portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sg...@apache.org
Subject cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets CacheablePortletWrapper.java CacheableStatefulPortletWrapper.java PortletWrapper.java StatefulPortletWrapper.java package.html
Date Mon, 21 Jan 2002 18:15:11 GMT
sgala       02/01/21 10:15:11

  Added:       src/java/org/apache/jetspeed/portal/security package.html
               src/java/org/apache/jetspeed/portal/security/portlets
                        CacheablePortletWrapper.java
                        CacheableStatefulPortletWrapper.java
                        PortletWrapper.java StatefulPortletWrapper.java
                        package.html
  Log:
  package for security-related wrapper classes for the portal implementation. Initial commit
of implementation of wrapper classes for the different interfaces implemented by portlets.
  
  Revision  Changes    Path
  1.1                  jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/package.html
  
  Index: package.html
  ===================================================================
  <body>
  <p>
  This package is for portal implementation wrappers that do security
  checked access to public methods in portal classes.
  </p>
  </body>
  
  
  
  1.1                  jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets/CacheablePortletWrapper.java
  
  Index: CacheablePortletWrapper.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.jetspeed.portal.security.portlets;
  
  //jetspeed
  import org.apache.jetspeed.portal.Portlet;
  import org.apache.jetspeed.portal.expire.Expire;
  
  import org.apache.jetspeed.services.portletcache.Cacheable;
  
  import org.apache.jetspeed.services.JetspeedSecurity;
  
  import org.apache.turbine.util.RunData;
  
  
  /**
  <p>
  This object is used to wrap a Portlet, ensuring that access control rules are enforced.
  </p>
  
  @author <A HREF="mailto:sgala@apache.org">Santiago Gala</A>
  @version $Id: CacheablePortletWrapper.java,v 1.1 2002/01/21 18:15:11 sgala Exp $
  */
  public class CacheablePortletWrapper extends PortletWrapper implements /*FIXME*/Cacheable
  {
  
      /*
       * The cacheable associated with us
       */
      private Cacheable wrappedCacheable = null;
  
      
      public CacheablePortletWrapper( Portlet inner )
      {
          super( inner );
          if( inner instanceof Cacheable )
          {
              wrappedCacheable = (Cacheable) inner;
          }
          else
          {
              //Log error or throw exception
          }
              
      }
  
      //Cacheable interface
  
      /**
      */
      public boolean isCacheable()
      {
          return wrappedCacheable.isCacheable();
      }
  
      /**
      */
      public void setCacheable(boolean cacheable)
      {
          wrappedCacheable.setCacheable( cacheable );
      }
  
  
      /**
      */
      public Expire getExpire()
      {
          return wrappedCacheable.getExpire();
      }
  
      /**
      */
      public final String getHandle()
      {
          return wrappedCacheable.getHandle();
      }
  
      /**
      */
      public final void setHandle( String handle )
      {
          wrappedCacheable.setHandle( handle );
      }
  
      /**
      @see Cacheable#getExpirationMillis
      */
      public Long getExpirationMillis()
      {
        return wrappedCacheable.getExpirationMillis();
      }
      
  
      /**
      @see Cacheable#setExpirationMillis
      */
      public void setExpirationMillis( long expirationMillis)
      {
        wrappedCacheable.setExpirationMillis( expirationMillis );
      }
      
  }
  
  
  
  1.1                  jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets/CacheableStatefulPortletWrapper.java
  
  Index: CacheableStatefulPortletWrapper.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.jetspeed.portal.security.portlets;
  
  //jetspeed
  import org.apache.jetspeed.portal.Portlet;
  import org.apache.jetspeed.portal.expire.Expire;
  import org.apache.jetspeed.services.portletcache.Cacheable;
  import org.apache.jetspeed.services.JetspeedSecurity;
  
  import org.apache.turbine.util.RunData;
  
  
  
  /**
  <p>
  This object is used to wrap a Portlet, ensuring that access control rules are enforced.
  </p>
  
  @author <A HREF="mailto:sgala@apache.org">Santiago Gala</A>
  @version $Id: CacheableStatefulPortletWrapper.java,v 1.1 2002/01/21 18:15:11 sgala Exp $
  */
  public class CacheableStatefulPortletWrapper extends StatefulPortletWrapper implements /*FIXME*/Cacheable
  {
  
      /*
       * The cacheable associated with us
       */
      private Cacheable wrappedCacheable = null;
  
      
      public CacheableStatefulPortletWrapper( Portlet inner )
      {
          super( inner );
          if( inner instanceof Cacheable )
          {
              wrappedCacheable = (Cacheable) inner;
          }
          else
          {
              //Log error or throw exception
          }
              
      }
  
      //Cacheable interface
  
      /**
      */
      public boolean isCacheable()
      {
          return wrappedCacheable.isCacheable();
      }
  
      /**
      */
      public void setCacheable(boolean cacheable)
      {
          wrappedCacheable.setCacheable( cacheable );
      }
  
  
      /**
      */
      public Expire getExpire()
      {
          return wrappedCacheable.getExpire();
      }
  
      /**
      */
      public final String getHandle()
      {
          return wrappedCacheable.getHandle();
      }
  
      /**
      */
      public final void setHandle( String handle )
      {
          wrappedCacheable.setHandle( handle );
      }
  
      /**
      @see Cacheable#getExpirationMillis
      */
      public Long getExpirationMillis()
      {
        return wrappedCacheable.getExpirationMillis();
      }
      
  
      /**
      @see Cacheable#setExpirationMillis
      */
      public void setExpirationMillis( long expirationMillis)
      {
        wrappedCacheable.setExpirationMillis( expirationMillis );
      }
      
  }
  
  
  
  1.1                  jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets/PortletWrapper.java
  
  Index: PortletWrapper.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.jetspeed.portal.security.portlets;
  
  //jetspeed
  import org.apache.jetspeed.portal.Portlet;
  import org.apache.jetspeed.portal.PortletState;
  import org.apache.jetspeed.portal.PortletConfig;
  import org.apache.jetspeed.portal.PortletException;
  import org.apache.jetspeed.util.MimeType;
  
  import org.apache.jetspeed.services.portletcache.Cacheable;
  
  import org.apache.jetspeed.services.JetspeedSecurity;
  
  import org.apache.turbine.util.RunData;
  import org.apache.turbine.util.TurbineRuntimeException;
  
  //ecs
  import org.apache.ecs.ConcreteElement;
  import org.apache.ecs.ClearElement;
  
  
  
  /**
  <p>
  This object is used to wrap a Portlet, ensuring that access control rules are enforced.
  </p>
  
  @author <A HREF="mailto:sgala@apache.org">Santiago Gala</A>
  @version $Id: PortletWrapper.java,v 1.1 2002/01/21 18:15:11 sgala Exp $
  */
  public class PortletWrapper implements Portlet
  {
  
      /*
       * The portlet we are wrapping
       */
      private Portlet wrappedPortlet = null;
  
      public PortletWrapper( Portlet inner )
      {
          wrappedPortlet = inner;
      }
  
      /**
      */
      public final String getName()
      {
          //This means name is accessible for every Portlet
          return wrappedPortlet.getName();
      }
  
      /**
      */
      public final void setName( String name )
      {
          //if we want to secure this, we need a context for the check
          wrappedPortlet.setName( name );
      }
  
      /**
      */
      public final PortletConfig getPortletConfig()
      {
          return wrappedPortlet.getPortletConfig();
      }
  
      /**
      */
      public final void setPortletConfig( PortletConfig pc )
      {
          //if we want to secure this, we need a context for the check
          wrappedPortlet.setPortletConfig( pc );
      }
  
  
      
      /**
      */
      public ConcreteElement getContent( RunData rundata )
      {
  
          if (JetspeedSecurity.checkPermission(rundata, 
                                               JetspeedSecurity.PERMISSION_VIEW,
                                               this))
          {
              return wrappedPortlet.getContent( rundata );
          }
          else 
          {
              return new ClearElement("Sorry, you have no permission to see this portlet");
          }
      }
  
  
      /**
      Provide a description within PML if the user has specified one.
  
      @return a null entry if the user hasn't defined anything
      */
      public String getDescription()
      {
          return wrappedPortlet.getDescription();
      }
  
      /**
      */
      public void setDescription( String description )
      {
          wrappedPortlet.setDescription( description );
      }
  
      /**
      Provide a title within PML if the user has specified one.
  
      @return a null entry if the user hasn't defined anything
      */
      public String getTitle()
      {
          /* FIXME, no rundata here if( !JetspeedSecurity.checkPermission(rundata, 
                                                JetspeedSecurity.PERMISSION_VIEW,
                                                wrappedPortlet) )
                                                { */
          return wrappedPortlet.getTitle();
          /* } */
  
      }
  
      /**
      Set the title for this Portlet
      */
      public void setTitle( String title )
      {
          /* FIXME, no rundata here if( !JetspeedSecurity.checkPermission(rundata, 
                                                JetspeedSecurity.PERMISSION_CUSTOMIZE,
                                                wrappedPortlet) )
                                                { */
          wrappedPortlet.setTitle( title );
          /* } */
      }
  
  
      /**
      */
      public boolean getAllowEdit( RunData rundata )
      {
          return (JetspeedSecurity.checkPermission(rundata, 
                                                   JetspeedSecurity.PERMISSION_INFO,
                                                   wrappedPortlet));
      }
  
      /**
      */
      public boolean getAllowMaximize( RunData rundata )
      {
          return (JetspeedSecurity.checkPermission(rundata, 
                                                   JetspeedSecurity.PERMISSION_MAXIMIZE,
                                                   wrappedPortlet));
      }
  
      /**
      By default don't provide any initialization
      */
      public void init( ) throws PortletException 
      {
          /* FIXME, no rundata here if( !JetspeedSecurity.checkPermission(rundata, 
                                                JetspeedSecurity.PERMISSION_CUSTOMIZE,
                                                wrappedPortlet) )
                                                { */
          wrappedPortlet.init();
          /* } */
      }
  
      /**
      @see Portlet#getCreationTime
      */
      public long getCreationTime() {
          /* FIXME, no rundata here if( !JetspeedSecurity.checkPermission(rundata, 
                                                JetspeedSecurity.PERMISSION_VIEW,
                                                wrappedPortlet) )
                                                { */
          return wrappedPortlet.getCreationTime();
          /* } */
      }
      
      /**
      @see Portlet#setCreationTime
      */
      public void setCreationTime( long creationTime )
      {
          /* FIXME, no rundata here if( !JetspeedSecurity.checkPermission(rundata, 
                                                JetspeedSecurity.PERMISSION_CUSTOMIZE,
                                                wrappedPortlet) )
                                                { */
          wrappedPortlet.setCreationTime( creationTime );
      }
      
      /**
      @see Portlet#supportsType
      */
      public boolean supportsType( MimeType mimeType )
      {
          /* FIXME, no rundata here if( !JetspeedSecurity.checkPermission(rundata, 
                                                JetspeedSecurity.PERMISSION_VIEW,
                                                wrappedPortlet) )
                                                { */
              return wrappedPortlet.supportsType( mimeType );
              /* } */
      }
  
      public boolean checkPermission( RunData rundata,
                                      String permissionName )
      {
          return JetspeedSecurity.checkPermission( rundata,
                                                   permissionName,
                                                   wrappedPortlet );
      }
                                      
      
  
      // utility methods
  
      /**
      Returns TRUE if the title bar in should be displayed. The title bar includes
      the portlet title and action buttons. 
       
      NOTE(FIXME) Not in Portlet interface. Called a la Bean from Velocity.
      @param rundata A RunData object
      */
      public boolean isShowTitleBar(RunData rundata)
      {
          if (wrappedPortlet.getPortletConfig()!=null) 
          {
              // Parameter can exist in PSML or <portlet-entry>
              return Boolean.valueOf(wrappedPortlet.getPortletConfig().getInitParameter("_showtitlebar","true")).booleanValue();
          }
          return getAttribute("_showtitlebar", "true", rundata ).equals("true");
      }
  
      
      /**
      Retrieve a portlet attribute from persistent storage
  
      @param attrName The attribute to retrieve
      @parm attrDefValue The value if the attr doesn't exists
      @param rundata A RunData object
      @return The attribute value
      */
      public String getAttribute( String attrName, String attrDefValue, RunData rundata )
      {
          if( JetspeedSecurity.checkPermission(rundata, 
                                                JetspeedSecurity.PERMISSION_VIEW,
                                                wrappedPortlet) )
          {
              return wrappedPortlet.getAttribute( attrName, attrDefValue, rundata );
          }
          else
          {
              //FIXME: for the moment we will allow this call to succeed...
              //throw new TurbineRuntimeException( "Security check failed" );
              return wrappedPortlet.getAttribute( attrName, attrDefValue, rundata );
          }
  
      }
  
      /**
       * <p>Return an instance of one of the classes in this package
       * making tests before calling the wrapped portlet</p>
       * <p>Different wrapper classes must be used with the current API
       * depending on the interfaces implemented by the portlet. :-(</p>
       *
       */
      public static Portlet wrap( Portlet aPortlet) {
          //SGP Security test
          if( aPortlet instanceof PortletState )
          {
              if( aPortlet instanceof Cacheable )
              {
                  return new CacheableStatefulPortletWrapper( aPortlet );
              }
              return new StatefulPortletWrapper( aPortlet );
          }
          if( aPortlet instanceof Cacheable )
          {
              return new CacheablePortletWrapper( aPortlet );
          }
          return new PortletWrapper( aPortlet );
          
      }
      
  }
  
  
  
  1.1                  jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets/StatefulPortletWrapper.java
  
  Index: StatefulPortletWrapper.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.jetspeed.portal.security.portlets;
  
  //jetspeed
  import org.apache.jetspeed.portal.Portlet;
  import org.apache.jetspeed.portal.PortletState;
  
  import org.apache.jetspeed.services.JetspeedSecurity;
  
  import org.apache.turbine.util.RunData;
  //import org.apache.turbine.util.TurbineRuntimeException;
  
  
  
  /**
  <p>
  This object is used to wrap a Portlet, ensuring that access control rules are enforced.
  </p>
  
  @author <A HREF="mailto:sgala@apache.org">Santiago Gala</A>
  @version $Id: StatefulPortletWrapper.java,v 1.1 2002/01/21 18:15:11 sgala Exp $
  */
  public class StatefulPortletWrapper extends PortletWrapper implements PortletState
  {
  
      /*
       * The portletstate of our portlet
       */
      private PortletState wrappedState = null;
  
      public StatefulPortletWrapper( Portlet inner )
      {
          super( inner );
          if( inner instanceof PortletState )
          {
              wrappedState = (PortletState) inner;
          }
          else
          {
              //Report error or throw exception
          }
      }
  
      // PortletState Interface implementation
      
      /**
       * Implements the default close behavior: any authenticated user may
       * remove a portlet from his page
       *
       * @param rundata the RunData object for the current request
       */
      public final boolean allowClose( RunData rundata )
      {
          return checkPermission(rundata, 
                                 JetspeedSecurity.PERMISSION_CLOSE );
      }
  
      /**
       * Returns true if this portlet is currently closed
       */
      public final boolean isClosed(RunData rundata)
      {
          if( checkPermission(rundata, 
                              JetspeedSecurity.PERMISSION_VIEW ) )
          {
              return wrappedState.isClosed( rundata );
          }
          else
          {
              //FIXME: for the moment we will allow this call to succeed...
              //throw new TurbineRuntimeException( "Security check failed" );
              return wrappedState.isClosed( rundata );
          }
      }
  
      /**
       * Toggles the portlet state between closed and normal
       *
       * @param minimized the new portlet state
       * @param data the RunData for this request
       */
      public final void setClosed(boolean close, RunData rundata)
      {
          if( allowClose( rundata ) )
          {
              wrappedState.setClosed( close, rundata );
          }
      }
  
      /**
       * Implements the default info behavior: any authenticated user may
       * get information on a portlet
       *
       * @param rundata the RunData object for the current request
       */
      public final boolean allowInfo( RunData rundata )
      {
          return checkPermission(rundata, 
                                 JetspeedSecurity.PERMISSION_INFO );
      }
  
      /**
       * Implements the default customize behavior: any authenticated user may
       * customize a portlet
       *
       * @param rundata the RunData object for the current request
       */
      public final boolean allowCustomize( RunData rundata )
      {
          return checkPermission(rundata, 
                                 JetspeedSecurity.PERMISSION_CUSTOMIZE );
      }
  
      /**
       * Implements the default maximize behavior: any authenticated user may
       * maximize a portlet
       *
       * @param rundata the RunData object for the current request
       */
      public boolean allowMaximize( RunData rundata )
      {
          return checkPermission(rundata, 
                                 JetspeedSecurity.PERMISSION_MAXIMIZE );
      }
  
      /**
       * Implements the default info behavior: any authenticated user may
       * minimize a portlet
       *
       * @param rundata the RunData object for the current request
       */
      public boolean allowMinimize( RunData rundata )
      {
          return checkPermission(rundata, 
                                 JetspeedSecurity.PERMISSION_MINIMIZE );
      }
  
      /**
       * Returns true if this portlet is currently minimized
       */
      public boolean isMinimized(RunData rundata)
      {
          if( checkPermission(rundata, 
                              JetspeedSecurity.PERMISSION_VIEW ) )
          {
              return wrappedState.isMinimized( rundata );
          }
          else
          {
              //FIXME: for the moment we will allow this call to succeed...
              //throw new TurbineRuntimeException( "Security check failed" );
              return wrappedState.isMinimized( rundata );
          }
      }
  
      /**
      Change the portlet visibility state ( minimized <-> normal )
  
      @param minimize True if the portlet change to minimized
      @param rundata A RunData object
      */
      public void setMinimized( boolean minimize, RunData rundata )
      {
          if( allowMinimize( rundata ) )
          {
              wrappedState.setMinimized(minimize, rundata );
          }
      }
      
  }
  
  
  
  1.1                  jakarta-jetspeed/src/java/org/apache/jetspeed/portal/security/portlets/package.html
  
  Index: package.html
  ===================================================================
  <body>
  <p>
  This package is for portal implementation wrappers that do security
  checked access to public methods in portlet classes.</p>
  <p>
  Due to the current implementation of additional interfaces for portlets, we
  must have different wrappers depending on:</p>
  <ul>
  <li><em>plain</em> Portlet</li>
  <li>Portlet implements PortletState interface</li>
  <li>Portlet implements Cacheable interface</li>
  <li>Portlet implements both interfaces</li>
  </ul>
  <p>The "consumer" of these classes (currently the PortletFactoryService) MUST
  ensure that the proper wrapper is used. A way to achive this while centralizing
  this (dirty) code is to use
  <code>return PortletWrapper.wrap( portlet )</code> when returning a portlet.
  </p>
  </body>
  
  
  

--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message