Author: sohil.shah(a)jboss.com
Date: 2010-01-19 19:47:19 -0500 (Tue, 19 Jan 2010)
New Revision: 1106
Modified:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
authz/trunk/portal-profile/src/test/resources/portal-policy.xml
Log:
portal-profile
* both content security and window security implemented
Modified:
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java
===================================================================
---
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-19
22:52:20 UTC (rev 1105)
+++
authz/trunk/portal-profile/src/main/java/org/jboss/security/authz/portal/configuration/PortalObjectPolicyConfig.java 2010-01-20
00:47:19 UTC (rev 1106)
@@ -29,6 +29,9 @@
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Collection;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -93,6 +96,7 @@
NodeList securityConstraints = document
.getElementsByTagName("security-constraint");
+ Map<String, CompositionContext> windowPolicyContexts = new HashMap<String,
CompositionContext>();
for (int i = 0, length = securityConstraints.getLength(); i < length; i++)
{
Element securityConstraint = (Element) securityConstraints.item(i);
@@ -148,7 +152,8 @@
Element portletName = (Element) portletResource.getElementsByTagName(
"portlet-name").item(0);
- policyResource.setUri(new URI(portletName.getTextContent().trim()));
+ policyResource.setUri(new URI(portletName.getTextContent().trim()));
+
this.parseParameters(policyResource, portletResource);
// Setup the Action Targets to be secured on this resource
@@ -158,8 +163,14 @@
if (secureModes != null && !secureModes.isEmpty())
{
// SetUp Policy Composition Context
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(policyResource);
+ CompositionContext context =
windowPolicyContexts.get(policyResource.getUri().toString());
+
+ if(context == null)
+ {
+ context = new CompositionContext();
+ context.setPolicyTarget(policyResource);
+ }
+
for (Operation secureMode : secureModes)
{
if (!allowRoles.isEmpty())
@@ -175,15 +186,33 @@
}
}
- // Generate the Policy
- PolicyMetaData policyMetaData = this.policyComposer
+ if(!policyResource.getUri().toString().startsWith("/window"))
+ {
+ // Generate the Policy
+ PolicyMetaData policyMetaData = this.policyComposer
.compose(context);
- policies.add(policyMetaData);
+ policies.add(policyMetaData);
+ }
+ else
+ {
+ windowPolicyContexts.put(policyResource.getUri().toString(), context);
+ }
}
}
}
}
+ if(!windowPolicyContexts.isEmpty())
+ {
+ Collection<CompositionContext> contexts = windowPolicyContexts.values();
+ for(CompositionContext context: contexts)
+ {
+ PolicyMetaData policyMetaData = this.policyComposer
+ .compose(context);
+ policies.add(policyMetaData);
+ }
+ }
+
return policies;
}
catch (Exception e)
Modified:
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java
===================================================================
---
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-19
22:52:20 UTC (rev 1105)
+++
authz/trunk/portal-profile/src/test/java/org/jboss/security/authz/portal/provisioning/TestPortalObjectPolicyConfig.java 2010-01-20
00:47:19 UTC (rev 1106)
@@ -46,6 +46,9 @@
import org.jboss.security.authz.portal.component.resource.PortletResource;
import org.jboss.security.authz.portal.component.action.ViewMode;
+import org.jboss.security.authz.portal.component.action.EditMode;
+import org.jboss.security.authz.portal.component.action.HelpMode;
+import org.jboss.security.authz.portal.component.action.AdminMode;
import org.jboss.security.authz.portal.configuration.PortalObjectPolicyConfig;
/**
@@ -97,26 +100,26 @@
for (Policy policy : policies)
{
log
- .debug("------------------------------------------------------------------------------");
- log.debug(policy.generateSystemPolicy());
+ .info("------------------------------------------------------------------------------");
+ log.info(policy.generateSystemPolicy());
}
}
//
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- public void testAppLevelSecurity() throws Exception
+ public void testContentSecurity() throws Exception
{
PortletResource r1 = new PortletResource();
- r1.setUri(new URI("forums"));
+ r1.setUri(new URI("/content/forums"));
r1.addParameter("topicId", "1234");
r1.addParameter("blah", "blahblah");
PortletResource r2 = new PortletResource();
- r2.setUri(new URI("forums"));
+ r2.setUri(new URI("/content/forums"));
r2.addParameter("topicId", "5678");
r2.addParameter("blah", "blahblah");
PortletResource r3 = new PortletResource();
- r3.setUri(new URI("forums"));
+ r3.setUri(new URI("/content/forums"));
r3.addParameter("topicId", "9999");
r3.addParameter("blah", "blahblah");
@@ -140,6 +143,30 @@
this.enforce(this.createEnforcementContext(r2, new String[]{"authenticated",
"community"}, null), false);
this.enforce(this.createEnforcementContext(r3, new String[]{"authenticated",
"community"}, null), false);
}
+
+ public void testWindowSecurity() throws Exception
+ {
+ PortletResource window = new PortletResource();
+ window.setUri(new URI("/window/forums"));
+
+ //Testing Anonymous user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new EditMode()), false);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"anonymous"},
new AdminMode()), false);
+
+ //Testing Authenticated user's access to the window
+ this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new EditMode()), true);
+ this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new
String[]{"authenticated"}, new AdminMode()), false);
+
+ //Testing Admin user's access to the window
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
ViewMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
EditMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
HelpMode()), true);
+ this.enforce(this.createEnforcementContext(window, new String[]{"admin"}, new
AdminMode()), true);
+ }
//
-------------------------------------------------------------------------------------------------------------------------------------------------
private void enforce(EnforcementContext enforcementContext,
boolean mustBePermitted) throws Exception
Modified: authz/trunk/portal-profile/src/test/resources/portal-policy.xml
===================================================================
--- authz/trunk/portal-profile/src/test/resources/portal-policy.xml 2010-01-19 22:52:20
UTC (rev 1105)
+++ authz/trunk/portal-profile/src/test/resources/portal-policy.xml 2010-01-20 00:47:19
UTC (rev 1106)
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<portal-security>
<!--
- Demonstrates Application Level Authorization
+ Demonstrates Application Level Authorization by protecting "Content"
(Topics) of a Forums Portlet
Security Rule:
The specified topics "1234 and 5678" are available only when:
@@ -11,13 +11,13 @@
<security-constraint>
<portlet-resource-collection>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/content/forums</portlet-name>
<request-parameters>
<parameter name="topicId">1234</parameter>
</request-parameters>
</portlet-resource>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/content/forums</portlet-name>
<request-parameters>
<parameter name="topicId">5678</parameter>
</request-parameters>
@@ -37,16 +37,15 @@
</security-constraint>
<!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
+ Demonstrates Portlet Level Authorization by protecting "Window" Modes of the
Forum Portlet
Security Rule: The Forums Portlet is available in VIEW, HELP mode:
* To all users
-->
- <!--
<security-constraint>
<portlet-resource-collection>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/window/forums</portlet-name>
<modes>
<mode>VIEW</mode>
<mode>HELP</mode>
@@ -57,22 +56,21 @@
<roles allow="true">
<role-name>anonymous</role-name>
<role-name>authenticated</role-name>
+ <role-name>admin</role-name>
</roles>
</auth-constraint>
</security-constraint>
- -->
<!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
+ Demonstrates Portlet Level Authorization by protecting "Window" Modes of the
Forums Portlet
Security Rule: The Forums Portlet is available in EDIT mode:
* To only users in "Authenticated/Non-Anonymous" state
- -->
- <!--
+ -->
<security-constraint>
<portlet-resource-collection>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/window/forums</portlet-name>
<modes>
<mode>EDIT</mode>
</modes>
@@ -81,22 +79,21 @@
<auth-constraint>
<roles allow="true">
<role-name>authenticated</role-name>
+ <role-name>admin</role-name>
</roles>
</auth-constraint>
</security-constraint>
- -->
<!--
- Demonstrates Portlet Level Authorization by protecting Portlet Modes
+ Demonstrates Portlet Level Authorization by protecting "Window" Modes of the
Forums Portlet
Security Rule: The Forums Portlet is available in ADMIN mode when:
* User is an Admin
- -->
- <!--
+ -->
<security-constraint>
<portlet-resource-collection>
<portlet-resource>
- <portlet-name>forums</portlet-name>
+ <portlet-name>/window/forums</portlet-name>
<modes>
<mode>ADMIN</mode>
</modes>
@@ -108,7 +105,6 @@
</roles>
</auth-constraint>
</security-constraint>
- -->
<!--
Configuration for the Portal Enforcement Engine