remm 01/02/10 11:18:29
Modified: src/share/org/apache/slide/common NamespaceConfig.java
src/share/org/apache/slide/security SecurityImpl.java
Log:
- Add the concept of a guest user.
- Add the guestpath element in the namespace configuration.
- Improvements to self permissions. More details on the updated algorithm
will be give in the Security page in the documentation.
Revision Changes Path
1.11 +26 -4
jakarta-slide/src/share/org/apache/slide/common/NamespaceConfig.java
Index: NamespaceConfig.java
===================================================================
RCS file:
/home/cvs/jakarta-slide/src/share/org/apache/slide/common/NamespaceConfig.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- NamespaceConfig.java 2000/12/26 17:16:37 1.10
+++ NamespaceConfig.java 2001/02/10 19:18:29 1.11
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-slide/src/share/org/apache/slide/common/NamespaceConfig.java,v 1.10
2000/12/26 17:16:37 remm Exp $
- * $Revision: 1.10 $
- * $Date: 2000/12/26 17:16:37 $
+ * $Header:
/home/cvs/jakarta-slide/src/share/org/apache/slide/common/NamespaceConfig.java,v 1.11
2001/02/10 19:18:29 remm Exp $
+ * $Revision: 1.11 $
+ * $Date: 2001/02/10 19:18:29 $
*
* ====================================================================
*
@@ -79,7 +79,7 @@
* Configuration of the Namespace.
*
* @author <a href="mailto:[EMAIL PROTECTED]">Remy Maucherat</a>
- * @version $Revision: 1.10 $
+ * @version $Revision: 1.11 $
*/
public final class NamespaceConfig {
@@ -215,6 +215,12 @@
/**
+ * Guest user path.
+ */
+ protected String guestPath;
+
+
+ /**
* File path.
*/
protected String filesPath;
@@ -435,6 +441,16 @@
/**
+ * Guest path accessor.
+ *
+ * @return String Guest path
+ */
+ public String getGuestPath() {
+ return guestPath;
+ }
+
+
+ /**
* Files path accessor.
*
* @return String Files path
@@ -644,6 +660,12 @@
usersPath = config.getConfiguration("userspath").getValue();
} catch (ConfigurationException e) {
usersPath = "";
+ }
+
+ try {
+ guestPath = config.getConfiguration("guestpath").getValue();
+ } catch (ConfigurationException e) {
+ guestPath = "";
}
try {
1.16 +35 -31
jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java
Index: SecurityImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- SecurityImpl.java 2001/02/10 03:17:58 1.15
+++ SecurityImpl.java 2001/02/10 19:18:29 1.16
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v 1.15
2001/02/10 03:17:58 remm Exp $
- * $Revision: 1.15 $
- * $Date: 2001/02/10 03:17:58 $
+ * $Header:
/home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v 1.16
2001/02/10 19:18:29 remm Exp $
+ * $Revision: 1.16 $
+ * $Date: 2001/02/10 19:18:29 $
*
* ====================================================================
*
@@ -75,7 +75,7 @@
* Security helper.
*
* @author <a href="mailto:[EMAIL PROTECTED]">Remy Maucherat</a>
- * @version $Revision: 1.15 $
+ * @version $Revision: 1.16 $
*/
public final class SecurityImpl implements Security {
@@ -194,10 +194,9 @@
}
if (!alreadyPresent) {
- checkCredentials(token, object, namespaceConfig
- .getGrantPermissionAction());
- objectUri.getStore().grantPermission(objectUri,
- permission);
+ checkCredentials(token, object,
+ namespaceConfig.getGrantPermissionAction());
+ objectUri.getStore().grantPermission(objectUri, permission);
}
}
@@ -366,16 +365,31 @@
NodePermission permission =
(NodePermission) permissions.nextElement();
+ String permissionSubject = permission.getSubjectUri();
- //if (permission.isInheritable()
- //|| permission.getObjectUri().equals(object.getUri())) {
- //granted = (subjectUri.isParent(permission.getSubjectUri()))
- //&& (actionUri.isParent(permission.getActionUri()));
- if (permission.isInheritable()
- || permission.getObjectUri().equals(object.getUri())) {
+ if (permissionSubject.equals("~")) {
+
+ boolean check;
+ if (permission.isInheritable()) {
+ check =
+ object.getUri().startsWith(subjectUri.toString());
+ } else {
+ check = object.getUri().equals(subjectUri.toString());
+ }
- String permissionSubject = permission.getSubjectUri();
+ // Self permission
+ granted = (!permission.isNegative())
+ && (check)
+ && (actionUri.toString()
+ .startsWith(permission.getActionUri()));
+ denied = (permission.isNegative())
+ && (check)
+ && (actionUri.toString()
+ .startsWith(permission.getActionUri()));
+ } else if (permission.isInheritable()
+ || permission.getObjectUri().equals(object.getUri())) {
+
if (permissionSubject.startsWith("/")) {
// Node permission
@@ -390,20 +404,6 @@
&& (actionUri.toString()
.startsWith(permission.getActionUri()));
- } else if (permissionSubject.equals("~")) {
-
- // Self permission
- granted = (!permission.isNegative())
- && (object.getUri().startsWith
- (subjectUri.toString()))
- && (actionUri.toString()
- .startsWith(permission.getActionUri()));
- denied = (permission.isNegative())
- && (object.getUri().startsWith
- (subjectUri.toString()))
- && (actionUri.toString()
- .startsWith(permission.getActionUri()));
-
} else {
// Role permission
@@ -611,9 +611,13 @@
public ObjectNode getPrincipal(SlideToken token)
throws ServiceAccessException, ObjectNotFoundException {
+ String principalPath =
+ token.getCredentialsToken().getPublicCredentials();
+ if ((principalPath == null) || (principalPath.equals(""))) {
+ principalPath = namespaceConfig.getGuestPath();
+ }
Uri subjectUri = namespace.getUri
- (namespaceConfig.getUsersPath() + "/"
- + token.getCredentialsToken().getPublicCredentials());
+ (namespaceConfig.getUsersPath() + "/" + principalPath);
return subjectUri.getStore().retrieveObject(subjectUri);
}
