portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r725977 [8/48] - in /portals/jetspeed-2/portal/trunk: ./ app-servers/security/jboss/src/java/META-INF/jboss-secsvc/ app-servers/security/jboss/src/java/org/apache/jetspeed/appservers/security/jboss/ applications/jetspeed/src/main/javascript...
Date Fri, 12 Dec 2008 12:07:04 GMT
Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/DelegatingPageManager.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/DelegatingPageManager.java?rev=725977&r1=725976&r2=725977&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/DelegatingPageManager.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/DelegatingPageManager.java
Fri Dec 12 04:06:29 2008
@@ -1,275 +1,275 @@
-/*
+/*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- * 
- *      http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jetspeed.page;
-
-import java.util.Map;
-
-import org.apache.jetspeed.om.folder.Folder;
-import org.apache.jetspeed.om.folder.FolderNotFoundException;
-import org.apache.jetspeed.om.folder.InvalidFolderException;
-import org.apache.jetspeed.om.page.ContentPage;
-import org.apache.jetspeed.om.page.Link;
-import org.apache.jetspeed.om.page.Page;
-import org.apache.jetspeed.om.page.PageSecurity;
-import org.apache.jetspeed.page.document.DocumentException;
-import org.apache.jetspeed.page.document.DocumentNotFoundException;
-import org.apache.jetspeed.page.document.FailedToDeleteDocumentException;
-import org.apache.jetspeed.page.document.FailedToUpdateDocumentException;
-import org.apache.jetspeed.page.document.NodeException;
-import org.apache.jetspeed.page.document.NodeSet;
-import org.apache.jetspeed.page.document.UnsupportedDocumentTypeException;
-
-
-/**
- * DelegatingPageManager
- * 
- * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
- * @version $Id: $
- */
-
-public class DelegatingPageManager extends AbstractPageManager
-{
-    public DelegatingPageManager(
-            boolean isPermissionsSecurity, 
-            boolean isConstraintsSecurity,
-            Map modelClasses)
-    {
-        super(isPermissionsSecurity, isConstraintsSecurity, modelClasses);
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getPage(java.lang.String)
-     */
-    public Page getPage(String id) throws PageNotFoundException, NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getContentPage(java.lang.String)
-     */
-    public ContentPage getContentPage(String path)
-            throws PageNotFoundException, NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getLink(java.lang.String)
-     */
-    public Link getLink(String name) throws DocumentNotFoundException,
-            UnsupportedDocumentTypeException, NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getPageSecurity()
-     */
-    public PageSecurity getPageSecurity() throws DocumentNotFoundException,
-            UnsupportedDocumentTypeException, NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    public boolean checkConstraint(String securityConstraintName, String actions)
-    {
-        return false;
-    }
-    
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getFolder(java.lang.String)
-     */
-    public Folder getFolder(String folderPath) throws FolderNotFoundException,
-            InvalidFolderException, NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getFolders(org.apache.jetspeed.om.folder.Folder)
-     */
-    public NodeSet getFolders(Folder folder) throws DocumentException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getFolder(org.apache.jetspeed.om.folder.Folder,java.lang.String)
-     */
-    public Folder getFolder(Folder folder, String name) throws FolderNotFoundException, DocumentException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getPages(org.apache.jetspeed.om.folder.Folder)
-     */
-    public NodeSet getPages(Folder folder) throws NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-    
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getPage(org.apache.jetspeed.om.folder.Folder,java.lang.String)
-     */
-    public Page getPage(Folder folder, String name) throws PageNotFoundException, NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-    
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getLinks(org.apache.jetspeed.om.folder.Folder)
-     */    
-    public NodeSet getLinks(Folder folder) throws NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-    
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getLink(org.apache.jetspeed.om.folder.Folder,java.lang.String)
-     */    
-    public Link getLink(Folder folder, String name) throws DocumentNotFoundException, NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-    
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getPageSecurity(org.apache.jetspeed.om.folder.Folder)
-     */    
-    public PageSecurity getPageSecurity(Folder folder) throws DocumentNotFoundException,
NodeException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#getAll(org.apache.jetspeed.om.folder.Folder)
-     */
-    public NodeSet getAll(Folder folder) throws DocumentException
-    {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#updatePage(org.apache.jetspeed.om.page.Page)
-     */
-    public void updatePage(Page page) throws NodeException,
-            PageNotUpdatedException
-    {
-        // TODO Auto-generated method stub
-
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#removePage(org.apache.jetspeed.om.page.Page)
-     */
-    public void removePage(Page page) throws NodeException,
-            PageNotRemovedException
-    {
-        // TODO Auto-generated method stub
-
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#updateFolder(org.apache.jetspeed.om.folder.Folder)
-     */
-    public void updateFolder(Folder folder) throws NodeException,
-            FolderNotUpdatedException
-    {
-        // TODO Auto-generated method stub
-
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#updateFolder(org.apache.jetspeed.om.folder.Folder,boolean)
-     */
-    public void updateFolder(Folder folder, boolean deep) throws NodeException,
-            FolderNotUpdatedException
-    {
-        // TODO Auto-generated method stub
-
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#removeFolder(org.apache.jetspeed.om.folder.Folder)
-     */
-    public void removeFolder(Folder folder) throws NodeException,
-            FolderNotRemovedException
-    {
-        // TODO Auto-generated method stub
-
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#updateLink(org.apache.jetspeed.om.page.Link)
-     */
-    public void updateLink(Link link) throws NodeException,
-            LinkNotUpdatedException
-    {
-        // TODO Auto-generated method stub
-
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#removeLink(org.apache.jetspeed.om.page.Link)
-     */
-    public void removeLink(Link link) throws NodeException,
-            LinkNotRemovedException
-    {
-        // TODO Auto-generated method stub
-
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#updatePageSecurity(org.apache.jetspeed.om.page.PageSecurity)
-     */
-    public void updatePageSecurity(PageSecurity pageSecurity) throws
-            NodeException, FailedToUpdateDocumentException
-    {
-        // TODO Auto-generated method stub
-
-    }
-
-    /* (non-Javadoc)
-     * @see org.apache.jetspeed.page.PageManager#removePageSecurity(org.apache.jetspeed.om.page.PageSecurity)
-     */
-    public void removePageSecurity(PageSecurity pageSecurity) throws
-            NodeException, FailedToDeleteDocumentException
-    {
-        // TODO Auto-generated method stub
-
-    }
-    
-    public int addPages(Page[] pages)
-    throws NodeException
-    {
-        throw new NodeException("not impl");
-    }
-}
+ * the License.  You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.page;
+
+import java.util.Map;
+
+import org.apache.jetspeed.om.folder.Folder;
+import org.apache.jetspeed.om.folder.FolderNotFoundException;
+import org.apache.jetspeed.om.folder.InvalidFolderException;
+import org.apache.jetspeed.om.page.ContentPage;
+import org.apache.jetspeed.om.page.Link;
+import org.apache.jetspeed.om.page.Page;
+import org.apache.jetspeed.om.page.PageSecurity;
+import org.apache.jetspeed.page.document.DocumentException;
+import org.apache.jetspeed.page.document.DocumentNotFoundException;
+import org.apache.jetspeed.page.document.FailedToDeleteDocumentException;
+import org.apache.jetspeed.page.document.FailedToUpdateDocumentException;
+import org.apache.jetspeed.page.document.NodeException;
+import org.apache.jetspeed.page.document.NodeSet;
+import org.apache.jetspeed.page.document.UnsupportedDocumentTypeException;
+
+
+/**
+ * DelegatingPageManager
+ * 
+ * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
+ * @version $Id: $
+ */
+
+public class DelegatingPageManager extends AbstractPageManager
+{
+    public DelegatingPageManager(
+            boolean isPermissionsSecurity, 
+            boolean isConstraintsSecurity,
+            Map modelClasses)
+    {
+        super(isPermissionsSecurity, isConstraintsSecurity, modelClasses);
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getPage(java.lang.String)
+     */
+    public Page getPage(String id) throws PageNotFoundException, NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getContentPage(java.lang.String)
+     */
+    public ContentPage getContentPage(String path)
+            throws PageNotFoundException, NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getLink(java.lang.String)
+     */
+    public Link getLink(String name) throws DocumentNotFoundException,
+            UnsupportedDocumentTypeException, NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getPageSecurity()
+     */
+    public PageSecurity getPageSecurity() throws DocumentNotFoundException,
+            UnsupportedDocumentTypeException, NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    public boolean checkConstraint(String securityConstraintName, String actions)
+    {
+        return false;
+    }
+    
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getFolder(java.lang.String)
+     */
+    public Folder getFolder(String folderPath) throws FolderNotFoundException,
+            InvalidFolderException, NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getFolders(org.apache.jetspeed.om.folder.Folder)
+     */
+    public NodeSet getFolders(Folder folder) throws DocumentException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getFolder(org.apache.jetspeed.om.folder.Folder,java.lang.String)
+     */
+    public Folder getFolder(Folder folder, String name) throws FolderNotFoundException, DocumentException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getPages(org.apache.jetspeed.om.folder.Folder)
+     */
+    public NodeSet getPages(Folder folder) throws NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+    
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getPage(org.apache.jetspeed.om.folder.Folder,java.lang.String)
+     */
+    public Page getPage(Folder folder, String name) throws PageNotFoundException, NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+    
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getLinks(org.apache.jetspeed.om.folder.Folder)
+     */    
+    public NodeSet getLinks(Folder folder) throws NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+    
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getLink(org.apache.jetspeed.om.folder.Folder,java.lang.String)
+     */    
+    public Link getLink(Folder folder, String name) throws DocumentNotFoundException, NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+    
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getPageSecurity(org.apache.jetspeed.om.folder.Folder)
+     */    
+    public PageSecurity getPageSecurity(Folder folder) throws DocumentNotFoundException,
NodeException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#getAll(org.apache.jetspeed.om.folder.Folder)
+     */
+    public NodeSet getAll(Folder folder) throws DocumentException
+    {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#updatePage(org.apache.jetspeed.om.page.Page)
+     */
+    public void updatePage(Page page) throws NodeException,
+            PageNotUpdatedException
+    {
+        // TODO Auto-generated method stub
+
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#removePage(org.apache.jetspeed.om.page.Page)
+     */
+    public void removePage(Page page) throws NodeException,
+            PageNotRemovedException
+    {
+        // TODO Auto-generated method stub
+
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#updateFolder(org.apache.jetspeed.om.folder.Folder)
+     */
+    public void updateFolder(Folder folder) throws NodeException,
+            FolderNotUpdatedException
+    {
+        // TODO Auto-generated method stub
+
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#updateFolder(org.apache.jetspeed.om.folder.Folder,boolean)
+     */
+    public void updateFolder(Folder folder, boolean deep) throws NodeException,
+            FolderNotUpdatedException
+    {
+        // TODO Auto-generated method stub
+
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#removeFolder(org.apache.jetspeed.om.folder.Folder)
+     */
+    public void removeFolder(Folder folder) throws NodeException,
+            FolderNotRemovedException
+    {
+        // TODO Auto-generated method stub
+
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#updateLink(org.apache.jetspeed.om.page.Link)
+     */
+    public void updateLink(Link link) throws NodeException,
+            LinkNotUpdatedException
+    {
+        // TODO Auto-generated method stub
+
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#removeLink(org.apache.jetspeed.om.page.Link)
+     */
+    public void removeLink(Link link) throws NodeException,
+            LinkNotRemovedException
+    {
+        // TODO Auto-generated method stub
+
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#updatePageSecurity(org.apache.jetspeed.om.page.PageSecurity)
+     */
+    public void updatePageSecurity(PageSecurity pageSecurity) throws
+            NodeException, FailedToUpdateDocumentException
+    {
+        // TODO Auto-generated method stub
+
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.jetspeed.page.PageManager#removePageSecurity(org.apache.jetspeed.om.page.PageSecurity)
+     */
+    public void removePageSecurity(PageSecurity pageSecurity) throws
+            NodeException, FailedToDeleteDocumentException
+    {
+        // TODO Auto-generated method stub
+
+    }
+    
+    public int addPages(Page[] pages)
+    throws NodeException
+    {
+        throw new NodeException("not impl");
+    }
+}

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/DelegatingPageManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java?rev=725977&r1=725976&r2=725977&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java
Fri Dec 12 04:06:29 2008
@@ -1,211 +1,211 @@
-/*
+/*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- * 
- *      http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jetspeed.page;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-
-import javax.security.auth.Subject;
-
-import org.apache.jetspeed.JetspeedActions;
-import org.apache.jetspeed.om.page.SecurityConstraintImpl;
-import org.apache.jetspeed.om.page.SecurityConstraintsDef;
-import org.apache.jetspeed.page.document.DocumentException;
-import org.apache.jetspeed.security.Group;
-import org.apache.jetspeed.security.JSSubject;
-import org.apache.jetspeed.security.Role;
-import org.apache.jetspeed.security.User;
-
-
-/**
- * PageManagerUtils
- * 
- * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
- * @version $Id: $
- */
-public class PageManagerSecurityUtils
-{
-    public static boolean checkConstraint(SecurityConstraintsDef def, String actions)
-    throws DocumentException
-    {
-        List viewActionList = SecurityConstraintImpl.parseCSVList(actions);
-        List otherActionsList = null;
-        if (viewActionList.size() == 1)
-        {
-            if (!viewActionList.contains(JetspeedActions.VIEW))
-            {
-                otherActionsList = viewActionList;
-                viewActionList = null;
-            }
-        }
-        else
-        {
-            otherActionsList = viewActionList;
-            viewActionList = null;
-            if (otherActionsList.remove(JetspeedActions.VIEW))
-            {
-                viewActionList = new ArrayList(1);
-                viewActionList.add(JetspeedActions.VIEW);
-            }
-        }
-
-        // get current request context subject
-        Subject subject = JSSubject.getSubject(AccessController.getContext());
-        if (subject == null)
-        {
-            throw new SecurityException("Security Consraint Check: Missing JSSubject");
-        }
-
-        // get user/group/role principal names
-        List userPrincipals = null;
-        List rolePrincipals = null;
-        List groupPrincipals = null;
-        Iterator principals = subject.getPrincipals().iterator();
-        while (principals.hasNext())
-        {
-            Principal principal = (Principal) principals.next();
-            if (principal instanceof User)
-            {
-                if (userPrincipals == null)
-                {
-                    userPrincipals = new LinkedList();
-                }
-                userPrincipals.add(principal.getName());
-            }
-            else if (principal instanceof Role)
-            {
-                if (rolePrincipals == null)
-                {
-                    rolePrincipals = new LinkedList();
-                }
-                rolePrincipals.add(principal.getName());
-            }
-            else if (principal instanceof Group)
-            {
-                if (groupPrincipals == null)
-                {
-                    groupPrincipals = new LinkedList();
-                }
-                groupPrincipals.add(principal.getName());
-            }
-        }
-        
-        boolean result = false;
-        
-        // check constraints using parsed action and access lists
-        if (viewActionList != null)
-        {
-            result = checkConstraints(viewActionList, userPrincipals, rolePrincipals, groupPrincipals,
def);
-        }
-        if (otherActionsList != null)
-        {
-            result = checkConstraints(otherActionsList, userPrincipals, rolePrincipals, groupPrincipals,
def);
-        }
-        return result;
-    }
-    /**
-     * check access for the constraints list of a security constraints definition
-     * 
-     * @param actions given actions
-     * @param userPrincipals set of user principals  
-     * @param rolePrincipals set of role principals
-     * @param groupPrincipals set oof group principals
-     * @param def the security constraint definition 
-     * @throws SecurityException
-     */
-    public static boolean checkConstraints(List actions, List userPrincipals, List rolePrincipals,
List groupPrincipals, SecurityConstraintsDef def) 
-    throws DocumentException
-    {
-        
-        List checkConstraints = def.getSecurityConstraints();
-            // SecurityConstraint c =(SecurityConstraint)constraints.next();
-        // skip missing or empty constraints: permit all access
-        //List checkConstraints = getAllSecurityConstraints(pageSecurity);
-        if ((checkConstraints != null) && !checkConstraints.isEmpty())
-        {
-            // test each action, constraints check passes only
-            // if all actions are permitted for principals
-            Iterator actionsIter = actions.iterator();
-            while (actionsIter.hasNext())
-            {
-                // check each action:
-                // - if any actions explicity permitted, (including owner),
-                //   assume no permissions are permitted by default
-                // - if all constraints do not specify a permission, assume
-                //   access is permitted by default
-                String action = (String)actionsIter.next();
-                boolean actionPermitted = false;
-                boolean actionNotPermitted = false;
-                boolean anyActionsPermitted = true; // TODO:(getOwner() != null);
-                
-                // check against constraints
-                Iterator checkConstraintsIter = checkConstraints.iterator();
-                while (checkConstraintsIter.hasNext())
-                {
-                    SecurityConstraintImpl constraint = (SecurityConstraintImpl)checkConstraintsIter.next();
-                    
-                    // if permissions specified, attempt to match constraint
-                    if (constraint.getPermissions() != null)
-                    {
-                        // explicit actions permitted
-                        anyActionsPermitted = true;
-
-                        // test action permission match and user/role/group principal match
-                        if (constraint.actionMatch(action) &&
-                            constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals,
true))
-                        {
-                            actionPermitted = true;
-                            break;
-                        }
-                    }
-                    else
-                    {
-                        // permissions not specified: not permitted if any principal matched
-                        if (constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals,
false))
-                        {
-                            actionNotPermitted = true;
-                            break;
-                        }
-                    }
-                }
-                
-                // fail if any action not permitted
-                if ((!actionPermitted && anyActionsPermitted) || actionNotPermitted)
-                {
-                    //throw new SecurityException("SecurityConstraintsImpl.checkConstraints():
Access for " + action + " not permitted.");
-                    return false;
-                }
-            }
-        }
-        else
-        {
-            // fail for any action if owner specified
-            // since no other constraints were found
-            if (/*(getOwner() != null) && */ !actions.isEmpty())
-            {
-                //String action = (String)actions.get(0);
-                //throw new SecurityException("SecurityConstraintsImpl.checkConstraints():
Access for " + action + " not permitted, (not owner).");
-                return false;
-            }
-        }
-        return true;
-    }
+ * the License.  You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.page;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.apache.jetspeed.JetspeedActions;
+import org.apache.jetspeed.om.page.SecurityConstraintImpl;
+import org.apache.jetspeed.om.page.SecurityConstraintsDef;
+import org.apache.jetspeed.page.document.DocumentException;
+import org.apache.jetspeed.security.Group;
+import org.apache.jetspeed.security.JSSubject;
+import org.apache.jetspeed.security.Role;
+import org.apache.jetspeed.security.User;
+
+
+/**
+ * PageManagerUtils
+ * 
+ * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
+ * @version $Id: $
+ */
+public class PageManagerSecurityUtils
+{
+    public static boolean checkConstraint(SecurityConstraintsDef def, String actions)
+    throws DocumentException
+    {
+        List viewActionList = SecurityConstraintImpl.parseCSVList(actions);
+        List otherActionsList = null;
+        if (viewActionList.size() == 1)
+        {
+            if (!viewActionList.contains(JetspeedActions.VIEW))
+            {
+                otherActionsList = viewActionList;
+                viewActionList = null;
+            }
+        }
+        else
+        {
+            otherActionsList = viewActionList;
+            viewActionList = null;
+            if (otherActionsList.remove(JetspeedActions.VIEW))
+            {
+                viewActionList = new ArrayList(1);
+                viewActionList.add(JetspeedActions.VIEW);
+            }
+        }
+
+        // get current request context subject
+        Subject subject = JSSubject.getSubject(AccessController.getContext());
+        if (subject == null)
+        {
+            throw new SecurityException("Security Consraint Check: Missing JSSubject");
+        }
+
+        // get user/group/role principal names
+        List userPrincipals = null;
+        List rolePrincipals = null;
+        List groupPrincipals = null;
+        Iterator principals = subject.getPrincipals().iterator();
+        while (principals.hasNext())
+        {
+            Principal principal = (Principal) principals.next();
+            if (principal instanceof User)
+            {
+                if (userPrincipals == null)
+                {
+                    userPrincipals = new LinkedList();
+                }
+                userPrincipals.add(principal.getName());
+            }
+            else if (principal instanceof Role)
+            {
+                if (rolePrincipals == null)
+                {
+                    rolePrincipals = new LinkedList();
+                }
+                rolePrincipals.add(principal.getName());
+            }
+            else if (principal instanceof Group)
+            {
+                if (groupPrincipals == null)
+                {
+                    groupPrincipals = new LinkedList();
+                }
+                groupPrincipals.add(principal.getName());
+            }
+        }
+        
+        boolean result = false;
+        
+        // check constraints using parsed action and access lists
+        if (viewActionList != null)
+        {
+            result = checkConstraints(viewActionList, userPrincipals, rolePrincipals, groupPrincipals,
def);
+        }
+        if (otherActionsList != null)
+        {
+            result = checkConstraints(otherActionsList, userPrincipals, rolePrincipals, groupPrincipals,
def);
+        }
+        return result;
+    }
+    /**
+     * check access for the constraints list of a security constraints definition
+     * 
+     * @param actions given actions
+     * @param userPrincipals set of user principals  
+     * @param rolePrincipals set of role principals
+     * @param groupPrincipals set oof group principals
+     * @param def the security constraint definition 
+     * @throws SecurityException
+     */
+    public static boolean checkConstraints(List actions, List userPrincipals, List rolePrincipals,
List groupPrincipals, SecurityConstraintsDef def) 
+    throws DocumentException
+    {
+        
+        List checkConstraints = def.getSecurityConstraints();
+            // SecurityConstraint c =(SecurityConstraint)constraints.next();
+        // skip missing or empty constraints: permit all access
+        //List checkConstraints = getAllSecurityConstraints(pageSecurity);
+        if ((checkConstraints != null) && !checkConstraints.isEmpty())
+        {
+            // test each action, constraints check passes only
+            // if all actions are permitted for principals
+            Iterator actionsIter = actions.iterator();
+            while (actionsIter.hasNext())
+            {
+                // check each action:
+                // - if any actions explicity permitted, (including owner),
+                //   assume no permissions are permitted by default
+                // - if all constraints do not specify a permission, assume
+                //   access is permitted by default
+                String action = (String)actionsIter.next();
+                boolean actionPermitted = false;
+                boolean actionNotPermitted = false;
+                boolean anyActionsPermitted = true; // TODO:(getOwner() != null);
+                
+                // check against constraints
+                Iterator checkConstraintsIter = checkConstraints.iterator();
+                while (checkConstraintsIter.hasNext())
+                {
+                    SecurityConstraintImpl constraint = (SecurityConstraintImpl)checkConstraintsIter.next();
+                    
+                    // if permissions specified, attempt to match constraint
+                    if (constraint.getPermissions() != null)
+                    {
+                        // explicit actions permitted
+                        anyActionsPermitted = true;
+
+                        // test action permission match and user/role/group principal match
+                        if (constraint.actionMatch(action) &&
+                            constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals,
true))
+                        {
+                            actionPermitted = true;
+                            break;
+                        }
+                    }
+                    else
+                    {
+                        // permissions not specified: not permitted if any principal matched
+                        if (constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals,
false))
+                        {
+                            actionNotPermitted = true;
+                            break;
+                        }
+                    }
+                }
+                
+                // fail if any action not permitted
+                if ((!actionPermitted && anyActionsPermitted) || actionNotPermitted)
+                {
+                    //throw new SecurityException("SecurityConstraintsImpl.checkConstraints():
Access for " + action + " not permitted.");
+                    return false;
+                }
+            }
+        }
+        else
+        {
+            // fail for any action if owner specified
+            // since no other constraints were found
+            if (/*(getOwner() != null) && */ !actions.isEmpty())
+            {
+                //String action = (String)actions.get(0);
+                //throw new SecurityException("SecurityConstraintsImpl.checkConstraints():
Access for " + action + " not permitted, (not owner).");
+                return false;
+            }
+        }
+        return true;
+    }
 }
\ No newline at end of file

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/PageManagerSecurityUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/PageManagerUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/trunk/components/jetspeed-page-manager/src/main/java/org/apache/jetspeed/page/document/impl/DocumentImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message