portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dlest...@apache.org
Subject cvs commit: jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security GroupManager.java RoleManager.java SecurityHelper.java
Date Sat, 08 May 2004 16:17:23 GMT
dlestrat    2004/05/08 09:17:23

  Modified:    components/security/src/java/org/apache/jetspeed/security
                        GroupManager.java RoleManager.java
                        SecurityHelper.java
  Log:
  Modified Security service to support declarative security.  Declarative security
  prevents using "/" in declared security roles.  To support declarative security,
  hierarchical principals are now expressed as {principal}.{subprincipal}.
  
  Revision  Changes    Path
  1.3       +26 -22    jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/GroupManager.java
  
  Index: GroupManager.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/GroupManager.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- GroupManager.java	25 Mar 2004 21:39:55 -0000	1.2
  +++ GroupManager.java	8 May 2004 16:17:23 -0000	1.3
  @@ -20,7 +20,10 @@
    * <p>Describes the service interface for managing groups.</p>
    * <p>Group hierarchy elements are being returned as a {@link Group}
    * collection.  The backing implementation must appropriately map 
  - * the group hierarchy to a preferences sub-tree.</p> 
  + * the group hierarchy to a preferences sub-tree.</p>
  + * <p>The convention {principal}.{subprincipal} has been chosen to name
  + * groups hierachies.  Implementation follow the conventions enforced
  + * by the Preferences API.</p>
    * @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
    */
   public interface GroupManager
  @@ -28,41 +31,42 @@
   
       /**
        * <p>Add a new group.</p>
  -     * <p>Group principal names are relative to the /group node.</p>
  +     * <p>Group principal names are expressed as {principal}.{subprincipal} where
  +     * "." is the separator expressing the hierarchical nature of a group.</p>
        * <p>Group principal path names are stored leveraging the {@link Preferences}
        * api.  Groups will be stored under /group/theGroupName/theGroupNameChild
  -     * when given the full path name /theGroupName/theGroupNameChild.
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node (e.g. /theGroupName/theGroupNameChild).
  +     * when given the full path name theGroupName.theGroupNameChild.
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupNameChild).
        * @throws Throws a security exception.
        */
       void addGroup(String groupFullPathName) throws SecurityException;
   
       /**
        * <p>Remove a group.</p>
  -     * <p>Group principal names are relative to the {@link Preferences}
  -     * /group node.</p>
  +     * <p>Group principal names are expressed as {principal}.{subprincipal} where
  +     * "." is the separator expressing the hierarchical nature of a group.</p>
        * <p>Group principal path names are stored leveraging the {@link Preferences}
        * api.  Groups will be stored under /group/theGroupName/theGroupNameChild
  -     * when given the full path name /theGroupName/theGroupNameChild.
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node. (e.g. /theGroupName/theGroupNameChild)
  +     * when given the full path name theGroupName.theGroupNameChild.
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupNameChild)
        * @throws Throws a security exception.
        */
       void removeGroup(String groupFullPathName) throws SecurityException;
   
       /**
        * <p>Whether or not a group exists.</p>
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node. (e.g. /theGroupName/theGroupNameChild)
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupNameChild)
        * @return Whether or not a group exists.
        */
       boolean groupExists(String groupFullPathName);
   
       /**
        * <p>Get a group {@link Group} for a given group full path name.
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node (e.g. /theGroupName/theGroupChildName).
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupChildName).
        * @return The {@link Preferences} node.
        * @throws Throws security exception if the group does not exist.
        */
  @@ -79,8 +83,8 @@
   
       /**
        * <p>A collection of {@link User} for a specific group.</p>
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node (e.g. /theGroupName/theGroupChildName).
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupChildName).
        * @return A collection of {@link User}.
        * @throws Throws security exception if the group does not exist.
        */
  @@ -89,8 +93,8 @@
       /**
        * <p>Add a user to a group.</p>
        * @param username The user name.
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node (e.g. /theGroupName/theGroupChildName).
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupChildName).
        * @throws Throws a security exception.
        */
       void addUserToGroup(String username, String groupFullPathName) throws SecurityException;
  @@ -98,8 +102,8 @@
       /**
        * <p>Remove a user from a group.</p>
        * @param username The user name.
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node (e.g. /theGroupName/theGroupChildName).
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupChildName).
        * @throws Throws a security exception.
        */
       void removeUserFromGroup(String username, String groupFullPathName) throws SecurityException;
  @@ -107,8 +111,8 @@
       /**
        * <p>Whether or not a user is in a group.</p>
        * @param username The user name.
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node (e.g. /theGroupName/theGroupChildName).
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupChildName).
        * @return Whether or not a user is in a group.
        * @throws Throws security exception if the user or group does not exist.
        */
  
  
  
  1.3       +41 -36    jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/RoleManager.java
  
  Index: RoleManager.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/RoleManager.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- RoleManager.java	25 Mar 2004 21:39:55 -0000	1.2
  +++ RoleManager.java	8 May 2004 16:17:23 -0000	1.3
  @@ -21,6 +21,9 @@
    * <p>Role hierarchy elements are being returned as a {@link Role}
    * collection.  The backing implementation must appropriately map 
    * the role hierarchy to a preferences sub-tree.</p> 
  + * <p>The convention {principal}.{subprincipal} has been chosen to name
  + * roles hierachies in order to support declarative security.  Implementation
  + * follow the conventions enforced by the preferences API.</p>
    * @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
    */
   public interface RoleManager
  @@ -28,40 +31,42 @@
   
       /**
        * <p>Add a new role.</p>
  -     * <p>Role principal names are relative to the /role node.</p>
  +     * <p>Role principal names are expressed as {principal}.{subprincipal} where
  +     * "." is the separator expressing the hierarchical nature of a role.</p>
        * <p>Role principal path names are stored leveraging the {@link Preferences}
        * api.  Roles will be stored under /role/theGroupName/theGroupNameChild
  -     * when given the full path name /theRoleName/theRoleNameChild.
  -     * @param roleFullPathName The role name full path relative to the
  -     *                         /role node (e.g. /theRoleName/theRoleNameChild).
  +     * when given the full path name theRoleName.theRoleNameChild.
  +     * @param roleFullPathName The role name full path
  +     *                         (e.g. theRoleName.theRoleNameChild).
        * @throws Throws a security exception if the role already exists.
        */
       void addRole(String roleFullPathName) throws SecurityException;
   
       /**
        * <p>Remove a given role and all the children of that role.</p>
  -     * <p>Role principal names are relative to the /role node.</p>
  +     * <p>Role principal names are expressed as {principal}.{subprincipal} where
  +     * "." is the separator expressing the hierarchical nature of a role.</p>
        * <p>Role principal path names are stored leveraging the {@link Preferences}
        * api.  Roles will be stored under /role/theGroupName/theGroupNameChild
  -     * when given the full path name /theRoleName/theRoleNameChild.
  -     * @param roleFullPathName The role name full path relative to the
  -     *                         /role node (e.g. /theRoleName/theRoleNameChild).
  +     * when given the full path name theRoleName.theRoleNameChild.
  +     * @param roleFullPathName The role name full path
  +     *                         (e.g. theRoleName.theRoleNameChild).
        * @throws Throws a security exception.
        */
       void removeRole(String roleFullPathName) throws SecurityException;
   
       /**
        * <p>Whether or not a role exists.</p>
  -     * @param roleFullPathName The role name full path relative to the
  -     *                         /role node. (e.g. /theRoleName/theRoleNameChild)
  +     * @param roleFullPathName The role name full path
  +     *                         (e.g. theRoleName.theRoleNameChild).
        * @return Whether or not a role exists.
        */
       boolean roleExists(String roleFullPathName);
   
       /**
        * <p>Get a role {@link Role} for a given role full path name.
  -     * @param roleFullPathName The role name full path relative to the
  -     *                         /role node (e.g. /theRoleName/theRoleChildName).
  +     * @param roleFullPathName The role name full path
  +     *                         (e.g. theRoleName.theRoleNameChild).
        * @return The {@link Preferences} node.
        * @throws Throws a security exception if the role does not exist.
        */
  @@ -79,8 +84,8 @@
       /**
        * <p>A collection of {@link User} for all the users
        * in a specific role.</p>
  -     * @param roleFullPathName The role full path relative to
  -     *                         the /role node (e.g. /theRoleName/theRoleChildName)..
  +     * @param roleFullPathName The role name full path
  +     *                         (e.g. theRoleName.theRoleNameChild).
        * @return A Collection of {@link User}.
        * @throws Throws a security exception if the role does not exist.
        */
  @@ -88,9 +93,9 @@
   
       /**
        * <p>A collection of {@link Role} for all the roles
  -     * associated to a specific group.
  -     * @param groupFullPathName The group full path relative to the 
  -     *                         /group node (e.g. /theGroupName/theGroupChildName).
  +     * associated to a specific group.</p>
  +     * @param groupFullPathName The group full path
  +     *                          (e.g. theGroupName.theGroupChildName).
        * @return A Collection of {@link Role}.
        * @throws Throws a security exception if the group does not exist.
        */
  @@ -98,9 +103,9 @@
   
       /**
        * <p>A collection of {@link Group} for all the groups
  -     * in a specific role.
  -     * @param roleFullPathName The role full path relative to
  -     *                         the /role node (e.g. /theRoleName/theRoleChildName)..
  +     * in a specific role.</p>
  +     * @param roleFullPathName The role full path
  +     *                         (e.g. theRoleName.theRoleChildName)..
        * @return A Collection of {@link Group}.
        * @throws Throws a security exception if the role does not exist.
        */
  @@ -109,8 +114,8 @@
       /**
        * <p>Add a role to a user.</p>
        * @param username The user name.
  -     * @param roleFullPathName The role name full path relative to the
  -     *                         /role node (e.g. /theRoleName/theRoleChildName).
  +     * @param roleFullPathName The role name full path
  +     *                         (e.g. theRoleName.theRoleChildName).
        * @throws Throws a security exception if the role or the user do not exist.
        */
       void addRoleToUser(String username, String roleFullPathName) throws SecurityException;
  @@ -127,8 +132,8 @@
       /**
        * <p>Whether or not a user is in a role.</p>
        * @param username The user name.
  -     * @param roleFullPathName The role name full path relative to the
  -     *                         /role node (e.g. /theRoleName/theRoleChildName).
  +     * @param roleFullPathName The role name full path
  +     *                         (e.g. theRoleName.theRoleChildName).
        * @return Whether or not a user is in a role.
        * @throws Throws a security exception if the role or the user does not exist.
        */
  @@ -136,30 +141,30 @@
   
       /**
        * <p>Add a role to a group.</p>
  -     * @param roleFullPathName The role full path relative to the 
  -     *                         /role node (e.g. /theRoleName/theRoleChildName).
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node (e.g. /theGroupName/theGroupChildName).
  +     * @param roleFullPathName The role name full path
  +     *                         (e.g. theRoleName.theRoleChildName).
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupChildName).
        * @throws Throws a security exception.
        */
       void addRoleToGroup(String roleFullPathName, String groupFullPathName) throws SecurityException;
   
       /**
        * <p>Remove a role from a group.</p>
  -     * @param roleFullPathName The role full path relative to the 
  -     *                         /role node (e.g. /theRoleName/theRoleChildName).
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node (e.g. /theGroupName/theGroupChildName).
  +     * @param roleFullPathName The role name full path 
  +     *                         (e.g. theRoleName.theRoleChildName).
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupChildName).
        * @throws Throws a security exception.
        */
       void removeRoleFromGroup(String roleFullPathName, String groupFullPathName) throws
SecurityException;
   
       /**
        * <p>Whether or not a role is in a group.</p>
  -     * @param groupFullPathName The group name full path relative to the
  -     *                          /group node (e.g. /theGroupName/theGroupChildName).
  -     * @param roleFullPathName The role full path relative to the 
  -     *                         /role node (e.g. /theRoleName/theRoleChildName).
  +     * @param groupFullPathName The group name full path
  +     *                          (e.g. theGroupName.theGroupChildName).
  +     * @param roleFullPathName The role name full path
  +     *                         (e.g. theRoleName.theRoleChildName).
        * @return Whether or not a role is in a group.
        * @throws Throws a security exception if the role or the group does not exist.
        */
  
  
  
  1.2       +8 -2      jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/SecurityHelper.java
  
  Index: SecurityHelper.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/SecurityHelper.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- SecurityHelper.java	10 Mar 2004 06:08:50 -0000	1.1
  +++ SecurityHelper.java	8 May 2004 16:17:23 -0000	1.2
  @@ -85,7 +85,13 @@
           return principal;
       }
   
  -    public static String getPrincipalFullPath(Principal principal)
  +    /**
  +     * <p>Utility method used to retrieve the Preferences API absolute/full
  +     * path from a given principal.</p>
  +     * @param principal The principal.
  +     * @return The Preferences absolute/full path.
  +     */
  +    public static String getPreferencesFullPath(Principal principal)
       {
           
           if ((UserPrincipal.class).isInstance(principal))
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message