portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r537267 - in /portals/jetspeed-2/trunk: components/portal/src/java/org/apache/jetspeed/layout/impl/GetUserListAction.java src/webapp/WEB-INF/assembly/ajax-layout.xml xdocs/guides/guide-ajax-api.xml
Date Fri, 11 May 2007 19:03:17 GMT
Author: taylor
Date: Fri May 11 12:03:16 2007
New Revision: 537267

URL: http://svn.apache.org/viewvc?view=rev&rev=537267
Log:
https://issues.apache.org/jira/browse/JS2-685
documentation and additional security features
contribution from Mikko Wuokko

Modified:
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetUserListAction.java
    portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/ajax-layout.xml
    portals/jetspeed-2/trunk/xdocs/guides/guide-ajax-api.xml

Modified: portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetUserListAction.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetUserListAction.java?view=diff&rev=537267&r1=537266&r2=537267
==============================================================================
--- portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetUserListAction.java
(original)
+++ portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetUserListAction.java
Fri May 11 12:03:16 2007
@@ -69,6 +69,8 @@
     protected Log log = LogFactory.getLog(GetUserListAction.class);
     private PortalStatistics pstats = null;
     private PortalSessionsManager psm = null;
+    // By default the protection is set to all
+    private String protectionScope = "all";
 
     private final String PARAM_GUEST = "guest";
     private final String PARAM_USERINFO = "userinfo";
@@ -96,23 +98,26 @@
     	this.psm = psm;
     }
     
+    public GetUserListAction(String template, 
+            String errorTemplate, 
+            UserManager um,
+            PortalStatistics pstats,
+            PortalSessionsManager psm, 
+            RolesSecurityBehavior securityBehavior,
+            String protectionScope)
+    {
+    	super(template, errorTemplate, um, securityBehavior); 
+    	this.pstats = pstats;
+    	this.psm = psm;
+    	this.protectionScope = protectionScope;
+    }
+    
     public boolean run(RequestContext requestContext, Map resultMap)
             throws AJAXException
     {
         boolean success = true;
         String status = "success";
         
-    	// Do a security check if a behavior is set
-    	if(securityBehavior != null)
-    	{
-    		if(!checkAccess(requestContext, JetspeedActions.EDIT))
-    		{
-    			success = false;
-                resultMap.put(REASON, "Insufficient access see user details.");         
      
-                return success;
-    		}
-    	}
-
     	boolean includeGuests;
     	boolean includeUserInfo;
         boolean includeOffline;
@@ -130,6 +135,35 @@
         	includeGuests = isTrue(getActionParameter(requestContext, PARAM_GUEST));
         	includeUserInfo = isTrue(getActionParameter(requestContext, PARAM_USERINFO));
         }
+        
+    	// Do a security check if a behavior is set
+    	if(securityBehavior != null)
+    	{
+    		// If protection is set to "none", everything will be allowed
+    		if(!checkAccess(requestContext, JetspeedActions.EDIT) && !this.protectionScope.equals("none"))
+    		{
+    			// If we have set protection to private only and security check failed,
+    			// will return basic information still
+    			if(this.protectionScope.equals("private-offline"))
+    			{
+    				// If private and offline information is protected, disable that and offline users.
+    				includeUserInfo = false;
+    				includeOffline = false;
+    			}
+    			else if(this.protectionScope.equals("private"))
+    			{
+    				// Only private information is protected.
+    				includeUserInfo = false;
+    			}
+    			else
+    			{
+    				
+	    			success = false;
+	                resultMap.put(REASON, "Insufficient access see user details.");        
       
+	                return success;
+    			}
+    		}
+    	}
         
         int numberOfCurrentUsers = 0;
         int numberOfCurrentLoggedInUsers = 0;

Modified: portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/ajax-layout.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/ajax-layout.xml?view=diff&rev=537267&r1=537266&r2=537267
==============================================================================
--- portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/ajax-layout.xml (original)
+++ portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/ajax-layout.xml Fri May 11 12:03:16
2007
@@ -507,6 +507,17 @@
     </constructor-arg>
 </bean>
 
+<!-- 
+    == AjaxGetUserList Constructor Arguments ==
+    index 0 = render response VM template, generates XML NORMAL response
+    index 1 = render response VM template, generates XML ERROR response
+    index 2 = User Manager
+    index 3 = Portal statistics
+    index 4 = Portal session manager
+    index 5 = Security behavior
+    index 6 = Protection scope
+    -->
+
 <bean id="AjaxGetUserList"
     class="org.apache.jetspeed.layout.impl.GetUserListAction">
     <constructor-arg index="0">
@@ -526,6 +537,9 @@
     </constructor-arg>
 	<constructor-arg index='5'>
         <ref bean="RolesSecurityBehavior"/>
+    </constructor-arg>
+    <constructor-arg index='6'>
+        <value>private</value>
     </constructor-arg>
 </bean>
     

Modified: portals/jetspeed-2/trunk/xdocs/guides/guide-ajax-api.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/xdocs/guides/guide-ajax-api.xml?view=diff&rev=537267&r1=537266&r2=537267
==============================================================================
--- portals/jetspeed-2/trunk/xdocs/guides/guide-ajax-api.xml (original)
+++ portals/jetspeed-2/trunk/xdocs/guides/guide-ajax-api.xml Fri May 11 12:03:16 2007
@@ -846,7 +846,148 @@
 		</td>    
 	</tr>
 </table>
-</subsection>        
+</subsection>
+
+<subsection name='getuseinfo'>
+<table>		
+
+    <tr>
+        <td>API:</td>
+        <td>getuseinfo</td>
+    </tr>
+    <tr>
+        <td>Component:</td>
+        <td>AjaxGetUserInformation</td>
+    </tr>
+    <tr>
+        <td>Description:</td>
+        <td>Returns information about the currently logged in user. Can be used for
example in AJAX based portlets to retrieve the userinfo in a more robust way. Will return
success only if a user is currenly logged in, otherwise will return false.</td>
+    </tr>
+    <tr>
+        <td>Parameters:</td>
+        <table>
+			<tr>
+				<td>action</td>
+				<td>getuserinfo</td>				
+			</tr>                                   
+		</table>
+    </tr>
+    <tr>
+        <td>API example:</td>
+		<td>
+<source><![CDATA[			
+http://localhost:8080/jetspeed/ajaxapi?action=getuserinfo
+]]></source>			
+		</td>    
+	</tr>
+    <tr>
+        <td>XML Response:</td>
+		<td>
+<source><![CDATA[
+<js>
+    <status>success</status>
+    <action>userinformation</action>
+    <username>admin</username> 
+    <type>org.apache.jetspeed.security.impl.UserPrincipalImpl</type>
+    <userinfo>
+        <user.name.given>Test Dude</user.name.given>
+        <user.name.family>Dudley</user.name.family>
+    </userinfo>
+</js>
+]]></source>		
+		</td>    
+	</tr>
+</table>
+</subsection>
+
+<subsection name='getuserlist'>
+<table>		
+
+    <tr>
+        <td>API:</td>
+        <td>getuseinfo</td>
+    </tr>
+    <tr>
+        <td>Component:</td>
+        <td>AjaxGetUserList</td>
+    </tr>
+    <tr>
+        <td>Description:</td>
+        <td>Provides basic information (username, ip-address, number of sessions and
status) about currently logged in users in xml-format. Optionally it can also provide more
detailed userinformation, number of guest sessions and include offline users as well.</td>
+    </tr>
+    <tr>
+        <td>Parameters:</td>
+        <table>
+			<tr>
+				<td>action</td>
+				<td>getuserinfo</td>
+			</tr>
+            <tr>
+                <td>userinfo</td>
+                <td>Whether we should include also userinfo (true | false [default])</td>
+            </tr>
+            <tr>
+                <td>offline</td>
+                <td>Whether we should include offline users (true | false [default])</td>
+            </tr>
+            <tr>
+                <td>guest</td>
+                <td>Whether we should return also the guest sessions (true | false
[default])</td>
+            </tr>
+            <tr>
+                <td>all</td>
+                <td>If set to true, will return every bits and piece there is (true
| false [default])</td>
+            </tr>
+		</table>
+    </tr>
+    <tr>
+        <td>
+            <p>
+                By default the private information (emails, etc..) is protected with
+                RolesSecurityBehavior security, but can be changed in <a href="http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/ajax-layout.xml?view=markup">AJAX
configuration</a>
+                by altering the protectionScope constructor value to either "all" to protect
+                even the basic information or to "none" when everything will be shown for
everyone (not wise on production).
+                The default value "private" will show just the basic information of online/offline
users and number of guest sessions,
+                as the "private-offline" will not show even the offline users. Possible protectionScope
values are "all",
+                "private-offline", "private" and "none".
+            </p>
+        </td>
+    </tr>
+    <tr>
+        <td>API example:</td>
+		<td>
+<source><![CDATA[			
+http://localhost:8080/jetspeed/ajaxapi?action=getuserlist&userinfo=true&guest=true
+]]></source>			
+		</td>    
+	</tr>
+    <tr>
+        <td>XML Response:</td>
+		<td>
+<source><![CDATA[
+<js>
+    <status>success</status>
+    <action>getuserlist</action>
+    <users>
+        <user>
+            <username>admin</username>
+            <sessions>1</sessions>
+            <status>online</status>
+            <ipaddress>127.0.0.1</ipaddress>
+            <userinfo>
+                <user.name.given>Test Dude</user.name.given>
+                <user.name.family>Dudley</user.name.family>
+            </userinfo>
+        </user>
+        <guests>0</guests>
+    </users>
+</js>
+]]></source>		
+		</td>    
+	</tr>
+</table>
+</subsection>
+        
 </section>
 
 <section name='Spring Assembly'>
@@ -892,9 +1033,27 @@
             <entry key="getpages">
                 <ref bean="AjaxGetPages"/>
             </entry>			
+            <entry key="getfolder">
+                <ref bean="AjaxGetFolder"/>
+            </entry>			            
+            <entry key="getlink">
+                <ref bean="AjaxGetLink"/>
+            </entry>			                        
+            <entry key="getfolderlist">
+                <ref bean="AjaxGetFolderList"/>
+            </entry>			                        
+            <entry key="getfolders">
+                <ref bean="AjaxGetFoldersList"/>
+            </entry>			      						
+            <entry key="getthemes">
+                <ref bean="AjaxGetThemes"/>
+            </entry>
+            <entry key="getactions">
+                <ref bean="AjaxGetActions"/>
+            </entry>
             <entry key="window">
                 <ref bean="AjaxChangeWindow"/>
-            </entry>			            
+            </entry>
             <entry key="getmenus">
                 <ref bean="AjaxGetMenus"/>
             </entry>			            
@@ -904,6 +1063,24 @@
             <entry key="permissions">
                 <ref bean="AjaxSecurityPermissions"/>
             </entry>			                        
+            <entry key="constraints">
+                <ref bean="AjaxSecurityConstraints"/>
+            </entry>			          
+            <entry key="updatefolder">
+                <ref bean="AjaxUpdateFolder"/>                
+            </entry>                          
+            <entry key="updatepage">
+                <ref bean="AjaxUpdatePage"/>                
+            </entry>              
+            <entry key="updatelink">
+                <ref bean="AjaxUpdateLink"/>                
+            </entry>                                                              
+            <entry key="getuserinfo">
+                <ref bean="AjaxGetUserInformation"/>                
+            </entry>
+            <entry key="getuserlist">
+                <ref bean="AjaxGetUserList"/>                
+            </entry>
         </map>
     </constructor-arg>
     <constructor-arg index="1">



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message