cvs commit: jakarta-slide/src/webdav/server/org/apache/slide/webdav/util PropertyHelper.java

Fri, 10 Oct 2003 04:29:41 -0700 

pnever      2003/10/10 04:30:28

  Modified:    src/share/org/apache/slide/security Security.java
                        SecurityImpl.java
               src/webdav/server/org/apache/slide/webdav/util
                        PropertyHelper.java
  Log:
  Added signatures for checkPermission() and hasPermission() with
  SlideToken instead of SubjectNode (for principal). Marked existing
  signatures deprecated
  
  Revision  Changes    Path
  1.20      +36 -4     jakarta-slide/src/share/org/apache/slide/security/Security.java
  
  Index: Security.java
  ===================================================================
  RCS file: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/Security.java,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- Security.java     5 Aug 2003 08:51:00 -0000       1.19
  +++ Security.java     10 Oct 2003 11:30:28 -0000      1.20
  @@ -303,12 +303,28 @@
        * @exception ObjectNotFoundException Specified object was not found
        * in the DataSource
        * @exception AccessDeniedException Insufficent credentials
  +     * @deprecated use signature with SlideToken instead
        */
       void checkPermission(ObjectNode object, SubjectNode subject,
                            ActionNode action)
           throws ServiceAccessException, AccessDeniedException,
           ObjectNotFoundException;
       
  +    /**
  +     * Check whether or not an actor (principal) can perform the specified activity
  +     * on the specified resource.
  +     *
  +     * @param    token               a  SlideToken
  +     * @param    object              Object on which access is tested
  +     * @param    action              Action which is to be performed
  +     *
  +     * @throws   ServiceAccessException
  +     * @throws   AccessDeniedException
  +     * @throws   ObjectNotFoundException
  +     */
  +    void checkPermission(SlideToken token, ObjectNode object, ActionNode action)
  +        throws ServiceAccessException, AccessDeniedException,
  +        ObjectNotFoundException;
       
       /**
        * Check whether or not an actor can perform the specified activity
  @@ -321,11 +337,27 @@
        * @exception ServiceAccessException DataSource access error
        * @exception ObjectNotFoundException Specified object was not found
        * in the DataSource
  +     * @deprecated use signature with SlideToken instead
        */
       boolean hasPermission(ObjectNode object, SubjectNode subject,
                             ActionNode action)
           throws ServiceAccessException, ObjectNotFoundException;
       
  +    /**
  +     * Check whether or not an actor (principal) can perform the specified activity
  +     * on the specified resource.
  +     *
  +     * @param    token               a  SlideToken
  +     * @param    object              Object on which access is tested
  +     * @param    action              Action which is to be performed
  +     *
  +     * @return   true if the action can be performed
  +     *
  +     * @throws   ServiceAccessException
  +     * @throws   ObjectNotFoundException
  +     */
  +    boolean hasPermission(SlideToken token, ObjectNode object, ActionNode action)
  +        throws ServiceAccessException, ObjectNotFoundException;
       
       /**
        * Check whether or not the current user has the specified role.
  
  
  
  1.36      +74 -15    
jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java
  
  Index: SecurityImpl.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- SecurityImpl.java 5 Aug 2003 08:51:00 -0000       1.35
  +++ SecurityImpl.java 10 Oct 2003 11:30:28 -0000      1.36
  @@ -63,16 +63,26 @@
   
   package org.apache.slide.security;
   
  +import java.lang.reflect.Constructor;
  +import java.lang.reflect.InvocationTargetException;
   import java.util.Enumeration;
   import java.util.Hashtable;
  -import java.util.HashMap;
   import java.util.Vector;
  -import java.lang.reflect.Constructor;
  -import java.lang.reflect.InvocationTargetException;
  -import org.apache.slide.common.*;
  -import org.apache.slide.structure.*;
  -import org.apache.slide.authenticate.CredentialsToken;
  +import org.apache.slide.common.Namespace;
  +import org.apache.slide.common.NamespaceConfig;
  +import org.apache.slide.common.ServiceAccessException;
  +import org.apache.slide.common.SlideToken;
  +import org.apache.slide.common.SlideTokenWrapper;
  +import org.apache.slide.common.Uri;
  +import org.apache.slide.structure.ActionNode;
  +import org.apache.slide.structure.LinkNode;
  +import org.apache.slide.structure.ObjectAlreadyExistsException;
  +import org.apache.slide.structure.ObjectNode;
  +import org.apache.slide.structure.ObjectNotFoundException;
  +import org.apache.slide.structure.Structure;
  +import org.apache.slide.structure.SubjectNode;
   import org.apache.slide.util.Configuration;
  +import org.apache.slide.webdav.util.AclConstants;
   
   /**
    * Security helper.
  @@ -388,21 +398,20 @@
                   Uri objectUri = namespace.getUri(token, object.getUri());
                   ObjectNode realObject = objectUri.getStore()
                       .retrieveObject(objectUri);
  -                SubjectNode subject = (SubjectNode) getPrincipal(token);
                   // check if permission has already been checked
                   Boolean permission = token.checkPermissionCache(object, action);
                   if (permission == null) {
                       // if not checked before, check now
                       try {
  -                checkPermission(realObject, subject, action);
  +                        checkPermission(token, realObject, action);
                           token.cachePermission(object, action, true);
                       } catch (AccessDeniedException ade) {
                           token.cachePermission(object, action, false);
                           ade.fillInStackTrace();
                           throw ade;
                       }
  -                } else {
  -                    
  +                }
  +                else {
                       if (!(permission.booleanValue())) {
                           throw new AccessDeniedException
                               (object.getUri(),
  @@ -444,6 +453,26 @@
           
       }
       
  +    /**
  +     * Check whether or not an actor (principal) can perform the specified activity
  +     * on the specified resource.
  +     *
  +     * @param    token               a  SlideToken
  +     * @param    object              Object on which access is tested
  +     * @param    action              Action which is to be performed
  +     *
  +     * @throws   ServiceAccessException
  +     * @throws   AccessDeniedException
  +     * @throws   ObjectNotFoundException
  +     */
  +    public void checkPermission(SlideToken token, ObjectNode object, ActionNode 
action) throws ServiceAccessException, AccessDeniedException, ObjectNotFoundException {
  +        
  +        if (!hasPermission(token, object, action)) {
  +            throw new AccessDeniedException(object.getUri(), 
getPrincipal(token).getUri(),
  +                                            action.getUri());
  +        }
  +    }
  +    
       
       /**
        * Check whether or not an actor can perform the specified activity
  @@ -631,6 +660,29 @@
           
       }
       
  +    /**
  +     * Check whether or not an actor (principal) can perform the specified activity
  +     * on the specified resource.
  +     *
  +     * @param    token               a  SlideToken
  +     * @param    object              Object on which access is tested
  +     * @param    action              Action which is to be performed
  +     *
  +     * @return   true if the action can be performed
  +     *
  +     * @throws   ServiceAccessException
  +     * @throws   ObjectNotFoundException
  +     */
  +    public boolean hasPermission(SlideToken token, ObjectNode object, ActionNode 
action) throws ServiceAccessException, ObjectNotFoundException {
  +        Boolean cachedPermission = token.checkPermissionCache(object, action);
  +        if (cachedPermission != null) {
  +            return cachedPermission.booleanValue();
  +        }
  +        else {
  +            return hasPermission(object, (SubjectNode)getPrincipal(token), action);
  +        }
  +    }
  +    
       
       /**
        * Enumerates permissions on an object.
  @@ -801,8 +853,15 @@
               principalPath = namespaceConfig.getGuestPath();
           }
           
  +        String userPrefix = "/";
  +        String configParam = 
namespaceConfig.getParameter(AclConstants.P_USER_COLLECTION);
  +        if ( configParam != null ) {
  +            if ( configParam.length() > 0 )
  +                userPrefix = "/" + configParam +"/";
  +        }
  +        
           Uri subjectUri = namespace.getUri
  -            (token, namespaceConfig.getUsersPath() + "/" + principalPath);
  +            (token, namespaceConfig.getUsersPath() + userPrefix + principalPath);
           
           try {
               return subjectUri.getStore().retrieveObject(subjectUri);
  
  
  
  1.53      +20 -29    
jakarta-slide/src/webdav/server/org/apache/slide/webdav/util/PropertyHelper.java
  
  Index: PropertyHelper.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-slide/src/webdav/server/org/apache/slide/webdav/util/PropertyHelper.java,v
  retrieving revision 1.52
  retrieving revision 1.53
  diff -u -r1.52 -r1.53
  --- PropertyHelper.java       18 Sep 2003 11:01:43 -0000      1.52
  +++ PropertyHelper.java       10 Oct 2003 11:30:28 -0000      1.53
  @@ -1619,69 +1619,60 @@
           NamespaceConfig config = nsaToken.getNamespaceConfig();
           Security security = nsaToken.getSecurityHelper();
           Structure structure = nsaToken.getStructureHelper();
  -        SubjectNode principalNode = null;
           ObjectNode object =  structure.retrieve(sToken, 
revisionDescriptors.getUri());
           
           try {
  -            principalNode = (SubjectNode) security.getPrincipal(sToken);
  -        } catch (SlideException e) {
  -            return xmlValue;
  -        } catch (ClassCastException e) {
  -            return xmlValue;
  -        }
  -        
  -        try {
               
               boolean readObject =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getReadObjectAction());
               boolean createObject =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getCreateObjectAction());
               boolean removeObject =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getRemoveObjectAction());
               boolean grantPermission =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getGrantPermissionAction());
               boolean revokePermission =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getRevokePermissionAction());
               boolean readPermissions =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getReadPermissionsAction());
               boolean lockObject =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getLockObjectAction());
               boolean killLock =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getKillLockAction());
               boolean readLocks =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getReadLocksAction());
               boolean readRevisionMetadata =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getReadRevisionMetadataAction());
               boolean createRevisionMetadata = security.hasPermission
  -                (object, principalNode,
  +                (sToken, object,
                    config.getCreateRevisionMetadataAction());
               boolean modifyRevisionMetadata = security.hasPermission
  -                (object, principalNode,
  +                (sToken, object,
                    config.getModifyRevisionMetadataAction());
               boolean removeRevisionMetadata = security.hasPermission
  -                (object, principalNode,
  +                (sToken, object,
                    config.getRemoveRevisionMetadataAction());
               boolean readRevisionContent =
  -                security.hasPermission(object, principalNode,
  +                security.hasPermission(sToken, object,
                                          config.getReadRevisionContentAction());
               boolean createRevisionContent = security.hasPermission
  -                (object, principalNode,
  +                (sToken, object,
                    config.getCreateRevisionContentAction());
               boolean modifyRevisionContent = security.hasPermission
  -                (object, principalNode,
  +                (sToken, object,
                    config.getModifyRevisionContentAction());
               boolean removeRevisionContent = security.hasPermission
  -                (object, principalNode,
  +                (sToken, object,
                    config.getRemoveRevisionContentAction());
               
               boolean canRead = readObject && readRevisionMetadata
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to