ate 2004/10/17 09:18:21
Modified: portal/src/java/org/apache/jetspeed/engine/servlet
ServletRequestImpl.java
Log:
Removed isUserInRole(roleName) because it is now provided by Pluto itself (in its
PortletRequestImpl, see issue: PLUTO-46) and is conflicting with
our own implementation.
Furthermore, our implementation did a roleName/roleLink lookup from portlet.xml
definition (to be able to handle
the fact Pluto initiall didn't do it yet) which was *not* according to the specs.
The specs says HttpServletRequest.isUserInRole(roleName) "must provide the
functionality defined by the Servlet Specification 2.3" (PLT.16.3.3, cxxxvi).
This means that roleName must *only* be checked against web.xml definition, which
should be done by the ServletContainer itself (hence the removal of this method).
A less nice consequence of this is that potentially different roleNames must be used
when mixing Portlet and Servlet functionality within a PortletApplication:
the abstraction of portlet.xml:roleName->roleLink->web.xml:roleName is not available
from the HttpServletRequest.isUserInRole(roleName).
Our Role Security Test portlet did indeed *misuse* this feature by checking the
same roleName against portlet and servlet request.
I also fixed that and the portlet now again correctly shows the roles of the logged
on user.
Revision Changes Path
1.30 +1 -48
jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/engine/servlet/ServletRequestImpl.java
Index: ServletRequestImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/engine/servlet/ServletRequestImpl.java,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- ServletRequestImpl.java 15 Oct 2004 21:44:32 -0000 1.29
+++ ServletRequestImpl.java 17 Oct 2004 16:18:20 -0000 1.30
@@ -33,14 +33,9 @@
import org.apache.jetspeed.container.url.PortalURL;
import org.apache.jetspeed.request.JetspeedRequestContext;
import org.apache.jetspeed.request.RequestContext;
-import org.apache.pluto.om.common.SecurityRole;
-import org.apache.pluto.om.common.SecurityRoleRef;
-import org.apache.pluto.om.common.SecurityRoleRefSet;
-import org.apache.pluto.om.common.SecurityRoleSet;
import org.apache.pluto.om.entity.PortletApplicationEntity;
import org.apache.pluto.om.entity.PortletEntity;
import org.apache.pluto.om.portlet.PortletApplicationDefinition;
-import org.apache.pluto.om.portlet.PortletDefinition;
import org.apache.pluto.om.window.PortletWindow;
import org.apache.pluto.util.Enumerator;
import org.apache.pluto.util.NamespaceMapper;
@@ -165,48 +160,6 @@
public String[] getParameterValues( String name )
{
return (String[]) this.getParameterMap().get(name);
- }
-
- /**
- * @see javax.servlet.http.HttpServletRequest#isUserInRole(java.lang.String)
- */
- public boolean isUserInRole( String roleName )
- {
- if (roleName == null)
- {
- return false;
- }
- if (roleName.length() > 0)
- {
- PortletDefinition portletDefinition =
portletWindow.getPortletEntity().getPortletDefinition();
- SecurityRoleRefSet roleRefSet =
portletDefinition.getInitSecurityRoleRefSet();
- SecurityRoleSet roleSet =
portletDefinition.getPortletApplicationDefinition().getWebApplicationDefinition()
- .getSecurityRoles();
-
- Iterator roleRefIter = roleRefSet.iterator();
- while (roleRefIter.hasNext())
- {
- SecurityRoleRef roleRef = (SecurityRoleRef) roleRefIter.next();
- if (roleName.equals(roleRef.getRoleName()))
- {
- String roleLinkName = roleRef.getRoleLink();
- if (roleLinkName == null || roleLinkName.length() == 0)
- {
- roleLinkName = roleName;
- }
- Iterator roleIter = roleSet.iterator();
- while (roleIter.hasNext())
- {
- SecurityRole role = (SecurityRole) roleIter.next();
- if (roleLinkName.equals(role.getRoleName()))
- return super.isUserInRole(roleLinkName);
- }
- return false;
- }
-
- }
- }
- return false;
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
