JBoss Portal SVN: r13639 - docs/enterprise/trunk.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-07-30 10:14:49 -0400 (Thu, 30 Jul 2009)
New Revision: 13639
Removed:
docs/enterprise/trunk/html/
Log:
deleting html output
14 years, 9 months
JBoss Portal SVN: r13638 - docs/enterprise/tags.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-07-30 10:12:15 -0400 (Thu, 30 Jul 2009)
New Revision: 13638
Removed:
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP02/
Log:
Deleting CP02
14 years, 9 months
JBoss Portal SVN: r13637 - docs/enterprise/trunk/Reference_Guide/en-US.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-07-30 08:25:26 -0400 (Thu, 30 Jul 2009)
New Revision: 13637
Modified:
docs/enterprise/trunk/Reference_Guide/en-US/SSO.xml
Log:
Missing modification for josso
Modified: docs/enterprise/trunk/Reference_Guide/en-US/SSO.xml
===================================================================
--- docs/enterprise/trunk/Reference_Guide/en-US/SSO.xml 2009-07-30 11:53:49 UTC (rev 13636)
+++ docs/enterprise/trunk/Reference_Guide/en-US/SSO.xml 2009-07-30 12:25:26 UTC (rev 13637)
@@ -278,7 +278,7 @@
</section>
<section>
<title><trademark class="trade">Java</trademark> Open Single Sign-On (JOSSO)</title>
- <para>JBoss Portal enables seamless integration with JOSSO server. More details on JOSSO can be found
+ <para>JBoss Portal enables seamless integration with JOSSO server version 1.8. More details on JOSSO can be found
<ulink url="http://www.josso.org/">here</ulink></para>
<note><title>Note</title><para>The steps below assume that JOSS server and JBoss Portal will be deployed on the same JBoss Application Server instance.
JOSSO will be configured to leverage identity services exposed by JBoss Portal to perform authentication. Procedure may be
@@ -308,43 +308,99 @@
</listitem>
<listitem>
<para>Edit <emphasis>$JBOSS_HOME/server/default/config/josso-agent-config.xml</emphasis> and mapping for portal web application:
+ <programlisting>
+ <![CDATA[
+.........
+<configuration>
+ <agent:agent-configuration>
+ <agent:partner-apps>
+ <agent:partner-app id="jboss_portal" context="/portal"/>
+ </agent:partner-apps>
+ </agent:agent-configuration>
+<configuration>
+...........
+ ]]>
+ </programlisting>
+ Complete config file can look as follows:
<programlisting>
<![CDATA[
-<partner-apps>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ ~ JOSSO: Java Open Single Sign-On
+ ~
+ ~ Copyright 2004-2009, Atricore, Inc.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ ~
+ -->
- ...
+<s:beans xmlns:s="http://www.springframework.org/schema/beans"
+ xmlns:jb42="urn:org:josso:agent:jboss42"
+ xmlns:agent="urn:org:josso:agent:core"
+ xmlns:protocol="urn:org:josso:protocol:client"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+ urn:org:josso:agent:jboss42 http://www.josso.org/schema/josso-jboss42-agent.xsd
+ urn:org:josso:agent:core http://www.josso.org/schema/josso-agent.xsd
+ urn:org:josso:protocol:client http://www.josso.org/schema/josso-protocol-client.xsd">
- <partner-app>
- <context>/portal</context>
- </partner-app>
+ <jb42:agent name="josso-jboss42-agent" sessionAccessMinInterval="1000" >
- ...
+ <!-- Gateway LOGIN and LOGOUT URLs -->
+ <gatewayLoginUrl>http://josso-01:8080/josso/signon/login.do</gatewayLoginUrl>
+ <gatewayLogoutUrl>http://josso-01:8080/josso/signon/logout.do</gatewayLogoutUrl>
- </partner-apps>
+ <!-- Gateway service locator -->
+ <gatewayServiceLocator>
+ <!-- Other properties for ws-service-locator :
+ username, password, servicesWebContext, transportSecurity
+ -->
+ <protocol:ws-service-locator endpoint="josso-01:8080" />
+ </gatewayServiceLocator>
+
+ <configuration>
+ <agent:agent-configuration>
+
+ <!-- ============================================================================= -->
+ <!-- -->
+ <!-- JOSSO Parnter application definicions : -->
+ <!-- -->
+ <!-- Configure all web applications that should be a josso partner application -->
+ <!-- within this server. -->
+ <!-- For each partner application you have to define the proper web-context. -->
+ <!-- ============================================================================= -->
+ <agent:partner-apps>
+ <agent:partner-app id="jboss_portal" context="/portal"/>
+
+ </agent:partner-apps>
+ </agent:agent-configuration>
+ </configuration>
+ <!-- Only useful when configuring multiple security domains -->
+ <!-- You can configure your own parameter builder to send parameters to your SecurityDomainMatcher -->
+ <!--
+ <parametersBuilders>
+ <agent:vhost-parameters-builder/>
+ <agent:appctx-parameters-builder/>
+ </parametersBuilders>
+ -->
+
+ </jb42:agent>
+
+</s:beans>
]]>
- </programlisting>
- Complete config file can look as follows:
- <programlisting>
- <![CDATA[
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-<agent>
- <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>
- <gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
- <gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
- <service-locator>
- <class>org.josso.gateway.WebserviceGatewayServiceLocator</class>
- <endpoint>localhost:8080</endpoint>
- </service-locator>
- <partner-apps>
- <partner-app>
- <context>/partnerapp</context>
- </partner-app>
- <partner-app>
- <context>/portal</context>
- </partner-app>
- </partner-apps>
-</agent>
- ]]>
</programlisting></para>
</listitem>
<listitem>
@@ -376,66 +432,162 @@
This will expose a special service in JBoss Portal that can be leveraged by JOSSO Credential and Identity Stores if the server is deployed on the same
application server instance.</para>
</listitem>
- <listitem>
- <para> Edit <emphasis>$JBOSS_HOME/server/default/deploy/josso.ear/josso.war/WEB-INF/classes/josso-gateway-config.xml</emphasis> and configure following elements:
- <itemizedlist>
- <listitem>
- <para> <emphasis>Credential Store: </emphasis>
+ <listitem>
+ <para>
+ Activate <emphasis>JAAS based Login Module</emphasis> by configuring the following:
+ <itemizedlist>
+ <listitem>
+ <para>
+ <emphasis>$JBOSS_HOME/server/default/deploy/conf/login-config.xml</emphasis>
<programlisting>
<![CDATA[
-<!-- Basic Authentication Scheme -->
-<authentication-scheme>
- <name>basic-authentication</name>
- <class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
+<application-policy name="josso">
+ <authentication>
+ <login-module code="org.jboss.portal.identity.sso.josso.JOSSOLoginModule" flag="required">
+ <module-option name="debug">true</module-option>
+ </login-module>
+ </authentication>
+</application-policy>
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ <listitem>
+ <para><emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/jboss-web.xml</emphasis>
+ <programlisting>
+ <![CDATA[
+<jboss-web>
+<security-domain>java:jaas/josso</security-domain>
+.........
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>Register the JBoss Portal Identity and Credential Store by configuring the following:
+ <itemizedlist>
+ <listitem>
+ <para>Add the file<emphasis>$JBOSS_HOME/server/default/deploy/conf/josso-gateway-portal-stores.xml</emphasis>
+ <programlisting>
+ <![CDATA[
+<s:beans xmlns:s="http://www.springframework.org/schema/beans"
+ xmlns:portal-istore="urn:org:jboss:portal:josso:identitystore"
+ xmlns:memory-sstore="urn:org:josso:memory:sessionstore"
+ xmlns:memory-astore="urn:org:josso:memory:assertionstore"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
+ urn:org:josso:memory:sessionstore http://www.josso.org/schema/josso-memory-sessionstore.xsd
+ urn:org:josso:memory:assertionstore http://www.josso.org/schema/josso-memory-assertionstore.xsd
+ ">
+ <!-- ===================================================================== -->
+ <!-- JOSSO Identity Store, the id is very important because it is -->
+ <!-- referenced by the identity manager, auth schemes and who knows where -->
+ <!-- else. -->
+ <!-- ===================================================================== -->
+ <portal-istore:portal-store id="josso-identity-store" s:scope="singleton"/>
- <!-- ================================================= -->
- <!-- JBoss Portal Credential Store -->
- <!-- ================================================= -->
- <credential-store>
- <class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class>
- </credential-store>
+ <!-- ===================================================================== -->
+ <!-- JOSSO Session Store, the id is very important because it is -->
+ <!-- referenced by the session manager and who knows where else -->
+ <!-- ===================================================================== -->
+ <memory-sstore:memory-store id="josso-session-store"/>
-
- <!-- ================================================= -->
- <!-- Credential Store Key adapter -->
- <!-- ================================================= -->
- <credential-store-key-adapter>
- <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </credential-store-key-adapter>
-
-</authentication-scheme>
+ <!-- ===================================================================== -->
+ <!-- JOSSO Assertion Store, the id is very important because it is -->
+ <!-- referenced by the assertion manager and who knows where elese -->
+ <!-- ===================================================================== -->
+ <memory-astore:memory-store id="josso-assertion-store"/>
+</s:beans>
]]>
</programlisting></para>
- </listitem>
- <listitem>
- <para> <emphasis>SSO Identity Store: </emphasis>
- <programlisting>
+ </listitem>
+ <listitem>
+ <para>Register the Portal Identity Store with the file <emphasis>$JBOSS_HOME/server/default/deploy/conf/josso-gateway-config.xml</emphasis>
+ <programlisting>
<![CDATA[
-<sso-identity-manager>
+............
+<!-- Identity, Session and Assertion Stores configuration -->
+ <s:import resource="josso-gateway-portal-stores.xml" />
+ <!--
+ <s:import resource="josso-gateway-memory-stores.xml" />
+ <s:import resource="josso-gateway-db-stores.xml" />
+ <s:import resource="josso-gateway-ldap-stores.xml" />
+ -->
+............
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>Enable BIND Authentication Scheme by configuring the following:
+ <itemizedlist>
+ <listitem>
+ <para>Uncomment the BIND Authentication Scheme in <emphasis>$JBOSS_HOME/server/default/deploy/conf/josso-gateway-auth.xml</emphasis>
+ <programlisting>
+ <![CDATA[
+............
+<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- BIND Authentication Scheme (normally LDAP) -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- Requires a be a bindalble credential store ! -->
+ <!-- name attribute is important and must not be changed -->
+ <bind-authscheme:bind-auth-scheme
+ id="josso-bind-authentication"
+ name="basic-authentication"
+ hashAlgorithm="MD5"
+ hashEncoding="HEX"
+ ignorePasswordCase="false"
+ ignoreUserCase="false">
- <class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
+ <bind-authscheme:credentialStore>
+ <s:ref bean="josso-identity-store"/>
+ </bind-authscheme:credentialStore>
- <!-- ================================================= -->
- <!-- JBoss Portal Credential Store -->
- <!-- ================================================= -->
- <sso-identity-store>
- <class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class>
- </sso-identity-store>
-
- <!-- ================================================= -->
- <!-- Identity Store Key adapter -->
- <!-- ================================================= -->
- <sso-identity-store-key-adapter>
- <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </sso-identity-store-key-adapter>
-
-</sso-identity-manager>
+ <bind-authscheme:credentialStoreKeyAdapter>
+ <s:ref bean="josso-simple-key-adapter"/>
+ </bind-authscheme:credentialStoreKeyAdapter>
+ </bind-authscheme:bind-auth-scheme>
+............
]]>
</programlisting></para>
- </listitem>
- </itemizedlist>
- </para>
</listitem>
+ <listitem>
+ <para>Register BIND Authentication Scheme with the JOSSO Authenticator in <emphasis>$JBOSS_HOME/server/default/deploy/conf/josso-gateway-config.xml</emphasis>
+ <programlisting>
+ <![CDATA[
+............
+<!-- ===================================================================== -->
+<!-- SSO Authenticator, all authentication schemes must be configured here -->
+<!-- ===================================================================== -->
+ <def-auth:authenticator id="josso-authenticator">
+ <def-auth:schemes>
+ <s:ref bean="josso-bind-authentication"/>
+ <!--
+ <s:ref bean="josso-basic-authentication"/>
+ <s:ref bean="josso-strong-authentication"/>
+ <s:ref bean="josso-rememberme-authentication"/>
+ -->
+ <!-- Others like NTLM and BIND go here -->
+ <!--
+ <s:ref bean="josso-bind-authentication"/>
+ -->
+ </def-auth:schemes>
+ </def-auth:authenticator>
+............
+ ]]>
+ </programlisting>
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
</orderedlist>
</para>
<para>
14 years, 9 months
JBoss Portal SVN: r13636 - in branches/Enterprise_Portal_Platform_4_3/testsuite/ui-tests/src/org/jboss/portal/test/selenium: portal and 1 other directory.
by portal-commits@lists.jboss.org
Author: mposolda(a)redhat.com
Date: 2009-07-30 07:53:49 -0400 (Thu, 30 Jul 2009)
New Revision: 13636
Modified:
branches/Enterprise_Portal_Platform_4_3/testsuite/ui-tests/src/org/jboss/portal/test/selenium/CoordinationSamplesTestCase.java
branches/Enterprise_Portal_Platform_4_3/testsuite/ui-tests/src/org/jboss/portal/test/selenium/portal/EndtoEndPortalAdminTestCase.java
Log:
Refactoring of tests to fix failures with HTTPS testing.
Modified: branches/Enterprise_Portal_Platform_4_3/testsuite/ui-tests/src/org/jboss/portal/test/selenium/CoordinationSamplesTestCase.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/testsuite/ui-tests/src/org/jboss/portal/test/selenium/CoordinationSamplesTestCase.java 2009-07-30 11:18:13 UTC (rev 13635)
+++ branches/Enterprise_Portal_Platform_4_3/testsuite/ui-tests/src/org/jboss/portal/test/selenium/CoordinationSamplesTestCase.java 2009-07-30 11:53:49 UTC (rev 13636)
@@ -835,7 +835,7 @@
selenium.type(PAR_R3_PVAL, "123");
selenium.click(PAR_R3_SUB);
selenium.waitForPageToLoad("30000");
- Assert.assertTrue(selenium.getLocation().endsWith("/portal/portal/default/Coordination+Samples/Parameters+-+Explicit%2BAlias?xyz=123"));
+ Assert.assertTrue(selenium.getLocation().endsWith("/portal/default/Coordination+Samples/Parameters+-+Explicit%2BAlias?xyz=123"));
}
/**
Modified: branches/Enterprise_Portal_Platform_4_3/testsuite/ui-tests/src/org/jboss/portal/test/selenium/portal/EndtoEndPortalAdminTestCase.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/testsuite/ui-tests/src/org/jboss/portal/test/selenium/portal/EndtoEndPortalAdminTestCase.java 2009-07-30 11:18:13 UTC (rev 13635)
+++ branches/Enterprise_Portal_Platform_4_3/testsuite/ui-tests/src/org/jboss/portal/test/selenium/portal/EndtoEndPortalAdminTestCase.java 2009-07-30 11:53:49 UTC (rev 13636)
@@ -483,7 +483,7 @@
// assert ERR handling
logout();
login("user", "user");
- openAndAssert("http://localhost:8080/portal/auth/portal/admin",
+ openAndAssert("/portal/auth/portal/admin",
"HTTP Status 403 - ");
logout();
login("admin", "admin");
14 years, 9 months
JBoss Portal SVN: r13635 - in branches/Enterprise_Portal_Platform_4_3/core/src: resources/portal-server-war and 1 other directory.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-07-30 07:18:13 -0400 (Thu, 30 Jul 2009)
New Revision: 13635
Modified:
branches/Enterprise_Portal_Platform_4_3/core/src/bin/portal-core-war/css/login.css
branches/Enterprise_Portal_Platform_4_3/core/src/resources/portal-server-war/login.jsp
Log:
Fed up with broken CSS, going back to plain old table
Modified: branches/Enterprise_Portal_Platform_4_3/core/src/bin/portal-core-war/css/login.css
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/core/src/bin/portal-core-war/css/login.css 2009-07-30 11:07:33 UTC (rev 13634)
+++ branches/Enterprise_Portal_Platform_4_3/core/src/bin/portal-core-war/css/login.css 2009-07-30 11:18:13 UTC (rev 13635)
@@ -22,14 +22,14 @@
input.login-button {
bottom: 25px;
- right: 90px;
- width: 75px;
+ right: 110px;
+ width: 90px;
}
input.cancel-button {
bottom: 25px;
right: 10px;
- width: 75px;
+ width: 90px;
}
div.login-container div.login-header {
Modified: branches/Enterprise_Portal_Platform_4_3/core/src/resources/portal-server-war/login.jsp
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/core/src/resources/portal-server-war/login.jsp 2009-07-30 11:07:33 UTC (rev 13634)
+++ branches/Enterprise_Portal_Platform_4_3/core/src/resources/portal-server-war/login.jsp 2009-07-30 11:18:13 UTC (rev 13635)
@@ -97,18 +97,16 @@
</div>
<form method="post" action="<%= response.encodeURL("j_security_check") %>" name="loginform" id="loginForm"
target="_parent">
- <div class="form-field">
- <label for="j_username"><%= rb.getString("LOGIN_USERNAME") %>
- </label>
- <input type="text" name="j_username" id="j_username" value=""/>
- </div>
- <div class="form-field">
- <label for="j_password"><%= rb.getString("LOGIN_PASSWORD") %>
- </label>
- <input type="password" name="j_password" id="j_password" value=""/>
- </div>
- <br class="clear"/>
-
+ <table align="center">
+ <tr class="form-field">
+ <td><label for="j_username" style="white-space: nowrap;"><%= rb.getString("LOGIN_USERNAME") %></label></td>
+ <td><input type="text" name="j_username" id="j_username" value="" size="12"/></td>
+ </tr>
+ <tr class="form-field">
+ <td><label for="j_password" style="white-space: nowrap;"><%= rb.getString("LOGIN_PASSWORD") %></label></td>
+ <td><input type="text" name="j_password" id="j_password" value="" size="12"/></td>
+ </tr>
+ </table>
<div class="button-container">
<br class="clear"/>
<input style="<%=paramPresent ? "" : "display:none"%>;" type="button" name="cancel"
14 years, 9 months
JBoss Portal SVN: r13634 - jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-07-30 07:07:33 -0400 (Thu, 30 Jul 2009)
New Revision: 13634
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossGroupPageACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossUserPageACL.java
Removed:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossAuthzIntegration.java
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
Log:
porting "Page" security related test cases to the new framework approach
* same exact functionality, just security swapped
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java 2009-07-30 11:07:33 UTC (rev 13634)
@@ -0,0 +1,389 @@
+/**
+ *
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import java.net.URI;
+import java.util.Collection;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.portal.config.model.Page;
+import org.exoplatform.services.security.MembershipEntry;
+
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.action.Write;
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyMetaData;
+
+/**
+ * @author soshah
+ *
+ */
+public abstract class JBossAbstractSharedPageACL extends
+ JBossAbstractTestUserACL
+{
+ protected abstract String getOwnerType();
+
+ public void testPage() throws Exception
+ {
+ Page page = new Page();
+ page.setName("index");
+ page.setOwnerType(this.getOwnerType());
+ page.setOwnerId("foo");
+ page.setAccessPermissions(new String[0]);
+
+ this.provisionPagePolicy(page);
+ this.dumpPolicyRepository();
+
+ // Assert
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ }
+
+ public void testPageAccessibleByEveryone() throws Exception
+ {
+ Page page = new Page();
+ page.setName("index");
+ page.setOwnerType(this.getOwnerType());
+ page.setOwnerId("foo");
+ page.setAccessPermissions(new String[] { "Everyone" });
+
+ this.provisionPagePolicy(page);
+ this.dumpPolicyRepository();
+
+ // Assert
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page),
+ false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page),
+ true);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+
+ public void testPageEditableByEveryone() throws Exception
+ {
+ Page page = new Page();
+ page.setName("index");
+ page.setOwnerType(this.getOwnerType());
+ page.setOwnerId("foo");
+ page.setAccessPermissions(new String[0]);
+ page.setEditPermission("Everyone");
+
+ this.provisionPagePolicy(page);
+ this.dumpPolicyRepository();
+
+ // Assert
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), true);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), true);
+ this.enforce(this.writePageEnforcementContext(this.user, page), true);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+
+ public void testPageAccessibleByGuests() throws Exception
+ {
+ Page page = new Page();
+ page.setName("index");
+ page.setOwnerType(this.getOwnerType());
+ page.setOwnerId("foo");
+ page.setAccessPermissions(new String[]{"whatever:/platform/guests"}); //TODO: make this "*:/platform/guests" once the custom Roles component is implemented
+
+ this.provisionPagePolicy(page);
+ this.dumpPolicyRepository();
+
+ // Assert
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+
+ public void testPageEditableByGuests() throws Exception
+ {
+ Page page = new Page();
+ page.setName("index");
+ page.setOwnerType(this.getOwnerType());
+ page.setOwnerId("foo");
+ page.setAccessPermissions(new String[0]);
+ page.setEditPermission("whatever:/platform/guests"); //TODO: make this "*:/platform/guests" once the custom Roles component is implemented
+
+ this.provisionPagePolicy(page);
+ this.dumpPolicyRepository();
+
+ // Assert
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), false);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+
+ public void testPageAccessibleByEveryOneAndGuests() throws Exception
+ {
+ Page page = new Page();
+ page.setName("index");
+ page.setOwnerType(this.getOwnerType());
+ page.setOwnerId("foo");
+ page.setAccessPermissions(new String[]{"Everyone", "whatever:/platform/guests"}); //TODO: make this "*:/platform/guests" once the custom Roles component is implemented
+
+ this.provisionPagePolicy(page);
+ this.dumpPolicyRepository();
+
+ // Assert
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), true);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ }
+
+ public void testPageWithAccessPermission() throws Exception
+ {
+ Page page = new Page();
+ page.setName("index");
+ page.setOwnerType(this.getOwnerType());
+ page.setOwnerId("foo");
+ page.setAccessPermissions(new String[]{"manager:/manageable"});
+
+ this.provisionPagePolicy(page);
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), false);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+
+ //TODO: test with *:/manageable once wild card based custom Roles component is implemented
+ }
+
+ public void testPageWithEditPermission() throws Exception
+ {
+ Page page = new Page();
+ page.setName("index");
+ page.setOwnerType(this.getOwnerType());
+ page.setOwnerId("foo");
+ page.setAccessPermissions(new String[0]);
+ page.setEditPermission("manager:/manageable");
+
+ this.provisionPagePolicy(page);
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePageEnforcementContext(this.root, page), true);
+ this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.writePageEnforcementContext(this.manager, page), true);
+ this.enforce(this.writePageEnforcementContext(this.user, page), false);
+ this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+
+ this.enforce(this.readPageEnforcementContext(this.root, page), true);
+ this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
+ this.enforce(this.readPageEnforcementContext(this.manager, page), true);
+ this.enforce(this.readPageEnforcementContext(this.user, page), false);
+ this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+
+ //TODO: test with *:/manageable once wild card based custom Roles component is implemented
+ }
+ // ------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Provisioning Phase: Provisions the Policy associated with the "Page". The
+ * Policy Structure is created using "Security Components" whose state is
+ * populated from state of the Page Object
+ *
+ *
+ * TODO: If OwnerType is User, it needs the Policy Combining Algorithm customization feature from
+ * the core framework
+ */
+ private void provisionPagePolicy(Page page) throws Exception
+ {
+ // SetUp Resource
+ URIResource target = new URIResource();
+ target.setUri(new URI(page.getName()));
+
+ // Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(target);
+
+ // Read Access
+ if (page.getAccessPermissions() != null
+ && page.getAccessPermissions().length > 0)
+ {
+ Roles readRoles = new Roles();
+ String[] accessPermissions = page.getAccessPermissions();
+ for (String accessPermission : accessPermissions)
+ {
+ readRoles.addName(accessPermission);
+ }
+ context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
+ "allowExpression");
+ }
+
+ // Write Access
+ String editPermission = page.getEditPermission();
+ if (editPermission != null && editPermission.trim().length() > 0)
+ {
+ Roles writeRoles = new Roles();
+ writeRoles.addName(editPermission);
+ context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
+ "allowExpression");
+ }
+
+ // Super User/Everyone (gives access without further evaluation)
+ org.jboss.security.authz.components.subject.Identity superuser = new org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.root.getId()); // Provided via system configuration
+
+ // Setup the super user and everyone based rules
+ context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
+
+ // SetUp OwnerType based Rules
+ if (page.getOwnerType().equals(PortalConfig.USER_TYPE))
+ {
+ OwnerType ownerType = new OwnerType();
+ ownerType.setType(PortalConfig.USER_TYPE);
+
+ Identity identity = new Identity();
+ identity.setName(page.getOwnerId());
+
+ context.addPolicyRule(Effect.PERMIT, ownerType, identity);
+ }
+
+ // Store the policy into the Policy Server
+ PolicyMetaData policyMetaData = this.policyComposer.compose(context);
+ this.provisioner.newPolicy(policyMetaData);
+ }
+
+ // -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Enforcement Phase: Creates an EnforcementContext for an incoming request
+ * that is trying to "Read the Page Object". The EnforcementContext is
+ * populated with "Security Components" whose state comes from the state of
+ * the application for the incoming thread
+ */
+ private EnforcementContext readPageEnforcementContext(User user, Page page)
+ throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.accessPageEnforcementContext(user, page);
+
+ // Create Action
+ context.setAttribute("action", new Read());
+
+ return context;
+ }
+
+ /**
+ * Enforcement Phase: Creates an EnforcementContext for an incoming request
+ * that is trying to "Edit the Portal Object". The EnforcementContext is
+ * populated with "Security Components" whose state comes from the state of
+ * the application for the incoming thread
+ */
+ private EnforcementContext writePageEnforcementContext(User user, Page page)
+ throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.accessPageEnforcementContext(user, page);
+
+ // Create Action
+ context.setAttribute("action", new Write());
+
+ return context;
+ }
+
+ private EnforcementContext accessPageEnforcementContext(User user, Page page)
+ throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Create Resource
+ URIResource portalRes = new URIResource();
+ portalRes.setUri(new URI(page.getName()));
+ context.setAttribute("resource", portalRes);
+
+ // Create Identity
+ Identity identity = new Identity();
+ if (user.getId() != null)
+ {
+ identity.setName(user.getId());
+ context.setAttribute("identity", identity);
+ }
+
+ // Create Roles
+ Roles roles = new Roles();
+ roles.addName("Everyone");
+ Collection<MembershipEntry> memberships = user.getMemberships();
+ if (memberships != null && !memberships.isEmpty())
+ {
+ for (MembershipEntry membership : memberships)
+ {
+ roles.addName(membership.toString());
+ }
+ }
+ else
+ {
+ // Check to see if this is guest access
+ if (user.getId() == null)
+ {
+ // This is a guest user
+ roles.addName("whatever:/platform/guests"); // Provided via system configuration
+ roles.addName(Roles.ANONYMOUS);
+ }
+ }
+ context.setAttribute("roles", roles);
+
+ return context;
+ }
+}
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java 2009-07-30 09:59:57 UTC (rev 13633)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java 2009-07-30 11:07:33 UTC (rev 13634)
@@ -124,17 +124,20 @@
everyone.addName(UserACL.EVERYONE);
//Guest Group
+ //TODO: replace whatever:/platform/guests with *:/platform/guests once custom Roles component is implemented
Roles guest = new Roles();
- guest.addName("/platform/guests"); //Provided via system configuration
+ //guest.addName("*:/platform/guests"); //Provided via system configuration
+ guest.addName("whatever:/platform/guests");
guest.addName(Roles.ANONYMOUS);
guest.setMustMatchAll(true);
- //TODO: use a custom Roles component
//PortalCreators Group....
+ //TODO: replace whatever:/platform/administrators, and whatever:/organization/management/executive-board
+ //with *:/platform/administrators, and *:/organization/management/executive-board once custom Roles component is implemented
Roles portalCreators = new Roles();
//portalCreators.addName("*:/platform/administrators"); //Provided via system configuration
- //portalCreators.addName("*:/organization/management/executive-board");
- portalCreators.addName("whatever:/platform/administrators"); //Provided via system configuration
+ //portalCreators.addName("*:/organization/management/executive-board"); //Provided via system configuration
+ portalCreators.addName("whatever:/platform/administrators");
portalCreators.addName("whatever:/organization/management/executive-board");
//Setup the Context for the Composition with these components
Deleted: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossAuthzIntegration.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossAuthzIntegration.java 2009-07-30 09:59:57 UTC (rev 13633)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossAuthzIntegration.java 2009-07-30 11:07:33 UTC (rev 13634)
@@ -1,131 +0,0 @@
-package org.exoplatform.portal.config.security.jboss;
-
-
-import java.net.URI;
-
-import org.apache.log4j.Logger;
-
-import org.exoplatform.test.BasicTestCase;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.components.action.Read;
-
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.Policy;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
-
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.agent.services.PolicyComposer;
-
-
-
-/**
- *
- * @author soshah
- *
- */
-public class TestJBossAuthzIntegration extends BasicTestCase
-{
- private static Logger log = Logger.getLogger(TestJBossAuthzIntegration.class);
-
- private PolicyComposer policyComposer;
- private PolicyEnforcementPoint enforcer;
- private PolicyProvisioner provisioner;
-
- @Override
- protected void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
- this.policyComposer = (PolicyComposer)ServiceContainer.lookup("/agent/PolicyComposer");
- this.enforcer = (PolicyEnforcementPoint)ServiceContainer.lookup("/agent/LocalEnforcementPoint");
- this.provisioner = (PolicyProvisioner)ServiceContainer.lookup("/agent/LocalPolicyProvisioner");
- }
-
- public void testIntegration() throws Exception
- {
- //SetUp Resource
- URIResource resource = new URIResource();
- resource.setUri(new URI("/root/level1/level2/index.html"));
-
- Read action = new Read();
-
- Roles allowedRoles = new Roles();
- allowedRoles.addName("user");
-
- //Setup the Context for the Composition with these components
- CompositionContext context = new CompositionContext();
- context.setPolicyTarget(resource);
- context.addPolicyRule(Effect.PERMIT, action, allowedRoles, "allowExpression");
-
- //Store the policy into the Policy Server
- PolicyMetaData policyMetaData = this.policyComposer.compose(context);
- this.provisioner.newPolicy(policyMetaData);
-
- this.assertServerState();
-
- //Go ahead and produce a RequestContext for a "Permit" Enforcement
- URIResource contextResource = new URIResource();
- contextResource.setUri(new URI("/root/level1/level2/index.html"));
-
- //Perform enforcement
- this.enforce(this.createEnforcementContext(contextResource, action), true);
- }
- //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- private void assertServerState() throws Exception
- {
- //Assert Policy State of the Server
- Policy[] policies = this.provisioner.readAllPolicies();
-
- assertTrue("Policy Store must not be empty!!", (policies != null && policies.length == 1));
- log.info("------------------------------------------------------------------------------");
- log.info(policies[0].generateSystemPolicy());
- }
-
- private void enforce(EnforcementContext enforcementContext, boolean mustBePermitted) throws Exception
- {
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
-
- assertNotNull(response);
- log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", response.isAccessGranted());
- }
- else
- {
- assertFalse("Access must be denied!!!", response.isAccessGranted());
- }
- }
-
- private EnforcementContext createEnforcementContext(URIResource protectedResource, Read action) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Enable Hierarchial Enforcement
- context.activateHierarchialEnforcement();
-
- // Create Resource
- context.setAttribute("uri-resource", protectedResource);
-
- // Create Subjects
- Roles roles = new Roles();
- roles.addName("user");
- context.setAttribute("roles", roles);
-
- // Create Action
- context.setAttribute("action", action);
-
- return context;
- }
-}
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossGroupPageACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossGroupPageACL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossGroupPageACL.java 2009-07-30 11:07:33 UTC (rev 13634)
@@ -0,0 +1,18 @@
+/**
+ *
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+
+/**
+ * @author soshah
+ *
+ */
+public class TestJBossGroupPageACL extends JBossAbstractSharedPageACL
+{
+ public String getOwnerType()
+ {
+ return PortalConfig.GROUP_TYPE;
+ }
+}
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java 2009-07-30 09:59:57 UTC (rev 13633)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java 2009-07-30 11:07:33 UTC (rev 13634)
@@ -171,14 +171,10 @@
//Super User/Everyone (gives access without further evaluation)
org.jboss.security.authz.components.subject.Identity superuser = new org.jboss.security.authz.components.subject.Identity();
- superuser.setName(this.root.getId()); //Provided via system configuration
- Roles everyone = new Roles();
- everyone.addName(UserACL.EVERYONE);
-
-
+ superuser.setName(this.root.getId()); //Provided via system configuration
+
//Setup the Context for the Composition with these components........
context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
- context.addPolicyRule(Effect.PERMIT, new Write(), everyone, "allowExpression");
// Store the policy into the Policy Server
PolicyMetaData policyMetaData = this.policyComposer.compose(context);
@@ -235,29 +231,27 @@
}
//Create Roles
+ Roles roles = new Roles();
+ roles.addName("Everyone");
Collection<MembershipEntry> memberships = user.getMemberships();
- if(memberships != null && !memberships.isEmpty())
+ if (memberships != null && !memberships.isEmpty())
{
- Roles roles = new Roles();
- for(MembershipEntry membership: memberships)
+ for (MembershipEntry membership : memberships)
{
roles.addName(membership.toString());
- }
- context.setAttribute("roles", roles);
+ }
}
else
{
- //Check to see if this is guest access
- if(user.getId() == null)
+ // Check to see if this is guest access
+ if (user.getId() == null)
{
- //This is a guest user
- Roles guest = new Roles();
- guest.addName("/platform/guests"); //Provided via system configuration
- guest.addName(Roles.ANONYMOUS);
-
- context.setAttribute("roles", guest);
+ // This is a guest user
+ roles.addName("whatever:/platform/guests"); // Provided via system configuration
+ roles.addName(Roles.ANONYMOUS);
}
}
+ context.setAttribute("roles", roles);
return context;
}
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossUserPageACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossUserPageACL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossUserPageACL.java 2009-07-30 11:07:33 UTC (rev 13634)
@@ -0,0 +1,18 @@
+/**
+ *
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+
+/**
+ * @author soshah
+ *
+ */
+public class TestJBossUserPageACL extends JBossAbstractSharedPageACL
+{
+ public String getOwnerType()
+ {
+ return PortalConfig.USER_TYPE;
+ }
+}
14 years, 9 months
JBoss Portal SVN: r13633 - branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-07-30 05:59:57 -0400 (Thu, 30 Jul 2009)
New Revision: 13633
Modified:
branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info/WSRPPortletInfo.java
Log:
Oups
Modified: branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info/WSRPPortletInfo.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info/WSRPPortletInfo.java 2009-07-30 09:58:23 UTC (rev 13632)
+++ branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info/WSRPPortletInfo.java 2009-07-30 09:59:57 UTC (rev 13633)
@@ -706,7 +706,6 @@
}
}
- @Override
public Map<String, RuntimeOptionInfo> getRuntimeOptionsInfo()
{
return Collections.emptyMap();
14 years, 9 months
JBoss Portal SVN: r13632 - branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-07-30 05:58:23 -0400 (Thu, 30 Jul 2009)
New Revision: 13632
Modified:
branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info/WSRPPortletInfo.java
Log:
Implement dummy getRuntimeOptionsInfo
Modified: branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info/WSRPPortletInfo.java
===================================================================
--- branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info/WSRPPortletInfo.java 2009-07-30 08:52:27 UTC (rev 13631)
+++ branches/Enterprise_Portal_Platform_4_3/wsrp/src/main/org/jboss/portal/wsrp/consumer/portlet/info/WSRPPortletInfo.java 2009-07-30 09:58:23 UTC (rev 13632)
@@ -38,6 +38,7 @@
import org.jboss.portal.portlet.info.ParameterInfo;
import org.jboss.portal.portlet.info.PreferenceInfo;
import org.jboss.portal.portlet.info.PreferencesInfo;
+import org.jboss.portal.portlet.info.RuntimeOptionInfo;
import org.jboss.portal.portlet.info.SecurityInfo;
import org.jboss.portal.portlet.info.WindowStateInfo;
import org.jboss.portal.wsrp.WSRPUtils;
@@ -704,4 +705,10 @@
return null;
}
}
+
+ @Override
+ public Map<String, RuntimeOptionInfo> getRuntimeOptionsInfo()
+ {
+ return Collections.emptyMap();
+ }
}
14 years, 9 months
JBoss Portal SVN: r13631 - in modules/portlet/tags/JBP_PORTLET_2_0_8: build/distrib and 1 other directory.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2009-07-30 04:52:27 -0400 (Thu, 30 Jul 2009)
New Revision: 13631
Modified:
modules/portlet/tags/JBP_PORTLET_2_0_8/build/distrib/distrib.xml
modules/portlet/tags/JBP_PORTLET_2_0_8/releaseLibs.sh
Log:
minor
Modified: modules/portlet/tags/JBP_PORTLET_2_0_8/build/distrib/distrib.xml
===================================================================
--- modules/portlet/tags/JBP_PORTLET_2_0_8/build/distrib/distrib.xml 2009-07-29 22:26:23 UTC (rev 13630)
+++ modules/portlet/tags/JBP_PORTLET_2_0_8/build/distrib/distrib.xml 2009-07-30 08:52:27 UTC (rev 13631)
@@ -2,9 +2,9 @@
<property name="source.dir" value="../.."/>
<property name="src.docs.dir" value="${source.dir}/docs"/>
- <property name="pc.release.version" value="trunk-SNAPSHOT"/>
- <property name="demo.release.version" value="trunk-SNAPSHOT"/>
- <property name="maven.version" value="trunk-SNAPSHOT"/>
+ <property name="pc.release.version" value="2.0.8"/>
+ <property name="demo.release.version" value="2.0.8"/>
+ <property name="maven.version" value="2.0.8"/>
<!-- -->
<property name="pc.release.name" value="jboss-portletcontainer-${pc.release.version}"/>
Modified: modules/portlet/tags/JBP_PORTLET_2_0_8/releaseLibs.sh
===================================================================
--- modules/portlet/tags/JBP_PORTLET_2_0_8/releaseLibs.sh 2009-07-29 22:26:23 UTC (rev 13630)
+++ modules/portlet/tags/JBP_PORTLET_2_0_8/releaseLibs.sh 2009-07-30 08:52:27 UTC (rev 13631)
@@ -1,4 +1,4 @@
-repos=$HOME/Dev/portal-modules-repos/portlet/2.0.8/lib
+repos=/home/theute/Development/Repo/repository.jboss.org/jboss-portal/modules/portlet/2.0.8/lib
thirdparty=$HOME/Dev/jboss-portal-2.7/thirdparty/jboss-portal/modules/portlet/lib
echo "Copies current version of portlet libraries either to local repository copy or Portal thirdparty to test or release purpose"
@@ -26,8 +26,15 @@
fi
cp bridge/target/portlet-bridge-2.0.8.jar $loc/portal-portlet-bridge-lib.jar
+cp bridge/target/portlet-bridge-2.0.8-sources.jar $loc/portal-portlet-bridge-lib-sources.jar
cp controller/target/portlet-controller-2.0.8.jar $loc/portal-portlet-controller-lib.jar
+cp controller/target/portlet-controller-2.0.8-sources.jar $loc/portal-portlet-controller-lib-sources.jar
cp federation/target/portlet-federation-2.0.8.jar $loc/portal-portlet-federation-lib.jar
+cp federation/target/portlet-federation-2.0.8-sources.jar $loc/portal-portlet-federation-lib-sources.jar
cp management/target/portlet-management-2.0.8.jar $loc/portal-portlet-management-lib.jar
+cp management/target/portlet-management-2.0.8-sources.jar $loc/portal-portlet-management-lib-sources.jar
cp portlet/target/portlet-portlet-2.0.8.jar $loc/portal-portlet-lib.jar
+cp portlet/target/portlet-portlet-2.0.8-sources.jar $loc/portal-portlet-lib-sources.jar
cp samples/target/portlet-samples-2.0.8.jar $loc/portal-portlet-samples-lib.jar
+cp samples/target/portlet-samples-2.0.8-sources.jar $loc/portal-portlet-samples-lib-sources.jar
+
14 years, 9 months
JBoss Portal SVN: r13630 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal: src/test/java/org/exoplatform/portal/config/security/jboss and 1 other directory.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-07-29 18:26:23 -0400 (Wed, 29 Jul 2009)
New Revision: 13630
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/CreatePortal.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/.classpath
Log:
porting "PortalConfig" security related test cases to the new framework approach
* same exact functionality, just security swapped
Property changes on: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal
___________________________________________________________________
Name: svn:ignore
+ nul
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/.classpath
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/.classpath 2009-07-29 20:01:36 UTC (rev 13629)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/.classpath 2009-07-29 22:26:23 UTC (rev 13630)
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
- <classpathentry excluding="**/*.java" kind="src" output="target/test-classes" path="src/test/resources"/>
- <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry excluding="**/*.java" kind="src" output="target/test-classes" path="src/test/resources"/>
<classpathentry kind="var" path="M2_REPO_EXO/javax/activation/activation/1.1/activation-1.1.jar"/>
<classpathentry kind="var" path="M2_REPO_EXO/javax/ccpp/ccpp/1.0/ccpp-1.0.jar"/>
<classpathentry kind="var" path="M2_REPO_EXO/javax/resource/connector-api/1.5/connector-api-1.5.jar"/>
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/CreatePortal.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/CreatePortal.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/CreatePortal.java 2009-07-29 22:26:23 UTC (rev 13630)
@@ -0,0 +1,46 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.exoplatform.portal.config.security.jboss;
+
+import org.jboss.security.authz.component.Component;
+import org.jboss.security.authz.component.ComponentType;
+import org.jboss.security.authz.component.ComponentCategory;
+
+import org.jboss.security.authz.components.action.Operation;
+
+/**
+ * Read represents a "read" action that can be performed on a Resource
+ *
+ * @author <a href="mailto:sshah@redhat.com">Sohil Shah</a>
+ */
+@Component(
+ name="createPortal",
+ type=ComponentType.TARGET,
+ category=ComponentCategory.ACTION
+)
+public class CreatePortal extends Operation
+{
+ public CreatePortal()
+ {
+ this.name = "createPortal";
+ }
+}
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java 2009-07-29 22:26:23 UTC (rev 13630)
@@ -0,0 +1,212 @@
+/**
+ *
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import java.net.URI;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.apache.log4j.Logger;
+
+import org.exoplatform.portal.config.UserACL;
+import org.exoplatform.services.security.ConversationState;
+import org.exoplatform.services.security.Identity;
+import org.exoplatform.services.security.MembershipEntry;
+import org.exoplatform.test.BasicTestCase;
+
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Roles;
+
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.Policy;
+import org.jboss.security.authz.model.PolicyMetaData;
+
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
+import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
+
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.agent.services.PolicyComposer;
+
+/**
+ * @author soshah
+ *
+ */
+public class JBossAbstractTestUserACL extends BasicTestCase
+{
+ private static Logger log = Logger.getLogger(JBossAbstractTestUserACL.class);
+
+ User root, administrator, manager, user, guest;
+
+ PolicyComposer policyComposer;
+ PolicyEnforcementPoint enforcer;
+ PolicyProvisioner provisioner;
+
+ protected void setUp() throws Exception
+ {
+ ServiceContainer.bootstrap();
+ this.policyComposer = (PolicyComposer) ServiceContainer
+ .lookup("/agent/PolicyComposer");
+ this.enforcer = (PolicyEnforcementPoint) ServiceContainer
+ .lookup("/agent/LocalEnforcementPoint");
+ this.provisioner = (PolicyProvisioner) ServiceContainer
+ .lookup("/agent/LocalPolicyProvisioner");
+
+ this.root = new User("root");
+ this.administrator = new User("administrator");
+ this.administrator.addMembership("whatever", "/platform/administrators");
+ this.manager = new User("manager");
+ this.manager.addMembership("manager", "/manageable");
+ this.user = new User("user");
+ this.guest = new User(null);
+
+ //Bootstrap the Policy Repository
+ //Provision the Policy that protects "Portal Creation"
+ this.provisionCreatePortalPolicy();
+ }
+
+ protected void enforce(EnforcementContext enforcementContext, boolean mustBePermitted) throws Exception
+ {
+ EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
+
+ assertNotNull(response);
+ log.info("-----------------------------------");
+ log.info("Decision="+response.getMessage());
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", response.isAccessGranted());
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", response.isAccessGranted());
+ }
+ }
+
+ protected void dumpPolicyRepository() throws Exception
+ {
+ //Assert Policy State of the Server
+ Policy[] policies = this.provisioner.readAllPolicies();
+
+ if(policies != null)
+ {
+ log.info("------------------------------------------------------------------------------");
+ for(Policy storedPolicy: policies)
+ {
+ log.info(storedPolicy.generateSystemPolicy());
+ }
+ }
+ }
+ //-------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Provisioning Phase: Provisions the Policy for Portal Creation. The Policy Structure is created using "Security Components" whose state is populated from
+ * appropriate System configuration values
+ */
+ private void provisionCreatePortalPolicy() throws Exception
+ {
+ //Using the custom "CreatePortal" "Security Component"
+ CreatePortal action = new CreatePortal();
+ URIResource resource = new URIResource();
+ resource.setUri(new URI(action.getName()));
+
+
+ //Super User/Everyone (gives access without further evaluation)
+ org.jboss.security.authz.components.subject.Identity superuser = new org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.root.getId()); //Provided via system configuration
+ Roles everyone = new Roles();
+ everyone.addName(UserACL.EVERYONE);
+
+ //Guest Group
+ Roles guest = new Roles();
+ guest.addName("/platform/guests"); //Provided via system configuration
+ guest.addName(Roles.ANONYMOUS);
+ guest.setMustMatchAll(true);
+
+ //TODO: use a custom Roles component
+ //PortalCreators Group....
+ Roles portalCreators = new Roles();
+ //portalCreators.addName("*:/platform/administrators"); //Provided via system configuration
+ //portalCreators.addName("*:/organization/management/executive-board");
+ portalCreators.addName("whatever:/platform/administrators"); //Provided via system configuration
+ portalCreators.addName("whatever:/organization/management/executive-board");
+
+ //Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(resource);
+ context.addPolicyRule(Effect.PERMIT, action, superuser);
+ context.addPolicyRule(Effect.PERMIT, action, everyone, "allowExpression");
+ context.addPolicyRule(Effect.PERMIT, action, guest, "allowExpression");
+ context.addPolicyRule(Effect.PERMIT, action, portalCreators, "allowExpression");
+
+ //Store the policy into the Policy Server
+ PolicyMetaData policyMetaData = this.policyComposer.compose(context);
+ this.provisioner.newPolicy(policyMetaData);
+ }
+ //----------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ public class User
+ {
+ private final Identity identity;
+
+ private User(String id) {
+ if (id != null) {
+ Collection<String> roles = Collections.emptySet();
+ Set<MembershipEntry> memberships = new HashSet<MembershipEntry>();
+ identity = new Identity(id, memberships, roles);
+ } else {
+ identity = null;
+ }
+ }
+
+ public String getId() {
+ return identity != null ? identity.getUserId() : null;
+ }
+
+ public void addMembership(String type, String group) {
+ identity.getMemberships().add(new MembershipEntry(group, type));
+ }
+
+ public void removeMembership(String type, String group) {
+ for (Iterator<MembershipEntry> i = identity.getMemberships().iterator();i.hasNext();) {
+ MembershipEntry membership = i.next();
+ if (type == null || type.equals(membership.getMembershipType())) {
+ if (group == null || group.equals(membership.getGroup())) {
+ i.remove();
+ }
+ }
+ }
+ }
+
+ public Collection<MembershipEntry> getMemberships()
+ {
+ if(this.identity != null)
+ {
+ return this.identity.getMemberships();
+ }
+ return null;
+ }
+
+ public void removeMembershipByType(String type) {
+ removeMembership(type, null);
+ }
+
+ public void removeMembershipByGroup(String group) {
+ removeMembership(null, group);
+ }
+
+ public void run(Runnable runnable) {
+ ConversationState.setCurrent(new ConversationState(identity));
+ try {
+ runnable.run();
+ } finally {
+ ConversationState.setCurrent(null);
+ }
+ }
+ }
+}
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java 2009-07-29 22:26:23 UTC (rev 13630)
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2003-2007 eXo Platform SAS.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Affero General Public License
+ * as published by the Free Software Foundation; either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see<http://www.gnu.org/licenses/>.
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import java.util.Collection;
+import java.net.URI;
+
+import org.exoplatform.services.security.MembershipEntry;
+
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.components.subject.Identity;
+
+
+/**
+ * @author soshah
+ *
+ */
+public class TestJBossCreatePortalACL extends JBossAbstractTestUserACL
+{
+ public void testPermission() throws Exception
+ {
+ //Generate an EnforcementContext to see if the superuser and administrator are allowed to create a Portal...Result: They should be
+ this.enforce(this.createPortalEnforcementContext(this.root), true);
+ this.enforce(this.createPortalEnforcementContext(this.administrator), true);
+
+ //Generate an EnforcementContext to see if a standard manager and a regular user are allowed to create a Portal..Result: They shouldn't be
+ this.enforce(this.createPortalEnforcementContext(this.manager), false);
+ this.enforce(this.createPortalEnforcementContext(this.user), false);
+ }
+ //----------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Enforcement Phase: Creates an EnforcementContext for an incoming request that is trying to "Create a New Portal". The EnforcementContext is populated with
+ * "Security Components" whose state comes from the state of the application for the incoming thread
+ */
+ private EnforcementContext createPortalEnforcementContext(User creator) throws Exception
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ CreatePortal action = new CreatePortal();
+
+ // Create Resource
+ URIResource resource = new URIResource();
+ resource.setUri(new URI(action.getName()));
+ context.setAttribute("resource", resource);
+
+ // Create Identity
+ Identity identity = new Identity();
+ identity.setName(creator.getId());
+ context.setAttribute("identity", identity);
+
+ //Create Roles
+ Collection<MembershipEntry> memberships = creator.getMemberships();
+ if(memberships != null && !memberships.isEmpty())
+ {
+ Roles roles = new Roles();
+ for(MembershipEntry membership: memberships)
+ {
+ roles.addName(membership.toString());
+ }
+ context.setAttribute("roles", roles);
+ }
+
+ // Create Action
+ context.setAttribute("action", action);
+
+ return context;
+ }
+}
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java 2009-07-29 22:26:23 UTC (rev 13630)
@@ -0,0 +1,264 @@
+/*
+ * Copyright (C) 2003-2007 eXo Platform SAS.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Affero General Public License
+ * as published by the Free Software Foundation; either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see<http://www.gnu.org/licenses/>.
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+import java.util.Collection;
+import java.net.URI;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.portal.config.UserACL;
+import org.exoplatform.services.security.MembershipEntry;
+
+import org.jboss.security.authz.agent.services.CompositionContext;
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.components.subject.Roles;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.action.Write;
+import org.jboss.security.authz.model.Effect;
+import org.jboss.security.authz.model.PolicyMetaData;
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+
+/**
+ *
+ * @author soshah
+ *
+ */
+public class TestJBossPortalConfigACL extends JBossAbstractTestUserACL
+{
+
+
+ public void testPortalRootAccessOnly() throws Exception
+ {
+ PortalConfig portal = new PortalConfig();
+ portal.setName("foo");
+ this.provisionPortalConfigPolicy(portal);
+
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.writePortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.manager, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+
+ this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.manager, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ }
+
+ public void testPortalOnlyReadAccess() throws Exception
+ {
+ PortalConfig portal = new PortalConfig();
+ portal.setName("foo");
+ portal.setAccessPermissions(new String[]{"manager:/manageable"});
+ this.provisionPortalConfigPolicy(portal);
+
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.writePortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.manager, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+
+ this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ }
+
+ public void testPortalEditableAndReadImplied() throws Exception
+ {
+ PortalConfig portal = new PortalConfig();
+ portal.setName("foo");
+ portal.setEditPermission("manager:/manageable");
+ this.provisionPortalConfigPolicy(portal);
+
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.writePortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+
+ this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ }
+
+ public void testPortalReadAndEditableExplicit() throws Exception
+ {
+ PortalConfig portal = new PortalConfig();
+ portal.setName("foo");
+ portal.setAccessPermissions(new String[]{"manager:/manageable"});
+ portal.setEditPermission("manager:/manageable");
+
+ this.provisionPortalConfigPolicy(portal);
+
+ this.dumpPolicyRepository();
+
+ this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.writePortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+
+ this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.administrator, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
+ this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
+ this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ }
+ //--------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Provisioning Phase: Provisions the Policy associated with the "Portal". The Policy Structure is created using "Security Components" whose state is populated from
+ * state of the PortalConfig object
+ */
+ private void provisionPortalConfigPolicy(PortalConfig portal) throws Exception
+ {
+ // SetUp Resource
+ URIResource target = new URIResource();
+ target.setUri(new URI(portal.getName()));
+
+ // Setup the Context for the Composition with these components
+ CompositionContext context = new CompositionContext();
+ context.setPolicyTarget(target);
+
+ // Read Access
+ if (portal.getAccessPermissions() != null
+ && portal.getAccessPermissions().length > 0)
+ {
+ Roles readRoles = new Roles();
+ String[] accessPermissions = portal.getAccessPermissions();
+ for (String accessPermission : accessPermissions)
+ {
+ readRoles.addName(accessPermission);
+ }
+ context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
+ "allowExpression");
+ }
+
+ // Write Access
+ String editPermission = portal.getEditPermission();
+ if (editPermission != null && editPermission.trim().length() > 0)
+ {
+ Roles writeRoles = new Roles();
+ writeRoles.addName(editPermission);
+ context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
+ "allowExpression");
+ }
+
+ //Super User/Everyone (gives access without further evaluation)
+ org.jboss.security.authz.components.subject.Identity superuser = new org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.root.getId()); //Provided via system configuration
+ Roles everyone = new Roles();
+ everyone.addName(UserACL.EVERYONE);
+
+
+ //Setup the Context for the Composition with these components........
+ context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
+ context.addPolicyRule(Effect.PERMIT, new Write(), everyone, "allowExpression");
+
+ // Store the policy into the Policy Server
+ PolicyMetaData policyMetaData = this.policyComposer.compose(context);
+ this.provisioner.newPolicy(policyMetaData);
+ }
+ //---------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ /**
+ * Enforcement Phase: Creates an EnforcementContext for an incoming request that is trying to "Read the Portal Object". The EnforcementContext is populated with
+ * "Security Components" whose state comes from the state of the application for the incoming thread
+ */
+ private EnforcementContext readPortalEnforcementContext(User user, PortalConfig portal) throws Exception
+ {
+ //Create an EnforcementContext
+ EnforcementContext context = this.accessPortalEnforcementContext(user, portal);
+
+ // Create Action
+ context.setAttribute("action", new Read());
+
+ return context;
+ }
+
+ /**
+ * Enforcement Phase: Creates an EnforcementContext for an incoming request that is trying to "Edit the Portal Object". The EnforcementContext is populated with
+ * "Security Components" whose state comes from the state of the application for the incoming thread
+ */
+ private EnforcementContext writePortalEnforcementContext(User user, PortalConfig portal) throws Exception
+ {
+ //Create an EnforcementContext
+ EnforcementContext context = this.accessPortalEnforcementContext(user, portal);
+
+ // Create Action
+ context.setAttribute("action", new Write());
+
+ return context;
+ }
+
+
+ private EnforcementContext accessPortalEnforcementContext(User user, PortalConfig portal) throws Exception
+ {
+ //Create an EnforcementContext
+ EnforcementContext context = new EnforcementContext();
+
+ // Create Resource
+ URIResource portalRes = new URIResource();
+ portalRes.setUri(new URI(portal.getName()));
+ context.setAttribute("resource", portalRes);
+
+ // Create Identity
+ Identity identity = new Identity();
+ if(user.getId() != null)
+ {
+ identity.setName(user.getId());
+ context.setAttribute("identity", identity);
+ }
+
+ //Create Roles
+ Collection<MembershipEntry> memberships = user.getMemberships();
+ if(memberships != null && !memberships.isEmpty())
+ {
+ Roles roles = new Roles();
+ for(MembershipEntry membership: memberships)
+ {
+ roles.addName(membership.toString());
+ }
+ context.setAttribute("roles", roles);
+ }
+ else
+ {
+ //Check to see if this is guest access
+ if(user.getId() == null)
+ {
+ //This is a guest user
+ Roles guest = new Roles();
+ guest.addName("/platform/guests"); //Provided via system configuration
+ guest.addName(Roles.ANONYMOUS);
+
+ context.setAttribute("roles", guest);
+ }
+ }
+
+ return context;
+ }
+}
14 years, 9 months