JBoss Portal SVN: r13654 - jbossexo/branches.
by portal-commits@lists.jboss.org
Author: mwringe
Date: 2009-08-03 00:17:32 -0400 (Mon, 03 Aug 2009)
New Revision: 13654
Added:
jbossexo/branches/portlet-container-integration/
Log:
Create the portlet integration branch directory.
14 years, 10 months
- 1
- 0
JBoss Portal SVN: r13653 - in jbossexo/modules/wsrp/trunk: producer/src/main/java/org/jboss/portal/wsrp/producer and 3 other directories.
by portal-commits@lists.jboss.org
Author: chris.laprun(a)jboss.com
Date: 2009-08-02 15:46:00 -0400 (Sun, 02 Aug 2009)
New Revision: 13653
Added:
jbossexo/modules/wsrp/trunk/producer/src/main/webapp/WEB-INF/conf/
jbossexo/modules/wsrp/trunk/producer/src/main/webapp/WEB-INF/conf/producer/
jbossexo/modules/wsrp/trunk/producer/src/main/webapp/WEB-INF/conf/producer/config.xml
Modified:
jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/UserContextConverter.java
jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPActionURL.java
jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPConstants.java
jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPPortletURL.java
jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPRenderURL.java
jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPTypeFactory.java
jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPUtils.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/ActionRequestProcessor.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/MarkupHandler.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/MarkupRequest.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/PortletManagementHandler.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/RenderRequestProcessor.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/RequestProcessor.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/ServiceDescriptionHandler.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPInstanceContext.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPPortletInvocationContext.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPProducerImpl.java
jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPRequestContext.java
Log:
- Adapted to change of package of many portlet module classes that are now in an api package.
- Added configuration directory to resources.
Modified: jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/UserContextConverter.java
===================================================================
--- jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/UserContextConverter.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/UserContextConverter.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -25,7 +25,7 @@
import org.jboss.portal.common.NotYetImplemented;
import static org.jboss.portal.common.p3p.P3PConstants.*;
-import org.jboss.portal.portlet.spi.UserContext;
+import org.jboss.portal.portlet.api.spi.UserContext;
import org.jboss.portal.wsrp.core.Contact;
import org.jboss.portal.wsrp.core.EmployerInfo;
import org.jboss.portal.wsrp.core.Online;
Modified: jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPActionURL.java
===================================================================
--- jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPActionURL.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPActionURL.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -25,9 +25,9 @@
import org.jboss.portal.Mode;
import org.jboss.portal.WindowState;
-import org.jboss.portal.portlet.ActionURL;
-import org.jboss.portal.portlet.OpaqueStateString;
-import org.jboss.portal.portlet.StateString;
+import org.jboss.portal.portlet.api.ActionURL;
+import org.jboss.portal.portlet.api.OpaqueStateString;
+import org.jboss.portal.portlet.api.StateString;
import java.util.Map;
Modified: jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPConstants.java
===================================================================
--- jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPConstants.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPConstants.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -23,7 +23,7 @@
package org.jboss.portal.wsrp;
-import org.jboss.portal.portlet.spi.PortalContext;
+import org.jboss.portal.portlet.api.spi.PortalContext;
import javax.xml.namespace.QName;
import java.net.InetAddress;
Modified: jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPPortletURL.java
===================================================================
--- jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPPortletURL.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPPortletURL.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -28,12 +28,12 @@
import org.jboss.portal.common.NotYetImplemented;
import org.jboss.portal.common.text.FastURLDecoder;
import org.jboss.portal.common.util.Tools;
-import org.jboss.portal.portlet.ActionURL;
-import org.jboss.portal.portlet.ParametersStateString;
-import org.jboss.portal.portlet.PortletURL;
-import org.jboss.portal.portlet.RenderURL;
-import org.jboss.portal.portlet.ResourceURL;
-import org.jboss.portal.portlet.StateString;
+import org.jboss.portal.portlet.api.ActionURL;
+import org.jboss.portal.portlet.api.ParametersStateString;
+import org.jboss.portal.portlet.api.PortletURL;
+import org.jboss.portal.portlet.api.RenderURL;
+import org.jboss.portal.portlet.api.ResourceURL;
+import org.jboss.portal.portlet.api.StateString;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Modified: jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPRenderURL.java
===================================================================
--- jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPRenderURL.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPRenderURL.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -25,9 +25,9 @@
import org.jboss.portal.Mode;
import org.jboss.portal.WindowState;
-import org.jboss.portal.portlet.OpaqueStateString;
-import org.jboss.portal.portlet.RenderURL;
-import org.jboss.portal.portlet.StateString;
+import org.jboss.portal.portlet.api.OpaqueStateString;
+import org.jboss.portal.portlet.api.RenderURL;
+import org.jboss.portal.portlet.api.StateString;
import java.util.Map;
Modified: jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPTypeFactory.java
===================================================================
--- jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPTypeFactory.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPTypeFactory.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -27,13 +27,13 @@
import org.jboss.portal.WindowState;
import org.jboss.portal.common.util.ParameterValidation;
import org.jboss.portal.common.util.Tools;
-import org.jboss.portal.portlet.ActionURL;
-import org.jboss.portal.portlet.OpaqueStateString;
-import org.jboss.portal.portlet.PortletURL;
-import org.jboss.portal.portlet.RenderURL;
-import org.jboss.portal.portlet.StateString;
-import org.jboss.portal.portlet.URLFormat;
-import org.jboss.portal.portlet.spi.PortletInvocationContext;
+import org.jboss.portal.portlet.api.ActionURL;
+import org.jboss.portal.portlet.api.OpaqueStateString;
+import org.jboss.portal.portlet.api.PortletURL;
+import org.jboss.portal.portlet.api.RenderURL;
+import org.jboss.portal.portlet.api.StateString;
+import org.jboss.portal.portlet.api.URLFormat;
+import org.jboss.portal.portlet.api.spi.PortletInvocationContext;
import org.jboss.portal.wsrp.core.BlockingInteractionResponse;
import org.jboss.portal.wsrp.core.CacheControl;
import org.jboss.portal.wsrp.core.ClientData;
@@ -195,7 +195,7 @@
* @since 2.6
*/
public static GetPortletDescription createGetPortletDescription(RegistrationContext registrationContext,
- org.jboss.portal.portlet.PortletContext portletContext)
+ org.jboss.portal.portlet.api.PortletContext portletContext)
{
ParameterValidation.throwIllegalArgExceptionIfNull(portletContext, "portlet context");
PortletContext wsrpPC = createPortletContext(portletContext.getId(), portletContext.getState());
Modified: jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPUtils.java
===================================================================
--- jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPUtils.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/common/src/main/java/org/jboss/portal/wsrp/WSRPUtils.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -28,11 +28,11 @@
import org.jboss.portal.common.i18n.LocaleFormat;
import org.jboss.portal.common.util.ConversionException;
import org.jboss.portal.common.util.ParameterValidation;
-import org.jboss.portal.portlet.ActionURL;
-import org.jboss.portal.portlet.PortletContext;
-import org.jboss.portal.portlet.PortletURL;
-import org.jboss.portal.portlet.RenderURL;
-import org.jboss.portal.portlet.state.AccessMode;
+import org.jboss.portal.portlet.api.ActionURL;
+import org.jboss.portal.portlet.api.PortletContext;
+import org.jboss.portal.portlet.api.PortletURL;
+import org.jboss.portal.portlet.api.RenderURL;
+import org.jboss.portal.portlet.api.state.AccessMode;
import org.jboss.portal.wsrp.core.InteractionParams;
import org.jboss.portal.wsrp.core.MarkupParams;
import org.jboss.portal.wsrp.core.NamedString;
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/ActionRequestProcessor.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/ActionRequestProcessor.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/ActionRequestProcessor.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -23,13 +23,13 @@
package org.jboss.portal.wsrp.producer;
-import org.jboss.portal.portlet.StateString;
-import org.jboss.portal.portlet.invocation.ActionInvocation;
-import org.jboss.portal.portlet.invocation.PortletInvocation;
-import org.jboss.portal.portlet.invocation.response.HTTPRedirectionResponse;
-import org.jboss.portal.portlet.invocation.response.PortletInvocationResponse;
-import org.jboss.portal.portlet.invocation.response.UpdateNavigationalStateResponse;
-import org.jboss.portal.portlet.state.AccessMode;
+import org.jboss.portal.portlet.api.StateString;
+import org.jboss.portal.portlet.api.invocation.ActionInvocation;
+import org.jboss.portal.portlet.api.invocation.PortletInvocation;
+import org.jboss.portal.portlet.api.invocation.response.HTTPRedirectionResponse;
+import org.jboss.portal.portlet.api.invocation.response.PortletInvocationResponse;
+import org.jboss.portal.portlet.api.invocation.response.UpdateNavigationalStateResponse;
+import org.jboss.portal.portlet.api.state.AccessMode;
import org.jboss.portal.wsrp.WSRPExceptionFactory;
import org.jboss.portal.wsrp.WSRPTypeFactory;
import org.jboss.portal.wsrp.WSRPUtils;
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/MarkupHandler.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/MarkupHandler.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/MarkupHandler.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -23,12 +23,12 @@
package org.jboss.portal.wsrp.producer;
-import org.jboss.portal.portlet.PortletInvokerException;
-import org.jboss.portal.portlet.invocation.response.ErrorResponse;
-import org.jboss.portal.portlet.invocation.response.FragmentResponse;
-import org.jboss.portal.portlet.invocation.response.HTTPRedirectionResponse;
-import org.jboss.portal.portlet.invocation.response.PortletInvocationResponse;
-import org.jboss.portal.portlet.invocation.response.UpdateNavigationalStateResponse;
+import org.jboss.portal.portlet.api.PortletInvokerException;
+import org.jboss.portal.portlet.api.invocation.response.ErrorResponse;
+import org.jboss.portal.portlet.api.invocation.response.FragmentResponse;
+import org.jboss.portal.portlet.api.invocation.response.HTTPRedirectionResponse;
+import org.jboss.portal.portlet.api.invocation.response.PortletInvocationResponse;
+import org.jboss.portal.portlet.api.invocation.response.UpdateNavigationalStateResponse;
import org.jboss.portal.portlet.state.producer.PortletStateChangeRequiredException;
import org.jboss.portal.wsrp.WSRPExceptionFactory;
import org.jboss.portal.wsrp.core.AccessDeniedFault;
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/MarkupRequest.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/MarkupRequest.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/MarkupRequest.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -25,7 +25,7 @@
import org.jboss.portal.Mode;
import org.jboss.portal.WindowState;
-import org.jboss.portal.portlet.Portlet;
+import org.jboss.portal.portlet.api.Portlet;
import org.jboss.portal.wsrp.WSRPUtils;
import org.jboss.portal.wsrp.core.MarkupType;
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/PortletManagementHandler.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/PortletManagementHandler.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/PortletManagementHandler.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -25,16 +25,16 @@
import org.jboss.portal.common.i18n.LocalizedString;
import org.jboss.portal.common.util.Tools;
-import org.jboss.portal.portlet.InvalidPortletIdException;
-import org.jboss.portal.portlet.NoSuchPortletException;
-import org.jboss.portal.portlet.Portlet;
-import org.jboss.portal.portlet.PortletInvokerException;
-import org.jboss.portal.portlet.info.PortletInfo;
-import org.jboss.portal.portlet.info.PreferenceInfo;
-import org.jboss.portal.portlet.info.PreferencesInfo;
-import org.jboss.portal.portlet.state.DestroyCloneFailure;
-import org.jboss.portal.portlet.state.PropertyChange;
-import org.jboss.portal.portlet.state.PropertyMap;
+import org.jboss.portal.portlet.api.InvalidPortletIdException;
+import org.jboss.portal.portlet.api.NoSuchPortletException;
+import org.jboss.portal.portlet.api.Portlet;
+import org.jboss.portal.portlet.api.PortletInvokerException;
+import org.jboss.portal.portlet.api.info.PortletInfo;
+import org.jboss.portal.portlet.api.info.PreferenceInfo;
+import org.jboss.portal.portlet.api.info.PreferencesInfo;
+import org.jboss.portal.portlet.api.state.DestroyCloneFailure;
+import org.jboss.portal.portlet.api.state.PropertyChange;
+import org.jboss.portal.portlet.api.state.PropertyMap;
import org.jboss.portal.registration.Registration;
import org.jboss.portal.registration.RegistrationLocal;
import org.jboss.portal.wsrp.WSRPConstants;
@@ -172,11 +172,11 @@
UserContext userContext = clonePortlet.getUserContext();
checkUserAuthorization(userContext);
- org.jboss.portal.portlet.PortletContext portalPC = WSRPUtils.convertToPortalPortletContext(portletContext);
+ org.jboss.portal.portlet.api.PortletContext portalPC = WSRPUtils.convertToPortalPortletContext(portletContext);
try
{
RegistrationLocal.setRegistration(registration);
- org.jboss.portal.portlet.PortletContext response = producer.getInvoker().createClone(portalPC);
+ org.jboss.portal.portlet.api.PortletContext response = producer.getInvoker().createClone(portalPC);
return WSRPUtils.convertToWSRPPortletContext(response);
}
catch (NoSuchPortletException e)
@@ -213,7 +213,7 @@
List portletContexts = new ArrayList(handles.length);
for (int i = 0; i < handles.length; i++)
{
- portletContexts.add(org.jboss.portal.portlet.PortletContext.createPortletContext(handles[i]));
+ portletContexts.add(org.jboss.portal.portlet.api.PortletContext.createPortletContext(handles[i]));
}
try
@@ -309,7 +309,7 @@
try
{
RegistrationLocal.setRegistration(registration);
- org.jboss.portal.portlet.PortletContext resultContext =
+ org.jboss.portal.portlet.api.PortletContext resultContext =
producer.getInvoker().setProperties(WSRPUtils.convertToPortalPortletContext(portletContext),
(PropertyChange[])changes.toArray(new PropertyChange[0]));
return WSRPUtils.convertToWSRPPortletContext(resultContext);
@@ -358,7 +358,7 @@
try
{
PropertyMap properties;
- org.jboss.portal.portlet.PortletContext jbpContext = WSRPUtils.convertToPortalPortletContext(portletContext);
+ org.jboss.portal.portlet.api.PortletContext jbpContext = WSRPUtils.convertToPortalPortletContext(portletContext);
RegistrationLocal.setRegistration(registration);
if (keys != null)
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/RenderRequestProcessor.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/RenderRequestProcessor.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/RenderRequestProcessor.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -24,12 +24,12 @@
package org.jboss.portal.wsrp.producer;
import org.jboss.portal.common.net.URLTools;
+import org.jboss.portal.portlet.api.invocation.PortletInvocation;
+import org.jboss.portal.portlet.api.invocation.RenderInvocation;
+import org.jboss.portal.portlet.api.invocation.response.FragmentResponse;
+import org.jboss.portal.portlet.api.invocation.response.PortletInvocationResponse;
+import org.jboss.portal.portlet.api.state.AccessMode;
import org.jboss.portal.portlet.impl.jsr168.PortletUtils;
-import org.jboss.portal.portlet.invocation.PortletInvocation;
-import org.jboss.portal.portlet.invocation.RenderInvocation;
-import org.jboss.portal.portlet.invocation.response.FragmentResponse;
-import org.jboss.portal.portlet.invocation.response.PortletInvocationResponse;
-import org.jboss.portal.portlet.state.AccessMode;
import org.jboss.portal.wsrp.WSRPConstants;
import org.jboss.portal.wsrp.WSRPRewritingConstants;
import org.jboss.portal.wsrp.WSRPTypeFactory;
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/RequestProcessor.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/RequestProcessor.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/RequestProcessor.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -28,16 +28,16 @@
import org.jboss.portal.common.net.media.MediaType;
import org.jboss.portal.common.util.MarkupInfo;
import org.jboss.portal.common.util.Tools;
-import org.jboss.portal.portlet.Portlet;
-import org.jboss.portal.portlet.PortletInvokerException;
-import org.jboss.portal.portlet.StateString;
-import org.jboss.portal.portlet.invocation.PortletInvocation;
-import org.jboss.portal.portlet.invocation.response.PortletInvocationResponse;
-import org.jboss.portal.portlet.spi.PortalContext;
-import org.jboss.portal.portlet.spi.SecurityContext;
-import org.jboss.portal.portlet.spi.UserContext;
-import org.jboss.portal.portlet.spi.WindowContext;
-import org.jboss.portal.portlet.state.AccessMode;
+import org.jboss.portal.portlet.api.Portlet;
+import org.jboss.portal.portlet.api.PortletInvokerException;
+import org.jboss.portal.portlet.api.StateString;
+import org.jboss.portal.portlet.api.invocation.PortletInvocation;
+import org.jboss.portal.portlet.api.invocation.response.PortletInvocationResponse;
+import org.jboss.portal.portlet.api.spi.PortalContext;
+import org.jboss.portal.portlet.api.spi.SecurityContext;
+import org.jboss.portal.portlet.api.spi.UserContext;
+import org.jboss.portal.portlet.api.spi.WindowContext;
+import org.jboss.portal.portlet.api.state.AccessMode;
import org.jboss.portal.registration.Registration;
import org.jboss.portal.wsrp.UserContextConverter;
import org.jboss.portal.wsrp.WSRPConstants;
@@ -105,7 +105,7 @@
// get portlet handle
PortletContext wsrpPC = getPortletContext();
WSRPExceptionFactory.throwMissingParametersFaultIfValueIsMissing(wsrpPC, "PortletContext", getContextName());
- org.jboss.portal.portlet.PortletContext portletContext = WSRPUtils.convertToPortalPortletContext(wsrpPC);
+ org.jboss.portal.portlet.api.PortletContext portletContext = WSRPUtils.convertToPortalPortletContext(wsrpPC);
// retrieve the portlet
try
@@ -359,7 +359,7 @@
}
}
- private WSRPInstanceContext createInstanceContext(org.jboss.portal.portlet.PortletContext portletContext, final AccessMode accessMode, String instanceId)
+ private WSRPInstanceContext createInstanceContext(org.jboss.portal.portlet.api.PortletContext portletContext, final AccessMode accessMode, String instanceId)
{
return new WSRPInstanceContext(portletContext, accessMode, instanceId);
}
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/ServiceDescriptionHandler.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/ServiceDescriptionHandler.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/ServiceDescriptionHandler.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -25,13 +25,13 @@
import org.jboss.portal.common.net.media.MediaType;
import org.jboss.portal.common.util.ParameterValidation;
-import org.jboss.portal.portlet.Portlet;
-import org.jboss.portal.portlet.PortletInvokerException;
-import org.jboss.portal.portlet.info.CapabilitiesInfo;
-import org.jboss.portal.portlet.info.MetaInfo;
-import org.jboss.portal.portlet.info.ModeInfo;
-import org.jboss.portal.portlet.info.PortletInfo;
-import org.jboss.portal.portlet.info.WindowStateInfo;
+import org.jboss.portal.portlet.api.Portlet;
+import org.jboss.portal.portlet.api.PortletInvokerException;
+import org.jboss.portal.portlet.api.info.CapabilitiesInfo;
+import org.jboss.portal.portlet.api.info.MetaInfo;
+import org.jboss.portal.portlet.api.info.ModeInfo;
+import org.jboss.portal.portlet.api.info.PortletInfo;
+import org.jboss.portal.portlet.api.info.WindowStateInfo;
import org.jboss.portal.registration.Registration;
import org.jboss.portal.wsrp.WSRPExceptionFactory;
import org.jboss.portal.wsrp.WSRPTypeFactory;
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPInstanceContext.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPInstanceContext.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPInstanceContext.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -24,10 +24,10 @@
package org.jboss.portal.wsrp.producer;
import org.jboss.portal.common.util.ParameterValidation;
-import org.jboss.portal.portlet.PortletContext;
-import org.jboss.portal.portlet.StateEvent;
-import org.jboss.portal.portlet.spi.InstanceContext;
-import org.jboss.portal.portlet.state.AccessMode;
+import org.jboss.portal.portlet.api.PortletContext;
+import org.jboss.portal.portlet.api.StateEvent;
+import org.jboss.portal.portlet.api.spi.InstanceContext;
+import org.jboss.portal.portlet.api.state.AccessMode;
/**
* @author <a href="mailto:chris.laprun@jboss.com">Chris Laprun</a>
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPPortletInvocationContext.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPPortletInvocationContext.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPPortletInvocationContext.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -26,20 +26,20 @@
import org.jboss.portal.common.NotYetImplemented;
import org.jboss.portal.common.net.URLTools;
import org.jboss.portal.common.util.MarkupInfo;
-import org.jboss.portal.portlet.ContainerURL;
-import org.jboss.portal.portlet.PortletURL;
-import org.jboss.portal.portlet.ResourceURL;
-import org.jboss.portal.portlet.URLFormat;
+import org.jboss.portal.portlet.api.ContainerURL;
+import org.jboss.portal.portlet.api.PortletURL;
+import org.jboss.portal.portlet.api.ResourceURL;
+import org.jboss.portal.portlet.api.URLFormat;
+import org.jboss.portal.portlet.api.invocation.PortletInvocation;
+import org.jboss.portal.portlet.api.spi.InstanceContext;
+import org.jboss.portal.portlet.api.spi.PortalContext;
+import org.jboss.portal.portlet.api.spi.PortletInvocationContext;
+import org.jboss.portal.portlet.api.spi.SecurityContext;
+import org.jboss.portal.portlet.api.spi.UserContext;
+import org.jboss.portal.portlet.api.spi.WindowContext;
import org.jboss.portal.portlet.impl.spi.AbstractClientContext;
import org.jboss.portal.portlet.impl.spi.AbstractPortletInvocationContext;
import org.jboss.portal.portlet.impl.spi.AbstractServerContext;
-import org.jboss.portal.portlet.invocation.PortletInvocation;
-import org.jboss.portal.portlet.spi.InstanceContext;
-import org.jboss.portal.portlet.spi.PortalContext;
-import org.jboss.portal.portlet.spi.PortletInvocationContext;
-import org.jboss.portal.portlet.spi.SecurityContext;
-import org.jboss.portal.portlet.spi.UserContext;
-import org.jboss.portal.portlet.spi.WindowContext;
import org.jboss.portal.wsrp.WSRPPortletURL;
import org.jboss.portal.wsrp.WSRPRewritingConstants;
import org.jboss.portal.wsrp.servlet.ServletAccess;
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPProducerImpl.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPProducerImpl.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPProducerImpl.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -23,11 +23,11 @@
package org.jboss.portal.wsrp.producer;
-import org.jboss.portal.portlet.NoSuchPortletException;
-import org.jboss.portal.portlet.Portlet;
-import org.jboss.portal.portlet.PortletInvoker;
-import org.jboss.portal.portlet.PortletInvokerException;
-import org.jboss.portal.portlet.info.RuntimeOptionInfo;
+import org.jboss.portal.portlet.api.NoSuchPortletException;
+import org.jboss.portal.portlet.api.Portlet;
+import org.jboss.portal.portlet.api.PortletInvoker;
+import org.jboss.portal.portlet.api.PortletInvokerException;
+import org.jboss.portal.portlet.api.info.RuntimeOptionInfo;
import org.jboss.portal.registration.Registration;
import org.jboss.portal.registration.RegistrationLocal;
import org.jboss.portal.registration.RegistrationManager;
@@ -384,7 +384,7 @@
this.invoker = invoker;
}
- Portlet getPortletWith(org.jboss.portal.portlet.PortletContext portletContext, Registration registration) throws InvalidHandleFault, PortletInvokerException
+ Portlet getPortletWith(org.jboss.portal.portlet.api.PortletContext portletContext, Registration registration) throws InvalidHandleFault, PortletInvokerException
{
Portlet portlet;
try
Modified: jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPRequestContext.java
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPRequestContext.java 2009-08-02 14:42:03 UTC (rev 13652)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/java/org/jboss/portal/wsrp/producer/WSRPRequestContext.java 2009-08-02 19:46:00 UTC (rev 13653)
@@ -25,7 +25,7 @@
import org.apache.commons.fileupload.FileUpload;
import org.jboss.portal.common.util.ParameterMap;
-import org.jboss.portal.portlet.spi.RequestContext;
+import org.jboss.portal.portlet.api.spi.RequestContext;
import org.jboss.portal.wsrp.core.InteractionParams;
import org.jboss.portal.wsrp.core.NamedString;
import org.jboss.portal.wsrp.core.UploadContext;
Added: jbossexo/modules/wsrp/trunk/producer/src/main/webapp/WEB-INF/conf/producer/config.xml
===================================================================
--- jbossexo/modules/wsrp/trunk/producer/src/main/webapp/WEB-INF/conf/producer/config.xml (rev 0)
+++ jbossexo/modules/wsrp/trunk/producer/src/main/webapp/WEB-INF/conf/producer/config.xml 2009-08-02 19:46:00 UTC (rev 13653)
@@ -0,0 +1,40 @@
+<!--
+ ~ JBoss, a division of Red Hat
+ ~ Copyright 2009, Red Hat Middleware, LLC, and individual
+ ~ contributors as indicated by the @authors tag. See the
+ ~ copyright.txt in the distribution for a full listing of
+ ~ individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+
+<!--
+<!DOCTYPE producer-configuration PUBLIC "-//JBoss Portal//DTD WSRP Local Producer Configuration 2.6//EN"
+ "http://www.jboss.org/portal/dtd/jboss-wsrp-producer_2_6.dtd">
+-->
+
+<!-- Configuration using registration with default registration property validator. -->
+<producer-configuration xmlns="urn:jboss:portal:wsrp:producer:v2_6"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:portal:wsrp:producer:v2_6 http://www.jboss.org/portal/xsd/jboss-wsrp-producer_2_6.xsd">
+ <registration-configuration fullServiceDescriptionRequiresRegistration="true">
+ <registration-property-validator>org.jboss.portal.registration.policies.DefaultRegistrationPropertyValidator
+ </registration-property-validator>
+ </registration-configuration>
+</producer-configuration>
+
+ <!-- Configuration without registration -->
+ <!--<producer-configuration/>-->
\ No newline at end of file
14 years, 10 months
- 1
- 0
JBoss Portal SVN: r13652 - jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-02 10:42:03 -0400 (Sun, 02 Aug 2009)
New Revision: 13652
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
Log:
UserACL adapted to switch between jboss security impl and exo impl via configuration
* bug fix
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java 2009-08-01 20:40:35 UTC (rev 13651)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java 2009-08-02 14:42:03 UTC (rev 13652)
@@ -377,11 +377,17 @@
for(String portalCreatorGroup: this.portalCreatorGroups)
{
- portalCreators.addName(portalCreatorGroup);
+ if(portalCreatorGroup != null && portalCreatorGroup.trim().length()!=0)
+ {
+ portalCreators.addName(portalCreatorGroup);
+ }
}
- context.addPolicyRule(Effect.PERMIT, action, portalCreators,
- "allowExpression");
+ if(!portalCreators.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, action, portalCreators,
+ "allowExpression");
+ }
}
this.policyProvisioner.composeAndDeploy(context);
14 years, 10 months
- 1
- 0
JBoss Portal SVN: r13651 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src: main/java/conf/portal and 3 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-01 16:40:35 -0400 (Sat, 01 Aug 2009)
New Revision: 13651
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/conf/portal/configuration.xml
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACLMetaData.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
Log:
UserACL adapted to switch between jboss security impl and exo impl via configuration
* both testsuites pass at 100%. this is a baseline before some more tweaking
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml 2009-08-01 15:10:09 UTC (rev 13650)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml 2009-08-01 20:40:35 UTC (rev 13651)
@@ -7,12 +7,22 @@
<property name="policyProvisioner">
<inject bean="/agent/LocalPolicyProvisioner"/>
</property>
+ <!--
+ Optional configuration: At this point in the integration cycle, this is optional since the configuration
+ is overriden by the UserACL configuration
+
+ Later when UserACL relationship to the Provisioner changes, this can possibly change as well and
+ some properties may not be optional anymore
+ -->
+ <!--
<property name="superuser">root</property>
+ -->
<!--
TODO: change the values from whatever:/platform/administrators and whatever:/organization/management/executive-board
to *:/platform/administrators and *:/organization/management/executive-board
once a custom Roles component is implemented
-->
+ <!-- -
<property name="portalCreatorGroups">
<list class="java.util.ArrayList" elementClass="java.lang.String">
<value>whatever:/platform/administrators</value>
@@ -21,6 +31,7 @@
</property>
<property name="guestGroup">/platform/guests</property>
<property name="navigationCreatorMembershipType">manager</property>
+ -->
</bean>
<bean name="/exo/jboss/PolicyEnforcementPoint" class="org.exoplatform.portal.jboss.security.enforcement.ExoEnforcementPoint">
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/conf/portal/configuration.xml
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/conf/portal/configuration.xml 2009-08-01 15:10:09 UTC (rev 13650)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/conf/portal/configuration.xml 2009-08-01 20:40:35 UTC (rev 13651)
@@ -47,6 +47,11 @@
<name>guests.group</name>
<description>guests group</description>
<value>/platform/guests</value>
+ </value-param>
+ <value-param>
+ <name>activate.jboss.security</name>
+ <description>Activate/Deactivates Authorization based on JBoss Security Framework</description>
+ <value>true</value>
</value-param>
</init-params>
</component>
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACL.java 2009-08-01 15:10:09 UTC (rev 13650)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACL.java 2009-08-01 20:40:35 UTC (rev 13651)
@@ -33,6 +33,11 @@
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.MembershipEntry;
+import org.jboss.security.authz.bootstrap.ServiceContainer;
+import org.jboss.security.authz.agent.enforcement.EnforcementException;
+import org.exoplatform.portal.jboss.security.enforcement.ExoEnforcementPoint;
+import org.exoplatform.portal.jboss.security.provisioning.ExoPolicyProvisioner;
+
/**
* Jun 27, 2006
*/
@@ -64,6 +69,11 @@
private String adminGroups;
private String adminMSType;
+
+ private boolean activateJBossSecurity;
+ private ExoEnforcementPoint enforcementPoint;
+ private ExoPolicyProvisioner policyProvisioner;
+
@SuppressWarnings("unchecked")
public UserACL(InitParams params) {
@@ -95,8 +105,15 @@
ValueParam adminMSTypeParam = params.getValueParam("portal.administrator.mstype");
if (adminMSTypeParam != null)
setAdminMSType(adminMSTypeParam.getValue());
+
+ //Activate/Deactivate security based on JBoss Security Framework
+ ValueParam jbossSecurityStatus = params.getValueParam("activate.jboss.security");
+ if(jbossSecurityStatus.getValue().equalsIgnoreCase(String.valueOf(Boolean.TRUE)))
+ {
+ md.setActivateJBossSecurity(true);
+ }
- init(md);
+ init(md);
}
public UserACL(UserACLMetaData md) {
@@ -127,6 +144,30 @@
if (md.getPortalCreateGroups() != null)
allGroups = md.getPortalCreateGroups();
portalCreatorGroups_ = defragmentPermission(allGroups);
+
+ if(md.isActivateJBossSecurity())
+ {
+ this.activateJBossSecurity = true;
+
+ ServiceContainer.bootstrap();
+ this.enforcementPoint = (ExoEnforcementPoint)ServiceContainer.lookup("/exo/jboss/PolicyEnforcementPoint");
+ this.policyProvisioner = (ExoPolicyProvisioner)ServiceContainer.lookup("/exo/jboss/PolicyProvisioner");
+
+ //Override any PolicyProvisioner configuration
+ this.policyProvisioner.setSuperuser(this.superUser_);
+ this.policyProvisioner.setGuestGroup(this.guestGroup_);
+ if(this.navigationCreatorMembershipType_ != null && this.navigationCreatorMembershipType_.trim().length() >0)
+ {
+ this.policyProvisioner.setNavigationCreatorMembershipType(this.navigationCreatorMembershipType_);
+ }
+ if(this.portalCreatorGroups_ != null && !this.portalCreatorGroups_.isEmpty())
+ {
+ this.policyProvisioner.setPortalCreatorGroups(this.portalCreatorGroups_);
+ }
+
+ //Initialize the PolicyProvisioner
+ this.policyProvisioner.initialize();
+ }
}
// TODO: unnecessary to keep potalACLPlugin
@@ -275,91 +316,235 @@
// --------------------------------------------------------------------------//
private boolean hasPermission(Identity identity, PortalConfig pconfig) {
- if (hasPermission(identity, pconfig.getEditPermission())) {
- pconfig.setModifiable(true);
- return true;
- }
- pconfig.setModifiable(false);
- String[] accessPerms = (pconfig.getAccessPermissions());
- for (String per : accessPerms) {
- if (hasPermission(identity, per))
- return true;
- }
- return false;
+ if(!this.activateJBossSecurity)
+ {
+ if (hasPermission(identity, pconfig.getEditPermission())) {
+ pconfig.setModifiable(true);
+ return true;
+ }
+ pconfig.setModifiable(false);
+ String[] accessPerms = (pconfig.getAccessPermissions());
+ for (String per : accessPerms) {
+ if (hasPermission(identity, per))
+ return true;
+ }
+ return false;
+ }
+ else
+ {
+ try
+ {
+ //Use the JBoss Security Framework
+ if(this.enforcementPoint.checkWriteAccess(identity, pconfig))
+ {
+ pconfig.setModifiable(true);
+ return true;
+ }
+ pconfig.setModifiable(false);
+ return this.enforcementPoint.checkReadAccess(identity, pconfig);
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
+ }
}
private boolean hasEditPermission(Identity identity, PortalConfig pconfig) {
- if (superUser_.equals(identity.getUserId()))
- return true;
- return hasPermission(identity, pconfig.getEditPermission());
+ if(!this.activateJBossSecurity)
+ {
+ if (superUser_.equals(identity.getUserId()))
+ return true;
+ return hasPermission(identity, pconfig.getEditPermission());
+ }
+ else
+ {
+ try
+ {
+ //Use the JBoss Security Framework
+ return this.enforcementPoint.checkWriteAccess(identity, pconfig);
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
+ }
}
private boolean hasCreatePortalPermission(Identity identity) {
- if (superUser_.equals(identity.getUserId()))
- return true;
- if (portalCreatorGroups_ == null || portalCreatorGroups_.size() < 1)
- return false;
- for (String ele : portalCreatorGroups_) {
- if (hasPermission(identity, ele))
- return true;
- }
- return false;
+
+ if(!this.activateJBossSecurity)
+ {
+ if (superUser_.equals(identity.getUserId()))
+ return true;
+ if (portalCreatorGroups_ == null || portalCreatorGroups_.size() < 1)
+ return false;
+ for (String ele : portalCreatorGroups_) {
+ if (hasPermission(identity, ele))
+ return true;
+ }
+ return false;
+ }
+ else
+ {
+ try
+ {
+ //Use the JBoss Security Framework
+ return this.enforcementPoint.checkCreatePortalAccess(identity);
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
+ }
}
private boolean hasEditPermission(Identity identity, PageNavigation pageNav) {
- if (superUser_.equals(identity.getUserId())) {
- pageNav.setModifiable(true);
- return true;
- }
- String ownerType = pageNav.getOwnerType();
- if (PortalConfig.GROUP_TYPE.equals(ownerType)) {
- String expPerm = navigationCreatorMembershipType_ + ":/" + pageNav.getOwnerId();
- return hasPermission(identity, expPerm);
- } else if (PortalConfig.USER_TYPE.equals(ownerType)) {
- return pageNav.getOwnerId().equals(identity.getUserId());
- }
- return false;
+ if(!this.activateJBossSecurity)
+ {
+ if (superUser_.equals(identity.getUserId())) {
+ pageNav.setModifiable(true);
+ return true;
+ }
+ String ownerType = pageNav.getOwnerType();
+ if (PortalConfig.GROUP_TYPE.equals(ownerType)) {
+ String expPerm = navigationCreatorMembershipType_ + ":/" + pageNav.getOwnerId();
+ return hasPermission(identity, expPerm);
+ } else if (PortalConfig.USER_TYPE.equals(ownerType)) {
+ return pageNav.getOwnerId().equals(identity.getUserId());
+ }
+ return false;
+ }
+ else
+ {
+ try
+ {
+ //Use the JBoss Security Framework
+ boolean hasWriteAccess = this.enforcementPoint.checkWriteAccess(identity, pageNav);
+ if(hasWriteAccess && superUser_.equals(identity.getUserId()))
+ {
+ pageNav.setModifiable(true);
+ }
+ return hasWriteAccess;
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
+ }
}
private boolean hasPermission(Identity identity, Page page) {
- if (PortalConfig.USER_TYPE.equals(page.getOwnerType())) {
- if (page.getOwnerId().equals(identity.getUserId())) {
- page.setModifiable(true);
- return true;
- }
- return false;
- }
- if (superUser_.equals(identity.getUserId())) {
- page.setModifiable(true);
- return true;
- }
- if (hasEditPermission(identity, page)) {
- page.setModifiable(true);
- return true;
- }
- page.setModifiable(false);
- String[] accessPerms = page.getAccessPermissions();
- for (String per : accessPerms) {
- if (hasPermission(identity, per))
- return true;
- }
- return false;
+ if(!this.activateJBossSecurity)
+ {
+ if (PortalConfig.USER_TYPE.equals(page.getOwnerType())) {
+ if (page.getOwnerId().equals(identity.getUserId())) {
+ page.setModifiable(true);
+ return true;
+ }
+ return false;
+ }
+ if (superUser_.equals(identity.getUserId())) {
+ page.setModifiable(true);
+ return true;
+ }
+ if (hasEditPermission(identity, page)) {
+ page.setModifiable(true);
+ return true;
+ }
+ page.setModifiable(false);
+ String[] accessPerms = page.getAccessPermissions();
+ for (String per : accessPerms) {
+ if (hasPermission(identity, per))
+ return true;
+ }
+ return false;
+ }
+ else
+ {
+ try
+ {
+ //TODO: this logic needs to be incorporated into the security framework via custom policy combining algrorithm
+ /*if (PortalConfig.USER_TYPE.equals(page.getOwnerType()))
+ {
+ if (page.getOwnerId().equals(identity.getUserId()))
+ {
+ page.setModifiable(true);
+ return true;
+ }
+ return false;
+ }*/
+
+ boolean hasWriteAccess = this.enforcementPoint.checkWriteAccess(identity, page);
+ if(hasWriteAccess)
+ {
+ page.setModifiable(true);
+ return true;
+ }
+
+ page.setModifiable(false);
+ return this.enforcementPoint.checkReadAccess(identity, page);
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
+ }
}
private boolean hasEditPermission(Identity identity, Page page) {
- if (PortalConfig.USER_TYPE.equals(page.getOwnerType())) {
- if (page.getOwnerId().equals(identity.getUserId())) {
- page.setModifiable(true);
- return true;
- }
- return false;
- }
- if (hasPermission(identity, page.getEditPermission())) {
- page.setModifiable(true);
- return true;
- }
- page.setModifiable(false);
- return false;
+ if(!this.activateJBossSecurity)
+ {
+ if (PortalConfig.USER_TYPE.equals(page.getOwnerType())) {
+ if (page.getOwnerId().equals(identity.getUserId())) {
+ page.setModifiable(true);
+ return true;
+ }
+ return false;
+ }
+ if (hasPermission(identity, page.getEditPermission())) {
+ page.setModifiable(true);
+ return true;
+ }
+ page.setModifiable(false);
+ return false;
+ }
+ else
+ {
+ try
+ {
+ //TODO: this logic needs to be incorporated into the security framework via custom policy combining algrorithm
+ /*if (PortalConfig.USER_TYPE.equals(page.getOwnerType()))
+ {
+ if (page.getOwnerId().equals(identity.getUserId()))
+ {
+ page.setModifiable(true);
+ return true;
+ }
+ return false;
+ }*/
+
+ boolean hasWriteAccess = this.enforcementPoint.checkWriteAccess(identity, page);
+ if(hasWriteAccess)
+ {
+ page.setModifiable(true);
+ return true;
+ }
+
+ page.setModifiable(false);
+ return false;
+ }
+ catch(EnforcementException enfe)
+ {
+ //TODO: log this....
+ throw new RuntimeException(enfe);
+ }
+ }
}
private Identity getIdentity() {
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACLMetaData.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACLMetaData.java 2009-08-01 15:10:09 UTC (rev 13650)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/config/UserACLMetaData.java 2009-08-01 20:40:35 UTC (rev 13651)
@@ -35,6 +35,8 @@
/** . */
private String portalCreateGroups;
+
+ private boolean activateJBossSecurity;
public String getSuperUser() {
return superUser;
@@ -67,4 +69,14 @@
public void setPortalCreateGroups(String portalCreateGroups) {
this.portalCreateGroups = portalCreateGroups;
}
+
+ public boolean isActivateJBossSecurity()
+ {
+ return activateJBossSecurity;
+ }
+
+ public void setActivateJBossSecurity(boolean activateJBossSecurity)
+ {
+ this.activateJBossSecurity = activateJBossSecurity;
+ }
}
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java 2009-08-01 15:10:09 UTC (rev 13650)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java 2009-08-01 20:40:35 UTC (rev 13651)
@@ -49,9 +49,7 @@
}
public void start()
- {
- this.initializePolicyRepository();
-
+ {
log.debug("----------------------------------------------------------------");
log.debug("Exo-JBoss Policy Provisioner successfully started..............."+this.policyProvisioner);
log.debug("----------------------------------------------------------------");
@@ -66,6 +64,11 @@
{
this.printPolicyRepository();
}
+
+ public void initialize()
+ {
+ this.initializePolicyRepository();
+ }
//----------------------------------------------------------------------------------------------------------------------------------------------------------------------
public PolicyProvisioner getPolicyProvisioner()
{
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java 2009-08-01 15:10:09 UTC (rev 13650)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java 2009-08-01 20:40:35 UTC (rev 13651)
@@ -8,7 +8,9 @@
import org.exoplatform.test.BasicTestCase;
import org.exoplatform.portal.jboss.security.provisioning.ExoPolicyProvisioner;
-import org.exoplatform.portal.jboss.security.enforcement.ExoEnforcementPoint;
+import org.exoplatform.services.security.ConversationState;
+import org.exoplatform.portal.config.UserACL;
+import org.exoplatform.portal.config.UserACLMetaData;
import org.exoplatform.portal.config.model.PortalConfig;
import org.exoplatform.portal.config.model.PageNavigation;
import org.exoplatform.portal.config.model.Page;
@@ -26,17 +28,33 @@
User root, administrator, manager, user, guest;
ExoPolicyProvisioner exoPolicyProvisioner;
- ExoEnforcementPoint exoEnforcementPoint;
+ UserACL ua;
protected void setUp() throws Exception
- {
- ServiceContainer.bootstrap();
-
- this.exoPolicyProvisioner = (ExoPolicyProvisioner)ServiceContainer.lookup("/exo/jboss/PolicyProvisioner");
- this.exoEnforcementPoint = (ExoEnforcementPoint)ServiceContainer.lookup("/exo/jboss/PolicyEnforcementPoint");
+ {
+ //Setup the UserACL instance
+ UserACLMetaData md = new UserACLMetaData();
- this.root = new User(this.exoPolicyProvisioner.getSuperuser());
+ //Super User and Guest configuration
+ md.setSuperUser("root");
+ md.setGuestsGroups("/platform/guests");
+
+ //TODO: replace with *:/platform/administrators,*:/organization/management/executive-board, once custom
+ //Roles component is used
+ //md.setPortalCreateGroups("*:/platform/administrators,*:/organization/management/executive-board");
+ md.setPortalCreateGroups("whatever:/platform/administrators,whatever:/organization/management/executive-board");
+
+ md.setNavigationCreatorMembershipType("manager");
+ md.setActivateJBossSecurity(true);
+
+ //Initializes the UserACL instance
+ this.ua = new UserACL(md);
+
+ this.exoPolicyProvisioner = (ExoPolicyProvisioner)ServiceContainer.lookup("/exo/jboss/PolicyProvisioner");
+
+ //SetUp the mock identities
+ this.root = new User(this.ua.getSuperUser());
this.administrator = new User("administrator");
this.administrator.addMembership("whatever", "/platform/administrators");
@@ -50,121 +68,152 @@
}
protected void checkCreatePortalAccess(User user, boolean mustBePermitted) throws Exception
- {
- boolean access = this.exoEnforcementPoint.checkCreatePortalAccess(user.getIdentity());
-
- log.info("-----------------------------------");
- log.info("Decision="+access);
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", access);
- }
- else
- {
- assertFalse("Access must be denied!!!", access);
- }
+ {
+ ConversationState.setCurrent(new ConversationState(user.getIdentity()));
+ try
+ {
+ boolean access = this.ua.hasCreatePortalPermission();
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+ finally
+ {
+ ConversationState.setCurrent(null);
+ }
}
protected void checkReadAccess(User user, PortalConfig portal, boolean mustBePermitted) throws Exception
{
- boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(), portal);
-
- log.info("-----------------------------------");
- log.info("Decision="+access);
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", access);
- }
- else
- {
- assertFalse("Access must be denied!!!", access);
- }
+ ConversationState.setCurrent(new ConversationState(user.getIdentity()));
+ try
+ {
+ boolean access = this.ua.hasPermission(portal);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+ finally
+ {
+ ConversationState.setCurrent(null);
+ }
}
protected void checkWriteAccess(User user, PortalConfig portal, boolean mustBePermitted) throws Exception
- {
- boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(), portal);
-
- log.info("-----------------------------------");
- log.info("Decision="+access);
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", access);
- }
- else
- {
- assertFalse("Access must be denied!!!", access);
- }
+ {
+ ConversationState.setCurrent(new ConversationState(user.getIdentity()));
+ try
+ {
+ boolean access = this.ua.hasEditPermission(portal);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+ finally
+ {
+ ConversationState.setCurrent(null);
+ }
}
-
- protected void checkReadAccess(User user, PageNavigation nav, boolean mustBePermitted) throws Exception
- {
- boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(), nav);
-
- log.info("-----------------------------------");
- log.info("Decision="+access);
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", access);
- }
- else
- {
- assertFalse("Access must be denied!!!", access);
- }
- }
-
+
protected void checkWriteAccess(User user, PageNavigation nav, boolean mustBePermitted) throws Exception
- {
- boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(), nav);
-
- log.info("-----------------------------------");
- log.info("Decision="+access);
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", access);
- }
- else
- {
- assertFalse("Access must be denied!!!", access);
- }
+ {
+ ConversationState.setCurrent(new ConversationState(user.getIdentity()));
+ try
+ {
+ boolean access = this.ua.hasEditPermission(nav);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+ finally
+ {
+ ConversationState.setCurrent(null);
+ }
}
protected void checkReadAccess(User user, Page page, boolean mustBePermitted) throws Exception
{
- boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(), page);
-
- log.info("-----------------------------------");
- log.info("Decision="+access);
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", access);
- }
- else
- {
- assertFalse("Access must be denied!!!", access);
- }
+ ConversationState.setCurrent(new ConversationState(user.getIdentity()));
+ try
+ {
+ boolean access = this.ua.hasPermission(page);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+ finally
+ {
+ ConversationState.setCurrent(null);
+ }
}
protected void checkWriteAccess(User user, Page page, boolean mustBePermitted) throws Exception
{
- boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(), page);
-
- log.info("-----------------------------------");
- log.info("Decision="+access);
-
- if(mustBePermitted)
- {
- assertTrue("Access must be granted!!!", access);
- }
- else
- {
- assertFalse("Access must be denied!!!", access);
- }
+ ConversationState.setCurrent(new ConversationState(user.getIdentity()));
+ try
+ {
+ boolean access = this.ua.hasEditPermission(page);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+ finally
+ {
+ ConversationState.setCurrent(null);
+ }
}
}
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java 2009-08-01 15:10:09 UTC (rev 13650)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java 2009-08-01 20:40:35 UTC (rev 13651)
@@ -3,6 +3,9 @@
*/
package org.exoplatform.portal.config.security.jboss;
+import java.util.List;
+import java.util.ArrayList;
+
import org.apache.log4j.Logger;
import org.exoplatform.portal.config.UserACL;
@@ -32,6 +35,7 @@
String navigationCreatorMembershipType_;
String superuser_;
String guestGroup_;
+ List<String> portalCreatorGroups;
PolicyComposer policyComposer;
@@ -50,10 +54,18 @@
//via system configuration
this.navigationCreatorMembershipType_ = "manager";
- this.superuser_ = "root";
-
+ this.superuser_ = "root";
this.guestGroup_ = "/platform/guests";
+ //TODO: replace with *:/platform/administrators,*:/organization/management/executive-board, once custom
+ //Roles component is used
+ this.portalCreatorGroups = new ArrayList<String>();
+ //this.portalCreatorGroups.add("*:/platform/administrators");
+ //this.portalCreatorGroups.add("*:/organization/management/executive-board");
+ this.portalCreatorGroups.add("whatever:/platform/administrators");
+ this.portalCreatorGroups.add("whatever:/organization/management/executive-board");
+
+ //Setup mock identities
this.root = new User(this.superuser_);
this.administrator = new User("administrator");
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java 2009-08-01 15:10:09 UTC (rev 13650)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java 2009-08-01 20:40:35 UTC (rev 13651)
@@ -23,9 +23,11 @@
import org.exoplatform.services.security.MembershipEntry;
import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.services.CompositionContext;
import org.jboss.security.authz.components.resource.URIResource;
import org.jboss.security.authz.components.subject.Roles;
import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.model.Effect;
/**
* @author soshah
@@ -35,6 +37,7 @@
{
public void testCreatePortal() throws Exception
{
+ this.provisionCreatePortalPolicy();
this.dumpPolicyRepository();
// Generate an EnforcementContext to see if the superuser and administrator
@@ -49,6 +52,38 @@
this.enforce(this.createPortalEnforcementContext(this.user), false);
}
// ----------------------------------------------------------------------------------------------------------------------------------------------------------------
+ private void provisionCreatePortalPolicy() throws Exception
+ {
+ CompositionContext context = new CompositionContext();
+
+ //Using the custom "CreatePortal" "Security Component"
+ CreatePortal action = new CreatePortal();
+ URIResource resource = new URIResource();
+ resource.setUri(new URI(action.getName()));
+ context.setPolicyTarget(resource);
+
+ // Super User... Supers Users have access to everything
+ org.jboss.security.authz.components.subject.Identity superuser = new org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.root.getId());
+ context.addPolicyRule(Effect.PERMIT, action, superuser);
+
+ // PortalCreators Group....
+ if(this.portalCreatorGroups != null && !this.portalCreatorGroups.isEmpty())
+ {
+ Roles portalCreators = new Roles();
+
+ for(String portalCreatorGroup: this.portalCreatorGroups)
+ {
+ portalCreators.addName(portalCreatorGroup);
+ }
+
+ context.addPolicyRule(Effect.PERMIT, action, portalCreators,
+ "allowExpression");
+ }
+
+ this.provisioner.composeAndDeploy(context);
+ }
+
/**
* Enforcement Phase: Creates an EnforcementContext for an incoming request
* that is trying to "Create a New Portal". The EnforcementContext is
14 years, 10 months
- 1
- 0
JBoss Portal SVN: r13650 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src: main/java/org/exoplatform/portal/jboss/security/enforcement and 1 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2009-08-01 11:10:09 -0400 (Sat, 01 Aug 2009)
New Revision: 13650
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java
Log:
Enforcement Phase integration
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml 2009-07-31 22:55:19 UTC (rev 13649)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml 2009-08-01 15:10:09 UTC (rev 13650)
@@ -22,4 +22,13 @@
<property name="guestGroup">/platform/guests</property>
<property name="navigationCreatorMembershipType">manager</property>
</bean>
+
+ <bean name="/exo/jboss/PolicyEnforcementPoint" class="org.exoplatform.portal.jboss.security.enforcement.ExoEnforcementPoint">
+ <property name="enforcer">
+ <inject bean="/agent/LocalEnforcementPoint"/>
+ </property>
+ <property name="policyProvisioner">
+ <inject bean="/exo/jboss/PolicyProvisioner"/>
+ </property>
+ </bean>
</deployment>
\ No newline at end of file
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java 2009-08-01 15:10:09 UTC (rev 13650)
@@ -0,0 +1,268 @@
+/**
+ *
+ */
+package org.exoplatform.portal.jboss.security.enforcement;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Collection;
+
+import org.apache.log4j.Logger;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.portal.config.model.PageNavigation;
+import org.exoplatform.portal.config.model.Page;
+import org.exoplatform.services.security.MembershipEntry;
+import org.exoplatform.portal.jboss.security.components.CreatePortal;
+import org.exoplatform.portal.jboss.security.provisioning.ExoPolicyProvisioner;
+
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.enforcement.EnforcementException;
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.action.Write;
+import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.components.subject.Roles;
+
+/**
+ * This EnforcementPoint is ok for the first phase of integration. This can be made much more flexible and much more decoupled from
+ * any direct knowledge of the Resource and Action Security Components. This clean decoupling is possible with an interceptor approach
+ *
+ * This will do the job and then more later
+ *
+ * @author soshah
+ *
+ */
+public class ExoEnforcementPoint
+{
+ private static Logger log = Logger.getLogger(ExoEnforcementPoint.class);
+
+ private PolicyEnforcementPoint enforcer;
+ private ExoPolicyProvisioner policyProvisioner;
+
+ public ExoEnforcementPoint()
+ {
+
+ }
+
+ public void start()
+ {
+ log.debug("----------------------------------------------------------------");
+ log.debug("Exo-JBoss Policy Enforcement Point successfully started..............."+this.enforcer);
+ log.debug("----------------------------------------------------------------");
+ }
+
+ public void stop()
+ {
+
+ }
+
+ public PolicyEnforcementPoint getEnforcer()
+ {
+ return enforcer;
+ }
+
+ public void setEnforcer(PolicyEnforcementPoint enforcer)
+ {
+ this.enforcer = enforcer;
+ }
+
+ public ExoPolicyProvisioner getPolicyProvisioner()
+ {
+ return policyProvisioner;
+ }
+
+ public void setPolicyProvisioner(ExoPolicyProvisioner policyProvisioner)
+ {
+ this.policyProvisioner = policyProvisioner;
+ }
+ //-----------------------------------------------------------------------------------------------------------------------------------------
+ public boolean checkCreatePortalAccess(org.exoplatform.services.security.Identity user) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ CreatePortal action = new CreatePortal();
+ EnforcementContext context = this.generateEnforcementContext(user, action.getName());
+
+ context.setAttribute("action", action);
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkReadAccess(org.exoplatform.services.security.Identity user, PortalConfig portal) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user, "portal://"+portal.getName());
+
+ context.setAttribute("action", new Read());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkWriteAccess(org.exoplatform.services.security.Identity user, PortalConfig portal) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user, "portal://"+portal.getName());
+
+ context.setAttribute("action", new Write());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkReadAccess(org.exoplatform.services.security.Identity user, PageNavigation nav) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user, "pagenav://"+nav.getDescription());
+
+ context.setAttribute("action", new Read());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkWriteAccess(org.exoplatform.services.security.Identity user, PageNavigation nav) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user, "pagenav://"+nav.getDescription());
+
+ context.setAttribute("action", new Write());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkReadAccess(org.exoplatform.services.security.Identity user, Page page) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user, "page://"+page.getName());
+
+ context.setAttribute("action", new Read());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkWriteAccess(org.exoplatform.services.security.Identity user, Page page) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user, "page://"+page.getName());
+
+ context.setAttribute("action", new Write());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+ //----------------------------------------------------------------------------------------------------------------------------------------------
+ private EnforcementContext generateEnforcementContext(org.exoplatform.services.security.Identity user,
+ String resourceUri) throws URISyntaxException
+ {
+ EnforcementContext context = new EnforcementContext();
+
+ // Create Resource
+ URIResource portalRes = new URIResource();
+ portalRes.setUri(new URI(resourceUri));
+ context.setAttribute("resource", portalRes);
+
+ if(user != null && user.getUserId() != null)
+ {
+ // Create Identity
+ Identity identity = new Identity();
+ identity.setName(user.getUserId());
+ context.setAttribute("identity", identity);
+
+ // Create Roles
+ Roles roles = new Roles();
+ Collection<MembershipEntry> memberships = user.getMemberships();
+ if (memberships != null && !memberships.isEmpty())
+ {
+ for (MembershipEntry membership : memberships)
+ {
+ roles.addName(membership.toString());
+ }
+ }
+
+ roles.addName("Everyone");
+ context.setAttribute("roles", roles);
+ }
+ else
+ {
+ Roles roles = new Roles();
+ // This is a guest user
+ //TODO: change this to something like whatever:guestGroup once custom Roles component is used
+ roles.addName("*:"+this.policyProvisioner.getGuestGroup());
+ roles.addName(Roles.ANONYMOUS);
+
+ roles.addName("Everyone");
+ context.setAttribute("roles", roles);
+ }
+
+ return context;
+ }
+}
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java 2009-07-31 22:55:19 UTC (rev 13649)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java 2009-08-01 15:10:09 UTC (rev 13650)
@@ -8,14 +8,13 @@
import org.exoplatform.test.BasicTestCase;
import org.exoplatform.portal.jboss.security.provisioning.ExoPolicyProvisioner;
+import org.exoplatform.portal.jboss.security.enforcement.ExoEnforcementPoint;
+import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.portal.config.model.PageNavigation;
+import org.exoplatform.portal.config.model.Page;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
import org.jboss.security.authz.bootstrap.ServiceContainer;
-
-
/**
* @author soshah
*
@@ -27,15 +26,15 @@
User root, administrator, manager, user, guest;
ExoPolicyProvisioner exoPolicyProvisioner;
- PolicyEnforcementPoint enforcer;
+ ExoEnforcementPoint exoEnforcementPoint;
+
protected void setUp() throws Exception
{
ServiceContainer.bootstrap();
-
- this.enforcer = (PolicyEnforcementPoint) ServiceContainer
- .lookup("/agent/LocalEnforcementPoint");
+
this.exoPolicyProvisioner = (ExoPolicyProvisioner)ServiceContainer.lookup("/exo/jboss/PolicyProvisioner");
+ this.exoEnforcementPoint = (ExoEnforcementPoint)ServiceContainer.lookup("/exo/jboss/PolicyEnforcementPoint");
this.root = new User(this.exoPolicyProvisioner.getSuperuser());
@@ -48,23 +47,124 @@
this.user = new User("user");
this.guest = new User(null);
- }
+ }
- protected void enforce(EnforcementContext enforcementContext, boolean mustBePermitted) throws Exception
+ protected void checkCreatePortalAccess(User user, boolean mustBePermitted) throws Exception
{
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
+ boolean access = this.exoEnforcementPoint.checkCreatePortalAccess(user.getIdentity());
- assertNotNull(response);
log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
+ log.info("Decision="+access);
if(mustBePermitted)
{
- assertTrue("Access must be granted!!!", response.isAccessGranted());
+ assertTrue("Access must be granted!!!", access);
}
else
{
- assertFalse("Access must be denied!!!", response.isAccessGranted());
+ assertFalse("Access must be denied!!!", access);
}
}
+
+ protected void checkReadAccess(User user, PortalConfig portal, boolean mustBePermitted) throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(), portal);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkWriteAccess(User user, PortalConfig portal, boolean mustBePermitted) throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(), portal);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkReadAccess(User user, PageNavigation nav, boolean mustBePermitted) throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(), nav);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkWriteAccess(User user, PageNavigation nav, boolean mustBePermitted) throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(), nav);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkReadAccess(User user, Page page, boolean mustBePermitted) throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(), page);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkWriteAccess(User user, Page page, boolean mustBePermitted) throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(), page);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
}
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java 2009-07-31 22:55:19 UTC (rev 13649)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java 2009-08-01 15:10:09 UTC (rev 13650)
@@ -40,19 +40,18 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page),
- false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page),
- false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, false);
}
public void testPageAccessibleByEveryone() throws Exception
@@ -70,19 +69,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page),
- false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page,false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page),
- true);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), true);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page,true);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageEditableByEveryone() throws Exception
@@ -101,17 +98,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), true);
- this.enforce(this.writePageEnforcementContext(this.manager, page), true);
- this.enforce(this.writePageEnforcementContext(this.user, page), true);
- this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, true);
+ this.checkWriteAccess(this.manager, page, true);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, true);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), true);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, true);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageAccessibleByGuests() throws Exception
@@ -129,17 +126,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageEditableByGuests() throws Exception
@@ -158,17 +155,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, true);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageAccessibleByEveryOneAndGuests() throws Exception
@@ -186,17 +183,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), true);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, true);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageAccessibleByGuestsOnly() throws Exception
@@ -214,17 +211,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageWithAccessPermission() throws Exception
@@ -241,17 +238,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, false);
//TODO: test with *:/manageable once wild card based custom Roles component is implemented
}
@@ -271,101 +268,18 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), true);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, true);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, false);
//TODO: test with *:/manageable once wild card based custom Roles component is implemented
- }
- // -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request
- * that is trying to "Read the Page Object". The EnforcementContext is
- * populated with "Security Components" whose state comes from the state of
- * the application for the incoming thread
- */
- private EnforcementContext readPageEnforcementContext(User user, Page page)
- throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = this.accessPageEnforcementContext(user, page);
-
- // Create Action
- context.setAttribute("action", new Read());
-
- return context;
- }
-
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request
- * that is trying to "Edit the Portal Object". The EnforcementContext is
- * populated with "Security Components" whose state comes from the state of
- * the application for the incoming thread
- */
- private EnforcementContext writePageEnforcementContext(User user, Page page)
- throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = this.accessPageEnforcementContext(user, page);
-
- // Create Action
- context.setAttribute("action", new Write());
-
- return context;
- }
-
- private EnforcementContext accessPageEnforcementContext(User user, Page page)
- throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Create Resource
- URIResource portalRes = new URIResource();
- portalRes.setUri(new URI("page://"+page.getName()));
- context.setAttribute("resource", portalRes);
-
- // Create Identity
- Identity identity = new Identity();
- if (user.getId() != null)
- {
- identity.setName(user.getId());
- context.setAttribute("identity", identity);
- }
-
- // Create Roles
- Roles roles = new Roles();
- Collection<MembershipEntry> memberships = user.getMemberships();
- if (memberships != null && !memberships.isEmpty())
- {
- for (MembershipEntry membership : memberships)
- {
- roles.addName(membership.toString());
- }
- }
- else
- {
- // Check to see if this is guest access
- if (user.getId() == null)
- {
- // This is a guest user
- //TODO: chage this to something like whatever:guestGroup once custom Roles component is used
- roles.addName("*:"+this.exoPolicyProvisioner.getGuestGroup());
-
- roles.addName(Roles.ANONYMOUS);
- }
- }
- roles.addName("Everyone");
- context.setAttribute("roles", roles);
-
- return context;
- }
+ }
}
Added: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java (rev 0)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java 2009-08-01 15:10:09 UTC (rev 13650)
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2003-2007 eXo Platform SAS.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Affero General Public License
+ * as published by the Free Software Foundation; either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see<http://www.gnu.org/licenses/>.
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+/**
+ * @author soshah
+ *
+ */
+public class TestJBossIntegrationCreatePortalACL extends JBossAbstractIntegrationTest
+{
+ public void testCreatePortal() throws Exception
+ {
+ // Generate an EnforcementContext to see if the superuser and administrator
+ // are allowed to create a Portal...Result: They should be
+ this.checkCreatePortalAccess(this.root, true);
+ this.checkCreatePortalAccess(this.administrator, true);
+
+ // Generate an EnforcementContext to see if a standard manager and a regular
+ // user are allowed to create a Portal..Result: They shouldn't be
+ this.checkCreatePortalAccess(this.manager, false);
+ this.checkCreatePortalAccess(this.user, false);
+ this.checkCreatePortalAccess(this.guest, false);
+ }
+}
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java 2009-07-31 22:55:19 UTC (rev 13649)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java 2009-08-01 15:10:09 UTC (rev 13650)
@@ -17,17 +17,8 @@
package org.exoplatform.portal.config.security.jboss;
import org.exoplatform.portal.config.model.PageNavigation;
-import java.util.Collection;
-import java.net.URI;
-
import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.services.security.MembershipEntry;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
/**
*
@@ -50,11 +41,11 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.manager, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+ this.checkWriteAccess(this.root, nav, true);
+ this.checkWriteAccess(this.administrator, nav, false);
+ this.checkWriteAccess(this.manager, nav, true);
+ this.checkWriteAccess(this.user, nav, false);
+ this.checkWriteAccess(this.guest, nav, false);
}
public void testNavEditByFooGroup() throws Exception
@@ -70,11 +61,11 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+ this.checkWriteAccess(this.root, nav, true);
+ this.checkWriteAccess(this.administrator, nav, false);
+ this.checkWriteAccess(this.manager, nav, false);
+ this.checkWriteAccess(this.user, nav, false);
+ this.checkWriteAccess(this.guest, nav, false);
}
public void testNavEditByUser() throws Exception
@@ -90,11 +81,11 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.user, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+ this.checkWriteAccess(this.root, nav, true);
+ this.checkWriteAccess(this.administrator, nav, false);
+ this.checkWriteAccess(this.manager, nav, false);
+ this.checkWriteAccess(this.user, nav, true);
+ this.checkWriteAccess(this.guest, nav, false);
}
public void testNavEditByGuest() throws Exception
@@ -110,62 +101,10 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.guest, nav), true);
- }
- // -----------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request that is trying to "Edit the Page Navigation Object". The EnforcementContext is populated with
- * "Security Components" whose state comes from the state of the application for the incoming thread
- */
- private EnforcementContext writePageNavEnforcementContext(User user, PageNavigation pageNavigation) throws Exception
- {
- //Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Create Resource
- URIResource portalRes = new URIResource();
- portalRes.setUri(new URI("pagenav://"+pageNavigation.getDescription()));
- context.setAttribute("resource", portalRes);
-
- // Create Identity
- Identity identity = new Identity();
- if(user.getId() != null)
- {
- identity.setName(user.getId());
- context.setAttribute("identity", identity);
- }
-
- //Create Roles
- Roles roles = new Roles();
- Collection<MembershipEntry> memberships = user.getMemberships();
- if (memberships != null && !memberships.isEmpty())
- {
- for (MembershipEntry membership : memberships)
- {
- roles.addName(membership.toString());
- }
- }
- else
- {
- // Check to see if this is guest access
- if (user.getId() == null)
- {
- // This is a guest user
- //TODO: chage this to something like whatever:guestGroup once custom Roles component is used
- roles.addName("*:"+this.exoPolicyProvisioner.getGuestGroup());
-
- roles.addName(Roles.ANONYMOUS);
- }
- }
- roles.addName("Everyone");
- context.setAttribute("roles", roles);
-
- context.setAttribute("action", new Write());
-
- return context;
- }
+ this.checkWriteAccess(this.root, nav, true);
+ this.checkWriteAccess(this.administrator, nav, false);
+ this.checkWriteAccess(this.manager, nav, false);
+ this.checkWriteAccess(this.user, nav, false);
+ this.checkWriteAccess(this.guest, nav, true);
+ }
}
\ No newline at end of file
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java 2009-07-31 22:55:19 UTC (rev 13649)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java 2009-08-01 15:10:09 UTC (rev 13650)
@@ -3,17 +3,7 @@
*/
package org.exoplatform.portal.config.security.jboss;
-import java.net.URI;
-import java.util.Collection;
-
import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.services.security.MembershipEntry;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.components.action.Read;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.subject.Roles;
/**
* @author soshah
@@ -32,21 +22,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.manager, portal),
- false);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal,false);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, false);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this
- .enforce(this.readPortalEnforcementContext(this.manager, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, false);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, false);
}
public void testPortalOnlyReadAccess() throws Exception
@@ -61,20 +47,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.manager, portal),
- false);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal,false);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, false);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, true);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, false);
}
public void testPortalEditableAndReadImplied() throws Exception
@@ -89,20 +72,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this
- .enforce(this.writePortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal, true);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, false);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, true);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, false);
}
public void testPortalReadAndEditableExplicit() throws Exception
@@ -118,20 +98,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this
- .enforce(this.writePortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal, true);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, false);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, true);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, false);
}
public void testGuestAllowedEdit() throws Exception
@@ -146,103 +123,16 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this
- .enforce(this.writePortalEnforcementContext(this.manager, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), true);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal, false);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, true);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), true);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, false);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, true);
}
- //----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request
- * that is trying to "Read the Portal Object". The EnforcementContext is
- * populated with "Security Components" whose state comes from the state of
- * the application for the incoming thread
- */
- private EnforcementContext readPortalEnforcementContext(User user,
- PortalConfig portal) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = this.accessPortalEnforcementContext(user,
- portal);
-
- // Create Action
- context.setAttribute("action", new Read());
-
- return context;
- }
-
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request
- * that is trying to "Edit the Portal Object". The EnforcementContext is
- * populated with "Security Components" whose state comes from the state of
- * the application for the incoming thread
- */
- private EnforcementContext writePortalEnforcementContext(User user,
- PortalConfig portal) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = this.accessPortalEnforcementContext(user,
- portal);
-
- // Create Action
- context.setAttribute("action", new Write());
-
- return context;
- }
-
- private EnforcementContext accessPortalEnforcementContext(User user,
- PortalConfig portal) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Create Resource
- URIResource portalRes = new URIResource();
- portalRes.setUri(new URI("portal://"+portal.getName()));
- context.setAttribute("resource", portalRes);
-
- // Create Identity
- Identity identity = new Identity();
- if (user.getId() != null)
- {
- identity.setName(user.getId());
- context.setAttribute("identity", identity);
- }
-
- // Create Roles
- Roles roles = new Roles();
- Collection<MembershipEntry> memberships = user.getMemberships();
- if (memberships != null && !memberships.isEmpty())
- {
- for (MembershipEntry membership : memberships)
- {
- roles.addName(membership.toString());
- }
- }
- else
- {
- // Check to see if this is guest access
- if (user.getId() == null)
- {
- // This is a guest user
- //TODO: chage this to something like whatever:guestGroup once custom Roles component is used
- roles.addName("*:"+this.exoPolicyProvisioner.getGuestGroup());
- roles.addName(Roles.ANONYMOUS);
- }
- }
- roles.addName("Everyone");
- context.setAttribute("roles", roles);
-
- return context;
- }
}
Modified: jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java
===================================================================
--- jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java 2009-07-31 22:55:19 UTC (rev 13649)
+++ jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java 2009-08-01 15:10:09 UTC (rev 13650)
@@ -34,6 +34,11 @@
identity = null;
}
}
+
+ public Identity getIdentity()
+ {
+ return this.identity;
+ }
public String getId()
{
14 years, 10 months
- 1
- 0