taylor 2002/06/09 22:36:19
Modified: src/java/org/apache/jetspeed/modules/actions Tag:
security_14 CreateNewUserAndConfirm.java
JLoginUser.java JetspeedAccessController.java
JetspeedSessionValidator.java
src/java/org/apache/jetspeed/services Tag: security_14
JetspeedSecurity.java
Added: src/java/org/apache/jetspeed/modules/actions Tag:
security_14 TemplateSessionValidator.java
Log:
- Completed basic conversion of Jetspeed to new security model.
- Converted standard actions to use JetspeedSecurity and decouple from
TurbineSecurity.
- Disabled ACL checks. Jetspeed runs much faster without it.
- Still left to complete:
1. performant ACL implementation.
2. Security/Profiler refactoring (AddUser, RemoveUser...)
3. Roles and Groups.
4. Sufficient privilege checks on all security methods
5. Global setting to turn off all portlet security checks during aggregation
Revision Changes Path
No revision
No revision
1.32.2.2 +2 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/CreateNewUserAndConfirm.java
Index: CreateNewUserAndConfirm.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/CreateNewUserAndConfirm.java,v
retrieving revision 1.32.2.1
retrieving revision 1.32.2.2
diff -u -r1.32.2.1 -r1.32.2.2
--- CreateNewUserAndConfirm.java 7 Jun 2002 10:02:05 -0000 1.32.2.1
+++ CreateNewUserAndConfirm.java 10 Jun 2002 05:36:19 -0000 1.32.2.2
@@ -88,6 +88,7 @@
// security
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.turbine.util.security.AccessControlList;
+import org.apache.jetspeed.services.security.JetspeedSecurityException;
/**
This action validates the form input from the NewAccount Screen.
@@ -164,7 +165,7 @@
{
JetspeedSecurity.getUser(username);
}
- catch(SecurityException e)
+ catch(JetspeedSecurityException e)
{
accountExists = false;
}
1.23.2.3 +34 -5
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JLoginUser.java
Index: JLoginUser.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JLoginUser.java,v
retrieving revision 1.23.2.2
retrieving revision 1.23.2.3
diff -u -r1.23.2.2 -r1.23.2.3
--- JLoginUser.java 7 Jun 2002 10:02:05 -0000 1.23.2.2
+++ JLoginUser.java 10 Jun 2002 05:36:19 -0000 1.23.2.3
@@ -87,6 +87,10 @@
import org.apache.jetspeed.services.resources.JetspeedResources;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.security.JetspeedSecurityException;
+import org.apache.jetspeed.services.security.LoginException;
+import org.apache.jetspeed.services.security.FailedLoginException;
+import org.apache.jetspeed.services.security.CredentialExpiredException;
+import org.apache.jetspeed.services.security.AccountExpiredException;
/**
This class is responsible for logging a user into the system. It is also
@@ -190,6 +194,9 @@
{
return;
}
+
+ String username = data.getParameters().getString("username", "");
+ String password = data.getParameters().getString("password", "");
boolean newUserApproval =
JetspeedResources.getBoolean("newuser.approval.enable", false);
String secretkey = (String) data.getParameters().getString("secretkey",
null);
@@ -208,8 +215,6 @@
// check to make sure the user entered the right confirmation key
// if not, then send them to the ConfirmRegistration screen
- String username = data.getParameters().getString("username", "");
- String password = data.getParameters().getString("password", "");
JetspeedUser user = JetspeedSecurity.getUser(username);
if (user == null)
@@ -248,10 +253,34 @@
data.setMessage (Localization.getString("JLOGINUSER_WELCOME"));
}
- // check for valid username/password - execute Turbine LoginUser action
- ActionLoader.getInstance().exec(data, "LoginUser");
+ JetspeedUser user = null;
+ try
+ {
+ user = JetspeedSecurity.login(username, password);
+ }
+ catch (LoginException e)
+ {
+ if (e instanceof FailedLoginException)
+ {
+ Log.info("JLoginUser: Credential Failure on login", e);
+ }
+ else if (e instanceof AccountExpiredException)
+ {
+ Log.info("JLoginUser: Account Expired ", e);
+ }
+ else if (e instanceof AccountExpiredException)
+ {
+ Log.info("JLoginUser: Credentials Expired ", e);
+ }
+ data.setMessage(e.toString());
+ String loginTemplate =
JetspeedResources.getString(TurbineConstants.TEMPLATE_LOGIN);
+ data.setScreenTemplate(loginTemplate);
+ data.setUser(JetspeedSecurity.getAnonymousUser());
+ data.getUser().setHasLoggedIn(new Boolean (false) );
+ return;
+
+ }
- JetspeedUser user = (JetspeedUser)data.getUser();
if (user.getDisabled())
{
data.setMessage(Localization.getString("JLOGINUSER_ACCOUNT_DISABLED"));
1.4.2.1 +23 -4
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JetspeedAccessController.java
Index: JetspeedAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JetspeedAccessController.java,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- JetspeedAccessController.java 14 May 2002 17:35:32 -0000 1.4
+++ JetspeedAccessController.java 10 Jun 2002 05:36:19 -0000 1.4.2.1
@@ -56,7 +56,7 @@
import org.apache.turbine.util.RunData;
import org.apache.turbine.om.security.User;
-import org.apache.turbine.modules.actions.AccessController;
+import org.apache.turbine.modules.Action;
import org.apache.turbine.util.security.AccessControlList;
import org.apache.turbine.services.resources.TurbineResources;
import org.apache.turbine.modules.ActionLoader;
@@ -72,14 +72,14 @@
in order to get the cached ACL list from logon
@author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
-@version $Id: JetspeedAccessController.java,v 1.4 2002/05/14 17:35:32 ggolden Exp $
+@version $Id: JetspeedAccessController.java,v 1.4.2.1 2002/06/10 05:36:19 taylor
Exp $
*/
-public class JetspeedAccessController extends AccessController
+public class JetspeedAccessController extends Action
{
public void doPerform( RunData data ) throws Exception
{
- super.doPerform(data);
+ getACL(data);
JetspeedRunData jdata = null;
try
@@ -106,4 +106,23 @@
}
}
+
+ protected void getACL(RunData data)
+ {
+
+ if ( data.getUser() != null && data.getUser().hasLoggedIn() )
+ {
+ AccessControlList acl = (AccessControlList)
+ data.getSession().getValue(AccessControlList.SESSION_KEY);
+ if ( acl == null )
+ {
+ //acl = TurbineSecurity.getACL( data.getUser() );
+ acl = null;
+ data.getSession().putValue( AccessControlList.SESSION_KEY,
+ (Object)acl );
+ }
+ data.setACL(acl);
+ }
+ }
+
}
1.17.2.1 +3 -4
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JetspeedSessionValidator.java
Index: JetspeedSessionValidator.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JetspeedSessionValidator.java,v
retrieving revision 1.17
retrieving revision 1.17.2.1
diff -u -r1.17 -r1.17.2.1
--- JetspeedSessionValidator.java 7 May 2002 15:16:08 -0000 1.17
+++ JetspeedSessionValidator.java 10 Jun 2002 05:36:19 -0000 1.17.2.1
@@ -59,13 +59,12 @@
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.Log;
-import org.apache.turbine.util.security.UnknownEntityException;
import org.apache.turbine.om.security.User;
-import org.apache.turbine.modules.actions.sessionvalidator.TemplateSessionValidator;
import org.apache.turbine.services.resources.TurbineResources;
import org.apache.jetspeed.om.profile.Profile;
import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.security.LoginException;
import org.apache.jetspeed.services.Profiler;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
import org.apache.jetspeed.services.resources.JetspeedResources;
@@ -83,7 +82,7 @@
@author <a href="mailto:[EMAIL PROTECTED]";>Ingo Schuster</a>
@author <a href="mailto:[EMAIL PROTECTED]";>Rapha�l Luta</a>
@author <a href="mailto:[EMAIL PROTECTED]";>Santiago Gala</a>
-@version $Id: JetspeedSessionValidator.java,v 1.17 2002/05/07 15:16:08 ggolden Exp $
+@version $Id: JetspeedSessionValidator.java,v 1.17.2.1 2002/06/10 05:36:19 taylor
Exp $
*/
public class JetspeedSessionValidator extends TemplateSessionValidator
{
@@ -122,7 +121,7 @@
user.updateLastLogin();
data.save();
}
- } catch (UnknownEntityException noSuchUser) {
+ } catch (LoginException noSuchUser) {
//user not found - ignore it - they will not be logged in
automatically
}
}
No revision
No revision
1.1.2.1 +171 -0
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/Attic/TemplateSessionValidator.java
No revision
No revision
1.10.2.7 +3 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java
Index: JetspeedSecurity.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java,v
retrieving revision 1.10.2.6
retrieving revision 1.10.2.7
diff -u -r1.10.2.6 -r1.10.2.7
--- JetspeedSecurity.java 7 Jun 2002 10:02:06 -0000 1.10.2.6
+++ JetspeedSecurity.java 10 Jun 2002 05:36:19 -0000 1.10.2.7
@@ -90,7 +90,7 @@
*
* @see org.apache.jetspeed.services.security.JetspeedSecurityService
* @author <a href="mailto:[EMAIL PROTECTED]";>David Sean Taylor</a>
- * @version $Id: JetspeedSecurity.java,v 1.10.2.6 2002/06/07 10:02:06 taylor Exp $
+ * @version $Id: JetspeedSecurity.java,v 1.10.2.7 2002/06/10 05:36:19 taylor Exp $
*/
abstract public class JetspeedSecurity /* extends TurbineSecurity */
@@ -444,7 +444,8 @@
throws org.apache.turbine.util.security.DataBackendException,
org.apache.turbine.util.security.UnknownEntityException
{
- return org.apache.turbine.services.security.TurbineSecurity.getACL(user);
+ return null;
+ //return org.apache.turbine.services.security.TurbineSecurity.getACL(user);
}
public static org.apache.turbine.om.security.Role getRole( String roleName )
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
