portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/services/security JetspeedDBSecurityService.java
Date Thu, 07 Jun 2001 06:24:39 GMT
taylor      01/06/06 23:24:39

  Modified:    src/java/org/apache/jetspeed/services/security
                        JetspeedDBSecurityService.java
  Log:
  modified security service to only use one group, the Jetspeed group.
  all acls are role-based. if a user is in a role, and if the user has permission, access
is granted
  
  Revision  Changes    Path
  1.2       +7 -11     jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java
  
  Index: JetspeedDBSecurityService.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- JetspeedDBSecurityService.java	2001/06/04 07:16:07	1.1
  +++ JetspeedDBSecurityService.java	2001/06/07 06:24:39	1.2
  @@ -67,13 +67,17 @@
    *
    * @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
    * @author <a href="mailto:sgala@hisitech.com">Santiago Gala</a>
  - * @version $Id: JetspeedDBSecurityService.java,v 1.1 2001/06/04 07:16:07 taylor Exp $
  + * @version $Id: JetspeedDBSecurityService.java,v 1.2 2001/06/07 06:24:39 taylor Exp $
    */
   
   
   public class JetspeedDBSecurityService extends DBSecurityService
                                          implements JetspeedSecurityService
   {
  +    // Jetspeed security only has one group. 
  +    // Access Control checks are only role-based.
  +    // If a user has the specified role for the resource, then the user can access that
resource
  +    public static final String JETSPEED_GROUP = "Jetspeed";
   
       /**
        * given a user, checks if a user has access to a given portlet for the given action
  @@ -111,20 +115,12 @@
           if (null == securityRole)
               return true; // grant permission if no security role given
   
  -        // TODO:
  -        // the portlet name by itself may not be a unique enough identifier since
  -        // other resources (panes, configs) may have the same name
  -        // we may need to prefix the portletName with something like:
  -        // "portlet_" + portletName
  -        // the alternative would be to add a column to the turbine database
  -        // but this would mean deviating from the basic turbine security model
  -
           // determine if Portlet has specified role
           AccessControlList acl = runData.getACL();
           if (null == acl)
               return false;
   
  -        if (!acl.hasRole( securityRole, portletName ))
  +        if (!acl.hasRole( securityRole, JETSPEED_GROUP ))
               return false;
   
           // check for role having permission
  @@ -134,7 +130,7 @@
               if ( acl.hasPermission( permission ) )
                   return true;
   
  -            if ( !acl.hasPermission( permission, portletName ) )
  +            if ( !acl.hasPermission( permission, JETSPEED_GROUP ) )
                   return false;
           }
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message