dlestrat 2004/09/27 21:23:52
Modified: components/security/src/test/org/apache/jetspeed/security/spi
TestRoleSecurityHandler.java
components/security/src/test/org/apache/jetspeed/security
TestRdbmsPolicy.java TestPermissionManager.java
TestRdbmsPolicyFolder.java
components/security/src/java/META-INF ojb_repository.xml
jetspeed-api/src/java/org/apache/jetspeed/security
SecurityException.java PermissionManager.java
components/security/src/java/org/apache/jetspeed/security/spi/impl
DefaultRoleSecurityHandler.java
components/security/src/java/org/apache/jetspeed/security/impl
PermissionManagerImpl.java RoleManagerImpl.java
Log:
Some progress on. Cleaned up the permission manager. Leverage the new OJB 1.0.1
auto-XXX settings.
See http://nagoya.apache.org/jira/browse/JS2-114
OJB 1.0.1 is a real improvement over RC6 at least regarding M:N mapping.
Particularly
insteresting is the distinction between link and object for auto-XXXX. Allowed me to
clean up the code quite a bit.
Revision Changes Path
1.4 +10 -4
jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestRoleSecurityHandler.java
Index: TestRoleSecurityHandler.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/TestRoleSecurityHandler.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- TestRoleSecurityHandler.java 25 Sep 2004 23:03:18 -0000 1.3
+++ TestRoleSecurityHandler.java 28 Sep 2004 04:23:51 -0000 1.4
@@ -14,6 +14,7 @@
*/
package org.apache.jetspeed.security.spi;
+import java.security.Permission;
import java.security.Permissions;
import java.security.Principal;
@@ -94,7 +95,7 @@
* Test <code>removeRolePrincipal</code>.
* </p>
*/
- /*public void testRemoveRolePrincipal() throws Exception
+ public void testRemoveRolePrincipal() throws Exception
{
initMappedRole();
rsh.removeRolePrincipal(new RolePrincipalImpl("mappedrole"));
@@ -103,7 +104,7 @@
// The group should still exist.
assertTrue(gms.groupExists("mappedgroup"));
// The permission should still exist.
- // TODO Need permissionExists
+ assertTrue(pms.permissionExists(new PortletPermission("myportlet",
"view")));
// The user-role mapping should be gone.
assertFalse(rms.isUserInRole("mappedroleuser", "mappedrole"));
// The group-role mapping should be gone.
@@ -113,7 +114,7 @@
assertFalse(perms.implies(new PortletPermission("myportlet", "view")));
destroyMappedRole();
- }*/
+ }
/**
* <p>
@@ -141,7 +142,11 @@
rms.addRole("mappedrole");
rms.addRole("mappedrole.role1");
gms.addGroup("mappedgroup");
- pms.grantPermission(new RolePrincipalImpl("mappedrole"), new
PortletPermission("myportlet", "view"));
+
+ Permission perm = new PortletPermission("myportlet", "view");
+ pms.addPermission(perm);
+ pms.grantPermission(new RolePrincipalImpl("mappedrole"), perm);
+
rms.addRoleToUser("mappedroleuser", "mappedrole");
rms.addRoleToGroup("mappedrole", "mappedgroup");
}
@@ -150,6 +155,7 @@
{
ums.removeUser("mappedroleuser");
rms.removeRole("mappedrole");
+ rms.removeRole("mappedrole.role1");
gms.removeGroup("mappedgroup");
pms.removePermission(new PortletPermission("myportlet", "view"));
}
1.7 +3 -0
jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicy.java
Index: TestRdbmsPolicy.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicy.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- TestRdbmsPolicy.java 18 Sep 2004 19:34:52 -0000 1.6
+++ TestRdbmsPolicy.java 28 Sep 2004 04:23:52 -0000 1.7
@@ -202,6 +202,9 @@
PortletPermission perm2 = new PortletPermission("myportlet", "view, edit");
try
{
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
+
pms.grantPermission(user, perm1);
pms.grantPermission(user, perm2);
}
1.5 +42 -0
jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestPermissionManager.java
Index: TestPermissionManager.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestPermissionManager.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- TestPermissionManager.java 18 Sep 2004 19:34:52 -0000 1.4
+++ TestPermissionManager.java 28 Sep 2004 04:23:52 -0000 1.5
@@ -78,6 +78,7 @@
try
{
ums.addUser(user.getName(), "password");
+ pms.addPermission(perm);
pms.grantPermission(user, perm);
}
catch (SecurityException sex)
@@ -112,6 +113,35 @@
/**
* <p>Test remove permission.</p>
*/
+ public void testPermissionExists()
+ {
+ PortletPermission perm1 = new PortletPermission("removepermission1", "view,
edit, secure, minimized, maximized");
+ PortletPermission perm2 = new PortletPermission("removepermission2", "view,
edit, minimized, maximized");
+ try
+ {
+ pms.addPermission(perm1);
+ assertTrue(pms.permissionExists(perm1));
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("could not add permission, " + sex, false);
+ }
+ assertFalse(pms.permissionExists(perm2));
+
+ // Cleanup test.
+ try
+ {
+ pms.removePermission(perm1);
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("could not remove permission. exception caught: " + sex,
false);
+ }
+ }
+
+ /**
+ * <p>Test remove permission.</p>
+ */
public void testRemovePermission()
{
// Init test.
@@ -123,6 +153,8 @@
{
ums.addUser(user.getName(), "password");
rms.addRole(role.getName());
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
pms.grantPermission(user, perm1);
pms.grantPermission(user, perm2);
pms.grantPermission(role, perm1);
@@ -184,6 +216,8 @@
try
{
ums.addUser(user2.getName(), "password");
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
}
catch (SecurityException sex)
{
@@ -261,6 +295,8 @@
try
{
ums.addUser(user.getName(), "password");
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
pms.grantPermission(user, perm1);
pms.grantPermission(user, perm2);
}
@@ -322,6 +358,10 @@
rms.addRole(role2.getName());
gms.addGroup(group1.getName());
gms.addGroup(group2.getName());
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
+ pms.addPermission(perm3);
+ pms.addPermission(perm4);
pms.grantPermission(role1, perm1);
pms.grantPermission(role2, perm1);
pms.grantPermission(role2, perm2);
@@ -405,6 +445,8 @@
try
{
ums.addUser(user.getName(), "password");
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
pms.grantPermission(user, perm1);
pms.grantPermission(user, perm2);
}
1.2 +5 -1
jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java
Index: TestRdbmsPolicyFolder.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/test/org/apache/jetspeed/security/TestRdbmsPolicyFolder.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- TestRdbmsPolicyFolder.java 18 Sep 2004 05:27:12 -0000 1.1
+++ TestRdbmsPolicyFolder.java 28 Sep 2004 04:23:52 -0000 1.2
@@ -277,6 +277,10 @@
FolderPermission perm3 = new FolderPermission("/files/subfolder2/-",
"view");
try
{
+ pms.addPermission(perm1);
+ pms.addPermission(perm2);
+ pms.addPermission(perm3);
+
pms.grantPermission(user, perm1);
pms.grantPermission(user, perm2);
pms.grantPermission(user, perm3);
1.4 +24 -24
jakarta-jetspeed-2/components/security/src/java/META-INF/ojb_repository.xml
Index: ojb_repository.xml
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/META-INF/ojb_repository.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- ojb_repository.xml 18 Sep 2004 19:33:21 -0000 1.3
+++ ojb_repository.xml 28 Sep 2004 04:23:52 -0000 1.4
@@ -68,8 +68,8 @@
name="credentials"
element-class-ref="org.apache.jetspeed.security.om.impl.InternalCredentialImpl"
auto-retrieve="true"
- auto-update="true"
- auto-delete="true"
+ auto-update="object"
+ auto-delete="object"
>
<documentation>This is the reference to security
credentials.</documentation>
<inverse-foreignkey field-ref="credentialId"/>
@@ -80,8 +80,8 @@
proxy="true"
refresh="true"
auto-retrieve="true"
- auto-update="true"
- auto-delete="true"
+ auto-update="link"
+ auto-delete="link"
indirection-table="SECURITY_USER_ROLE"
>
<documentation>This is the reference to role
principals.</documentation>
@@ -94,8 +94,8 @@
proxy="true"
refresh="true"
auto-retrieve="true"
- auto-update="true"
- auto-delete="true"
+ auto-update="link"
+ auto-delete="link"
indirection-table="SECURITY_USER_GROUP"
>
<documentation>This is the reference to group
principals.</documentation>
@@ -108,8 +108,8 @@
proxy="false"
refresh="false"
auto-retrieve="false"
- auto-update="true"
- auto-delete="true"
+ auto-update="link"
+ auto-delete="link"
indirection-table="PRINCIPAL_PERMISSION"
>
<documentation>This is the reference to a policy
permission.</documentation>
@@ -234,8 +234,8 @@
proxy="true"
refresh="true"
auto-retrieve="true"
- auto-update="true"
- auto-delete="false"
+ auto-update="link"
+ auto-delete="link"
indirection-table="SECURITY_USER_ROLE"
>
<documentation>This is the reference to user
principals.</documentation>
@@ -248,8 +248,8 @@
proxy="true"
refresh="true"
auto-retrieve="true"
- auto-update="true"
- auto-delete="false"
+ auto-update="link"
+ auto-delete="link"
indirection-table="SECURITY_GROUP_ROLE"
>
<documentation>This is the reference to group
principals.</documentation>
@@ -262,8 +262,8 @@
proxy="false"
refresh="false"
auto-retrieve="false"
- auto-update="true"
- auto-delete="false"
+ auto-update="link"
+ auto-delete="link"
indirection-table="PRINCIPAL_PERMISSION"
>
<documentation>This is the reference to a policy
permission.</documentation>
@@ -326,8 +326,8 @@
proxy="true"
refresh="true"
auto-retrieve="true"
- auto-update="true"
- auto-delete="false"
+ auto-update="link"
+ auto-delete="link"
indirection-table="SECURITY_USER_GROUP"
>
<documentation>This is the reference to user
principals.</documentation>
@@ -340,8 +340,8 @@
proxy="true"
refresh="true"
auto-retrieve="true"
- auto-update="true"
- auto-delete="false"
+ auto-update="link"
+ auto-delete="link"
indirection-table="SECURITY_GROUP_ROLE"
>
<documentation>This is the reference to group
principals.</documentation>
@@ -354,8 +354,8 @@
proxy="false"
refresh="false"
auto-retrieve="false"
- auto-update="true"
- auto-delete="false"
+ auto-update="link"
+ auto-delete="link"
indirection-table="PRINCIPAL_PERMISSION"
>
<documentation>This is the reference to a policy
permission.</documentation>
@@ -418,8 +418,8 @@
proxy="true"
refresh="true"
auto-retrieve="true"
- auto-update="true"
- auto-delete="false"
+ auto-update="link"
+ auto-delete="link"
indirection-table="PRINCIPAL_PERMISSION"
>
<documentation>This is the reference to a policy
permission.</documentation>
@@ -490,8 +490,8 @@
proxy="true"
refresh="true"
auto-retrieve="true"
- auto-update="true"
- auto-delete="false"
+ auto-update="link"
+ auto-delete="link"
indirection-table="PRINCIPAL_PERMISSION"
>
<documentation>This is the reference to a permission
principals.</documentation>
1.2 +3 -0
jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java
Index: SecurityException.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityException.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SecurityException.java 16 Jul 2004 19:31:05 -0000 1.1
+++ SecurityException.java 28 Sep 2004 04:23:52 -0000 1.2
@@ -27,6 +27,9 @@
/** <p>Principal does not exist exception message.</p> */
public static final String PRINCIPAL_DOES_NOT_EXIST = "The principal does not
exist.";
+ /** <p>Permission does not exist exception message.</p> */
+ public static final String PERMISSION_DOES_NOT_EXIST = "The permission does not
exist.";
+
/** <p>User principal already exists exception message.</p> */
public static final String USER_ALREADY_EXISTS = "The user already exists.";
1.2 +60 -18
jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/PermissionManager.java
Index: PermissionManager.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/security/PermissionManager.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PermissionManager.java 16 Jul 2004 19:31:05 -0000 1.1
+++ PermissionManager.java 28 Sep 2004 04:23:52 -0000 1.2
@@ -20,52 +20,92 @@
import java.util.Collection;
/**
- * <p>Describe the interface for managing [EMAIL PROTECTED] Permission} and
permission
- * association to [EMAIL PROTECTED] Principal}. Permissions are used to manage
Principals
- * access entitlement on specified resources.</p>
- * <p>For instance:</p>
+ * <p>
+ * Describe the interface for managing [EMAIL PROTECTED] Permission}and permission
+ * association to [EMAIL PROTECTED] Principal}. Permissions are used to manage
Principals
+ * access entitlement on specified resources.
+ * </p>
+ * <p>
+ * For instance:
+ * </p>
+ *
* <pre><code>
- * grant principal o.a.j.security.UserPrincipal "theUserPrincipal"
- * {
- * permission o.a.j.security.PortletPermission "myportlet",
"view,edit,minimize,maximize";
- * };
- * </code><pre>
- * @author <a href="mailto:[EMAIL PROTECTED]">David Le Strat</a>
+ *
+ * grant principal o.a.j.security.UserPrincipal "theUserPrincipal"
+ * {
+ * permission o.a.j.security.PortletPermission "myportlet",
"view,edit,minimize,maximize";
+ * };
+ *
+ * </code>
+ * <pre>
+ * @author <a href="mailto:[EMAIL PROTECTED]">David Le
Strat</a>
+ *
*/
public interface PermissionManager
{
/**
- * <p>Gets the [EMAIL PROTECTED] Permissions} given a [EMAIL PROTECTED]
Principal}.
+ * <p>
+ * Gets the [EMAIL PROTECTED] Permissions}given a [EMAIL PROTECTED] Principal}.
+ *
* @param principal The principal.
* @return The permissions.
*/
Permissions getPermissions(Principal principal);
/**
- * <p>Gets the [EMAIL PROTECTED] Permissions} given a collection
- * of [EMAIL PROTECTED] Principal}.
+ * <p>
+ * Gets the [EMAIL PROTECTED] Permissions}given a collection of [EMAIL
PROTECTED] Principal}.
+ *
* @param principals A collection of principal.
* @return The permissions.
*/
Permissions getPermissions(Collection principals);
/**
- * <p>Remove all instances of a given permission.</p>
+ * <p>
+ * Adds a permission definition.
+ * </p>
+ *
+ * @param permission The permission to add.
+ * @throws Throws a security exception.
+ */
+ void addPermission(Permission permission) throws SecurityException;
+
+ /**
+ * <p>
+ * Remove all instances of a given permission.
+ * </p>
+ *
* @param permission The permission to remove.
* @throws Throws a security exception.
*/
void removePermission(Permission permission) throws SecurityException;
/**
- * <p>Remove all permissions for a given principal.</p>
+ * <p>
+ * Whether the given permission exists.
+ * </p>
+ *
+ * @param permission The permission to look for.
+ * @return Whether the permission exists.
+ */
+ boolean permissionExists(Permission permission);
+
+ /**
+ * <p>
+ * Remove all permissions for a given principal.
+ * </p>
+ *
* @param principal The principal.
* @throws Throws a security exception.
*/
void removePermissions(Principal principal) throws SecurityException;
/**
- * <p>Grant a [EMAIL PROTECTED] Permission} to a given [EMAIL PROTECTED]
Principal}.
+ * <p>
+ * Grant a [EMAIL PROTECTED] Permission}to a given [EMAIL PROTECTED] Principal}.
+ *
* @param principal The principal.
* @param permission The permission.
* @throws Throws a security exception if the principal does not exist.
@@ -73,11 +113,13 @@
void grantPermission(Principal principal, Permission permission) throws
SecurityException;
/**
- * <p>Revoke a [EMAIL PROTECTED] Permission} from a given [EMAIL PROTECTED]
Principal}.
+ * <p>
+ * Revoke a [EMAIL PROTECTED] Permission}from a given [EMAIL PROTECTED]
Principal}.
+ *
* @param principal The principal.
* @param permission The permission.
* @throws Throws a security exception.
*/
void revokePermission(Principal principal, Permission permission) throws
SecurityException;
-}
+}
\ No newline at end of file
1.4 +1 -1
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultRoleSecurityHandler.java
Index: DefaultRoleSecurityHandler.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultRoleSecurityHandler.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- DefaultRoleSecurityHandler.java 25 Sep 2004 23:03:17 -0000 1.3
+++ DefaultRoleSecurityHandler.java 28 Sep 2004 04:23:52 -0000 1.4
@@ -73,7 +73,7 @@
*/
public void removeRolePrincipal(RolePrincipal rolePrincipal) throws
SecurityException
{
- InternalRolePrincipal internalRole =
commonQueries.getInternalRolePrincipal(rolePrincipal.getName());
+ InternalRolePrincipal internalRole =
commonQueries.getInternalRolePrincipal(rolePrincipal.getFullPath());
if (null != internalRole)
{
commonQueries.removeInternalRolePrincipal(internalRole);
1.6 +178 -143
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java
Index: PermissionManagerImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- PermissionManagerImpl.java 25 Sep 2004 23:03:17 -0000 1.5
+++ PermissionManagerImpl.java 28 Sep 2004 04:23:52 -0000 1.6
@@ -37,34 +37,50 @@
import org.apache.jetspeed.util.ArgUtil;
/**
- * <p>Implementation for managing [EMAIL PROTECTED] Permission} and permission
- * association to [EMAIL PROTECTED] Principal}. Permissions are used to manage
Principals
- * access entitlement on specified resources.</p>
- * <p>For instance:</p>
+ * <p>
+ * Implementation for managing [EMAIL PROTECTED] Permission}and permission
association to
+ * [EMAIL PROTECTED] Principal}. Permissions are used to manage Principals access
+ * entitlement on specified resources.
+ * </p>
+ * <p>
+ * For instance:
+ * </p>
+ *
* <pre><code>
- * grant principal o.a.j.security.UserPrincipal "theUserPrincipal"
- * {
- * permission o.a.j.security.PortletPermission "myportlet",
"view,edit,minimize,maximize";
- * };
- * </code><pre>
- * @author <a href="mailto:[EMAIL PROTECTED]">David Le Strat</a>
+ *
+ *
+ * grant principal o.a.j.security.UserPrincipal "theUserPrincipal"
+ * {
+ * permission o.a.j.security.PortletPermission "myportlet",
"view,edit,minimize,maximize";
+ * };
+ *
+ *
+ * </code>
+ *
+ * <pre>
+ * @author <a href="mailto:[EMAIL PROTECTED]">David Le
Strat</a>
+ *
+ *
*/
public class PermissionManagerImpl implements PermissionManager
{
private static final Log log = LogFactory.getLog(PermissionManagerImpl.class);
- PersistenceStore persistenceStore;
+ /** The persistence store. */
+ private PersistenceStore persistenceStore;
/**
- * <p>Constructor providing access to the persistence component.</p>
+ * <p>
+ * Constructor providing access to the persistence component.
+ * </p>
*/
public PermissionManagerImpl(PersistenceStore persistenceStore)
{
if (persistenceStore == null)
{
- throw new IllegalArgumentException("persistenceStore cannot be null for
BaseSecurityImpl");
+ throw new IllegalArgumentException("persistenceStore cannot be null.");
}
-
+
this.persistenceStore = persistenceStore;
}
@@ -74,16 +90,17 @@
public Permissions getPermissions(Principal principal)
{
String fullPath = SecurityHelper.getPreferencesFullPath(principal);
- ArgUtil.notNull(new Object[] { fullPath }, new String[] { "fullPath" },
"removePermission(java.security.Principal)");
+ ArgUtil.notNull(new Object[] { fullPath }, new String[] { "fullPath" },
+ "removePermission(java.security.Principal)");
// Remove permissions on principal.
- InternalPrincipal omPrincipal = getJetspeedPrincipal(fullPath);
- Collection omPermissions = new ArrayList();
- if (null != omPrincipal)
+ InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath);
+ Collection internalPermissions = new ArrayList();
+ if (null != internalPrincipal)
{
- omPermissions = omPrincipal.getPermissions();
+ internalPermissions = internalPrincipal.getPermissions();
}
- return getSecurityPermissions(omPermissions);
+ return getSecurityPermissions(internalPermissions);
}
/**
@@ -91,25 +108,25 @@
*/
public Permissions getPermissions(Collection principals)
{
- ArgUtil.notNull(new Object[] { principals }, new String[] { "principals" },
"getPermissions(java.util.Collection)");
+ ArgUtil.notNull(new Object[] { principals }, new String[] { "principals" },
+ "getPermissions(java.util.Collection)");
Permissions permissions = new Permissions();
Collection principalsFullPath = getPrincipalsFullPath(principals);
if ((null != principalsFullPath) && principalsFullPath.size() > 0)
{
- PersistenceStore store = getPersistenceStore();
- Filter filter = store.newFilter();
+ Filter filter = persistenceStore.newFilter();
filter.addIn("fullPath", principalsFullPath);
- Object query = store.newQuery(InternalPrincipalImpl.class, filter);
- Collection omPrincipals = store.getCollectionByQuery(query);
- Iterator omPrincipalsIterator = omPrincipals.iterator();
- while (omPrincipalsIterator.hasNext())
- {
- InternalPrincipal omPrincipal = (InternalPrincipal)
omPrincipalsIterator.next();
- Collection omPermissions = omPrincipal.getPermissions();
- if (null != omPermissions)
+ Object query = persistenceStore.newQuery(InternalPrincipalImpl.class,
filter);
+ Collection internalPrincipals =
persistenceStore.getCollectionByQuery(query);
+ Iterator internalPrincipalsIter = internalPrincipals.iterator();
+ while (internalPrincipalsIter.hasNext())
+ {
+ InternalPrincipal internalPrincipal = (InternalPrincipal)
internalPrincipalsIter.next();
+ Collection internalPermissions = internalPrincipal.getPermissions();
+ if (null != internalPermissions)
{
- permissions = getSecurityPermissions(omPermissions);
+ permissions = getSecurityPermissions(internalPermissions);
}
}
}
@@ -117,7 +134,10 @@
}
/**
- * <p>Get the full path for the [EMAIL PROTECTED] Principal} in the
collection.</p>
+ * <p>
+ * Get the full path for the [EMAIL PROTECTED] Principal}in the collection.
+ * </p>
+ *
* @param principals The collection of principals.
* @return The collection of principals names.
*/
@@ -138,25 +158,28 @@
}
/**
- * <p>Iterate through a collection of [EMAIL PROTECTED] InternalPermission}
- * and build a collection of [EMAIL PROTECTED] java.security.Permission}.</p>
+ * <p>
+ * Iterate through a collection of [EMAIL PROTECTED] InternalPermission}and
build a
+ * collection of [EMAIL PROTECTED] java.security.Permission}.
+ * </p>
+ *
* @param omPermissions The collection of [EMAIL PROTECTED] InternalPermission}.
* @return The collection of [EMAIL PROTECTED] java.security.Permission}.
*/
private Permissions getSecurityPermissions(Collection omPermissions)
{
Permissions permissions = new Permissions();
- Iterator omPermissionsIterator = omPermissions.iterator();
- while (omPermissionsIterator.hasNext())
+ Iterator internalPermissionsIter = omPermissions.iterator();
+ while (internalPermissionsIter.hasNext())
{
- InternalPermission omPermission = (InternalPermission)
omPermissionsIterator.next();
+ InternalPermission internalPermission = (InternalPermission)
internalPermissionsIter.next();
Permission permission = null;
try
{
- Class permissionClass = Class.forName(omPermission.getClassname());
+ Class permissionClass =
Class.forName(internalPermission.getClassname());
Class[] parameterTypes = { String.class, String.class };
Constructor permissionConstructor =
permissionClass.getConstructor(parameterTypes);
- Object[] initArgs = { omPermission.getName(),
omPermission.getActions()};
+ Object[] initArgs = { internalPermission.getName(),
internalPermission.getActions() };
permission = (Permission)
permissionConstructor.newInstance(initArgs);
permissions.add(permission);
}
@@ -169,39 +192,51 @@
}
/**
+ * @see
org.apache.jetspeed.security.PermissionManager#addPermission(java.security.Permission)
+ */
+ public void addPermission(Permission permission) throws SecurityException
+ {
+ ArgUtil.notNull(new Object[] { permission }, new String[] { "permission" },
+ "addPermission(java.security.Permission)");
+
+ InternalPermission internalPermission = new
InternalPermissionImpl(permission.getClass().getName(), permission
+ .getName(), permission.getActions());
+ try
+ {
+ persistenceStore.lockForWrite(internalPermission);
+ persistenceStore.getTransaction().checkpoint();
+ }
+ catch (Exception e)
+ {
+ String msg = "Unable to add permission.";
+ log.error(msg, e);
+ persistenceStore.getTransaction().rollback();
+ throw new SecurityException(msg, e);
+ }
+ }
+
+ /**
* @see
org.apache.jetspeed.security.PermissionManager#removePermission(java.security.Permission)
*/
public void removePermission(Permission permission) throws SecurityException
{
- ArgUtil.notNull(new Object[] { permission }, new String[] { "permission" },
"removePermission(java.security.Permission)");
+ ArgUtil.notNull(new Object[] { permission }, new String[] { "permission" },
+ "removePermission(java.security.Permission)");
- InternalPermission omPermission = getJetspeedPermission(permission);
- if (null != omPermission)
+ InternalPermission internalPermission = getInternalPermission(permission);
+ if (null != internalPermission)
{
- Collection omPrincipals = omPermission.getPrincipals();
- if (null != omPrincipals)
- {
- omPrincipals.clear();
- }
- PersistenceStore store = getPersistenceStore();
try
{
- // TODO Can this be done in one shot?
- // Remove principals.
- store.lockForWrite(omPermission);
- omPermission.setModifiedDate(new
Timestamp(System.currentTimeMillis()));
- omPermission.setPrincipals(omPrincipals);
- store.getTransaction().checkpoint();
-
// Remove permission.
- store.deletePersistent(omPermission);
- store.getTransaction().checkpoint();
+ persistenceStore.deletePersistent(internalPermission);
+ persistenceStore.getTransaction().checkpoint();
}
catch (Exception e)
{
String msg = "Unable to lock Permission for update.";
log.error(msg, e);
- store.getTransaction().rollback();
+ persistenceStore.getTransaction().rollback();
throw new SecurityException(msg, e);
}
}
@@ -213,117 +248,125 @@
public void removePermissions(Principal principal) throws SecurityException
{
String fullPath = SecurityHelper.getPreferencesFullPath(principal);
- ArgUtil.notNull(new Object[] { fullPath }, new String[] { "fullPath" },
"removePermission(java.security.Principal)");
+ ArgUtil.notNull(new Object[] { fullPath }, new String[] { "fullPath" },
+ "removePermission(java.security.Principal)");
// Remove permissions on principal.
- InternalPrincipal omPrincipal = getJetspeedPrincipal(fullPath);
- if (null != omPrincipal)
+ InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath);
+ if (null != internalPrincipal)
{
- Collection omPermissions = omPrincipal.getPermissions();
- if (null != omPermissions)
+ Collection internalPermissions = internalPrincipal.getPermissions();
+ if (null != internalPermissions)
{
- omPermissions.clear();
+ internalPermissions.clear();
}
- PersistenceStore store = getPersistenceStore();
try
{
- store.lockForWrite(omPrincipal);
- omPrincipal.setModifiedDate(new
Timestamp(System.currentTimeMillis()));
- omPrincipal.setPermissions(omPermissions);
- store.getTransaction().checkpoint();
+ persistenceStore.lockForWrite(internalPrincipal);
+ internalPrincipal.setModifiedDate(new
Timestamp(System.currentTimeMillis()));
+ internalPrincipal.setPermissions(internalPermissions);
+ persistenceStore.getTransaction().checkpoint();
}
catch (Exception e)
{
String msg = "Unable to lock Principal for update.";
log.error(msg, e);
- store.getTransaction().rollback();
+ persistenceStore.getTransaction().rollback();
throw new SecurityException(msg, e);
}
}
}
/**
- * @see
org.apache.jetspeed.security.PermissionManager#grantPermission(java.security.Principal,
java.security.Permission)
+ * @see
org.apache.jetspeed.security.PermissionManager#grantPermission(java.security.Principal,
+ * java.security.Permission)
*/
public void grantPermission(Principal principal, Permission permission) throws
SecurityException
{
String fullPath = SecurityHelper.getPreferencesFullPath(principal);
- ArgUtil.notNull(
- new Object[] { fullPath, permission },
- new String[] { "fullPath", "permission" },
- "grantPermission(java.security.Principal, java.security.Permission)");
+ ArgUtil.notNull(new Object[] { fullPath, permission }, new String[] {
"fullPath", "permission" },
+ "grantPermission(java.security.Principal,
java.security.Permission)");
boolean createPermission = true;
- Collection omPermissions = new ArrayList();
+ Collection internalPermissions = new ArrayList();
- InternalPrincipal omPrincipal = getJetspeedPrincipal(fullPath);
- if (null == omPrincipal)
+ InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath);
+ if (null == internalPrincipal)
{
throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST
+ ": " + principal.getName());
}
- InternalPermission omPermission = getJetspeedPermission(permission);
- if (null == omPermission)
+ InternalPermission internalPermission = getInternalPermission(permission);
+ if (null == internalPermission)
{
- omPermission =
- new InternalPermissionImpl(permission.getClass().getName(),
permission.getName(), permission.getActions());
+ throw new SecurityException(SecurityException.PERMISSION_DOES_NOT_EXIST
+ ": " + permission.getName());
}
- if (null != omPrincipal.getPermissions())
+ if (null != internalPrincipal.getPermissions())
{
- omPermissions.addAll(omPrincipal.getPermissions());
+ internalPermissions.addAll(internalPrincipal.getPermissions());
}
- if (!omPermissions.contains(omPermission))
+ if (!internalPermissions.contains(internalPermission))
{
- omPermissions.add(omPermission);
+ internalPermissions.add(internalPermission);
}
- PersistenceStore store = getPersistenceStore();
try
{
- store.lockForWrite(omPrincipal);
- omPrincipal.setModifiedDate(new Timestamp(System.currentTimeMillis()));
- omPrincipal.setPermissions(omPermissions);
- store.getTransaction().checkpoint();
+ persistenceStore.lockForWrite(internalPrincipal);
+ internalPrincipal.setModifiedDate(new
Timestamp(System.currentTimeMillis()));
+ internalPrincipal.setPermissions(internalPermissions);
+ persistenceStore.getTransaction().checkpoint();
}
catch (Exception e)
{
String msg = "Unable to lock Principal for update.";
log.error(msg, e);
- store.getTransaction().rollback();
+ persistenceStore.getTransaction().rollback();
throw new SecurityException(msg, e);
}
}
-
- // TODO Add a permissionExists method.
/**
- * @see
org.apache.jetspeed.security.PermissionManager#revokePermission(java.security.Principal,
java.security.Permission)
+ * @see
org.apache.jetspeed.security.PermissionManager#permissionExists(java.security.Permission)
+ */
+ public boolean permissionExists(Permission permission)
+ {
+ boolean permissionExists = true;
+ InternalPermission internalPermission = getInternalPermission(permission);
+ if (null == internalPermission)
+ {
+ permissionExists = false;
+ }
+ return permissionExists;
+ }
+
+ /**
+ * @see
org.apache.jetspeed.security.PermissionManager#revokePermission(java.security.Principal,
+ * java.security.Permission)
*/
public void revokePermission(Principal principal, Permission permission) throws
SecurityException
{
String fullPath = SecurityHelper.getPreferencesFullPath(principal);
- ArgUtil.notNull(
- new Object[] { fullPath, permission },
- new String[] { "fullPath", "permission" },
- "revokePermission(java.security.Principal, java.security.Permission)");
+ ArgUtil.notNull(new Object[] { fullPath, permission }, new String[] {
"fullPath", "permission" },
+ "revokePermission(java.security.Principal,
java.security.Permission)");
// Remove permissions on principal.
- InternalPrincipal omPrincipal = getJetspeedPrincipal(fullPath);
- if (null != omPrincipal)
+ InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath);
+ if (null != internalPrincipal)
{
- Collection omPermissions = omPrincipal.getPermissions();
- if (null != omPermissions)
+ Collection internalPermissions = internalPrincipal.getPermissions();
+ if (null != internalPermissions)
{
boolean revokePermission = false;
- ArrayList newOmPermissions = new ArrayList();
- Iterator omPermissionsIterator = omPermissions.iterator();
- while (omPermissionsIterator.hasNext())
+ ArrayList newInternalPermissions = new ArrayList();
+ Iterator internalPermissionsIter = internalPermissions.iterator();
+ while (internalPermissionsIter.hasNext())
{
- InternalPermission omPermission = (InternalPermission)
omPermissionsIterator.next();
- if
(!((omPermission.getClassname().equals(permission.getClass().getName()))
- && (omPermission.getName().equals(permission.getName()))
- &&
(omPermission.getActions().equals(permission.getActions()))))
+ InternalPermission internalPermission = (InternalPermission)
internalPermissionsIter.next();
+ if
(!((internalPermission.getClassname().equals(permission.getClass().getName()))
+ &&
(internalPermission.getName().equals(permission.getName())) &&
(internalPermission.getActions()
+ .equals(permission.getActions()))))
{
- newOmPermissions.add(omPermission);
+ newInternalPermissions.add(internalPermission);
}
else
{
@@ -332,19 +375,18 @@
}
if (revokePermission)
{
- PersistenceStore store = getPersistenceStore();
try
{
- store.lockForWrite(omPrincipal);
- omPrincipal.setModifiedDate(new
Timestamp(System.currentTimeMillis()));
- omPrincipal.setPermissions(newOmPermissions);
- store.getTransaction().checkpoint();
+ persistenceStore.lockForWrite(internalPrincipal);
+ internalPrincipal.setModifiedDate(new
Timestamp(System.currentTimeMillis()));
+ internalPrincipal.setPermissions(newInternalPermissions);
+ persistenceStore.getTransaction().checkpoint();
}
catch (Exception e)
{
String msg = "Unable to lock Principal for update.";
log.error(msg, e);
- store.getTransaction().rollback();
+ persistenceStore.getTransaction().rollback();
throw new SecurityException(msg, e);
}
}
@@ -353,46 +395,39 @@
}
/**
- * <p>Returns the [EMAIL PROTECTED] InternalPrincipal} from the full path.</p>
+ * <p>
+ * Returns the [EMAIL PROTECTED] InternalPrincipal}from the full path.
+ * </p>
+ *
* @param fullPath The full path.
* @return The [EMAIL PROTECTED] InternalPrincipal}.
*/
- InternalPrincipal getJetspeedPrincipal(String fullPath)
+ InternalPrincipal getInternalPrincipal(String fullPath)
{
- PersistenceStore store = getPersistenceStore();
- Filter filter = store.newFilter();
+ Filter filter = persistenceStore.newFilter();
filter.addEqualTo("fullPath", fullPath);
- Object query = store.newQuery(InternalPrincipalImpl.class, filter);
- InternalPrincipal omPrincipal = (InternalPrincipal)
store.getObjectByQuery(query);
- return omPrincipal;
+ Object query = persistenceStore.newQuery(InternalPrincipalImpl.class,
filter);
+ InternalPrincipal internalPrincipal = (InternalPrincipal)
persistenceStore.getObjectByQuery(query);
+ return internalPrincipal;
}
/**
- * <p>Returns the [EMAIL PROTECTED] InternalPermission} from the full path.</p>
+ * <p>
+ * Returns the [EMAIL PROTECTED] InternalPermission}from the full path.
+ * </p>
+ *
* @param fullPath The full path.
* @return The [EMAIL PROTECTED] InternalPermission}.
*/
- InternalPermission getJetspeedPermission(Permission permission)
+ InternalPermission getInternalPermission(Permission permission)
{
- PersistenceStore store = getPersistenceStore();
- Filter filter = store.newFilter();
+ Filter filter = persistenceStore.newFilter();
filter.addEqualTo("classname", permission.getClass().getName());
filter.addEqualTo("name", permission.getName());
filter.addEqualTo("actions", permission.getActions());
- Object query = store.newQuery(InternalPermissionImpl.class, filter);
- InternalPermission omPermission = (InternalPermission)
store.getObjectByQuery(query);
- return omPermission;
- }
-
- /**
- * <p>Utility method to get the persistence store and initiate
- * the transaction if not open.</p>
- * @return The persistence store.
- */
- PersistenceStore getPersistenceStore()
- {
-
- return persistenceStore;
+ Object query = persistenceStore.newQuery(InternalPermissionImpl.class,
filter);
+ InternalPermission internalPermission = (InternalPermission)
persistenceStore.getObjectByQuery(query);
+ return internalPermission;
}
}
1.8 +10 -10
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java
Index: RoleManagerImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- RoleManagerImpl.java 25 Sep 2004 23:03:17 -0000 1.7
+++ RoleManagerImpl.java 28 Sep 2004 04:23:52 -0000 1.8
@@ -393,9 +393,9 @@
"isUserInRole(java.lang.String, java.lang.String)");
boolean isUserInRole = false;
-
+
Set rolePrincipals = securityMappingHandler.getRolePrincipals(username);
- Principal rolePrincipal = new RolePrincipalImpl(roleFullPathName);
+ Principal rolePrincipal = new RolePrincipalImpl(roleFullPathName);
if (rolePrincipals.contains(rolePrincipal))
{
isUserInRole = true;
@@ -498,21 +498,21 @@
ArgUtil.notNull(new Object[] { roleFullPathName, groupFullPathName }, new
String[] { "roleFullPathName",
"groupFullPathName" }, "isGroupInRole(java.lang.String,
java.lang.String)");
+ boolean isGroupInRole = false;
+
InternalGroupPrincipal omGroup =
super.getJetspeedGroupPrincipal(groupFullPathName);
if (null == omGroup)
{
throw new SecurityException(SecurityException.GROUP_DOES_NOT_EXIST + "
" + groupFullPathName);
}
InternalRolePrincipal omRole =
super.getJetspeedRolePrincipal(roleFullPathName);
- if (null == omRole)
+ if (null != omRole)
{
- throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST + " "
+ roleFullPathName);
- }
- boolean isGroupInRole = false;
- Collection omRoles = omGroup.getRolePrincipals();
- if ((null != omRoles) && (omRoles.contains(omRole)))
- {
- isGroupInRole = true;
+ Collection omRoles = omGroup.getRolePrincipals();
+ if ((null != omRoles) && (omRoles.contains(omRole)))
+ {
+ isGroupInRole = true;
+ }
}
return isGroupInRole;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
