portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rwat...@apache.org
Subject svn commit: r371805 - in /portals/jetspeed-2/trunk/components/page-manager/src: java/org/apache/jetspeed/om/page/impl/PageImpl.java java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java test/org/apache/jetspeed/page/PageManagerTestShared.java
Date Tue, 24 Jan 2006 04:28:21 GMT
Author: rwatler
Date: Mon Jan 23 20:28:19 2006
New Revision: 371805

URL: http://svn.apache.org/viewcvs?rev=371805&view=rev
Log:
make security test cases more robust; correct two more minor security bugs related to fragments

Modified:
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java?rev=371805&r1=371804&r2=371805&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
(original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
Mon Jan 23 20:28:19 2006
@@ -178,7 +178,13 @@
         // be made for root fragment
         if ((fragment != null) && !fragment.isEmpty())
         {
-            return (Fragment)fragment.iterator().next();
+            FragmentImpl rootFragment = (FragmentImpl)fragment.iterator().next();
+            if (rootFragment.getPage() == null)
+            {
+                // set page implementation in root and children fragments
+                rootFragment.setPage(this);
+            }
+            return rootFragment;
         }
         return null;
     }

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java?rev=371805&r1=371804&r2=371805&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java
(original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/SecurityConstraintsImpl.java
Mon Jan 23 20:28:19 2006
@@ -131,14 +131,14 @@
             while (actionsIter.hasNext())
             {
                 // check each action:
-                // - if any actions explicity permitted, assume no permissions
-                //   are permitted by default
+                // - if any actions explicity permitted, (including owner),
+                //   assume no permissions are permitted by default
                 // - if all constraints do not specify a permission, assume
                 //   access is permitted by default
                 String action = (String)actionsIter.next();
                 boolean actionPermitted = false;
                 boolean actionNotPermitted = false;
-                boolean anyActionsPermitted = false;
+                boolean anyActionsPermitted = (getOwner() != null);
                 
                 // check against constraints
                 Iterator checkConstraintsIter = checkConstraints.iterator();
@@ -176,6 +176,16 @@
                 {
                     throw new SecurityException("SecurityConstraintsImpl.checkConstraints():
Access for " + action + " not permitted.");
                 }
+            }
+        }
+        else
+        {
+            // fail for any action if owner specified
+            // since no other constraints were found
+            if ((getOwner() != null) && !actions.isEmpty())
+            {
+                String action = (String)actions.get(0);
+                throw new SecurityException("SecurityConstraintsImpl.checkConstraints():
Access for " + action + " not permitted, (not owner).");
             }
         }
     }

Modified: portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java?rev=371805&r1=371804&r2=371805&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java
(original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/PageManagerTestShared.java
Mon Jan 23 20:28:19 2006
@@ -330,6 +330,9 @@
                 throw setup;
             }
 
+            // reset page manager cache
+            pageManager.reset();
+
             // access test as admin user
             Exception adminAccess = (Exception)Subject.doAsPrivileged(adminSubject, new PrivilegedAction()
                 {
@@ -573,6 +576,9 @@
             {
                 throw guestAccess;
             }
+
+            // reset page manager cache
+            pageManager.reset();
 
             // cleanup test as admin user
             Exception cleanup = (Exception)Subject.doAsPrivileged(adminSubject, new PrivilegedAction()



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message