paulsp 02/05/27 06:04:25
Modified: src/java/org/apache/jetspeed/services/security Tag:
security_14 PortalAccessController.java
src/java/org/apache/jetspeed/services/security/turbine Tag:
security_14 TestAccessController.java
TurbineAccessController.java
Added: src/java/org/apache/jetspeed/services Tag: security_14
JetspeedPortalAccessController.java
Log:
o Added service accessor class to the PortalAccessController.
o Completed the Turbine implementation of the PortalAccessController.
o Completed unit test for the Turbine implementation of the PortalAccessController.
o Made checkPermission methods public in PortalAccessController interface
Revision Changes Path
No revision
No revision
1.1.2.1 +105 -0
jakarta-jetspeed/src/java/org/apache/jetspeed/services/Attic/JetspeedPortalAccessController.java
No revision
No revision
1.1.2.2 +8 -5
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/PortalAccessController.java
Index: PortalAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/Attic/PortalAccessController.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- PortalAccessController.java 25 May 2002 15:27:11 -0000 1.1.2.1
+++ PortalAccessController.java 27 May 2002 13:04:25 -0000 1.1.2.2
@@ -54,11 +54,14 @@
package org.apache.jetspeed.services.security;
-import org.apache.turbine.services.Service;
+// Jetspeed imports
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.profile.Entry;
import org.apache.jetspeed.portal.Portlet;
+// Turbine imports
+import org.apache.turbine.services.Service;
+
/**
* <p> The <code>PortalAccessController</code> interface defines a contract between
* the portal and security provider required for authorization to portal-secure
areas.
@@ -67,7 +70,7 @@
*
*
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: PortalAccessController.java,v 1.1.2.1 2002/05/25 15:27:11 taylor
Exp $
+ * @version $Id: PortalAccessController.java,v 1.1.2.2 2002/05/27 13:04:25 paulsp
Exp $
*/
public interface PortalAccessController extends Service
@@ -85,7 +88,7 @@
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
- boolean checkPermission(JetspeedUser user, Entry entry, String action);
+ public boolean checkPermission(JetspeedUser user, Entry entry, String action);
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
@@ -98,7 +101,7 @@
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
- boolean checkPermission(JetspeedUser user, Portlet portlet, String action);
+ public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action);
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
@@ -112,7 +115,7 @@
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
- boolean checkPermission(JetspeedUser user, int resourceType, String resource,
String action);
+ public boolean checkPermission(JetspeedUser user, int resourceType, String
resource, String action);
}
No revision
No revision
1.1.2.2 +30 -20
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TestAccessController.java
Index: TestAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TestAccessController.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- TestAccessController.java 26 May 2002 17:51:17 -0000 1.1.2.1
+++ TestAccessController.java 27 May 2002 13:04:25 -0000 1.1.2.2
@@ -73,13 +73,11 @@
import org.apache.jetspeed.om.profile.psml.PsmlSkin;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.services.JetspeedSecurity;
-import org.apache.jetspeed.services.security.PortalAccessController;
+import org.apache.jetspeed.services.JetspeedPortalAccessController;
import org.apache.jetspeed.services.Profiler;
import org.apache.jetspeed.services.resources.JetspeedResources;
// Turbine imports
-//import org.apache.stratum.configuration.Configuration;
-//import org.apache.stratum.configuration.PropertiesConfiguration;
import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.util.TurbineConfig;
import org.apache.turbine.util.StringUtils;
@@ -94,13 +92,17 @@
* TestAccessController
*
* @author <a href="[EMAIL PROTECTED]">Paul Spencer</a>
- * @version $Id: TestAccessController.java,v 1.1.2.1 2002/05/26 17:51:17 paulsp Exp
$
+ * @version $Id: TestAccessController.java,v 1.1.2.2 2002/05/27 13:04:25 paulsp Exp
$
*/
public class TestAccessController extends TestCase
{
+ private static String ADMIN_PORTLET = "GlobalAdminPortlet"; // Portlet
accessable by Admin user, role = admin
+ private static String ALL_PORTLET = "HelloVelocity"; // Portlet accessable by
Anonymous user
private static String TEST_GROUP = "Jetspeed";
private static String TEST_SECURITY_PAGE = "SecurityTest";
+ private static String USER_PORTLET = "SkinBrowser"; // Portlet accessable by
general user, role = user
+
/**
* Defines the testcase name for JUnit.
*
@@ -138,7 +140,7 @@
return new TestSuite( TestAccessController.class );
}
- public void testVerifyEnvironment() throws Exception
+ public void testVerifyEnvironment() throws Exception
{
assertEquals( "Using TurbineAccessController",
"org.apache.jetspeed.services.security.turbine.TurbineAccessController",
@@ -149,7 +151,7 @@
assertNotNull( "Getting anonymous user",
JetspeedSecurity.getAnonymousUser());
}
- public void testCreateTestPSML() throws Exception
+ public void xtestCreateTestPSML() throws Exception
{
Portlets rootPortletSet = null;
ProfileLocator currentLocator = null;
@@ -182,7 +184,7 @@
Profile newProfile = Profiler.createProfile(newLocator, rootPortletSet);
PSMLDocument doc = newProfile.getDocument();
- System.out.println("doc = " + doc.getName());
+ // System.out.println("doc = " + doc.getName());
// this only works with the default configuration (Castor/Filebased)
File file = new File(doc.getName());
@@ -191,25 +193,33 @@
}
- public void testRequiredActions() throws Exception
+ public void testRequiredActions() throws Exception
{
JetspeedUser adminUser = (JetspeedUser) JetspeedSecurity.getUser("admin");
assertNotNull( "Getting admin user", adminUser);
+ adminUser.setHasLoggedIn(Boolean.TRUE);
+
JetspeedUser turbineUser = (JetspeedUser)
JetspeedSecurity.getUser("turbine");
assertNotNull( "Getting turbine user", turbineUser);
+ turbineUser.setHasLoggedIn(Boolean.TRUE);
+
JetspeedUser anonymousUser = (JetspeedUser)
JetspeedSecurity.getAnonymousUser();
assertNotNull( "Getting anonymous user", anonymousUser);
-
- Entry entry = createEntry("GlobalAdminPortlet", "ST_01.admin");
- // The following cause "non-static method can not be refrenced
- // from a static context error
-// assertEquals( "Admin user has view access", true,
PortalAccessController.checkPermission( adminUser, entry, "view"));
-// assertEquals( "Turbine user DOES NOT have view access", false,
PortalAccessController.checkPermission( turbineUser, entry, "view"));
-// assertEquals( "Anonymous user DOES NOT have view access", false,
PortalAccessController.checkPermission( anonymousUser, entry, "view"));
- System.out.println("***");
- System.out.println("* This test has NOT been completed");
- System.out.println("***");
- assertTrue("This test is completed", false);
+ Entry adminEntry = createEntry( ADMIN_PORTLET, "ST_01.admin");
+ Entry userEntry = createEntry(USER_PORTLET, "ST_01.user");
+ Entry allEntry = createEntry(ALL_PORTLET, "ST_01.all");
+
+ assertEquals( "Admin user has view access to " + ADMIN_PORTLET, true,
JetspeedPortalAccessController.checkPermission( adminUser, adminEntry, "view"));
+ assertEquals( "Turbine user DOES NOT have view access to " + ADMIN_PORTLET,
false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry,
"view"));
+ assertEquals( "Anonymous user DOES NOT have view access to " +
ADMIN_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser,
adminEntry, "view"));
+
+ assertEquals( "Admin user has view access to " + USER_PORTLET, true,
JetspeedPortalAccessController.checkPermission( adminUser, userEntry, "view"));
+ assertEquals( "Turbine user has view access to " + USER_PORTLET, true,
JetspeedPortalAccessController.checkPermission( turbineUser, userEntry, "view"));
+ assertEquals( "Anonymous user DOES NOT have view access to " +
USER_PORTLET, false, JetspeedPortalAccessController.checkPermission( anonymousUser,
userEntry, "view"));
+
+ assertEquals( "Admin user has view access to " + ALL_PORTLET, true,
JetspeedPortalAccessController.checkPermission( adminUser, allEntry, "view"));
+ assertEquals( "Turbine user has view access to " + ALL_PORTLET, true,
JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view"));
+ assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true,
JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view"));
}
/*
* Setup Turbine environment
@@ -237,7 +247,7 @@
fail(StringUtils.stackTrace(e));
}
}
-
+
private PsmlEntry createEntry(java.lang.String parent, java.lang.String id)
{
PsmlEntry entry = new PsmlEntry();
1.1.2.2 +51 -13
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAccessController.java
Index: TurbineAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAccessController.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- TurbineAccessController.java 26 May 2002 17:51:17 -0000 1.1.2.1
+++ TurbineAccessController.java 27 May 2002 13:04:25 -0000 1.1.2.2
@@ -65,6 +65,7 @@
import org.apache.jetspeed.portal.Portlet;
import org.apache.jetspeed.portal.PortletController;
import org.apache.jetspeed.portal.PortletSet;
+import org.apache.jetspeed.services.resources.JetspeedResources;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.services.security.PortalAccessController;
@@ -79,12 +80,14 @@
* TurbineAccessController
*
* @author <a href="[EMAIL PROTECTED]">Paul Spencer</a>
- * @version $Id: TurbineAccessController.java,v 1.1.2.1 2002/05/26 17:51:17 paulsp
Exp $
+ * @version $Id: TurbineAccessController.java,v 1.1.2.2 2002/05/27 13:04:25 paulsp
Exp $
*/
public class TurbineAccessController extends TurbineBaseService
implements PortalAccessController
{
-
+ private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN =
"services.JetspeedSecurity.permission.default.loggedin";
+ private final static String CONFIG_DEFAULT_PERMISSION_ANONYMOUS =
"services.JetspeedSecurity.permission.default.anonymous";
+
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
* the given resource of the specified resource type. If the user does not have
@@ -116,9 +119,9 @@
public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action)
{
String portletName = portlet.getName();
- RegistryEntry entry = (RegistryEntry)Registry.getEntry(Registry.PORTLET,
portletName);
+ RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET,
portletName);
//portlet is not a portlet - probably a controller or control
- if (entry==null)
+ if (regEntry==null)
{
PortletSet ps = portlet.getPortletConfig().getPortletSet();
if (ps != null)
@@ -127,15 +130,15 @@
if (pc != null)
{
portletName = pc.getConfig().getName();
- entry =
(RegistryEntry)Registry.getEntry(Registry.PORTLET_CONTROLLER, portletName);
+ regEntry =
(RegistryEntry)Registry.getEntry(Registry.PORTLET_CONTROLLER, portletName);
}
}
}
- if (entry==null)
+ if (regEntry==null)
{
return checkDefaultPermission(user, action);
}
- return checkPermission(user, entry, action);
+ return checkPermission(user, regEntry, action);
}
/**
@@ -151,7 +154,13 @@
*/
public boolean checkPermission(JetspeedUser user, Entry entry, String action)
{
- return false;
+ String portletName = entry.getParent();
+ RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET,
portletName);
+ if (regEntry==null)
+ {
+ return checkDefaultPermission(user, action);
+ }
+ return checkPermission(user, regEntry, action);
}
@@ -173,7 +182,7 @@
String securityRole = security.getRole();
if (null == securityRole)
return checkDefaultPermission( user, action);
-
+
// determine if Portlet has specified role
try
{
@@ -185,11 +194,11 @@
}
if (null == acl)
return false;
-
+
if (!acl.hasRole( securityRole, JetspeedSecurity.JETSPEED_GROUP ))
return false;
- return checkDefaultPermission(user, action);
+ return checkPermission(user, action);
}
/**
@@ -200,7 +209,16 @@
* @exception Sends a RegistryException if the manager can't add
* the provided entry
*/
- private boolean checkDefaultPermission(JetspeedUser user, String action)
+ /**
+ * given the rundata, checks if the currently logged on user has access for the
given action
+ *
+ * @param rundata the request rundata.
+ * @param permission the jetspeed-action (view, edit, customize, delete...) for
which permission is being checked.
+ * @param entry the registry entry from the registry.
+ * @exception Sends a RegistryException if the manager can't add
+ * the provided entry
+ */
+ private boolean checkPermission(JetspeedUser user, String action)
{
AccessControlList acl = null;
// determine if user has specified role
@@ -228,7 +246,27 @@
return true;
}
-
+
+ private boolean checkDefaultPermission(JetspeedUser user, String action)
+ {
+ String defaultPermissions[] = null;
+ try {
+ if ( (user == null) || !user.hasLoggedIn() ) {
+ defaultPermissions =
JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_ANONYMOUS);
+ } else {
+ defaultPermissions =
JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_LOGGEDIN);
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ for (int i = 0; i < defaultPermissions.length; i++) {
+ if (defaultPermissions[i].equals("*"))
+ return true;
+ if (defaultPermissions[i].equals(action))
+ return true;
+ }
+ return false;
+ }
/*
* Turbine Services Interface
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
