, String permission, Portlet portlet)
      {
          // TODO: for a user, you will need to build the ACLs
          // since Turbine only builds the ACLs for the currently logged on user
          return false;
      }
  
      /**
       * given the rundata, checks if the currently logged on user has access to a 
given portlet for the given action
       *
       * @param user the username.
       * @param permission the jetspeed-action (view, edit, customize, delete...) for 
which permission is being checked.
       * @param portlet the portlet resource
       * @exception Sends a RegistryException if the manager can't add
       *            the provided entry
       */
      public boolean checkPermission(RunData runData, String permission, Portlet 
portlet)
      {
          String portletName = portlet.getName();
          PortletEntry entry = (PortletEntry)Registry.getEntry(Registry.PORTLET, 
portletName);
          Security security = entry.getSecurity();
          if (null == security)
              return true; // grant permission if no security role given
          String securityRole = security.getRole();
          if (null == securityRole)
              return true; // grant permission if no security role given
  
          // TODO:
          // the portlet name by itself may not be a unique enough identifier since
          // other resources (panes, configs) may have the same name
          // we may need to prefix the portletName with something like:
          // "portlet_" + portletName
          // the alternative would be to add a column to the turbine database
          // but this would mean deviating from the basic turbine security model
  
          // determine if Portlet has specified role
          AccessControlList acl = runData.getACL();
          if (null == acl)
              return false;
  
          if (!acl.hasRole( securityRole, portletName ))
              return false;
  
          // check for role having permission
          if (null != permission) // specifying null - skip permission check
          {
              // first check the global permission - which overrides other permissions
              if ( acl.hasPermission( permission ) )
                  return true;
  
              if ( !acl.hasPermission( permission, portletName ) )
                  return false;
          }
  
          return true;
      }
  
  }
  
  
  
  1.1                  
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java
  
  Index: JetspeedSecurityService.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact [EMAIL PROTECTED]
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  
  package org.apache.jetspeed.services.security;
  
  import org.apache.turbine.services.security.SecurityService;
  
  /**
   * The Security Service manages Users, Groups Roles and Permissions in the 
   * system. The Jetspeed Security Service extends the interface of the Turbine
   * Security Service, adding on the Jetspeed specific interface: AccessControl
   * for controlling access to portal resources (portlets, panes).
   *
   * @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
   * @version $Id: JetspeedSecurityService.java,v 1.1 2001/06/04 07:16:07 taylor Exp $
   */
  
  
  public interface JetspeedSecurityService extends SecurityService, AccessControl
  {
  }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to