portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From woon...@apache.org
Subject svn commit: r887303 - in /portals/jetspeed-2/portal/trunk: components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/ components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/ jetspeed-portal-resources/src/main/r...
Date Fri, 04 Dec 2009 18:07:48 GMT
Author: woonsan
Date: Fri Dec  4 18:07:47 2009
New Revision: 887303

URL: http://svn.apache.org/viewvc?rev=887303&view=rev
Log:
JS2-1087: Adding access control for portlet definition query

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java?rev=887303&r1=887302&r2=887303&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java
Fri Dec  4 18:07:47 2009
@@ -18,6 +18,7 @@
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 
 import javax.servlet.ServletConfig;
@@ -33,12 +34,14 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.math.NumberUtils;
+import org.apache.jetspeed.JetspeedActions;
 import org.apache.jetspeed.components.portletregistry.PortletRegistry;
 import org.apache.jetspeed.om.portlet.PortletApplication;
 import org.apache.jetspeed.om.portlet.PortletDefinition;
 import org.apache.jetspeed.search.ParsedObject;
 import org.apache.jetspeed.search.SearchEngine;
 import org.apache.jetspeed.search.SearchResults;
+import org.apache.jetspeed.security.SecurityAccessController;
 import org.apache.jetspeed.services.beans.PortletApplicationBean;
 import org.apache.jetspeed.services.beans.PortletApplicationBeanCollection;
 import org.apache.jetspeed.services.beans.PortletDefinitionBean;
@@ -66,12 +69,15 @@
     @Context
     private ServletContext servletContext;
     
+    private SecurityAccessController securityAccessController;
+    
     private PortletRegistry portletRegistry;
     
     private SearchEngine searchEngine;
     
-    public PortletRegistryService(PortletRegistry portletRegistry, SearchEngine searchEngine)
+    public PortletRegistryService(SecurityAccessController securityAccessController, PortletRegistry
portletRegistry, SearchEngine searchEngine)
     {
+        this.securityAccessController = securityAccessController;
         this.portletRegistry = portletRegistry;
         this.searchEngine = searchEngine;
     }
@@ -194,9 +200,9 @@
                 "AND " + queryParam;
             SearchResults searchResults = searchEngine.search(queryText);
             List<ParsedObject> searchResultList = searchResults.getResults();
-            pdBeans.setTotalSize(searchResultList.size());
+            ArrayList<PortletDefinition> searchedPortletDefinitions = new ArrayList<PortletDefinition>();
             
-            for (ParsedObject parsedObject : (List<ParsedObject>) PaginationUtils.subList(searchResultList,
beginIndex, maxResults))
+            for (ParsedObject parsedObject : searchResultList)
             {
                 String uniqueName = SearchEngineUtils.getPortletUniqueName(parsedObject);
                 
@@ -207,17 +213,25 @@
                 
                 PortletDefinition pd = portletRegistry.getPortletDefinitionByUniqueName(uniqueName);
                 
-                if (pd != null)
+                if (pd != null && securityAccessController.checkPortletAccess(pd,
JetspeedActions.MASK_VIEW))
                 {
-                    pdBeanList.add(new PortletDefinitionBean(pd));
+                    searchedPortletDefinitions.add(pd);
                 }
             }
+            
+            Collection<PortletDefinition> filteredPortletDefinitions = filterPortletDefinitionsBySecurityAccess(searchedPortletDefinitions,
JetspeedActions.MASK_VIEW);
+            pdBeans.setTotalSize(filteredPortletDefinitions.size());
+            
+            for (PortletDefinition pd : (Collection<PortletDefinition>) PaginationUtils.subCollection(filteredPortletDefinitions,
beginIndex, maxResults))
+            {
+                pdBeanList.add(new PortletDefinitionBean(pd));
+            }
         }
         else
         {
             if (StringUtils.isBlank(applicationName) && StringUtils.isBlank(definitionName))
             {
-                Collection<PortletDefinition> pds = portletRegistry.getAllPortletDefinitions();
+                Collection<PortletDefinition> pds = filterPortletDefinitionsBySecurityAccess(portletRegistry.getAllPortletDefinitions(),
JetspeedActions.MASK_VIEW);
                 pdBeans.setTotalSize(pds.size());
                 
                 for (PortletDefinition pd : (Collection<PortletDefinition>) PaginationUtils.subCollection(pds,
beginIndex, maxResults))
@@ -233,22 +247,19 @@
                 {
                     if (StringUtils.isBlank(definitionName))
                     {
-                        if (pa != null)
+                        Collection<PortletDefinition> pds = filterPortletDefinitionsBySecurityAccess(pa.getPortlets(),
JetspeedActions.MASK_VIEW);
+                        pdBeans.setTotalSize(pds.size());
+                        
+                        for (PortletDefinition pd : (List<PortletDefinition>) PaginationUtils.subCollection(pds,
beginIndex, maxResults))
                         {
-                            Collection<PortletDefinition> pds = pa.getPortlets();
-                            pdBeans.setTotalSize(pds.size());
-                            
-                            for (PortletDefinition pd : (List<PortletDefinition>) PaginationUtils.subList(pa.getPortlets(),
beginIndex, maxResults))
-                            {
-                                pdBeanList.add(new PortletDefinitionBean(pd));
-                            }
+                            pdBeanList.add(new PortletDefinitionBean(pd));
                         }
                     }
                     else
                     {
                         PortletDefinition pd = pa.getPortlet(definitionName);
                         
-                        if (pd != null)
+                        if (pd != null && securityAccessController.checkPortletAccess(pd,
JetspeedActions.MASK_VIEW))
                         {
                             pdBeanList.add(new PortletDefinitionBean(pd));
                             pdBeans.setTotalSize(1);
@@ -263,4 +274,29 @@
         return pdBeans;
     }
     
+    private Collection<PortletDefinition> filterPortletDefinitionsBySecurityAccess(Collection<PortletDefinition>
collection, int mask)
+    {
+        if (securityAccessController == null)
+        {
+            return collection;
+        }
+        
+        if (collection == null || collection.isEmpty())
+        {
+            return Collections.emptyList();
+        }
+        
+        ArrayList<PortletDefinition> filteredCollection = new ArrayList<PortletDefinition>();
+        
+        for (PortletDefinition pd : collection)
+        {
+            if (securityAccessController.checkPortletAccess(pd, mask))
+            {
+                filteredCollection.add(pd);
+            }
+        }
+        
+        return filteredCollection;
+    }
+    
 }

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java?rev=887303&r1=887302&r2=887303&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java
Fri Dec  4 18:07:47 2009
@@ -59,35 +59,13 @@
     
     public static Collection<? extends Object> subCollection(final Collection<?
extends Object> collection, int beginIndex, int maxResults)
     {
-        if (beginIndex < 0 || (beginIndex == 0 && maxResults < 0))
+        if (collection instanceof List)
         {
-            return collection;
-        }
-        else if (beginIndex >= collection.size())
-        {
-            return Collections.emptyList();
+            return subList((List<? extends Object>) collection, beginIndex, maxResults);
         }
         else
         {
-            List<Object> list = null;
-            
-            if (collection instanceof List)
-            {
-                list = (List<Object>) collection;
-            }
-            else
-            {
-                list = new ArrayList<Object>(collection);
-            }
-            
-            if (maxResults < 0)
-            {
-                return list.subList(beginIndex, list.size());
-            }
-            else
-            {
-                return list.subList(beginIndex, Math.min(list.size(), beginIndex + maxResults));
-            }
+            return subList(new ArrayList<Object>(collection), beginIndex, maxResults);
         }
     }
     

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml?rev=887303&r1=887302&r2=887303&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml
Fri Dec  4 18:07:47 2009
@@ -108,6 +108,7 @@
   <!-- Portlet Registry JAX-RS Service -->
   <bean id="jaxrsPortletRegistryService" class="org.apache.jetspeed.services.rest.PortletRegistryService">
     <meta key="j2:cat" value="default" />
+    <constructor-arg ref="org.apache.jetspeed.security.SecurityAccessController" />
     <constructor-arg ref="org.apache.jetspeed.components.portletregistry.PortletRegistry"
/>
     <constructor-arg ref="org.apache.jetspeed.search.SearchEngine" />
   </bean>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message