Author: chathura
Date: Fri Jan 4 02:21:30 2008
New Revision: 11841
Log:
Completing the HTTP basic authentication support...
Fixed some authorization/authentication related issues.
Added:
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryAccessControlAdmin.java
Modified:
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryRealm.java
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryUserStoreAdmin.java
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/MassAuthorizationAction.java
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/MassRoleAuthorizationAction.java
Added:
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryAccessControlAdmin.java
==============================================================================
--- (empty file)
+++
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryAccessControlAdmin.java
Fri Jan 4 02:21:30 2008
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2006, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.wso2.registry.jdbc.realm;
+
+import org.wso2.usermanager.readwrite.DefaultAccessControlAdmin;
+import org.wso2.usermanager.UserManagerException;
+import org.wso2.registry.RegistryConstants;
+
+import javax.sql.DataSource;
+
+public class RegistryAccessControlAdmin extends DefaultAccessControlAdmin {
+
+ public RegistryAccessControlAdmin(DataSource dataSource, String algo) {
+ super(dataSource, algo);
+ }
+
+ public void clearUserAuthorization(String userName, String resourceId,
String action)
+ throws UserManagerException {
+
+ if (userName.equals(RegistryConstants.SYSTEM_USER) ||
+ userName.equals(RegistryConstants.ADMIN_USER)) {
+
+ String msg = "Could not change authorizations of the system
defined user: " + userName;
+ throw new UserManagerException(msg);
+ }
+
+ super.clearUserAuthorization(userName, resourceId, action);
+ }
+
+ public void denyUser(String userName, String resourceId, String action)
+ throws UserManagerException {
+
+ if (userName.equals(RegistryConstants.SYSTEM_USER) ||
+ userName.equals(RegistryConstants.ADMIN_USER)) {
+
+ String msg = "Could not change authorizations of the system
defined user: " + userName;
+ throw new UserManagerException(msg);
+ }
+
+ super.denyUser(userName, resourceId, action);
+ }
+
+
+ public void clearRoleAuthorization(String roleName, String resourceId,
String action)
+ throws UserManagerException {
+
+ if (roleName.equals(RegistryConstants.ADMIN_ROLE)) {
+
+ String msg = "Could not change authorizations of the system
defined role: " + roleName;
+ throw new UserManagerException(msg);
+ }
+
+ super.clearRoleAuthorization(roleName, resourceId, action);
+ }
+
+
+ public void denyRole(String roleName, String resourceId, String action)
+ throws UserManagerException {
+
+ if (roleName.equals(RegistryConstants.ADMIN_ROLE)) {
+
+ String msg = "Could not change authorizations of the system
defined role: " + roleName;
+ throw new UserManagerException(msg);
+ }
+
+ super.denyRole(roleName, resourceId, action);
+ }
+}
Modified:
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryRealm.java
==============================================================================
---
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryRealm.java
(original)
+++
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryRealm.java
Fri Jan 4 02:21:30 2008
@@ -20,6 +20,7 @@
import org.wso2.registry.utils.AuthorizationUtil;
import org.wso2.usermanager.UserManagerException;
import org.wso2.usermanager.UserStoreAdmin;
+import org.wso2.usermanager.AccessControlAdmin;
import org.wso2.usermanager.readwrite.DefaultRealm;
import org.wso2.usermanager.readwrite.DefaultRealmConfig;
@@ -28,6 +29,7 @@
public class RegistryRealm extends DefaultRealm {
private RegistryUserStoreAdmin userStoreAdmin = null;
+ private RegistryAccessControlAdmin accessControlAdmin = null;
public RegistryRealm(DataSource dataSource) throws RegistryException {
super();
@@ -45,6 +47,10 @@
return userStoreAdmin;
}
+ public AccessControlAdmin getAccessControlAdmin() throws
UserManagerException {
+ return accessControlAdmin;
+ }
+
private void init(DataSource dataSource) throws RegistryException {
try {
@@ -53,6 +59,8 @@
this.init(config);
userStoreAdmin = new RegistryUserStoreAdmin(dataSource);
+ accessControlAdmin = new RegistryAccessControlAdmin(
+ dataSource, DefaultRealmConfig.PERMISSION_BLOCK_FIRST);
AuthorizationUtil.populateUserStore(this);
Modified:
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryUserStoreAdmin.java
==============================================================================
---
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryUserStoreAdmin.java
(original)
+++
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/realm/RegistryUserStoreAdmin.java
Fri Jan 4 02:21:30 2008
@@ -17,6 +17,7 @@
package org.wso2.registry.jdbc.realm;
import org.wso2.registry.RegistryConstants;
+import org.wso2.registry.RegistryException;
import org.wso2.usermanager.UserManagerException;
import org.wso2.usermanager.readwrite.DefaultUserStoreAdmin;
@@ -35,10 +36,11 @@
public void deleteUser(String userName) throws UserManagerException {
- if (userName.equals(RegistryConstants.ADMIN_USER) ||
+ if (userName.equals(RegistryConstants.SYSTEM_USER) ||
+ userName.equals(RegistryConstants.ADMIN_USER) ||
userName.equals(RegistryConstants.ANONYMOUS_USER)) {
- String msg = "Could not remove the pre-defined user: " + userName;
+ String msg = "Could not remove the system defined user: " +
userName;
throw new UserManagerException(msg);
}
@@ -46,4 +48,15 @@
}
+ public void deleteRole(String roleName) throws UserManagerException {
+
+ if (roleName.equals(RegistryConstants.ADMIN_ROLE) ||
+ roleName.equals(RegistryConstants.EVERYONE_ROLE)) {
+
+ String msg = "Could not remove the system defined role: " +
roleName;
+ throw new UserManagerException(msg);
+ }
+
+ super.deleteRole(roleName);
+ }
}
Modified:
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/MassAuthorizationAction.java
==============================================================================
---
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/MassAuthorizationAction.java
(original)
+++
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/MassAuthorizationAction.java
Fri Jan 4 02:21:30 2008
@@ -18,6 +18,7 @@
import org.wso2.registry.ActionConstants;
import org.wso2.registry.RegistryException;
+import org.wso2.registry.RegistryConstants;
import org.wso2.registry.secure.SecureRegistry;
import org.wso2.usermanager.AccessControlAdmin;
import org.wso2.usermanager.Realm;
@@ -49,10 +50,20 @@
String[] userPermissions = permissionString.split("1");
for (int i = 0; i < userPermissions.length; i++) {
+
+ if (userPermissions[i].trim().length() == 0) {
+ continue;
+ }
+
String[] permissions = userPermissions[i].split("2");
String permUser = permissions[0];
- accessControlAdmin.clearUserAuthorization(permUser,
resourcePath, ActionConstants.GET);
- accessControlAdmin.clearUserAuthorization(permUser,
resourcePath, ActionConstants.PUT);
+
+ if (!(permUser.equals(RegistryConstants.SYSTEM_USER) ||
+ permUser.equals(RegistryConstants.ADMIN_USER))) {
+
+ accessControlAdmin.clearUserAuthorization(permUser,
resourcePath, ActionConstants.GET);
+ accessControlAdmin.clearUserAuthorization(permUser,
resourcePath, ActionConstants.PUT);
+ }
for (int j = 1; j < permissions.length; j++) {
String[] permission = permissions[j].split("3");
Modified:
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/MassRoleAuthorizationAction.java
==============================================================================
---
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/MassRoleAuthorizationAction.java
(original)
+++
trunk/registry/modules/webapps/src/main/java/org/wso2/registry/web/actions/MassRoleAuthorizationAction.java
Fri Jan 4 02:21:30 2008
@@ -18,6 +18,7 @@
import org.wso2.registry.ActionConstants;
import org.wso2.registry.RegistryException;
+import org.wso2.registry.RegistryConstants;
import org.wso2.registry.secure.SecureRegistry;
import org.wso2.usermanager.AccessControlAdmin;
import org.wso2.usermanager.Realm;
@@ -49,10 +50,18 @@
String[] rolePermissions = permissionString.split("1");
for (int i = 0; i < rolePermissions.length; i++) {
+
+ if (rolePermissions[i].trim().length() == 0) {
+ continue;
+ }
+
String[] permissions = rolePermissions[i].split("2");
String permRole = permissions[0];
- accessControlAdmin.clearRoleAuthorization(permRole,
resourcePath, ActionConstants.GET);
- accessControlAdmin.clearRoleAuthorization(permRole,
resourcePath, ActionConstants.PUT);
+
+ if (!permRole.equals(RegistryConstants.ADMIN_ROLE)) {
+ accessControlAdmin.clearRoleAuthorization(permRole,
resourcePath, ActionConstants.GET);
+ accessControlAdmin.clearRoleAuthorization(permRole,
resourcePath, ActionConstants.PUT);
+ }
for (int j = 1; j < permissions.length; j++) {
String[] permission = permissions[j].split("3");
_______________________________________________
Registry-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/registry-dev
