paulsp 2002/08/25 12:45:07
Modified: src/java/org/apache/jetspeed/services/security
PortalAccessController.java
src/java/org/apache/jetspeed/services/security/turbine
TurbineAccessController.java
src/java/org/apache/jetspeed/services/security/nosecurity
NoSecurityAccessController.java
src/java/org/apache/jetspeed/services/security/registry
RegistryAccessController.java
Log:
Add a owner to some checkPermission() methods. This allows the authorization
to include the owner of a portal resource, Entry of Portlet. Owner was added to
the PortalResource in an earlier commit.
Two of the checkPermission() methods have been deprecated since simular
methods with owner was added.
Revision Changes Path
1.3 +33 -3
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/PortalAccessController.java
Index: PortalAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/PortalAccessController.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- PortalAccessController.java 28 Jun 2002 05:37:34 -0000 1.2
+++ PortalAccessController.java 25 Aug 2002 19:45:07 -0000 1.3
@@ -78,6 +78,19 @@
{
public String SERVICE_NAME = "PortalAccessController";
+ /** Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
+ * the given Portlet Instance (<code>Entry</code>) resource. If the user does
not have
+ * sufficient privilege to perform the action on the resource, the check
returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param entry the portlet instance resource.
+ * @param action the secured action to be performed on the resource by the user.
+ * @return boolean true if the user has sufficient privilege.
+ * @depracated Use checkpermission(user, entry, action, owner)
+ */
+ public boolean checkPermission(JetspeedUser user, Entry entry, String action);
+
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
* the given Portlet Instance (<code>Entry</code>) resource. If the user does
not have
@@ -87,9 +100,10 @@
* @param user the user to be checked.
* @param entry the portlet instance resource.
* @param action the secured action to be performed on the resource by the user.
+ * @param owner of the entry, i.e. the username
* @return boolean true if the user has sufficient privilege.
*/
- public boolean checkPermission(JetspeedUser user, Entry entry, String action);
+ public boolean checkPermission(JetspeedUser user, Entry entry, String action,
String owner);
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
@@ -101,17 +115,33 @@
* @param portlet the portlet resource.
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
+ *
+ * @depracated Use checkpermission(user, portlet, action, owner)
*/
public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action);
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
+ * the given <code>Portlet</code> resource. If the user does not have
+ * sufficient privilege to perform the action on the resource, the check
returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param portlet the portlet resource.
+ * @param action the secured action to be performed on the resource by the user.
+ * @param owner of the portlet, i.e. the username
+ * @return boolean true if the user has sufficient privilege.
+ */
+ public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action, String owner);
+
+ /**
+ * Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
* the given resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check
returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
- * @param resources requesting an action
+ * @param resource requesting an action
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
1.3 +36 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineAccessController.java
Index: TurbineAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineAccessController.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- TurbineAccessController.java 28 Jun 2002 05:37:36 -0000 1.2
+++ TurbineAccessController.java 25 Aug 2002 19:45:07 -0000 1.3
@@ -103,6 +103,23 @@
*/
public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action)
{
+ return checkPermission(user, portlet, action, null);
+ }
+
+ /**
+ * Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
+ * the given <code>Portlet</code> resource. If the user does not have
+ * sufficient privilege to perform the action on the resource, the check
returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param portlet the portlet resource.
+ * @param action the secured action to be performed on the resource by the user.
+ * @param owner of the entry, i.e. the username
+ * @return boolean true if the user has sufficient privilege.
+ */
+ public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action, String owner)
+ {
String portletName = portlet.getName();
RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET,
portletName);
//portlet is not a portlet - probably a controller or control
@@ -139,6 +156,23 @@
*/
public boolean checkPermission(JetspeedUser user, Entry entry, String action)
{
+ return checkPermission(user, entry, action, null);
+ }
+
+ /**
+ * Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
+ * the given Portlet Instance (<code>Entry</code>) resource. If the user does
not have
+ * sufficient privilege to perform the action on the resource, the check
returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param entry the portlet instance resource.
+ * @param action the secured action to be performed on the resource by the user.
+ * @param owner of the entry, i.e. the username
+ * @return boolean true if the user has sufficient privilege.
+ */
+ public boolean checkPermission(JetspeedUser user, Entry entry, String action,
String owner)
+ {
String portletName = entry.getParent();
RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET,
portletName);
if (regEntry==null)
@@ -156,7 +190,7 @@
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
- * @param resources requesting an action
+ * @param resource requesting an action
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
1.3 +41 -3
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/nosecurity/NoSecurityAccessController.java
Index: NoSecurityAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/nosecurity/NoSecurityAccessController.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- NoSecurityAccessController.java 28 Jun 2002 05:37:36 -0000 1.2
+++ NoSecurityAccessController.java 25 Aug 2002 19:45:07 -0000 1.3
@@ -97,6 +97,23 @@
*/
final public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action)
{
+ return checkPermission(user, portlet, action, null);
+ }
+
+ /**
+ * Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
+ * the given <code>Portlet</code> resource. If the user does not have
+ * sufficient privilege to perform the action on the resource, the check
returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param portlet the portlet resource.
+ * @param action the secured action to be performed on the resource by the user.
+ * @param owner of the entry, i.e. the username
+ * @return boolean true if the user has sufficient privilege.
+ */
+ final public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action, String owner)
+ {
return true;
}
@@ -113,6 +130,24 @@
*/
final public boolean checkPermission(JetspeedUser user, Entry entry, String
action)
{
+ return checkPermission(user, entry, action, null);
+ }
+
+
+ /**
+ * Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
+ * the given Portlet Instance (<code>Entry</code>) resource. If the user does
not have
+ * sufficient privilege to perform the action on the resource, the check
returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param entry the portlet instance resource.
+ * @param action the secured action to be performed on the resource by the user.
+ * @param owner of the entry, i.e. the username
+ * @return boolean true if the user has sufficient privilege.
+ */
+ final public boolean checkPermission(JetspeedUser user, Entry entry, String
action, String owner)
+ {
return true;
}
@@ -124,7 +159,7 @@
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
- * @param resources requesting an action
+ * @param resource requesting an action
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
@@ -149,7 +184,10 @@
public synchronized void init(ServletConfig conf)
throws InitializationException
{
- if (getInit()) return;
+ if (getInit())
+ {
+ return;
+ }
super.init(conf);
1.4 +55 -14
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/RegistryAccessController.java
Index: RegistryAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/RegistryAccessController.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- RegistryAccessController.java 5 Jul 2002 10:54:24 -0000 1.3
+++ RegistryAccessController.java 25 Aug 2002 19:45:07 -0000 1.4
@@ -101,10 +101,27 @@
*/
public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action)
{
+ return checkPermission(user, portlet, action, null);
+ }
+
+ /**
+ * Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
+ * the given <code>Portlet</code> resource. If the user does not have
+ * sufficient privilege to perform the action on the resource, the check
returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param portlet the portlet resource.
+ * @param action the secured action to be performed on the resource by the user.
+ * @param owner of the entry, i.e. the username
+ * @return boolean true if the user has sufficient privilege.
+ */
+ public boolean checkPermission(JetspeedUser user, Portlet portlet, String
action, String owner)
+ {
SecurityReference securityRef = portlet.getPortletConfig().getSecurityRef();
if (securityRef != null)
{
- return checkPermission( user, securityRef, action);
+ return checkPermission( user, securityRef, action, owner);
}
String portletName = portlet.getName();
@@ -124,7 +141,7 @@
return true; // Since their is no entry, their no security to test.
Per spec. all is allowed
}
- return checkPermission(user, registryEntry, action);
+ return checkPermission(user, registryEntry, action, owner);
}
/**
@@ -140,12 +157,29 @@
*/
public boolean checkPermission(JetspeedUser user, Entry entry, String action)
{
+ return checkPermission( user, entry, action, null);
+ }
+
+ /**
+ * Given a <code>JetspeedUser</code>, authorize that user to perform the
secured action on
+ * the given Portlet Instance (<code>Entry</code>) resource. If the user does
not have
+ * sufficient privilege to perform the action on the resource, the check
returns false,
+ * otherwise when sufficient privilege is present, checkPermission returns true.
+ *
+ * @param user the user to be checked.
+ * @param entry the portlet instance resource.
+ * @param action the secured action to be performed on the resource by the user.
+ * @param owner of the entry, i.e. the username
+ * @return boolean true if the user has sufficient privilege.
+ */
+ public boolean checkPermission(JetspeedUser user, Entry entry, String action,
String owner)
+ {
SecurityReference securityRef = entry.getSecurityRef();
if (securityRef == null)
{
- return checkPermission( user, Registry.getEntry( Registry.PORTLET,
entry.getParent()), action);
+ return checkPermission( user, Registry.getEntry( Registry.PORTLET,
entry.getParent()), action, owner);
}
- return checkPermission( user, securityRef, action);
+ return checkPermission( user, securityRef, action, owner);
}
@@ -156,7 +190,7 @@
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
- * @param resources requesting an action
+ * @param resource requesting an action
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
@@ -165,12 +199,17 @@
switch (resource.getResourceType())
{
case PortalResource.TYPE_ENTRY:
- return checkPermission(user, resource.getEntry(), action);
+ return checkPermission(user, resource.getEntry(), action,
resource.getOwner());
+ case PortalResource.TYPE_PORTLET:
+ return checkPermission(user, resource.getPortlet(), action,
resource.getOwner());
case PortalResource.TYPE_REGISTRY:
- return checkPermission(user, resource.getRegistryEntry(), action);
+ return checkPermission(user, resource.getRegistryEntry(), action,
resource.getOwner());
case PortalResource.TYPE_REGISTRY_PARAMETER:
- return checkPermission(user, resource.getRegistryParameter(),
action);
+ return checkPermission(user, resource.getRegistryParameter(),
action, resource.getOwner());
}
+
+ // We should never get here
+ Log.error( "In " + this.getClass().getName() + ".checkPermission(user,
resource, action) - Unkown resource = " + resource.getResourceType());
return false;
}
@@ -179,15 +218,15 @@
*
* @param user the requesting user.
* @param regEntry the registry entry from the registry.
+ * @param owner of the entry, i.e. the username
* @param action the jetspeed-action (view, edit, customize, delete...) for
which permission is being checked.
*/
- private boolean checkPermission(JetspeedUser user, RegistryEntry regEntry,
String action)
+ private boolean checkPermission(JetspeedUser user, RegistryEntry regEntry,
String action, String owner)
{
SecurityReference securityRef = regEntry.getSecurityRef();
if (securityRef == null)
return true; // No security defined on Registry entry
-
- return checkPermission( user, securityRef, action);
+ return checkPermission( user, securityRef, action, owner);
}
/**
@@ -197,7 +236,7 @@
* @param securityRef the security reference to check
* @param action the jetspeed-action (view, edit, customize, delete...) for
which permission is being checked.
*/
- private boolean checkPermission(JetspeedUser user, SecurityReference
securityRef, String action)
+ private boolean checkPermission(JetspeedUser user, SecurityReference
securityRef, String action, String owner)
{
SecurityEntry securityEntry = (SecurityEntry) Registry.getEntry(
Registry.SECURITY, securityRef.getParent());
if (securityEntry == null)
@@ -206,8 +245,10 @@
return false;
}
- if (securityEntry.allowsUser(user.getUserName(), action))
+ if (securityEntry.allowsUser(user.getUserName(), action, owner))
+ {
return true;
+ }
try
{
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
