paulsp 2002/06/20 21:30:22
Modified: src/java/org/apache/jetspeed/services/security/registry Tag:
security_14 TestAccessController.java
src/java/org/apache/jetspeed/om/registry/base Tag:
security_14 BaseSecurityEntry.java
Log:
o The following security entry is now correctly used. Previously the "*" action
was not checked if the request action existed.
<security-entry name="all_users-view_anon">
<access action="*">
<allow-if role="user"/>
</access>
<access action="view">
<allow-if role="guest"/>
</access>
</security-entry>
o Updated the corrisponding unit test
Revision Changes Path
No revision
No revision
1.1.2.5 +44 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/TestAccessController.java
Index: TestAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/TestAccessController.java,v
retrieving revision 1.1.2.4
retrieving revision 1.1.2.5
diff -u -r1.1.2.4 -r1.1.2.5
--- TestAccessController.java 19 Jun 2002 02:44:28 -0000 1.1.2.4
+++ TestAccessController.java 21 Jun 2002 04:30:22 -0000 1.1.2.5
@@ -104,7 +104,9 @@
private static String TEST_GROUP = "Jetspeed";
private static String TEST_SECURITY_PAGE = "SecurityTest";
private static String USER_PORTLET = "SkinBrowser"; // Portlet accessable by
general user, role = user
+ private static String USERANON_PORTLET = "Welcome"; // Portlet viewable by
Anonymous user, all by role=user
private static SecurityReference userSecurityRef = new BaseSecurityReference();
+ private static SecurityReference userAllAnonViewSecurityRef = new
BaseSecurityReference();
/**
* Defines the testcase name for JUnit.
@@ -156,6 +158,35 @@
Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry(
"wide_open", null, "*"));
assertNotNull( "Getting wide_open security " , Registry.getEntry(
Registry.SECURITY, "wide_open"));
+ /*
+ * Create a security entry that looks look like the following
+ *
+ * <security-entry name="all_users-view_anon">
+ * <access action="*">
+ * <allow-if role="user"/>
+ * </access>
+ * <access action="view">
+ * <allow-if role="guest"/>
+ * </access>
+ * </security-entry>
+ */
+ Registry.addEntry(Registry.SECURITY, (RegistryEntry) createSecurityEntry(
"all_users-view_anon", "user", "*"));
+ assertNotNull( "Getting all_users-view_anon security " , Registry.getEntry(
Registry.SECURITY, "all_users-view_anon"));
+ SecurityEntry secEntry = (SecurityEntry) Registry.getEntry(
Registry.SECURITY, "all_users-view_anon");
+ Vector accessVector = secEntry.getAccesses();
+ assertEquals( "Getting number of accesses for all_users-view_anon", 1,
accessVector.size());
+ BaseSecurityAllow allowElement = new BaseSecurityAllow();
+ allowElement.setRole("guest");
+ Vector allowVector = new Vector();
+ allowVector.addElement(allowElement);
+ BaseSecurityAccess accessElement = new BaseSecurityAccess();
+ accessElement.setAction("view");
+ accessElement.setAllows( allowVector );
+ accessVector.addElement(accessElement);
+ secEntry.setAccesses(accessVector);
+ assertEquals( "Getting number of accesses for all_users-view_anon", 2,
secEntry.getAccesses().size());
+
+ // Verify users and their groups
assertNotNull( "Getting admin user", JetspeedSecurity.getUser("admin"));
assertTrue( "Admin user has Admin role",
JetspeedRoleManagement.hasRole("admin","admin"));
assertTrue( "Admin user has User role",
JetspeedRoleManagement.hasRole("admin","user"));
@@ -165,6 +196,7 @@
assertNotNull( "Getting anonymous user",
JetspeedSecurity.getAnonymousUser());
assertTrue( "anonymous user does not have Admin role",
!JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"admin"));
assertTrue( "anonymous user does not have User role",
!JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"user"));
+ assertTrue( "anonymous user does not have Guest role",
JetspeedRoleManagement.hasRole(JetspeedSecurity.getAnonymousUser().getUserName(),"guest"));
assertNotNull( "adminSecurityRef", adminSecurityRef);
adminSecurityRef.setParent("admin_only");
@@ -177,6 +209,11 @@
assertNotNull( "defaultSecurityRef", defaultSecurityRef);
defaultSecurityRef.setParent("wide_open");
assertNotNull( "Getting security for " + defaultSecurityRef.getParent(),
Registry.getEntry( Registry.SECURITY, defaultSecurityRef.getParent()));
+
+ assertNotNull( "userAllAnonViewSecurityRef", userAllAnonViewSecurityRef);
+ userAllAnonViewSecurityRef.setParent("all_users-view_anon");
+ assertNotNull( "Getting security for " +
userAllAnonViewSecurityRef.getParent(), Registry.getEntry( Registry.SECURITY,
defaultSecurityRef.getParent()));
+
}
public void testRequiredActions() throws Exception
@@ -194,6 +231,7 @@
Entry adminEntry = createEntry( ADMIN_PORTLET, "ST_01.admin",
adminSecurityRef);
Entry userEntry = createEntry( USER_PORTLET, "ST_01.user", userSecurityRef);
Entry allEntry = createEntry( ALL_PORTLET, "ST_01.all", defaultSecurityRef);
+ Entry userAnonEntry = createEntry( USERANON_PORTLET, "ST_01.userAnon",
userAllAnonViewSecurityRef);
assertEquals( "Admin user has view access to " + ADMIN_PORTLET, true,
JetspeedPortalAccessController.checkPermission( adminUser, adminEntry, "view"));
assertEquals( "Turbine user DOES NOT have view access to " + ADMIN_PORTLET,
false, JetspeedPortalAccessController.checkPermission( turbineUser, adminEntry,
"view"));
@@ -206,6 +244,11 @@
assertEquals( "Admin user has view access to " + ALL_PORTLET, true,
JetspeedPortalAccessController.checkPermission( adminUser, allEntry, "view"));
assertEquals( "Turbine user has view access to " + ALL_PORTLET, true,
JetspeedPortalAccessController.checkPermission( turbineUser, allEntry, "view"));
assertEquals( "Anonymous user has view access to " + ALL_PORTLET, true,
JetspeedPortalAccessController.checkPermission( anonymousUser, allEntry, "view"));
+
+ assertEquals( "Admin user has view access to " + USERANON_PORTLET, true,
JetspeedPortalAccessController.checkPermission( adminUser, userAnonEntry, "view"));
+ assertEquals( "Admin user has maximize access to " + USERANON_PORTLET,
true, JetspeedPortalAccessController.checkPermission( turbineUser, userAnonEntry,
"maximize"));
+ assertEquals( "Anonymous user has view access to " + USERANON_PORTLET,
true, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry,
"view"));
+ assertEquals( "Anonymous user has view access to " + USERANON_PORTLET,
false, JetspeedPortalAccessController.checkPermission( anonymousUser, userAnonEntry,
"maximize"));
}
/*
No revision
No revision
1.1.2.5 +59 -29
jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/Attic/BaseSecurityEntry.java
Index: BaseSecurityEntry.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/Attic/BaseSecurityEntry.java,v
retrieving revision 1.1.2.4
retrieving revision 1.1.2.5
diff -u -r1.1.2.4 -r1.1.2.5
--- BaseSecurityEntry.java 19 Jun 2002 02:37:50 -0000 1.1.2.4
+++ BaseSecurityEntry.java 21 Jun 2002 04:30:22 -0000 1.1.2.5
@@ -124,23 +124,23 @@
*/
public boolean allowsRole(String role, String action)
{
+ Map allowMap = null;
+ boolean allow = false;
+
if (accessMap == null)
buildAccessMap();
- Map allowMap = (Map) accessMap.get(action);
- if (allowMap == null)
- {
- allowMap = (Map) accessMap.get(ALL_ACTIONS);
- if (allowMap == null)
- return false;
- }
- Map allowRoleMap = (Map) allowMap.get(ROLE_MAP);
- if (allowRoleMap == null)
- return allowMap.isEmpty(); // If acction exist and no allows, then
grant permission
-
- boolean allow = allowRoleMap.containsKey( role);
- if ( allow == false)
- allow = allowRoleMap.containsKey( ALL_ROLES);
+ // Checked action
+ allowMap = (Map) accessMap.get(action);
+ allow = isInAllowMap( allowMap, ROLE_MAP, role, ALL_ROLES);
+ if (allow == true)
+ return allow;
+
+ // Checked all actions
+ allowMap = (Map) accessMap.get(ALL_ACTIONS);
+ allow = isInAllowMap( allowMap, ROLE_MAP, role, ALL_ROLES);
+
+ // Not allowed
return allow;
}
@@ -153,24 +153,25 @@
*/
public boolean allowsUser(String userName, String action)
{
+ Map allowMap = null;
+ boolean allow = false;
+
if (accessMap == null)
buildAccessMap();
- Map allowMap = (Map) accessMap.get(action);
- if (allowMap == null)
- {
- allowMap = (Map) accessMap.get(ALL_ACTIONS);
- if (allowMap == null)
- return false;
- }
- Map allowUserMap = (Map) allowMap.get(USER_MAP);
- if (allowUserMap == null)
- return allowMap.isEmpty(); // If action exist and no allows, then grant
permission
-
- boolean allow = allowUserMap.containsKey( userName);
- if ( allow == false)
- allow = allowUserMap.containsKey( ALL_USERS);
+ // Checked action
+ allowMap = (Map) accessMap.get(action);
+ allow = isInAllowMap( allowMap, USER_MAP, userName, ALL_USERS);
+ if (allow == true)
+ return allow;
+
+ // Checked all actions
+ allowMap = (Map) accessMap.get(ALL_ACTIONS);
+ allow = isInAllowMap( allowMap, USER_MAP, userName, ALL_USERS);
+
+ // Not allowed
return allow;
+
}
private void buildAccessMap()
@@ -248,6 +249,35 @@
}
}
}
+
+ /**
+ * Search allow map of user/role or "all user/role"
+ *
+ * @param allowMap Map of allow-if
+ * @param mapType ROLE_MAP or USER_MAP
+ * @param mapKey role or user to test
+ * @param allKey ALL_ROLE or ALL_USER
+ * @return <CODE>true</CODE> or <CODE>false</CODE>
+ */
+ private boolean isInAllowMap( Map allowMap, String mapType, String mapKey,
String allKey)
+ {
+ boolean allow = false;
+ if (allowMap != null)
+ {
+ Map allowRoleMap = (Map) allowMap.get(mapType);
+ if (allowRoleMap == null)
+ return allowMap.isEmpty(); // If acction exist and no allows, then
grant permission
+
+ allow = allowRoleMap.containsKey( mapKey);
+ if ( allow == false)
+ allow = allowRoleMap.containsKey( allKey);
+ return allow;
+ }
+
+ // Not allowed
+ return allow;
+ }
+
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
