portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From morci...@apache.org
Subject cvs commit: jakarta-jetspeed/webapp/WEB-INF/conf JetspeedSecurity.properties JetspeedSecurity.template
Date Wed, 31 Mar 2004 04:49:11 GMT
morciuch    2004/03/30 20:49:11

  Modified:    src/java/org/apache/jetspeed/modules/actions/portlets
                        GenericMVCAction.java IndexPortletRegistry.java
                        PsmlUpdateAction.java RegistryUpdateAction.java
               src/java/org/apache/jetspeed/modules/actions/portlets/security
                        GroupUpdateAction.java PermissionUpdateAction.java
                        RolePermissionUpdateAction.java
                        RoleUpdateAction.java
                        UserGroupRoleUpdateAction.java
                        UserGroupUpdateAction.java
                        UserRoleUpdateAction.java UserUpdateAction.java
               src/java/org/apache/jetspeed/services JetspeedSecurity.java
               src/java/org/apache/jetspeed/services/security
                        JetspeedDBSecurityService.java
                        JetspeedSecurityService.java
               webapp/WEB-INF/conf JetspeedSecurity.properties
                        JetspeedSecurity.template
  Log:
  Secured all security and registry portlet actions. A secured action may only be executed
by user having one of the roles defined in services.JetspeedSecurity.admin.roles property.
See JIRA issue JS1-421 for more information.
  
  Revision  Changes    Path
  1.7       +26 -3     jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/GenericMVCAction.java
  
  Index: GenericMVCAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/GenericMVCAction.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- GenericMVCAction.java	23 Feb 2004 02:56:58 -0000	1.6
  +++ GenericMVCAction.java	31 Mar 2004 04:49:10 -0000	1.7
  @@ -24,15 +24,14 @@
   import org.apache.jetspeed.portal.PortletInstance;
   import org.apache.jetspeed.portal.portlets.GenericMVCContext;
   import org.apache.jetspeed.portal.portlets.GenericMVCPortlet;
  +import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
   import org.apache.jetspeed.services.logging.JetspeedLogger;
   import org.apache.jetspeed.services.persistence.PersistenceManager;
   import org.apache.jetspeed.services.persistence.PortalPersistenceException;
   import org.apache.jetspeed.services.rundata.JetspeedRunData;
   import org.apache.jetspeed.util.PortletSessionState;
  -
   import org.apache.turbine.util.RunData;
  -
   import org.apache.velocity.context.Context;
   
   
  @@ -52,7 +51,7 @@
       /**
        * Static initialization of the logger for this class
        */    
  -    private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(GenericMVCAction.class.getName());
     
  +    protected static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(GenericMVCAction.class.getName());
     
         
       /** Creates a new instance of GenericMVCAction */
       public GenericMVCAction()
  @@ -254,5 +253,29 @@
           PortletInstance instance = getPortletInstance(context);
           instance.setAttribute(attrName, value);
           PersistenceManager.store(instance);
  +    }
  +    
  +    /**
  +     * Throws an exception if user attempts to perform unathorized action.
  +     * 
  +     * @param data
  +     * @throws SecurityException
  +     */
  +    public void checkAdministrativeAction(RunData data) throws SecurityException
  +    {
  +		if (!JetspeedSecurity.hasAdminRole(data.getUser()))
  +		{
  +			if (logger.isWarnEnabled())
  +			{
  +				logger.warn(
  +					"User ["
  +						+ data.getUser().getUserName()
  +						+ "] attempted to perform administrative action");
  +			}
  +			throw new SecurityException(
  +				"User ["
  +					+ data.getUser().getUserName()
  +					+ "] must be an administrator to perform this action");
  +		}    	
       }
     }
  
  
  
  1.6       +2 -2      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/IndexPortletRegistry.java
  
  Index: IndexPortletRegistry.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/IndexPortletRegistry.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- IndexPortletRegistry.java	23 Feb 2004 02:56:58 -0000	1.5
  +++ IndexPortletRegistry.java	31 Mar 2004 04:49:10 -0000	1.6
  @@ -39,7 +39,7 @@
    * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
    * @version $Id$
    */
  -public class IndexPortletRegistry extends GenericMVCAction
  +public class IndexPortletRegistry extends SecureGenericMVCAction
   {
   
       /**
  
  
  
  1.18      +2 -2      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/PsmlUpdateAction.java
  
  Index: PsmlUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/PsmlUpdateAction.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- PsmlUpdateAction.java	23 Feb 2004 02:56:58 -0000	1.17
  +++ PsmlUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.18
  @@ -81,7 +81,7 @@
    * @author <a href="mailto:david@apache.org">David Sean Taylor</a>
    * @version $Id$
    */
  -public class PsmlUpdateAction extends VelocityPortletAction
  +public class PsmlUpdateAction extends SecureVelocityPortletAction
   {
   
       protected static final String PSML_REFRESH_FLAG = "psmlRefreshFlag";
  
  
  
  1.10      +2 -2      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/RegistryUpdateAction.java
  
  Index: RegistryUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/RegistryUpdateAction.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- RegistryUpdateAction.java	23 Feb 2004 02:56:58 -0000	1.9
  +++ RegistryUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.10
  @@ -54,7 +54,7 @@
    * @author <a href="mailto:caius1440@hotmail.com">Jeremy Ford</a>
    * @version $Id$
    */
  -public abstract class RegistryUpdateAction extends VelocityPortletAction
  +public abstract class RegistryUpdateAction extends SecureVelocityPortletAction
   {
       protected String registryEntryName = "";
       protected String registry = "";
  
  
  
  1.10      +10 -18    jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/GroupUpdateAction.java
  
  Index: GroupUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/GroupUpdateAction.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- GroupUpdateAction.java	23 Feb 2004 02:53:08 -0000	1.9
  +++ GroupUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.10
  @@ -17,27 +17,19 @@
   package org.apache.jetspeed.modules.actions.portlets.security;
   
   // velocity
  -import org.apache.velocity.context.Context;
  -
  -// turbine util
  -import org.apache.turbine.util.RunData;
  -import org.apache.turbine.util.StringUtils;
  -import org.apache.turbine.util.DynamicURI;
  -
  -// jetspeed security
  -import org.apache.jetspeed.services.JetspeedSecurity;
  -import org.apache.jetspeed.services.security.GroupException;
  +import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
   import org.apache.jetspeed.om.security.Group;
   import org.apache.jetspeed.om.security.JetspeedGroupFactory;
  -
  -// jetspeed services
  +import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  +import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
   import org.apache.jetspeed.services.logging.JetspeedLogger;
   import org.apache.jetspeed.services.resources.JetspeedResources;
  -
  -// jetspeed velocity
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  +import org.apache.jetspeed.services.security.GroupException;
  +import org.apache.turbine.util.DynamicURI;
  +import org.apache.turbine.util.RunData;
  +import org.apache.turbine.util.StringUtils;
  +import org.apache.velocity.context.Context;
   
   
   /**
  @@ -47,7 +39,7 @@
    * @version $Id$
    */
   
  -public class GroupUpdateAction extends VelocityPortletAction
  +public class GroupUpdateAction extends SecureVelocityPortletAction
   {
       private static final String TEMP_GROUP = "tempGroup";
       
  
  
  
  1.9       +10 -17    jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/PermissionUpdateAction.java
  
  Index: PermissionUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/PermissionUpdateAction.java,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- PermissionUpdateAction.java	23 Feb 2004 02:53:08 -0000	1.8
  +++ PermissionUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.9
  @@ -17,26 +17,19 @@
   package org.apache.jetspeed.modules.actions.portlets.security;
   
   // velocity
  -import org.apache.velocity.context.Context;
  -
  -// turbine util
  -import org.apache.turbine.util.RunData;
  -import org.apache.turbine.util.StringUtils;
  -import org.apache.turbine.util.DynamicURI;
  -
  -// jetspeed om
  -import org.apache.jetspeed.om.security.Permission;
  +import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
   import org.apache.jetspeed.om.security.JetspeedPermissionFactory;
  -// jetspeed services
  +import org.apache.jetspeed.om.security.Permission;
  +import org.apache.jetspeed.portal.portlets.VelocityPortlet;
   import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
   import org.apache.jetspeed.services.logging.JetspeedLogger;
  -import org.apache.jetspeed.services.security.JetspeedSecurityException;
   import org.apache.jetspeed.services.resources.JetspeedResources;
  -
  -// jetspeed velocity
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  +import org.apache.jetspeed.services.security.JetspeedSecurityException;
  +import org.apache.turbine.util.DynamicURI;
  +import org.apache.turbine.util.RunData;
  +import org.apache.turbine.util.StringUtils;
  +import org.apache.velocity.context.Context;
   
   
   /**
  @@ -45,7 +38,7 @@
    * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
    * @version $Id$
    */
  -public class PermissionUpdateAction extends VelocityPortletAction
  +public class PermissionUpdateAction extends SecureVelocityPortletAction
   {
       private static final String TEMP_PERMISSION = "tempPermission";
   
  
  
  
  1.9       +11 -19    jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RolePermissionUpdateAction.java
  
  Index: RolePermissionUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RolePermissionUpdateAction.java,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- RolePermissionUpdateAction.java	23 Feb 2004 02:53:08 -0000	1.8
  +++ RolePermissionUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.9
  @@ -17,31 +17,23 @@
   package org.apache.jetspeed.modules.actions.portlets.security;
   
   // java util
  -import java.util.Vector;
  -import java.util.List;
   import java.util.Iterator;
  +import java.util.List;
  +import java.util.Vector;
   
  -// velocity
  -import org.apache.velocity.context.Context;
  -
  -// turbine util
  -import org.apache.turbine.util.RunData;
  -import org.apache.turbine.util.StringUtils;
  -import org.apache.turbine.util.DynamicURI;
  -
  -// jetspeed om
  -import org.apache.jetspeed.om.security.Role;
  +import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
   import org.apache.jetspeed.om.security.Permission;
  -
  -// jetspeed services
  +import org.apache.jetspeed.om.security.Role;
  +import org.apache.jetspeed.portal.portlets.VelocityPortlet;
   import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
   import org.apache.jetspeed.services.logging.JetspeedLogger;
   import org.apache.jetspeed.services.resources.JetspeedResources;
   import org.apache.jetspeed.services.security.JetspeedSecurityException;
  -// jetspeed velocity
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  +import org.apache.turbine.util.DynamicURI;
  +import org.apache.turbine.util.RunData;
  +import org.apache.turbine.util.StringUtils;
  +import org.apache.velocity.context.Context;
   
   /**
    * This action sets up the template context for editing security permissions in the Turbine
database
  @@ -50,7 +42,7 @@
    * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
    * @version $Id$
    */
  -public class RolePermissionUpdateAction extends VelocityPortletAction
  +public class RolePermissionUpdateAction extends SecureVelocityPortletAction
   {
       private static final String TEMP_ROLE = "tempRole";
   
  
  
  
  1.14      +9 -17     jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java
  
  Index: RoleUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- RoleUpdateAction.java	23 Feb 2004 02:53:08 -0000	1.13
  +++ RoleUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.14
  @@ -17,27 +17,19 @@
   package org.apache.jetspeed.modules.actions.portlets.security;
   
   // velocity
  -import org.apache.velocity.context.Context;
  -
  -// turbine util
  -import org.apache.turbine.util.RunData;
  -import org.apache.turbine.util.StringUtils;
  -import org.apache.turbine.util.DynamicURI;
  -
  -// jetspeed om
  +import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
   import org.apache.jetspeed.om.security.JetspeedRoleFactory;
   import org.apache.jetspeed.om.security.Role;
  -
  -// jetspeed services
  +import org.apache.jetspeed.portal.portlets.VelocityPortlet;
   import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
   import org.apache.jetspeed.services.logging.JetspeedLogger;
  -import org.apache.jetspeed.services.security.RoleException;
   import org.apache.jetspeed.services.resources.JetspeedResources;
  -
  -// jetspeed velocity
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  +import org.apache.jetspeed.services.security.RoleException;
  +import org.apache.turbine.util.DynamicURI;
  +import org.apache.turbine.util.RunData;
  +import org.apache.turbine.util.StringUtils;
  +import org.apache.velocity.context.Context;
   
   
   /**
  @@ -46,7 +38,7 @@
    * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
    * @version $Id$
    */
  -public class RoleUpdateAction extends VelocityPortletAction
  +public class RoleUpdateAction extends SecureVelocityPortletAction
   {
       private static final String TEMP_ROLE = "tempRole";
   
  
  
  
  1.3       +3 -3      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserGroupRoleUpdateAction.java
  
  Index: UserGroupRoleUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserGroupRoleUpdateAction.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- UserGroupRoleUpdateAction.java	23 Feb 2004 02:53:08 -0000	1.2
  +++ UserGroupRoleUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.3
  @@ -20,7 +20,7 @@
   import java.util.Iterator;
   import java.util.Vector;
   
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  +import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
   import org.apache.jetspeed.om.profile.Portlets;
   import org.apache.jetspeed.om.profile.Profile;
   import org.apache.jetspeed.om.profile.ProfileLocator;
  @@ -49,7 +49,7 @@
    * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
    * @version $Id$
    */
  -public class UserGroupRoleUpdateAction extends VelocityPortletAction
  +public class UserGroupRoleUpdateAction extends SecureVelocityPortletAction
   {
   
       /**
  
  
  
  1.5       +4 -5      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserGroupUpdateAction.java
  
  Index: UserGroupUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserGroupUpdateAction.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- UserGroupUpdateAction.java	23 Feb 2004 02:53:08 -0000	1.4
  +++ UserGroupUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.5
  @@ -21,14 +21,13 @@
   import java.util.Iterator;
   import java.util.List;
   
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.modules.actions.portlets.security.SecurityConstants;
  +import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
   import org.apache.jetspeed.om.security.Group;
   import org.apache.jetspeed.om.security.JetspeedUser;
   import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  +import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
   import org.apache.jetspeed.services.logging.JetspeedLogger;
  -import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.resources.JetspeedResources;
   import org.apache.turbine.util.DynamicURI;
   import org.apache.turbine.util.RunData;
  @@ -43,7 +42,7 @@
    * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
    * @version $Id$
    */
  -public class UserGroupUpdateAction extends VelocityPortletAction
  +public class UserGroupUpdateAction extends SecureVelocityPortletAction
   {
       /**
        * Static initialization of the logger for this class
  
  
  
  1.12      +17 -26    jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserRoleUpdateAction.java
  
  Index: UserRoleUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserRoleUpdateAction.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- UserRoleUpdateAction.java	23 Feb 2004 02:53:08 -0000	1.11
  +++ UserRoleUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.12
  @@ -17,38 +17,29 @@
   package org.apache.jetspeed.modules.actions.portlets.security;
   
   // java util
  -import java.util.Vector;
  -import java.util.List;
   import java.util.Iterator;
  +import java.util.List;
  +import java.util.Vector;
   
  -// velocity
  -import org.apache.velocity.context.Context;
  -
  -// turbine util
  -import org.apache.turbine.util.RunData;
  -import org.apache.turbine.util.StringUtils;
  -import org.apache.turbine.util.DynamicURI;
  -
  -// turbine om
  -import org.apache.jetspeed.om.security.Role;
  +import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
  +import org.apache.jetspeed.om.profile.Portlets;
  +import org.apache.jetspeed.om.profile.Profile;
  +import org.apache.jetspeed.om.profile.ProfileLocator;
   import org.apache.jetspeed.om.security.JetspeedUser;
  -
  -// jetspeed services
  +import org.apache.jetspeed.om.security.Role;
  +import org.apache.jetspeed.portal.portlets.VelocityPortlet;
   import org.apache.jetspeed.services.JetspeedSecurity;
  -import org.apache.jetspeed.services.resources.JetspeedResources;
   import org.apache.jetspeed.services.Profiler;
  -import org.apache.jetspeed.om.profile.ProfileLocator;
  -import org.apache.jetspeed.om.profile.Profile;
  -import org.apache.jetspeed.om.profile.Portlets;
  +import org.apache.jetspeed.services.PsmlManager;
   import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
   import org.apache.jetspeed.services.logging.JetspeedLogger;
  -import org.apache.jetspeed.services.PsmlManager;
  -import org.apache.jetspeed.util.PortletUtils;
  +import org.apache.jetspeed.services.resources.JetspeedResources;
   import org.apache.jetspeed.services.rundata.JetspeedRunData;
  -
  -// jetspeed velocity
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  +import org.apache.jetspeed.util.PortletUtils;
  +import org.apache.turbine.util.DynamicURI;
  +import org.apache.turbine.util.RunData;
  +import org.apache.turbine.util.StringUtils;
  +import org.apache.velocity.context.Context;
   
   
   /**
  @@ -58,7 +49,7 @@
    * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
    * @version $Id$
    */
  -public class UserRoleUpdateAction extends VelocityPortletAction
  +public class UserRoleUpdateAction extends SecureVelocityPortletAction
   {
       
       /**
  
  
  
  1.17      +14 -32    jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java
  
  Index: UserUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- UserUpdateAction.java	23 Feb 2004 02:53:08 -0000	1.16
  +++ UserUpdateAction.java	31 Mar 2004 04:49:10 -0000	1.17
  @@ -17,45 +17,27 @@
   package org.apache.jetspeed.modules.actions.portlets.security;
   
   // java util
  +import java.io.StringWriter;
   import java.util.Date;
  -import java.util.Properties;
   import java.util.Locale;
  +import java.util.Properties;
   
  -// java io
  -import java.io.StringWriter;
  -
  -// velocity context
  -import org.apache.velocity.context.Context;
  -
  -// turbine util
  -import org.apache.turbine.util.RunData;
  -import org.apache.turbine.util.StringUtils;
  -import org.apache.turbine.util.DynamicURI;
  -
  -// turbine velocity
  -import org.apache.turbine.services.velocity.TurbineVelocity;
  -
  -// turbine om security
  +import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
   import org.apache.jetspeed.om.security.JetspeedUser;
  -import org.apache.jetspeed.services.security.NotUniqueUserException;
  -
  -//turbine email
  -import org.apache.turbine.util.mail.SimpleEmail;
  -
  -import org.apache.turbine.services.resources.TurbineResources;
  -
  -// jetspeed velocity
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
   import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  -
  -// jetspeed services
  +import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.TemplateLocator;
   import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
   import org.apache.jetspeed.services.logging.JetspeedLogger;
   import org.apache.jetspeed.services.resources.JetspeedResources;
  -
  -// jetspeed security
  -import org.apache.jetspeed.services.JetspeedSecurity;
  +import org.apache.jetspeed.services.security.NotUniqueUserException;
  +import org.apache.turbine.services.resources.TurbineResources;
  +import org.apache.turbine.services.velocity.TurbineVelocity;
  +import org.apache.turbine.util.DynamicURI;
  +import org.apache.turbine.util.RunData;
  +import org.apache.turbine.util.StringUtils;
  +import org.apache.turbine.util.mail.SimpleEmail;
  +import org.apache.velocity.context.Context;
   
   /**
    * This action sets up the template context for editing users in the Turbine database.
  @@ -65,7 +47,7 @@
    * @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
    * @version $Id$
    */
  -public class UserUpdateAction extends VelocityPortletAction
  +public class UserUpdateAction extends SecureVelocityPortletAction
   {
       private static final String TEMP_USER = "tempUser";
       
  
  
  
  1.21      +18 -1     jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java
  
  Index: JetspeedSecurity.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- JetspeedSecurity.java	23 Feb 2004 04:00:57 -0000	1.20
  +++ JetspeedSecurity.java	31 Mar 2004 04:49:10 -0000	1.21
  @@ -18,6 +18,7 @@
   
   import java.security.Principal;
   import java.util.Iterator;
  +import java.util.List;
   
   import org.apache.jetspeed.om.SecurityReference;
   import org.apache.jetspeed.om.profile.Entry;
  @@ -37,6 +38,7 @@
   import org.apache.jetspeed.services.security.JetspeedSecurityService;
   import org.apache.jetspeed.services.security.LoginException;
   import org.apache.jetspeed.services.security.PortalResource;
  +import org.apache.turbine.om.security.User;
   import org.apache.turbine.services.TurbineServices;
   
   
  @@ -590,6 +592,21 @@
           return ((JetspeedSecurityService)getService()).getAnonymousUserName();
       }
   
  +	/*
  +	 * @see JetspeedSecurityService#getAdminRoles
  +	 */
  +	public static List getAdminRoles()
  +	{
  +		return ((JetspeedSecurityService)getService()).getAdminRoles();
  +	}
  +
  +	/*
  +	 * @see JetspeedSecurityService#hasAdminRole
  +	 */
  +	public static boolean hasAdminRole(User user)
  +	{
  +		return ((JetspeedSecurityService)getService()).hasAdminRole(user);
  +	}
   
       //////////////////////////////////////////////////////////////////////////
       //
  
  
  
  1.25      +64 -9     jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java
  
  Index: JetspeedDBSecurityService.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- JetspeedDBSecurityService.java	23 Feb 2004 03:58:11 -0000	1.24
  +++ JetspeedDBSecurityService.java	31 Mar 2004 04:49:10 -0000	1.25
  @@ -16,25 +16,27 @@
   
   package org.apache.jetspeed.services.security;
   
  +import java.util.ArrayList;
   import java.util.HashMap;
  +import java.util.Iterator;
  +import java.util.List;
  +
   import javax.servlet.ServletConfig;
   
  -// Jetspeed
   import org.apache.jetspeed.om.security.JetspeedUser;
   import org.apache.jetspeed.om.security.JetspeedUserFactory;
   import org.apache.jetspeed.om.security.UserNamePrincipal;
   import org.apache.jetspeed.portal.Portlet;
  -import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
  -import org.apache.jetspeed.services.logging.JetspeedLogger;
  +import org.apache.jetspeed.services.JetspeedPortalAccessController;
   import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.JetspeedUserManagement;
  -import org.apache.jetspeed.services.JetspeedPortalAccessController;
  +import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
  +import org.apache.jetspeed.services.logging.JetspeedLogger;
   import org.apache.jetspeed.services.rundata.JetspeedRunData;
  -
  -// Turbine
  -import org.apache.turbine.services.TurbineServices;
  -import org.apache.turbine.services.TurbineBaseService;
  +import org.apache.turbine.om.security.User;
   import org.apache.turbine.services.InitializationException;
  +import org.apache.turbine.services.TurbineBaseService;
  +import org.apache.turbine.services.TurbineServices;
   import org.apache.turbine.services.resources.ResourceService;
   
   /**
  @@ -63,6 +65,7 @@
       private final static String CONFIG_LOGON_AUTO_DISABLE = "logon.auto.disable";
       private final static String CONFIG_ACTIONS_ANON_DISABLE = "actions.anon.disable";
       private final static String CONFIG_ACTIONS_ALLUSERS_DISABLE = "actions.allusers.disable";
  +	private final static String CONFIG_ACTIONS_ADMIN_ROLES = "admin.roles";
   
       private final static String CONFIG_NEWUSER_ROLES     = "newuser.roles";
       private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN     = "permission.default.loggedin";
  @@ -71,6 +74,8 @@
       private final static String [] DEFAULT_PERMISSIONS = {""};
       private final static String [] DEFAULT_CONFIG_NEWUSER_ROLES = 
       { "user" };
  +	private final static String [] DEFAULT_ADMIN_ROLES = 
  +	{ "admin" };
   
       String roles[] = null;
       boolean caseInsensitiveUsername = false;
  @@ -79,6 +84,7 @@
       boolean actionsAnonDisable = true;
       boolean actionsAllUsersDisable = false;
       String anonymousUser = "anon";
  +	String[] adminRoles = null;
   
       int strikeCount = 3;             // 3 within the interval
       int strikeMax = 20;              // 20 total failures 
  @@ -111,6 +117,7 @@
           try
           {
               roles = serviceConf.getStringArray(CONFIG_NEWUSER_ROLES);
  +			adminRoles = serviceConf.getStringArray(CONFIG_ACTIONS_ADMIN_ROLES);
           }
           catch (Exception e)
           {}
  @@ -120,6 +127,11 @@
               roles = DEFAULT_CONFIG_NEWUSER_ROLES;
           }
   
  +		if (null == adminRoles || adminRoles.length == 0)
  +		{
  +			adminRoles = DEFAULT_ADMIN_ROLES;
  +		}
  +
           caseInsensitiveUsername = serviceConf.getBoolean(CONFIG_CASEINSENSITIVE_USERNAME,
caseInsensitiveUsername);
           caseInsensitivePassword = serviceConf.getBoolean(CONFIG_CASEINSENSITIVE_PASSWORD,
caseInsensitivePassword);
           caseInsensitiveUpper = serviceConf.getBoolean(CONFIG_CASEINSENSITIVE_UPPER, caseInsensitiveUpper);
  @@ -448,6 +460,49 @@
           return anonymousUser;
       }
   
  +	/*
  +	 * Gets the list of administrative roles
  +	 *    
  +	 * @return list of admin roles
  +	 */
  +	 public List getAdminRoles()
  +	 {
  +	 	List result = new ArrayList();
  +	 	for (int i = 0; i < adminRoles.length; i++)
  +	 	{
  +	 		result.add(adminRoles[i]);
  +	 	}
  +	 	
  +		return result;
  +	 }
  +
  +	/**
  +	 * Returns true if user has administrative role
  +	 * 
  +	 * @param user
  +	 * @return true if user has administrative role
  +	 */
  +	public boolean hasAdminRole(User user)
  +	{
  +		String username = user.getUserName();
  +		try
  +		{
  +			List adminRoles = getAdminRoles();
  +			for (Iterator it = adminRoles.iterator(); it.hasNext();)
  +			{
  +				if (JetspeedSecurity.hasRole(username, (String)it.next()))
  +				{
  +					return true;
  +				}
  +			}
  +		}
  +		catch (Exception e)
  +		{	
  +			logger.error(e);		
  +		}
  +		
  +		return false;
  +	}
   
   }
   
  
  
  
  1.12      +18 -3     jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java
  
  Index: JetspeedSecurityService.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedSecurityService.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- JetspeedSecurityService.java	23 Feb 2004 03:58:11 -0000	1.11
  +++ JetspeedSecurityService.java	31 Mar 2004 04:49:10 -0000	1.12
  @@ -16,11 +16,13 @@
   
   package org.apache.jetspeed.services.security;
   
  -import org.apache.jetspeed.services.rundata.JetspeedRunData;
  -import org.apache.turbine.services.Service;
  +import java.util.List;
   
   import org.apache.jetspeed.om.security.JetspeedUser;
   import org.apache.jetspeed.portal.Portlet;
  +import org.apache.jetspeed.services.rundata.JetspeedRunData;
  +import org.apache.turbine.om.security.User;
  +import org.apache.turbine.services.Service;
   
   /**
    * The Security Service manages Users, Groups Roles and Permissions in the 
  @@ -252,6 +254,19 @@
        */
       public String getAnonymousUserName();
   
  +	/*
  +	 * Gets the list of administrative roles
  +	 *    
  +	 * @return list of admin roles
  +	 */
  +	 public List getAdminRoles();
  +
  +	/*
  +	 * Returns true if user has adminstrative role
  +	 *    
  +	 * @return
  +	 */
  +	 public boolean hasAdminRole(User user);
   
   }
   
  
  
  
  1.82      +9 -1      jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.properties
  
  Index: JetspeedSecurity.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.properties,v
  retrieving revision 1.81
  retrieving revision 1.82
  diff -u -r1.81 -r1.82
  --- JetspeedSecurity.properties	29 Mar 2004 21:38:43 -0000	1.81
  +++ JetspeedSecurity.properties	31 Mar 2004 04:49:10 -0000	1.82
  @@ -174,6 +174,14 @@
   #
   services.JetspeedSecurity.system.permissions =
   
  +#
  +# Comma separated list of administrative roles. Only users 
  +# with administratives roles can perform secured portlet actions
  +#
  +# Default: admin
  +#
  +services.JetspeedSecurity.admin.roles = admin
  +
   #########################################
   # Action buttons                        #
   #########################################
  
  
  
  1.14      +9 -1      jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.template
  
  Index: JetspeedSecurity.template
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/JetspeedSecurity.template,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- JetspeedSecurity.template	17 Mar 2004 19:10:26 -0000	1.13
  +++ JetspeedSecurity.template	31 Mar 2004 04:49:10 -0000	1.14
  @@ -174,6 +174,14 @@
   #
   services.JetspeedSecurity.system.permissions =
   
  +#
  +# Comma separated list of administrative roles. Only users 
  +# with administratives roles can perform secured portlet actions
  +#
  +# Default: admin
  +#
  +services.JetspeedSecurity.admin.roles = admin
  +
   #########################################
   # Action buttons                        #
   #########################################
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message