taylor 2004/09/03 11:22:26
Modified: commons/src/java/org/apache/jetspeed/security
PortletPermission.java
Added: commons/src/java/org/apache/jetspeed/security
PortalResourcePermissionCollection.java
PagePermission.java PortalResourcePermission.java
FolderPermission.java
Removed: commons/src/java/org/apache/jetspeed/security
PortletPermissionCollection.java
Log:
added 2 new permissions for file and folder resources
refactored the permissions into a common abstract base class
http://nagoya.apache.org/jira/browse/JS2-111
CVS: ----------------------------------------------------------------------
CVS: PR:
CVS: If this change addresses a PR in the problem report tracking
CVS: database, then enter the PR number(s) here.
CVS: Obtained from:
CVS: If this change has been taken from another system, such as NCSA,
CVS: then name the system in this line, otherwise delete it.
CVS: Submitted by:
CVS: If this code has been contributed to Apache by someone else; i.e.,
CVS: they sent us a patch or a new module, then include their name/email
CVS: address here. If this is your work then delete this line.
CVS: Reviewed by:
CVS: If we are doing pre-commit code reviews and someone else has
CVS: reviewed your changes, include their name(s) here.
CVS: If you have not had it reviewed then delete this line.
Revision Changes Path
1.2 +3 -155
jakarta-jetspeed-2/commons/src/java/org/apache/jetspeed/security/PortletPermission.java
Index: PortletPermission.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/commons/src/java/org/apache/jetspeed/security/PortletPermission.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PortletPermission.java 16 Jul 2004 19:27:19 -0000 1.1
+++ PortletPermission.java 3 Sep 2004 18:22:26 -0000 1.2
@@ -18,7 +18,6 @@
import java.security.AccessControlContext;
import java.security.Permission;
import java.security.PermissionCollection;
-import java.util.StringTokenizer;
import javax.security.auth.Subject;
@@ -31,51 +30,9 @@
* </ul>
* @author <a href="mailto:[EMAIL PROTECTED]">David Le Strat</a>
*/
-public class PortletPermission extends Permission
+public class PortletPermission extends PortalResourcePermission
{
- /** <p>Portlet view permission.</p> */
- static private int VIEW = 0x01;
-
- /** <p>Portlet edit permission.</p> */
- static private int EDIT = 0x02;
-
- /** <p>Portlet edit permission.</p> */
- static private int DELETE = 0x04;
-
- /** <p>Portlet minimize permission.</p> */
- static private int MINIMIZE = 0x08;
-
- /** <p>Portlet maximize permission.</p> */
- static private int MAXIMIZE = 0x10;
-
- /** <p>Portlet help permission.</p> */
- static private int HELP = 0x20;
-
- /** <p>Portlet view action.</p> */
- static final public String VIEW_ACTION = "view";
-
- /** <p>Portlet edit action.</p> */
- static final public String EDIT_ACTION = "edit";
-
- /** <p>Portlet edit action.</p> */
- static final public String DELETE_ACTION = "delete";
-
- /** <p>Portlet delete action.</p> */
- static final public String MINIMIZE_ACTION = "minimize";
-
- /** <p>Portlet maximize action.</p> */
- static final public String MAXIMIZE_ACTION = "maximize";
-
- /** <p>Portlet help action.</p> */
- static final public String HELP_ACTION = "help";
-
- /** <p>Mask used for determining what action to perform.</p> */
- int mask;
-
- /** <p>The subject the permission is being performed against.</p> */
- Subject subject;
-
/**
* <p>Constructor for PortletPermission.</p>
* @param name The portlet name.
@@ -93,77 +50,9 @@
*/
public PortletPermission(String name, String actions, Subject subject)
{
- super(name);
- parseActions(actions);
- this.subject = subject;
- }
-
- /**
- * @see java.security.Permission#getActions()
- */
- public String getActions()
- {
- StringBuffer buf = new StringBuffer();
-
- if ((mask & VIEW) == VIEW)
- {
- buf.append(VIEW_ACTION);
- }
- if ((mask & EDIT) == EDIT)
- {
- if (buf.length() > 0)
- buf.append(", ");
- buf.append(EDIT_ACTION);
- }
- if ((mask & DELETE) == DELETE)
- {
- if (buf.length() > 0)
- buf.append(", ");
- buf.append(DELETE_ACTION);
- }
- if ((mask & MINIMIZE) == MINIMIZE)
- {
- if (buf.length() > 0)
- buf.append(", ");
- buf.append(MINIMIZE_ACTION);
- }
- if ((mask & MAXIMIZE) == MAXIMIZE)
- {
- if (buf.length() > 0)
- buf.append(", ");
- buf.append(MAXIMIZE_ACTION);
- }
- if ((mask & HELP) == HELP)
- {
- if (buf.length() > 0)
- buf.append(", ");
- buf.append(HELP_ACTION);
- }
-
- return buf.toString();
- }
-
- /**
- * @see java.security.Permission#hashCode()
- */
- public int hashCode()
- {
- StringBuffer value = new StringBuffer(getName());
- return value.toString().hashCode() ^ mask;
+ super(name, actions, subject);
}
- /**
- * @see java.security.Permission#equals(Object)
- */
- public boolean equals(Object object)
- {
- if (!(object instanceof PortletPermission))
- return false;
-
- PortletPermission p = (PortletPermission) object;
- boolean isEqual = ((p.getName().equals(getName())) && (p.mask == mask));
- return isEqual;
- }
public boolean implies(Permission permission)
{
@@ -213,48 +102,7 @@
*/
public PermissionCollection newPermissionCollection()
{
- return new PortletPermissionCollection();
- }
-
- /**
- * <p>Gets the subject.</p>
- * @return Returns a Subject
- */
- public Subject getSubject()
- {
- return subject;
- }
-
- /**
- * <p>Parses the actions string.</p>
- * <p>Actions are separated by commas or white space.</p>
- * @param actions The actions
- */
- private void parseActions(String actions)
- {
- mask = 0;
- if (actions != null)
- {
- StringTokenizer tokenizer = new StringTokenizer(actions, ",\t ");
- while (tokenizer.hasMoreTokens())
- {
- String token = tokenizer.nextToken();
- if (token.equals(VIEW_ACTION))
- mask |= VIEW;
- else if (token.equals(EDIT_ACTION))
- mask |= EDIT;
- else if (token.equals(DELETE_ACTION))
- mask |= DELETE;
- else if (token.equals(MINIMIZE_ACTION))
- mask |= MINIMIZE;
- else if (token.equals(MAXIMIZE_ACTION))
- mask |= MAXIMIZE;
- else if (token.equals(HELP_ACTION))
- mask |= HELP;
- else
- throw new IllegalArgumentException("Unknown action: " + token);
- }
- }
+ return new PortalResourcePermissionCollection();
}
}
1.1
jakarta-jetspeed-2/commons/src/java/org/apache/jetspeed/security/PortalResourcePermissionCollection.java
Index: PortalResourcePermissionCollection.java
===================================================================
/* Copyright 2004 Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.security;
import java.util.Collections;
import java.security.Permission;
import java.security.PermissionCollection;
import java.util.Enumeration;
import java.util.ArrayList;
import java.util.Iterator;
/**
* @author <a href="mailto:[EMAIL PROTECTED]">David Le Strat</a>
*/
public class PortalResourcePermissionCollection extends PermissionCollection
{
ArrayList perms = new ArrayList();
/**
*
*/
public PortalResourcePermissionCollection()
{
super();
}
/**
* @see java.security.PermissionCollection#add(java.security.Permission)
*/
public void add(Permission permission)
{
perms.add(permission);
}
/**
* @see java.security.PermissionCollection#implies(java.security.Permission)
*/
public boolean implies(Permission permission)
{
for (Iterator i = perms.iterator(); i.hasNext(); )
{
if (((Permission)i.next()).implies(permission))
{
return true;
}
}
return false;
}
/**
* @see java.security.PermissionCollection#elements()
*/
public Enumeration elements()
{
return Collections.enumeration(perms);
}
}
1.1
jakarta-jetspeed-2/commons/src/java/org/apache/jetspeed/security/PagePermission.java
Index: PagePermission.java
===================================================================
/* Copyright 2004 Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.security;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
import java.security.PermissionCollection;
import javax.security.auth.Subject;
/**
* <p>Folder permission.</p>
* <p>This code was partially inspired from articles from:</p>
* <ul>
* <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/";>
* Extend JAAS for class instance-level authorization.</a></li>
* </ul>
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a>
*/
public class PagePermission extends PortalResourcePermission
{
/**
* <p>Constructor for PagePermission.</p>
* @param name The portlet name.
* @param actions The actions on the portlet.
*/
public PagePermission(String name, String actions)
{
this(name, actions, null);
}
/**
* <p>Constructor for PagePermission.</p>
* @param name The portlet name.
* @param actions The actions on the portlet.
*/
public PagePermission(String name, String actions, Subject subject)
{
super(name, actions, subject);
}
public boolean implies(Permission permission)
{
// The permission must be an instance
// of the PortletPermission.
if (!(permission instanceof PagePermission))
{
return false;
}
// The portlet name must be the same.
if (!(permission.getName().equals(getName())))
{
return false;
}
PagePermission pagePerm = (PagePermission) permission;
// Get the subject.
// It was either provide in the constructor.
Subject user = pagePerm.getSubject();
// Or we get it from the AccessControlContext.
if (null == user)
{
AccessControlContext context = AccessController.getContext();
user = Subject.getSubject(context);
}
// No user was passed. The permission must be denied.
if (null == user)
{
return false;
}
// The action bits in PagePerm (permission)
// must be set in the current mask permission.
if ((mask & pagePerm.mask) != pagePerm.mask)
{
return false;
}
return true;
}
/**
* <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
* @see java.security.Permission#newPermissionCollection()
*/
public PermissionCollection newPermissionCollection()
{
return new PortalResourcePermissionCollection();
}
}
1.1
jakarta-jetspeed-2/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java
Index: PortalResourcePermission.java
===================================================================
/* Copyright 2004 Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.security;
import java.security.Permission;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import org.apache.jetspeed.JetspeedActions;
/**
* <p>Generalized Portlet Resoure permission.</p>
* <p>This code was partially inspired from articles from:</p>
* <ul>
* <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/";>
* Extend JAAS for class instance-level authorization.</a></li>
* </ul>
* @author <a href="mailto:[EMAIL PROTECTED]">David Le Strat</a>
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a>
*/
public abstract class PortalResourcePermission extends Permission
{
/** <p>Mask used for determining what action to perform.</p> */
protected int mask;
/** <p>The subject the permission is being performed against.</p> */
protected Subject subject;
/**
* <p>Constructor for PortletPermission.</p>
* @param name The portlet name.
* @param actions The actions on the portlet.
*/
public PortalResourcePermission(String name, String actions, Subject subject)
{
super(name);
parseActions(actions);
this.subject = subject;
}
/**
* @see java.security.Permission#hashCode()
*/
public int hashCode()
{
StringBuffer value = new StringBuffer(getName());
return value.toString().hashCode() ^ mask;
}
/**
* @see java.security.Permission#equals(Object)
*/
public boolean equals(Object object)
{
if (!(object instanceof PortletPermission))
return false;
PortletPermission p = (PortletPermission) object;
boolean isEqual = ((p.getName().equals(getName())) && (p.mask == mask));
return isEqual;
}
/**
* @see java.security.Permission#getActions()
*/
public String getActions()
{
StringBuffer buf = new StringBuffer();
if ((mask & JetspeedActions.MASK_VIEW) == JetspeedActions.MASK_VIEW)
{
buf.append(JetspeedActions.VIEW);
}
if ((mask & JetspeedActions.MASK_EDIT) == JetspeedActions.MASK_EDIT)
{
if (buf.length() > 0)
buf.append(", ");
buf.append(JetspeedActions.EDIT);
}
if ((mask & JetspeedActions.MASK_RESTORE) == JetspeedActions.MASK_RESTORE)
{
if (buf.length() > 0)
buf.append(", ");
buf.append(JetspeedActions.RESTORE);
}
if ((mask & JetspeedActions.MASK_MINIMIZE) == JetspeedActions.MASK_MINIMIZE)
{
if (buf.length() > 0)
buf.append(", ");
buf.append(JetspeedActions.MINIMIZE);
}
if ((mask & JetspeedActions.MASK_MAXIMIZE) == JetspeedActions.MASK_MAXIMIZE)
{
if (buf.length() > 0)
buf.append(", ");
buf.append(JetspeedActions.MAXIMIZE);
}
if ((mask & JetspeedActions.MASK_HELP) == JetspeedActions.MASK_HELP)
{
if (buf.length() > 0)
buf.append(", ");
buf.append(JetspeedActions.HELP);
}
if ((mask & JetspeedActions.MASK_SECURE) == JetspeedActions.MASK_SECURE)
{
if (buf.length() > 0)
buf.append(", ");
buf.append(JetspeedActions.SECURE);
}
return buf.toString();
}
/* (non-Javadoc)
* @see java.security.Permission#implies(java.security.Permission)
*/
public boolean implies(Permission permission)
{
// TODO Auto-generated method stub
return false;
}
/**
* <p>Parses the actions string.</p>
* <p>Actions are separated by commas or white space.</p>
* @param actions The actions
*/
private void parseActions(String actions)
{
mask = 0;
if (actions != null)
{
StringTokenizer tokenizer = new StringTokenizer(actions, ",\t ");
while (tokenizer.hasMoreTokens())
{
String token = tokenizer.nextToken();
if (token.equals(JetspeedActions.VIEW))
mask |= JetspeedActions.MASK_VIEW;
else if (token.equals(JetspeedActions.VIEW) ||
token.equals(JetspeedActions.RESTORE))
mask |= JetspeedActions.MASK_VIEW;
else if (token.equals(JetspeedActions.EDIT))
mask |= JetspeedActions.MASK_EDIT;
else if (token.equals(JetspeedActions.MINIMIZE))
mask |= JetspeedActions.MASK_MINIMIZE;
else if (token.equals(JetspeedActions.MAXIMIZE))
mask |= JetspeedActions.MASK_MAXIMIZE;
else if (token.equals(JetspeedActions.HELP))
mask |= JetspeedActions.MASK_HELP;
else if (token.equals(JetspeedActions.SECURE))
mask |= JetspeedActions.MASK_SECURE;
else
throw new IllegalArgumentException("Unknown action: " + token);
}
}
}
/**
* <p>Gets the subject.</p>
* @return Returns a Subject
*/
public Subject getSubject()
{
return subject;
}
}
1.1
jakarta-jetspeed-2/commons/src/java/org/apache/jetspeed/security/FolderPermission.java
Index: FolderPermission.java
===================================================================
/* Copyright 2004 Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.security;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
import java.security.PermissionCollection;
import javax.security.auth.Subject;
/**
* <p>Folder permission.</p>
* <p>This code was partially inspired from articles from:</p>
* <ul>
* <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/";>
* Extend JAAS for class instance-level authorization.</a></li>
* </ul>
* @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a>
*/
public class FolderPermission extends PortalResourcePermission
{
/**
* <p>Constructor for FolderPermission.</p>
* @param name The portlet name.
* @param actions The actions on the portlet.
*/
public FolderPermission(String name, String actions)
{
this(name, actions, null);
}
/**
* <p>Constructor for FolderPermission.</p>
* @param name The portlet name.
* @param actions The actions on the portlet.
*/
public FolderPermission(String name, String actions, Subject subject)
{
super(name, actions, subject);
}
public boolean implies(Permission permission)
{
// The permission must be an instance
// of the PortletPermission.
if (!(permission instanceof FolderPermission))
{
return false;
}
// The portlet name must be the same.
if (!(permission.getName().equals(getName())))
{
return false;
}
FolderPermission folderPerm = (FolderPermission) permission;
// Get the subject.
// It was either provide in the constructor.
Subject user = folderPerm.getSubject();
// Or we get it from the AccessControlContext.
if (null == user)
{
AccessControlContext context = AccessController.getContext();
user = Subject.getSubject(context);
}
// No user was passed. The permission must be denied.
if (null == user)
{
return false;
}
// The action bits in FolderPerm (permission)
// must be set in the current mask permission.
if ((mask & folderPerm.mask) != folderPerm.mask)
{
return false;
}
return true;
}
/**
* <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
* @see java.security.Permission#newPermissionCollection()
*/
public PermissionCollection newPermissionCollection()
{
return new PortalResourcePermissionCollection();
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
