gatein SVN: r1662 - in portal/trunk: component/common/src/main/java/org/exoplatform/commons/management and 6 other directories.
8:47 a.m.
Author: julien_viet
Date: 2010-02-12 09:47:27 -0500 (Fri, 12 Feb 2010)
New Revision: 1662
Added:
portal/trunk/component/common/src/main/java/org/exoplatform/commons/management/
portal/trunk/component/common/src/main/java/org/exoplatform/commons/management/Rest.java
Removed:
portal/trunk/component/management/src/main/java/org/exoplatform/management/Rest.java
Modified:
portal/trunk/component/management/pom.xml
portal/trunk/component/management/src/main/java/org/exoplatform/management/RestManagementProvider.java
portal/trunk/component/management/src/main/java/org/exoplatform/management/data/RestResource.java
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/resource/SkinService.java
portal/trunk/component/scripting/src/main/java/org/exoplatform/groovyscript/text/TemplateService.java
portal/trunk/component/scripting/src/main/java/org/exoplatform/groovyscript/text/TemplateStatisticService.java
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/application/ApplicationStatisticService.java
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/application/PortalStatisticService.java
Log:
secure the rest management to people in the /platform/administrators group
Copied:
portal/trunk/component/common/src/main/java/org/exoplatform/commons/management/Rest.java
(from rev 1660,
portal/trunk/component/management/src/main/java/org/exoplatform/management/Rest.java)
===================================================================
---
portal/trunk/component/common/src/main/java/org/exoplatform/commons/management/Rest.java
(rev 0)
+++
portal/trunk/component/common/src/main/java/org/exoplatform/commons/management/Rest.java 2010-02-12
14:47:27 UTC (rev 1662)
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.exoplatform.commons.management;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * @author <a href="mailto:julien.viet@exoplatform.com">Julien
Viet</a>
+ * @version $Revision$
+ */
+(a)Retention(RetentionPolicy.RUNTIME)
+(a)Target(ElementType.TYPE)
+public @interface Rest
+{
+
+ String value();
+
+}
Modified: portal/trunk/component/management/pom.xml
===================================================================
--- portal/trunk/component/management/pom.xml 2010-02-12 11:58:08 UTC (rev 1661)
+++ portal/trunk/component/management/pom.xml 2010-02-12 14:47:27 UTC (rev 1662)
@@ -33,7 +33,7 @@
<dependency>
<groupId>org.exoplatform.portal</groupId>
- <artifactId>exo.portal.component.common</artifactId>
+ <artifactId>exo.portal.component.portal</artifactId>
<version>3.0.0-CR01-SNAPSHOT</version>
</dependency>
Deleted:
portal/trunk/component/management/src/main/java/org/exoplatform/management/Rest.java
===================================================================
---
portal/trunk/component/management/src/main/java/org/exoplatform/management/Rest.java 2010-02-12
11:58:08 UTC (rev 1661)
+++
portal/trunk/component/management/src/main/java/org/exoplatform/management/Rest.java 2010-02-12
14:47:27 UTC (rev 1662)
@@ -1,38 +0,0 @@
-/*
- * Copyright (C) 2009 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-
-package org.exoplatform.management;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * @author <a href="mailto:julien.viet@exoplatform.com">Julien
Viet</a>
- * @version $Revision$
- */
-(a)Retention(RetentionPolicy.RUNTIME)
-(a)Target(ElementType.TYPE)
-public @interface Rest
-{
-
- String value();
-
-}
Modified:
portal/trunk/component/management/src/main/java/org/exoplatform/management/RestManagementProvider.java
===================================================================
---
portal/trunk/component/management/src/main/java/org/exoplatform/management/RestManagementProvider.java 2010-02-12
11:58:08 UTC (rev 1661)
+++
portal/trunk/component/management/src/main/java/org/exoplatform/management/RestManagementProvider.java 2010-02-12
14:47:27 UTC (rev 1662)
@@ -19,10 +19,12 @@
package org.exoplatform.management;
+import org.exoplatform.commons.management.Rest;
import org.exoplatform.management.data.RestResource;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.management.spi.ManagedResource;
import org.exoplatform.management.spi.ManagementProvider;
+import org.exoplatform.portal.config.UserACL;
import org.exoplatform.services.rest.resource.ResourceContainer;
import javax.ws.rs.GET;
@@ -30,6 +32,7 @@
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -49,15 +52,26 @@
/** . */
private final Map<ResourceKey, RestResource> resourceMap = new
HashMap<ResourceKey, RestResource>();
- public RestManagementProvider(ExoContainerContext context)
+ /** . */
+ private final UserACL acl;
+
+ public RestManagementProvider(ExoContainerContext context, UserACL acl)
{
this.context = context;
+ this.acl = acl;
}
@GET
@Produces(MediaType.APPLICATION_JSON)
- public ValueWrapper list()
+ public Object list()
{
+ // Apply security here
+ if (!acl.hasPermission("*:/platform/administrators"))
+ {
+ return Response.status(Response.Status.FORBIDDEN);
+ }
+
+ //
List<String> list = new ArrayList<String>();
for (RestResource mr : resourceMap.values())
{
@@ -67,8 +81,15 @@
}
@Path("{resource}")
- public RestResource dispatch(@PathParam("resource") String resourceName)
+ public Object dispatch(@PathParam("resource") String resourceName)
{
+ // Apply security here
+ if (!acl.hasPermission("*:/platform/administrators"))
+ {
+ return Response.status(Response.Status.FORBIDDEN);
+ }
+
+ //
return resourceMap.get(new ResourceKey(resourceName));
}
Modified:
portal/trunk/component/management/src/main/java/org/exoplatform/management/data/RestResource.java
===================================================================
---
portal/trunk/component/management/src/main/java/org/exoplatform/management/data/RestResource.java 2010-02-12
11:58:08 UTC (rev 1661)
+++
portal/trunk/component/management/src/main/java/org/exoplatform/management/data/RestResource.java 2010-02-12
14:47:27 UTC (rev 1662)
@@ -172,6 +172,7 @@
/**
* Try to invoke a method with matching parameters from the query string
*
+ * @param methodName the method name to invoke
* @param info the uri info
* @param impact the expected impact
* @return a suitable response
Modified:
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/resource/SkinService.java
===================================================================
---
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/resource/SkinService.java 2010-02-12
11:58:08 UTC (rev 1661)
+++
portal/trunk/component/portal/src/main/java/org/exoplatform/portal/resource/SkinService.java 2010-02-12
14:47:27 UTC (rev 1662)
@@ -19,6 +19,7 @@
package org.exoplatform.portal.resource;
+import org.exoplatform.commons.management.Rest;
import org.exoplatform.commons.utils.PropertyManager;
import org.exoplatform.commons.utils.Safe;
import org.exoplatform.container.ExoContainerContext;
@@ -58,7 +59,7 @@
@NameTemplate({@Property(key = "view", value = "portal"),
@Property(key = "service", value = "management"),
@Property(key = "type", value = "skin")})
@ManagedDescription("Skin service")
-// @Rest("skinservice")
+@Rest("skinservice")
public class SkinService implements Startable
{
Modified:
portal/trunk/component/scripting/src/main/java/org/exoplatform/groovyscript/text/TemplateService.java
===================================================================
---
portal/trunk/component/scripting/src/main/java/org/exoplatform/groovyscript/text/TemplateService.java 2010-02-12
11:58:08 UTC (rev 1661)
+++
portal/trunk/component/scripting/src/main/java/org/exoplatform/groovyscript/text/TemplateService.java 2010-02-12
14:47:27 UTC (rev 1662)
@@ -22,6 +22,7 @@
import groovy.lang.Writable;
import groovy.text.Template;
+import org.exoplatform.commons.management.Rest;
import org.exoplatform.commons.utils.IOUtil;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.groovyscript.GroovyTemplate;
@@ -47,7 +48,7 @@
@NameTemplate({@Property(key = "view", value = "portal"),
@Property(key = "service", value = "management"),
@Property(key = "type", value = "template")})
@ManagedDescription("Template management service")
-// @Rest("templateservice")
+@Rest("templateservice")
public class TemplateService
{
Modified:
portal/trunk/component/scripting/src/main/java/org/exoplatform/groovyscript/text/TemplateStatisticService.java
===================================================================
---
portal/trunk/component/scripting/src/main/java/org/exoplatform/groovyscript/text/TemplateStatisticService.java 2010-02-12
11:58:08 UTC (rev 1661)
+++
portal/trunk/component/scripting/src/main/java/org/exoplatform/groovyscript/text/TemplateStatisticService.java 2010-02-12
14:47:27 UTC (rev 1662)
@@ -19,6 +19,7 @@
package org.exoplatform.groovyscript.text;
+import org.exoplatform.commons.management.Rest;
import org.exoplatform.management.annotations.Impact;
import org.exoplatform.management.annotations.ImpactType;
import org.exoplatform.management.annotations.Managed;
@@ -48,7 +49,7 @@
@Property(key = "view", value = "portal"),
@Property(key = "service", value = "statistic"),
@Property(key = "type", value = "template")})
-// @Rest("templatestatistics")
+@Rest("templatestatistics")
public class TemplateStatisticService
{
Modified:
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/application/ApplicationStatisticService.java
===================================================================
---
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/application/ApplicationStatisticService.java 2010-02-12
11:58:08 UTC (rev 1661)
+++
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/application/ApplicationStatisticService.java 2010-02-12
14:47:27 UTC (rev 1662)
@@ -19,6 +19,7 @@
package org.exoplatform.portal.application;
+import org.exoplatform.commons.management.Rest;
import org.exoplatform.management.annotations.Impact;
import org.exoplatform.management.annotations.ImpactType;
import org.exoplatform.management.annotations.Managed;
@@ -45,7 +46,7 @@
@Property(key = "view", value = "portal"),
@Property(key = "service", value = "statistic"),
@Property(key = "type", value = "application")})
-// @Rest("applicationstatistic")
+@Rest("applicationstatistic")
public class ApplicationStatisticService implements Startable
{
Modified:
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/application/PortalStatisticService.java
===================================================================
---
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/application/PortalStatisticService.java 2010-02-12
11:58:08 UTC (rev 1661)
+++
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/application/PortalStatisticService.java 2010-02-12
14:47:27 UTC (rev 1662)
@@ -19,6 +19,7 @@
package org.exoplatform.portal.application;
+import org.exoplatform.commons.management.Rest;
import org.exoplatform.management.annotations.Impact;
import org.exoplatform.management.annotations.ImpactType;
import org.exoplatform.management.annotations.Managed;
@@ -43,7 +44,7 @@
@Property(key = "view", value = "portal"),
@Property(key = "service", value = "statistic"),
@Property(key = "type", value = "portal")})
-// @Rest("portalstatistic")
+@Rest("portalstatistic")
public class PortalStatisticService implements Startable
{
5920
days inactive
5920
days old
gatein-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
do-not-reply@jboss.org