taylor 2002/06/20 16:45:05
Modified: src/java/org/apache/jetspeed/om/profile Tag: security_14
BaseProfileLocator.java
src/java/org/apache/jetspeed/services Tag: security_14
JetspeedSecurity.java
src/java/org/apache/jetspeed/services/profiler Tag:
security_14 JetspeedProfilerService.java
src/java/org/apache/jetspeed/services/psmlmanager Tag:
security_14 CastorPsmlManagerService.java
src/java/org/apache/jetspeed/services/security Tag:
security_14 JetspeedDBSecurityService.java
JetspeedSecurityService.java
webapp/WEB-INF/conf Tag: security_14
JetspeedSecurity.properties
webapp/WEB-INF/db Tag: security_14 jetspeed.properties
jetspeed.script
Log:
removed anonymous user access from Castor PSML impl
Revision Changes Path
No revision
No revision
1.11.2.3 +4 -15
jakarta-jetspeed/src/java/org/apache/jetspeed/om/profile/BaseProfileLocator.java
Index: BaseProfileLocator.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/profile/BaseProfileLocator.java,v
retrieving revision 1.11.2.2
retrieving revision 1.11.2.3
diff -u -r1.11.2.2 -r1.11.2.3
--- BaseProfileLocator.java 17 Jun 2002 21:27:02 -0000 1.11.2.2
+++ BaseProfileLocator.java 20 Jun 2002 23:45:04 -0000 1.11.2.3
@@ -276,14 +276,9 @@
{
try
{
- if (SecurityServiceRegistered())
- this.setUser( JetspeedSecurity.getAnonymousUser() );
- else
- {
- JetspeedUser user = JetspeedUserFactory.getInstance();
- user.setUserName("anon");
- this.setUser(user);
- }
+ JetspeedUser user = JetspeedUserFactory.getInstance();
+ user.setUserName(JetspeedSecurity.getAnonymousUserName());
+ this.setUser(user);
}
catch (Exception e)
{
@@ -293,12 +288,6 @@
{
this.anonymous = anonymous;
}
- }
-
- private boolean SecurityServiceRegistered()
- {
- ServiceBroker broker = TurbineServices.getInstance();
- return (broker.isRegistered("SecurityService"));
}
/*
No revision
No revision
1.10.2.14 +9 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java
Index: JetspeedSecurity.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java,v
retrieving revision 1.10.2.13
retrieving revision 1.10.2.14
diff -u -r1.10.2.13 -r1.10.2.14
--- JetspeedSecurity.java 20 Jun 2002 22:56:47 -0000 1.10.2.13
+++ JetspeedSecurity.java 20 Jun 2002 23:45:04 -0000 1.10.2.14
@@ -563,6 +563,14 @@
return
((JetspeedSecurityService)getService()).areActionsDisabledForAllUsers();
}
+ /*
+ * @see JetspeedSecurityService#getAnonymousUserName
+ */
+ public static String getAnonymousUserName()
+ {
+ return ((JetspeedSecurityService)getService()).getAnonymousUserName();
+ }
+
//////////////////////////////////////////////////////////////////////////
//
No revision
No revision
1.29.2.7 +23 -18
jakarta-jetspeed/src/java/org/apache/jetspeed/services/profiler/JetspeedProfilerService.java
Index: JetspeedProfilerService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/profiler/JetspeedProfilerService.java,v
retrieving revision 1.29.2.6
retrieving revision 1.29.2.7
diff -u -r1.29.2.6 -r1.29.2.7
--- JetspeedProfilerService.java 20 Jun 2002 23:05:29 -0000 1.29.2.6
+++ JetspeedProfilerService.java 20 Jun 2002 23:45:04 -0000 1.29.2.7
@@ -357,23 +357,28 @@
else // it must be a user resource or anonymous resource
{
// accessing another user's resource
- //param = rundata.getParameters().getString(
Profiler.PARAM_USER );
- //if (null != param)
- //{
- // USER Resource
- // TODO: Check for anonymous user flag, since we could be
configuring the anonymous user
- //if (param.equals(Profiler.PARAM_ANON))
- //{
- // profile.setAnonymous(true);
- //}
- //profile.setUser( JetspeedSecurity.getUser(param) );
- //}
- //else
- //{
- // is it a anonymous access?
- profile.setAnonymous(false); //!user.hasLoggedIn());
- profile.setUser( rundata.getJetspeedUser() );
- //}
+ param = rundata.getParameters().getString( Profiler.PARAM_USER
);
+ if (null != param)
+ {
+
+ if (param.equals(JetspeedSecurity.getAnonymousUserName()))
+ {
+ profile.setAnonymous(true);
+ }
+ if (user.getUserName().equals(param))
+ {
+ profile.setUser( user );
+ }
+ else
+ {
+ profile.setUser( JetspeedSecurity.getUser(param) );
+ }
+ }
+ else
+ {
+
profile.setAnonymous(user.getUserName().equals(JetspeedSecurity.getAnonymousUserName()));
+ profile.setUser( user );
+ }
}
}
No revision
No revision
1.23.2.5 +2 -33
jakarta-jetspeed/src/java/org/apache/jetspeed/services/psmlmanager/CastorPsmlManagerService.java
Index: CastorPsmlManagerService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/psmlmanager/CastorPsmlManagerService.java,v
retrieving revision 1.23.2.4
retrieving revision 1.23.2.5
diff -u -r1.23.2.4 -r1.23.2.5
--- CastorPsmlManagerService.java 20 Jun 2002 22:56:47 -0000 1.23.2.4
+++ CastorPsmlManagerService.java 20 Jun 2002 23:45:04 -0000 1.23.2.5
@@ -131,7 +131,6 @@
private static final String PATH_GROUP = "group";
private static final String PATH_ROLE = "role";
private static final String PATH_USER = "user";
- private static final String PATH_ANON = "anon";
// configuration keys
private final static String CONFIG_ROOT = "root";
@@ -997,12 +996,7 @@
Group group = locator.getGroup();
JetspeedUser user = locator.getUser();
- // Is it an anonymous, user, group, or role resource?
- if (locator.getAnonymous())
- {
- path.append(PATH_ANON);
- }
- else if (user != null)
+ if (user != null)
{
path.append(PATH_USER);
String name = user.getUserName();
@@ -1032,10 +1026,6 @@
.append(name);
}
}
- else
- {
- path.append(PATH_ANON);
- }
// Media
if (null != locator.getMediaType())
@@ -1099,23 +1089,6 @@
// search thru anonymous directories?
int qm = locator.getQueryMode();
- if ((qm & QueryLocator.QUERY_ANON) == QueryLocator.QUERY_ANON)
- {
- Profile profile = createProfile();
- profile.setAnonymous(true);
- StringBuffer path = new StringBuffer();
- path.append(PATH_ANON);
- File base = this.rootDir;
- File file = new File(base, path.toString());
- String absPath = file.getAbsolutePath();
- QueryState qs = new QueryState( QUERY_BY_ANON,
- profile,
- locator,
- list,
- null,
- STATE_BASE);
- subQuery(qs, absPath);
- }
if ((qm & QueryLocator.QUERY_USER) == QueryLocator.QUERY_USER)
{
Profile profile = createProfile();
@@ -1431,7 +1404,6 @@
static int QUERY_BY_USER = 0;
static int QUERY_BY_ROLE = 1;
static int QUERY_BY_GROUP = 2;
- static int QUERY_BY_ANON = 3;
protected class QueryState
{
@@ -1478,9 +1450,6 @@
Iterator x2 = query( locator2 );
dump( x2 );
- QueryLocator locator3 = new QueryLocator( QueryLocator.QUERY_ANON );
- Iterator x3 = query( locator3 );
- dump( x3 );
QueryLocator locator4 = new QueryLocator( QueryLocator.QUERY_GROUP );
// locator4.setGroup( JetspeedSecurity.getGroup("apache") );
No revision
No revision
1.18.2.4 +18 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java
Index: JetspeedDBSecurityService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java,v
retrieving revision 1.18.2.3
retrieving revision 1.18.2.4
diff -u -r1.18.2.3 -r1.18.2.4
--- JetspeedDBSecurityService.java 20 Jun 2002 22:56:47 -0000 1.18.2.3
+++ JetspeedDBSecurityService.java 20 Jun 2002 23:45:04 -0000 1.18.2.4
@@ -122,6 +122,7 @@
private final static String CONFIG_NEWUSER_ROLES = "newuser.roles";
private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN =
"permission.default.loggedin";
private final static String CONFIG_DEFAULT_PERMISSION_ANONYMOUS =
"permission.default.anonymous";
+ private final static String CONFIG_ANONYMOUS_USER = "user.anonymous";
private final static String [] DEFAULT_PERMISSIONS = {""};
private final static String [] DEFAULT_CONFIG_NEWUSER_ROLES =
{ "user" };
@@ -132,6 +133,7 @@
boolean caseInsensitiveUpper = true;
boolean actionsAnonDisable = true;
boolean actionsAllUsersDisable = false;
+ String anonymousUser = "anon";
int strikeCount = 3; // 3 within the interval
int strikeMax = 20; // 20 total failures
@@ -185,6 +187,8 @@
actionsAnonDisable = serviceConf.getBoolean(CONFIG_ACTIONS_ANON_DISABLE,
actionsAnonDisable);
actionsAllUsersDisable =
serviceConf.getBoolean(CONFIG_ACTIONS_ALLUSERS_DISABLE, actionsAllUsersDisable);
+ anonymousUser = serviceConf.getString(CONFIG_ANONYMOUS_USER, anonymousUser);
+
// initialization done
setInit(true);
}
@@ -486,5 +490,18 @@
{
return actionsAllUsersDisable;
}
+
+ /*
+ * Gets the name of the anonymous user account if applicable
+ *
+ *
+ * @return String the name of the anonymous user account
+ *
+ */
+ public String getAnonymousUserName()
+ {
+ return anonymousUser;
+ }
+
}
1.7.2.5 +11 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java
Index: JetspeedSecurityService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java,v
retrieving revision 1.7.2.4
retrieving revision 1.7.2.5
diff -u -r1.7.2.4 -r1.7.2.5
--- JetspeedSecurityService.java 20 Jun 2002 22:56:47 -0000 1.7.2.4
+++ JetspeedSecurityService.java 20 Jun 2002 23:45:04 -0000 1.7.2.5
@@ -285,4 +285,14 @@
public boolean areActionsDisabledForAllUsers();
+ /*
+ * Gets the name of the anonymous user account if applicable
+ *
+ *
+ * @return String the name of the anonymous user account
+ *
+ */
+ public String getAnonymousUserName();
+
+
}
No revision
No revision
1.1.2.21 +1 -1
jakarta-jetspeed/webapp/WEB-INF/conf/Attic/JetspeedSecurity.properties
Index: JetspeedSecurity.properties
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/Attic/JetspeedSecurity.properties,v
retrieving revision 1.1.2.20
retrieving revision 1.1.2.21
diff -u -r1.1.2.20 -r1.1.2.21
No revision
No revision
1.11.2.11 +1 -1 jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.properties
Index: jetspeed.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.properties,v
retrieving revision 1.11.2.10
retrieving revision 1.11.2.11
diff -u -r1.11.2.10 -r1.11.2.11
--- jetspeed.properties 20 Jun 2002 22:56:48 -0000 1.11.2.10
+++ jetspeed.properties 20 Jun 2002 23:45:05 -0000 1.11.2.11
@@ -1,4 +1,4 @@
#Hypersonic SQL database
-#Wed Jun 19 21:28:44 PDT 2002
+#Thu Jun 20 16:10:59 PDT 2002
version=1.4
modified=yes
1.13.2.12 +1 -18 jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.script
Index: jetspeed.script
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.script,v
retrieving revision 1.13.2.11
retrieving revision 1.13.2.12
diff -u -r1.13.2.11 -r1.13.2.12
--- jetspeed.script 20 Jun 2002 22:56:48 -0000 1.13.2.11
+++ jetspeed.script 20 Jun 2002 23:45:05 -0000 1.13.2.12
@@ -127,7 +127,7 @@
INSERT INTO TURBINE_USER_GROUP_ROLE VALUES(360,1,1)
INSERT INTO TURBINE_USER_GROUP_ROLE VALUES(370,1,1)
INSERT INTO TURBINE_USER_GROUP_ROLE VALUES(380,1,1)
-INSERT INTO ID_TABLE VALUES(1,'TURBINE_PERMISSION',250,10)
+INSERT INTO ID_TABLE VALUES(1,'TURBINE_PERMISSION',260,10)
INSERT INTO ID_TABLE VALUES(2,'TURBINE_ROLE',340,10)
INSERT INTO ID_TABLE VALUES(3,'TURBINE_GROUP',270,10)
INSERT INTO ID_TABLE VALUES(4,'TURBINE_USER',390,10)
@@ -150,20 +150,3 @@
INSERT INTO COFFEES VALUES('JoeGrade',3,7.99,1,2)
INSERT INTO COFFEES VALUES('CantThinkOfAnymoreGrade',4,7.99,1,2)
/*C1*/CONNECT USER sa PASSWORD ""
-/*C3*/CONNECT USER sa PASSWORD ""
-SET AUTOCOMMIT FALSE
-/*C4*/CONNECT USER sa PASSWORD ""
-/*C3*/DELETE FROM ID_TABLE WHERE ID_TABLE_ID=1
-INSERT INTO ID_TABLE VALUES(1,'TURBINE_PERMISSION',250,10)
-DELETE FROM ID_TABLE WHERE ID_TABLE_ID=1
-INSERT INTO ID_TABLE VALUES(1,'TURBINE_PERMISSION',260,10)
-COMMIT
-SET AUTOCOMMIT TRUE
-/*C1*/INSERT INTO TURBINE_PERMISSION VALUES(250,'bogus',NULL)
-DELETE FROM TURBINE_PERMISSION WHERE PERMISSION_ID=250
-COMMIT
-ROLLBACK
-DELETE FROM TURBINE_PERMISSION WHERE PERMISSION_ID=2
-INSERT INTO TURBINE_PERMISSION VALUES(2,'customize',NULL)
-INSERT INTO TURBINE_ROLE_PERMISSION VALUES(1,7)
-DELETE FROM TURBINE_ROLE_PERMISSION WHERE ROLE_ID=1 AND PERMISSION_ID=7
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
