morciuch 2004/03/30 20:49:11
Modified: src/java/org/apache/jetspeed/modules/actions/portlets
GenericMVCAction.java IndexPortletRegistry.java
PsmlUpdateAction.java RegistryUpdateAction.java
src/java/org/apache/jetspeed/modules/actions/portlets/security
GroupUpdateAction.java PermissionUpdateAction.java
RolePermissionUpdateAction.java
RoleUpdateAction.java
UserGroupRoleUpdateAction.java
UserGroupUpdateAction.java
UserRoleUpdateAction.java UserUpdateAction.java
src/java/org/apache/jetspeed/services JetspeedSecurity.java
src/java/org/apache/jetspeed/services/security
JetspeedDBSecurityService.java
JetspeedSecurityService.java
webapp/WEB-INF/conf JetspeedSecurity.properties
JetspeedSecurity.template
Log:
Secured all security and registry portlet actions. A secured action may only be
executed by user having one of the roles defined in
services.JetspeedSecurity.admin.roles property. See JIRA issue JS1-421 for more
information.
Revision Changes Path
1.7 +26 -3
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/GenericMVCAction.java
Index: GenericMVCAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/GenericMVCAction.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- GenericMVCAction.java 23 Feb 2004 02:56:58 -0000 1.6
+++ GenericMVCAction.java 31 Mar 2004 04:49:10 -0000 1.7
@@ -24,15 +24,14 @@
import org.apache.jetspeed.portal.PortletInstance;
import org.apache.jetspeed.portal.portlets.GenericMVCContext;
import org.apache.jetspeed.portal.portlets.GenericMVCPortlet;
+import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
import org.apache.jetspeed.services.persistence.PersistenceManager;
import org.apache.jetspeed.services.persistence.PortalPersistenceException;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
import org.apache.jetspeed.util.PortletSessionState;
-
import org.apache.turbine.util.RunData;
-
import org.apache.velocity.context.Context;
@@ -52,7 +51,7 @@
/**
* Static initialization of the logger for this class
*/
- private static final JetspeedLogger logger =
JetspeedLogFactoryService.getLogger(GenericMVCAction.class.getName());
+ protected static final JetspeedLogger logger =
JetspeedLogFactoryService.getLogger(GenericMVCAction.class.getName());
/** Creates a new instance of GenericMVCAction */
public GenericMVCAction()
@@ -254,5 +253,29 @@
PortletInstance instance = getPortletInstance(context);
instance.setAttribute(attrName, value);
PersistenceManager.store(instance);
+ }
+
+ /**
+ * Throws an exception if user attempts to perform unathorized action.
+ *
+ * @param data
+ * @throws SecurityException
+ */
+ public void checkAdministrativeAction(RunData data) throws SecurityException
+ {
+ if (!JetspeedSecurity.hasAdminRole(data.getUser()))
+ {
+ if (logger.isWarnEnabled())
+ {
+ logger.warn(
+ "User ["
+ + data.getUser().getUserName()
+ + "] attempted to perform
administrative action");
+ }
+ throw new SecurityException(
+ "User ["
+ + data.getUser().getUserName()
+ + "] must be an administrator to perform this
action");
+ }
}
}
1.6 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/IndexPortletRegistry.java
Index: IndexPortletRegistry.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/IndexPortletRegistry.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- IndexPortletRegistry.java 23 Feb 2004 02:56:58 -0000 1.5
+++ IndexPortletRegistry.java 31 Mar 2004 04:49:10 -0000 1.6
@@ -39,7 +39,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">Mark Orciuch</a>
* @version $Id$
*/
-public class IndexPortletRegistry extends GenericMVCAction
+public class IndexPortletRegistry extends SecureGenericMVCAction
{
/**
1.18 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/PsmlUpdateAction.java
Index: PsmlUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/PsmlUpdateAction.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- PsmlUpdateAction.java 23 Feb 2004 02:56:58 -0000 1.17
+++ PsmlUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.18
@@ -81,7 +81,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a>
* @version $Id$
*/
-public class PsmlUpdateAction extends VelocityPortletAction
+public class PsmlUpdateAction extends SecureVelocityPortletAction
{
protected static final String PSML_REFRESH_FLAG = "psmlRefreshFlag";
1.10 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/RegistryUpdateAction.java
Index: RegistryUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/RegistryUpdateAction.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- RegistryUpdateAction.java 23 Feb 2004 02:56:58 -0000 1.9
+++ RegistryUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.10
@@ -54,7 +54,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">Jeremy Ford</a>
* @version $Id$
*/
-public abstract class RegistryUpdateAction extends VelocityPortletAction
+public abstract class RegistryUpdateAction extends SecureVelocityPortletAction
{
protected String registryEntryName = "";
protected String registry = "";
1.10 +10 -18
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/GroupUpdateAction.java
Index: GroupUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/GroupUpdateAction.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- GroupUpdateAction.java 23 Feb 2004 02:53:08 -0000 1.9
+++ GroupUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.10
@@ -17,27 +17,19 @@
package org.apache.jetspeed.modules.actions.portlets.security;
// velocity
-import org.apache.velocity.context.Context;
-
-// turbine util
-import org.apache.turbine.util.RunData;
-import org.apache.turbine.util.StringUtils;
-import org.apache.turbine.util.DynamicURI;
-
-// jetspeed security
-import org.apache.jetspeed.services.JetspeedSecurity;
-import org.apache.jetspeed.services.security.GroupException;
+import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
import org.apache.jetspeed.om.security.Group;
import org.apache.jetspeed.om.security.JetspeedGroupFactory;
-
-// jetspeed services
+import org.apache.jetspeed.portal.portlets.VelocityPortlet;
+import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
import org.apache.jetspeed.services.resources.JetspeedResources;
-
-// jetspeed velocity
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.portal.portlets.VelocityPortlet;
+import org.apache.jetspeed.services.security.GroupException;
+import org.apache.turbine.util.DynamicURI;
+import org.apache.turbine.util.RunData;
+import org.apache.turbine.util.StringUtils;
+import org.apache.velocity.context.Context;
/**
@@ -47,7 +39,7 @@
* @version $Id$
*/
-public class GroupUpdateAction extends VelocityPortletAction
+public class GroupUpdateAction extends SecureVelocityPortletAction
{
private static final String TEMP_GROUP = "tempGroup";
1.9 +10 -17
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/PermissionUpdateAction.java
Index: PermissionUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/PermissionUpdateAction.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- PermissionUpdateAction.java 23 Feb 2004 02:53:08 -0000 1.8
+++ PermissionUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.9
@@ -17,26 +17,19 @@
package org.apache.jetspeed.modules.actions.portlets.security;
// velocity
-import org.apache.velocity.context.Context;
-
-// turbine util
-import org.apache.turbine.util.RunData;
-import org.apache.turbine.util.StringUtils;
-import org.apache.turbine.util.DynamicURI;
-
-// jetspeed om
-import org.apache.jetspeed.om.security.Permission;
+import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
import org.apache.jetspeed.om.security.JetspeedPermissionFactory;
-// jetspeed services
+import org.apache.jetspeed.om.security.Permission;
+import org.apache.jetspeed.portal.portlets.VelocityPortlet;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
-import org.apache.jetspeed.services.security.JetspeedSecurityException;
import org.apache.jetspeed.services.resources.JetspeedResources;
-
-// jetspeed velocity
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.portal.portlets.VelocityPortlet;
+import org.apache.jetspeed.services.security.JetspeedSecurityException;
+import org.apache.turbine.util.DynamicURI;
+import org.apache.turbine.util.RunData;
+import org.apache.turbine.util.StringUtils;
+import org.apache.velocity.context.Context;
/**
@@ -45,7 +38,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a>
* @version $Id$
*/
-public class PermissionUpdateAction extends VelocityPortletAction
+public class PermissionUpdateAction extends SecureVelocityPortletAction
{
private static final String TEMP_PERMISSION = "tempPermission";
1.9 +11 -19
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RolePermissionUpdateAction.java
Index: RolePermissionUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RolePermissionUpdateAction.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- RolePermissionUpdateAction.java 23 Feb 2004 02:53:08 -0000 1.8
+++ RolePermissionUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.9
@@ -17,31 +17,23 @@
package org.apache.jetspeed.modules.actions.portlets.security;
// java util
-import java.util.Vector;
-import java.util.List;
import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
-// velocity
-import org.apache.velocity.context.Context;
-
-// turbine util
-import org.apache.turbine.util.RunData;
-import org.apache.turbine.util.StringUtils;
-import org.apache.turbine.util.DynamicURI;
-
-// jetspeed om
-import org.apache.jetspeed.om.security.Role;
+import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
import org.apache.jetspeed.om.security.Permission;
-
-// jetspeed services
+import org.apache.jetspeed.om.security.Role;
+import org.apache.jetspeed.portal.portlets.VelocityPortlet;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
import org.apache.jetspeed.services.resources.JetspeedResources;
import org.apache.jetspeed.services.security.JetspeedSecurityException;
-// jetspeed velocity
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.portal.portlets.VelocityPortlet;
+import org.apache.turbine.util.DynamicURI;
+import org.apache.turbine.util.RunData;
+import org.apache.turbine.util.StringUtils;
+import org.apache.velocity.context.Context;
/**
* This action sets up the template context for editing security permissions in the
Turbine database
@@ -50,7 +42,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a>
* @version $Id$
*/
-public class RolePermissionUpdateAction extends VelocityPortletAction
+public class RolePermissionUpdateAction extends SecureVelocityPortletAction
{
private static final String TEMP_ROLE = "tempRole";
1.14 +9 -17
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java
Index: RoleUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- RoleUpdateAction.java 23 Feb 2004 02:53:08 -0000 1.13
+++ RoleUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.14
@@ -17,27 +17,19 @@
package org.apache.jetspeed.modules.actions.portlets.security;
// velocity
-import org.apache.velocity.context.Context;
-
-// turbine util
-import org.apache.turbine.util.RunData;
-import org.apache.turbine.util.StringUtils;
-import org.apache.turbine.util.DynamicURI;
-
-// jetspeed om
+import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
import org.apache.jetspeed.om.security.JetspeedRoleFactory;
import org.apache.jetspeed.om.security.Role;
-
-// jetspeed services
+import org.apache.jetspeed.portal.portlets.VelocityPortlet;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
-import org.apache.jetspeed.services.security.RoleException;
import org.apache.jetspeed.services.resources.JetspeedResources;
-
-// jetspeed velocity
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.portal.portlets.VelocityPortlet;
+import org.apache.jetspeed.services.security.RoleException;
+import org.apache.turbine.util.DynamicURI;
+import org.apache.turbine.util.RunData;
+import org.apache.turbine.util.StringUtils;
+import org.apache.velocity.context.Context;
/**
@@ -46,7 +38,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a>
* @version $Id$
*/
-public class RoleUpdateAction extends VelocityPortletAction
+public class RoleUpdateAction extends SecureVelocityPortletAction
{
private static final String TEMP_ROLE = "tempRole";
1.3 +3 -3
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserGroupRoleUpdateAction.java
Index: UserGroupRoleUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserGroupRoleUpdateAction.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- UserGroupRoleUpdateAction.java 23 Feb 2004 02:53:08 -0000 1.2
+++ UserGroupRoleUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.3
@@ -20,7 +20,7 @@
import java.util.Iterator;
import java.util.Vector;
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
+import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
import org.apache.jetspeed.om.profile.Portlets;
import org.apache.jetspeed.om.profile.Profile;
import org.apache.jetspeed.om.profile.ProfileLocator;
@@ -49,7 +49,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">Mark Orciuch</a>
* @version $Id$
*/
-public class UserGroupRoleUpdateAction extends VelocityPortletAction
+public class UserGroupRoleUpdateAction extends SecureVelocityPortletAction
{
/**
1.5 +4 -5
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserGroupUpdateAction.java
Index: UserGroupUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserGroupUpdateAction.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- UserGroupUpdateAction.java 23 Feb 2004 02:53:08 -0000 1.4
+++ UserGroupUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.5
@@ -21,14 +21,13 @@
import java.util.Iterator;
import java.util.List;
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.modules.actions.portlets.security.SecurityConstants;
+import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
import org.apache.jetspeed.om.security.Group;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
+import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
-import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.resources.JetspeedResources;
import org.apache.turbine.util.DynamicURI;
import org.apache.turbine.util.RunData;
@@ -43,7 +42,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a>
* @version $Id$
*/
-public class UserGroupUpdateAction extends VelocityPortletAction
+public class UserGroupUpdateAction extends SecureVelocityPortletAction
{
/**
* Static initialization of the logger for this class
1.12 +17 -26
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserRoleUpdateAction.java
Index: UserRoleUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserRoleUpdateAction.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- UserRoleUpdateAction.java 23 Feb 2004 02:53:08 -0000 1.11
+++ UserRoleUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.12
@@ -17,38 +17,29 @@
package org.apache.jetspeed.modules.actions.portlets.security;
// java util
-import java.util.Vector;
-import java.util.List;
import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
-// velocity
-import org.apache.velocity.context.Context;
-
-// turbine util
-import org.apache.turbine.util.RunData;
-import org.apache.turbine.util.StringUtils;
-import org.apache.turbine.util.DynamicURI;
-
-// turbine om
-import org.apache.jetspeed.om.security.Role;
+import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
+import org.apache.jetspeed.om.profile.Portlets;
+import org.apache.jetspeed.om.profile.Profile;
+import org.apache.jetspeed.om.profile.ProfileLocator;
import org.apache.jetspeed.om.security.JetspeedUser;
-
-// jetspeed services
+import org.apache.jetspeed.om.security.Role;
+import org.apache.jetspeed.portal.portlets.VelocityPortlet;
import org.apache.jetspeed.services.JetspeedSecurity;
-import org.apache.jetspeed.services.resources.JetspeedResources;
import org.apache.jetspeed.services.Profiler;
-import org.apache.jetspeed.om.profile.ProfileLocator;
-import org.apache.jetspeed.om.profile.Profile;
-import org.apache.jetspeed.om.profile.Portlets;
+import org.apache.jetspeed.services.PsmlManager;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
-import org.apache.jetspeed.services.PsmlManager;
-import org.apache.jetspeed.util.PortletUtils;
+import org.apache.jetspeed.services.resources.JetspeedResources;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
-
-// jetspeed velocity
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
-import org.apache.jetspeed.portal.portlets.VelocityPortlet;
+import org.apache.jetspeed.util.PortletUtils;
+import org.apache.turbine.util.DynamicURI;
+import org.apache.turbine.util.RunData;
+import org.apache.turbine.util.StringUtils;
+import org.apache.velocity.context.Context;
/**
@@ -58,7 +49,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a>
* @version $Id$
*/
-public class UserRoleUpdateAction extends VelocityPortletAction
+public class UserRoleUpdateAction extends SecureVelocityPortletAction
{
/**
1.17 +14 -32
jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java
Index: UserUpdateAction.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- UserUpdateAction.java 23 Feb 2004 02:53:08 -0000 1.16
+++ UserUpdateAction.java 31 Mar 2004 04:49:10 -0000 1.17
@@ -17,45 +17,27 @@
package org.apache.jetspeed.modules.actions.portlets.security;
// java util
+import java.io.StringWriter;
import java.util.Date;
-import java.util.Properties;
import java.util.Locale;
+import java.util.Properties;
-// java io
-import java.io.StringWriter;
-
-// velocity context
-import org.apache.velocity.context.Context;
-
-// turbine util
-import org.apache.turbine.util.RunData;
-import org.apache.turbine.util.StringUtils;
-import org.apache.turbine.util.DynamicURI;
-
-// turbine velocity
-import org.apache.turbine.services.velocity.TurbineVelocity;
-
-// turbine om security
+import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
import org.apache.jetspeed.om.security.JetspeedUser;
-import org.apache.jetspeed.services.security.NotUniqueUserException;
-
-//turbine email
-import org.apache.turbine.util.mail.SimpleEmail;
-
-import org.apache.turbine.services.resources.TurbineResources;
-
-// jetspeed velocity
-import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
-
-// jetspeed services
+import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.TemplateLocator;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
import org.apache.jetspeed.services.resources.JetspeedResources;
-
-// jetspeed security
-import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.security.NotUniqueUserException;
+import org.apache.turbine.services.resources.TurbineResources;
+import org.apache.turbine.services.velocity.TurbineVelocity;
+import org.apache.turbine.util.DynamicURI;
+import org.apache.turbine.util.RunData;
+import org.apache.turbine.util.StringUtils;
+import org.apache.turbine.util.mail.SimpleEmail;
+import org.apache.velocity.context.Context;
/**
* This action sets up the template context for editing users in the Turbine
database.
@@ -65,7 +47,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">Paul Spencer</a>
* @version $Id$
*/
-public class UserUpdateAction extends VelocityPortletAction
+public class UserUpdateAction extends SecureVelocityPortletAction
{
private static final String TEMP_USER = "tempUser";
1.21 +18 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java
Index: JetspeedSecurity.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- JetspeedSecurity.java 23 Feb 2004 04:00:57 -0000 1.20
+++ JetspeedSecurity.java 31 Mar 2004 04:49:10 -0000 1.21
@@ -18,6 +18,7 @@
import java.security.Principal;
import java.util.Iterator;
+import java.util.List;
import org.apache.jetspeed.om.SecurityReference;
import org.apache.jetspeed.om.profile.Entry;
@@ -37,6 +38,7 @@
import org.apache.jetspeed.services.security.JetspeedSecurityService;
import org.apache.jetspeed.services.security.LoginException;
import org.apache.jetspeed.services.security.PortalResource;
+import org.apache.turbine.om.security.User;
import org.apache.turbine.services.TurbineServices;
@@ -590,6 +592,21 @@
return ((JetspeedSecurityService)getService()).getAnonymousUserName();
}
+ /*
+ * @see JetspeedSecurityService#getAdminRoles
+ */
+ public static List getAdminRoles()
+ {
+ return ((JetspeedSecurityService)getService()).getAdminRoles();
+ }
+
+ /*
+ * @see JetspeedSecurityService#hasAdminRole
+ */
+ public static boolean hasAdminRole(User user)
+ {
+ return ((JetspeedSecurityService)getService()).hasAdminRole(user);
+ }
//////////////////////////////////////////////////////////////////////////
//
1.25 +64 -9
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java
Index: JetspeedDBSecurityService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- JetspeedDBSecurityService.java 23 Feb 2004 03:58:11 -0000 1.24
+++ JetspeedDBSecurityService.java 31 Mar 2004 04:49:10 -0000 1.25
@@ -16,25 +16,27 @@
package org.apache.jetspeed.services.security;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
import javax.servlet.ServletConfig;
-// Jetspeed
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.security.JetspeedUserFactory;
import org.apache.jetspeed.om.security.UserNamePrincipal;
import org.apache.jetspeed.portal.Portlet;
-import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
-import org.apache.jetspeed.services.logging.JetspeedLogger;
+import org.apache.jetspeed.services.JetspeedPortalAccessController;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.JetspeedUserManagement;
-import org.apache.jetspeed.services.JetspeedPortalAccessController;
+import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
+import org.apache.jetspeed.services.logging.JetspeedLogger;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
-
-// Turbine
-import org.apache.turbine.services.TurbineServices;
-import org.apache.turbine.services.TurbineBaseService;
+import org.apache.turbine.om.security.User;
import org.apache.turbine.services.InitializationException;
+import org.apache.turbine.services.TurbineBaseService;
+import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.services.resources.ResourceService;
/**
@@ -63,6 +65,7 @@
private final static String CONFIG_LOGON_AUTO_DISABLE = "logon.auto.disable";
private final static String CONFIG_ACTIONS_ANON_DISABLE =
"actions.anon.disable";
private final static String CONFIG_ACTIONS_ALLUSERS_DISABLE =
"actions.allusers.disable";
+ private final static String CONFIG_ACTIONS_ADMIN_ROLES = "admin.roles";
private final static String CONFIG_NEWUSER_ROLES = "newuser.roles";
private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN =
"permission.default.loggedin";
@@ -71,6 +74,8 @@
private final static String [] DEFAULT_PERMISSIONS = {""};
private final static String [] DEFAULT_CONFIG_NEWUSER_ROLES =
{ "user" };
+ private final static String [] DEFAULT_ADMIN_ROLES =
+ { "admin" };
String roles[] = null;
boolean caseInsensitiveUsername = false;
@@ -79,6 +84,7 @@
boolean actionsAnonDisable = true;
boolean actionsAllUsersDisable = false;
String anonymousUser = "anon";
+ String[] adminRoles = null;
int strikeCount = 3; // 3 within the interval
int strikeMax = 20; // 20 total failures
@@ -111,6 +117,7 @@
try
{
roles = serviceConf.getStringArray(CONFIG_NEWUSER_ROLES);
+ adminRoles =
serviceConf.getStringArray(CONFIG_ACTIONS_ADMIN_ROLES);
}
catch (Exception e)
{}
@@ -120,6 +127,11 @@
roles = DEFAULT_CONFIG_NEWUSER_ROLES;
}
+ if (null == adminRoles || adminRoles.length == 0)
+ {
+ adminRoles = DEFAULT_ADMIN_ROLES;
+ }
+
caseInsensitiveUsername =
serviceConf.getBoolean(CONFIG_CASEINSENSITIVE_USERNAME, caseInsensitiveUsername);
caseInsensitivePassword =
serviceConf.getBoolean(CONFIG_CASEINSENSITIVE_PASSWORD, caseInsensitivePassword);
caseInsensitiveUpper = serviceConf.getBoolean(CONFIG_CASEINSENSITIVE_UPPER,
caseInsensitiveUpper);
@@ -448,6 +460,49 @@
return anonymousUser;
}
+ /*
+ * Gets the list of administrative roles
+ *
+ * @return list of admin roles
+ */
+ public List getAdminRoles()
+ {
+ List result = new ArrayList();
+ for (int i = 0; i < adminRoles.length; i++)
+ {
+ result.add(adminRoles[i]);
+ }
+
+ return result;
+ }
+
+ /**
+ * Returns true if user has administrative role
+ *
+ * @param user
+ * @return true if user has administrative role
+ */
+ public boolean hasAdminRole(User user)
+ {
+ String username = user.getUserName();
+ try
+ {
+ List adminRoles = getAdminRoles();
+ for (Iterator it = adminRoles.iterator(); it.hasNext();)
+ {
+ if (JetspeedSecurity.hasRole(username,
(String)it.next()))
+ {
+ return true;
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ logger.error(e);
+ }
+
+ return false;
+ }
}
1.12 +18 -3
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java
Index: JetspeedSecurityService.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- JetspeedSecurityService.java 23 Feb 2004 03:58:11 -0000 1.11
+++ JetspeedSecurityService.java 31 Mar 2004 04:49:10 -0000 1.12
@@ -16,11 +16,13 @@
package org.apache.jetspeed.services.security;
-import org.apache.jetspeed.services.rundata.JetspeedRunData;
-import org.apache.turbine.services.Service;
+import java.util.List;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.portal.Portlet;
+import org.apache.jetspeed.services.rundata.JetspeedRunData;
+import org.apache.turbine.om.security.User;
+import org.apache.turbine.services.Service;
/**
* The Security Service manages Users, Groups Roles and Permissions in the
@@ -252,6 +254,19 @@
*/
public String getAnonymousUserName();
+ /*
+ * Gets the list of administrative roles
+ *
+ * @return list of admin roles
+ */
+ public List getAdminRoles();
+
+ /*
+ * Returns true if user has adminstrative role
+ *
+ * @return
+ */
+ public boolean hasAdminRole(User user);
}
1.82 +9 -1 jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.properties
Index: JetspeedSecurity.properties
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.properties,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- JetspeedSecurity.properties 29 Mar 2004 21:38:43 -0000 1.81
+++ JetspeedSecurity.properties 31 Mar 2004 04:49:10 -0000 1.82
@@ -174,6 +174,14 @@
#
services.JetspeedSecurity.system.permissions =
+#
+# Comma separated list of administrative roles. Only users
+# with administratives roles can perform secured portlet actions
+#
+# Default: admin
+#
+services.JetspeedSecurity.admin.roles = admin
+
#########################################
# Action buttons #
#########################################
1.14 +9 -1 jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.template
Index: JetspeedSecurity.template
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.template,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- JetspeedSecurity.template 17 Mar 2004 19:10:26 -0000 1.13
+++ JetspeedSecurity.template 31 Mar 2004 04:49:10 -0000 1.14
@@ -174,6 +174,14 @@
#
services.JetspeedSecurity.system.permissions =
+#
+# Comma separated list of administrative roles. Only users
+# with administratives roles can perform secured portlet actions
+#
+# Default: admin
+#
+services.JetspeedSecurity.admin.roles = admin
+
#########################################
# Action buttons #
#########################################
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
