portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rwat...@apache.org
Subject svn commit: r772017 - in /portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src: main/java/org/apache/jetspeed/om/folder/proxy/ main/java/org/apache/jetspeed/om/page/proxy/ main/java/org/apache/jetspeed/portalsite/impl/ main/java/org/apac...
Date Wed, 06 May 2009 00:08:25 GMT
Author: rwatler
Date: Wed May  6 00:08:24 2009
New Revision: 772017

URL: http://svn.apache.org/viewvc?rev=772017&view=rev
Log:
JS2-900: propagate SecurityException out of PortalSite component if accessing secure page
w/o view permissions and profiler valve page fallback disabled

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/folder/proxy/FolderProxy.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/page/proxy/PageProxy.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/view/SiteView.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/test/java/org/apache/jetspeed/portalsite/TestPortalSite.java

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/folder/proxy/FolderProxy.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/folder/proxy/FolderProxy.java?rev=772017&r1=772016&r2=772017&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/folder/proxy/FolderProxy.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/folder/proxy/FolderProxy.java
Wed May  6 00:08:24 2009
@@ -560,6 +560,104 @@
     {
         return defaultFolder;
     }
+    
+    /**
+     * checkAccessToFolderNotFound - checks security access to child folder
+     *                               nodes not found in aggregated children
+     *                               site view when accessed directly; folders
+     *                               part of the view are by definition
+     *                               accessible
+     *
+     * @throws SecurityException if view access to folder not granted
+     */
+    public void checkAccessToFolderNotFound(String folderName)
+    {
+        try
+        {
+            // check access on concrete child in all search folders
+            Iterator foldersIter = getSearchFolders().iterator();
+            while (foldersIter.hasNext())
+            {
+                // test access against child in search folder
+                SearchFolder searchFolder = (SearchFolder)foldersIter.next();
+                Folder folder = searchFolder.folder;
+                // ignore all folder access exceptions, (throws SecurityException on failed
check access)
+                try
+                {
+                    folder.getFolder(folderName);
+                }
+                catch (DocumentException de)
+                {                    
+                }
+                catch (FolderNotFoundException fnfe)
+                {
+                }
+            }
+        }
+        catch (FolderNotFoundException fnfe)
+        {
+        }
+    }
+
+    /**
+     * checkAccessToNodeNotFound - checks security access to child node
+     *                             nodes not found in aggregated children
+     *                             site view when accessed directly; pages,
+     *                             folders, and links part of the view are
+     *                             by definition accessible
+     *
+     * @throws SecurityException if view access to node not granted
+     */
+    public void checkAccessToNodeNotFound(String nodeName)
+    {
+        try
+        {
+            // check access on concrete child in all search folders
+            Iterator foldersIter = getSearchFolders().iterator();
+            while (foldersIter.hasNext())
+            {
+                // test access against child in search folder
+                SearchFolder searchFolder = (SearchFolder)foldersIter.next();
+                Folder folder = searchFolder.folder;
+                // ignore all folder access exceptions, (throws SecurityException on failed
check access)
+                try
+                {
+                    folder.getFolder(nodeName);
+                }
+                catch (DocumentException de)
+                {                    
+                }
+                catch (FolderNotFoundException fnfe)
+                {
+                }
+                // ignore all page access exceptions, (throws SecurityException on failed
check access)
+                try
+                {
+                    folder.getPage(nodeName);
+                }
+                catch (NodeException ne)
+                {                    
+                }
+                catch (PageNotFoundException ne)
+                {                    
+                }
+                // ignore all link access exceptions, (throws SecurityException on failed
check access)
+                try
+                {
+                    folder.getLink(nodeName);
+                }
+                catch (NodeException ne)
+                {                    
+                }
+                catch (DocumentNotFoundException ne)
+                {                    
+                }
+            }
+        }
+        catch (FolderNotFoundException fnfe)
+        {
+        }
+    }
 
     /**
      * aggregateMenuDefinitionLocators - aggregate all menu definition locators
@@ -1003,4 +1101,24 @@
         }
         throw new FolderNotFoundException("Inheritance folders at " + getPath() + " not found
or accessible");
     }
+
+    /**
+     * getFolderProxy - utility method to access FolderProxy handler
+     *                  from Folder proxy instance
+     *
+     * @param folder folder proxy instance
+     * @return folder proxy invocation handler instance
+     */
+    public static FolderProxy getFolderProxy(Object folder)
+    {
+        if ((folder != null) && Proxy.isProxyClass(folder.getClass()))
+        {
+            Object folderProxyHandler = Proxy.getInvocationHandler(folder);
+            if (folderProxyHandler instanceof FolderProxy)
+            {
+                return (FolderProxy)folderProxyHandler;
+            }
+        }
+        return null;
+    }
 }

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/page/proxy/PageProxy.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/page/proxy/PageProxy.java?rev=772017&r1=772016&r2=772017&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/page/proxy/PageProxy.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/om/page/proxy/PageProxy.java
Wed May  6 00:08:24 2009
@@ -160,7 +160,7 @@
         // folder menu definitions include standard menu definition
         // locator defaults
         mergeMenuDefinitionLocators(page.getMenuDefinitions(), page);
-        FolderProxy parentFolderProxy = (FolderProxy)Proxy.getInvocationHandler(getParent());
+        FolderProxy parentFolderProxy = FolderProxy.getFolderProxy(getParent());
         mergeMenuDefinitionLocators(parentFolderProxy.getMenuDefinitionLocators());
     }
 }

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java?rev=772017&r1=772016&r2=772017&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/impl/PortalSiteSessionContextImpl.java
Wed May  6 00:08:24 2009
@@ -154,8 +154,8 @@
      * newRequestContext - create a new request context instance with history
      *
      * @param requestProfileLocators request profile locators
-     * @param requestFallback flag specifying whether to fallback to root folder
-     *                        if locators do not select a page or access is forbidden
+     * @param requestFallback flag specifying whether to fallback to folders if
+     *                        locators do not select a page or access is forbidden
      * @return new request context instance
      */
     public PortalSiteRequestContext newRequestContext(Map requestProfileLocators, boolean
requestFallback)
@@ -167,8 +167,8 @@
      * newRequestContext - create a new request context instance
      *
      * @param requestProfileLocators request profile locators
-     * @param requestFallback flag specifying whether to fallback to root folder
-     *                        if locators do not select a page or access is forbidden
+     * @param requestFallback flag specifying whether to fallback to folders if
+     *                        locators do not select a page or access is forbidden
      * @param useHistory flag indicating whether to use visited page
      *                   history to select default page per site folder
      * @return new request context instance
@@ -182,8 +182,8 @@
      * selectRequestPage - select page proxy for request given profile locators
      *
      * @param requestProfileLocators map of profile locators for request
-     * @param requestFallback flag specifying whether to fallback to root folder
-     *                        if locators do not select a page or access is forbidden
+     * @param requestFallback flag specifying whether to fallback to folders if
+     *                        locators do not select a page or access is forbidden
      * @param useHistory flag indicating whether to use visited page
      *                   history to select default page per site folder
      * @return selected page proxy for request

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/view/SiteView.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/view/SiteView.java?rev=772017&r1=772016&r2=772017&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/view/SiteView.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/main/java/org/apache/jetspeed/portalsite/view/SiteView.java
Wed May  6 00:08:24 2009
@@ -738,6 +738,9 @@
                     }
                     catch (NodeNotFoundException nnfe)
                     {
+                        // check security access to folder not found in site view
+                        FolderProxy.getFolderProxy(currentFolder).checkAccessToFolderNotFound(subfolder);
+                        // folder not found in site view
                         NodeNotFoundException nnfeWrapper = new NodeNotFoundException("Specified
path " + path + " not found.");
                         nnfeWrapper.initCause(nnfe);
                         throw nnfeWrapper;
@@ -768,6 +771,9 @@
                     nnfe.initCause(ne);
                     throw nnfe;
                 }
+                // check security access to folder node not found in site view
+                FolderProxy.getFolderProxy(currentFolder).checkAccessToNodeNotFound(currentPath);
+                // folder node not found in site view
                 throw new NodeNotFoundException("Specified path " + path + " not found or
viewable/visible.");
             }
         }

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/test/java/org/apache/jetspeed/portalsite/TestPortalSite.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/test/java/org/apache/jetspeed/portalsite/TestPortalSite.java?rev=772017&r1=772016&r2=772017&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/test/java/org/apache/jetspeed/portalsite/TestPortalSite.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal-site/src/test/java/org/apache/jetspeed/portalsite/TestPortalSite.java
Wed May  6 00:08:24 2009
@@ -34,6 +34,7 @@
 import org.apache.jetspeed.om.page.Page;
 import org.apache.jetspeed.page.PageManager;
 import org.apache.jetspeed.page.document.NodeSet;
+import org.apache.jetspeed.page.document.NodeNotFoundException;
 import org.apache.jetspeed.page.document.proxy.NodeProxy;
 import org.apache.jetspeed.portalsite.impl.MenuImpl;
 import org.apache.jetspeed.portalsite.view.SiteView;
@@ -245,6 +246,22 @@
         folder0Page0ProxyByPath = (Page)baseView.getNodeProxy("page0.psml", rootFolder0Proxy,
false, false);
         assertNotNull(folder0Page0ProxyByPath);
         assertEquals(folder0Page0Proxy, folder0Page0ProxyByPath);
+        try
+        {
+            baseView.getNodeProxy("/folderX/page0.psml", null, false, false);
+            fail("/folderX/page0.psml should not be found");
+        }
+        catch (NodeNotFoundException nnfe)
+        {
+        }
+        try
+        {
+            baseView.getNodeProxy("/folder0/pageX.psml", null, false, false);
+            fail("/folder0/pageX.psml should not be found");
+        }
+        catch (NodeNotFoundException nnfe)
+        {
+        }
         List rootPageProxiesByPath = baseView.getNodeProxies("/page?.psml", null, false,
false);
         assertNotNull(rootPageProxiesByPath);
         assertEquals(3,rootPageProxiesByPath.size());



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message