5:28 a.m.
Author: thomas.heute(a)jboss.com
Date: 2008-06-26 06:28:42 -0400 (Thu, 26 Jun 2008)
New Revision: 11156
Modified:
branches/JBoss_Portal_Branch_2_7/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
branches/JBoss_Portal_Branch_2_7/cms/src/main/org/jboss/portal/cms/security/AuthorizationManagerImpl.java
Log:
Enable extensibility
Modified:
branches/JBoss_Portal_Branch_2_7/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2008-06-26
10:27:56 UTC (rev 11155)
+++
branches/JBoss_Portal_Branch_2_7/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2008-06-26
10:28:42 UTC (rev 11156)
@@ -34,9 +34,11 @@
import java.util.ArrayList;
import java.util.Collection;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
@@ -48,21 +50,14 @@
*/
public class ACLEnforcer
{
- private Collection readCommands = new ArrayList(); //a list of commands that perform
read action on the cms
- private Collection writeCommands = new ArrayList();//a list of commands that perform
write action on the cms
- private Collection manageCommands = new ArrayList();//a list of commands that perform
manage action on the cms
+ public static enum Type { READ, WRITE, MANAGE, UNKNOWN };
+
+ private Map<Type, List<String>> aclCommands = new HashMap<Type,
List<String>>();
- private static final int read = 0;
- private static final int write = 1;
- private static final int manage = 2;
-// private static final int manageWorkflow = 3;
-
private AuthorizationManager authorizationManager = null;
-
/**
*
- *
*/
public ACLEnforcer(AuthorizationManager authorizationManager)
{
@@ -72,28 +67,49 @@
String packageName = "org.jboss.portal.cms.impl.jcr.command.";
//load the read related commands
- readCommands.add(packageName + "FolderGetListCommand");
- readCommands.add(packageName + "FolderGetCommand");
- readCommands.add(packageName + "FileGetListCommand");
- readCommands.add(packageName + "FileGetCommand");
+ addACLCommand(Type.READ, packageName + "FolderGetListCommand");
+ addACLCommand(Type.READ, packageName + "FolderGetCommand");
+ addACLCommand(Type.READ, packageName + "FileGetListCommand");
+ addACLCommand(Type.READ, packageName + "FileGetCommand");
//load the write related commands
- writeCommands.add(packageName + "ContentCreateCommand");
- writeCommands.add(packageName + "FileCreateCommand");
- writeCommands.add(packageName + "FolderCreateCommand");
- writeCommands.add(packageName + "FileUpdateCommand");
- writeCommands.add(packageName + "StoreArchiveCommand");
-
writeCommands.add("org.jboss.portal.cms.impl.jcr.composite.NewFileCommand");
-
writeCommands.add("org.jboss.portal.cms.impl.jcr.composite.UpdateFileCommand");
+ addACLCommand(Type.WRITE, packageName + "ContentCreateCommand");
+ addACLCommand(Type.WRITE, packageName + "FileCreateCommand");
+ addACLCommand(Type.WRITE, packageName + "FolderCreateCommand");
+ addACLCommand(Type.WRITE, packageName + "FileUpdateCommand");
+ addACLCommand(Type.WRITE, packageName + "StoreArchiveCommand");
+ addACLCommand(Type.WRITE,
"org.jboss.portal.cms.impl.jcr.composite.NewFileCommand");
+ addACLCommand(Type.WRITE,
"org.jboss.portal.cms.impl.jcr.composite.UpdateFileCommand");
//load the manage related commands
- manageCommands.add(packageName + "CopyCommand");
- manageCommands.add(packageName + "DeleteCommand");
- manageCommands.add(packageName + "MoveCommand");
+ addACLCommand(Type.MANAGE, packageName + "CopyCommand");
+ addACLCommand(Type.MANAGE, packageName + "DeleteCommand");
+ addACLCommand(Type.MANAGE, packageName + "MoveCommand");
}
-
/**
+ * Add a command to check for security control
+ *
+ * @param commandClassName The fully qualified name of the command
+ */
+ protected void addACLCommand(Type type, String commandClassName)
+ {
+ if (type == null || type == Type.UNKNOWN)
+ {
+ throw new IllegalArgumentException("Type cannot be null or of type
UNKNOWN");
+ }
+
+ List<String> commands = aclCommands.get(type);
+ if (commands == null)
+ {
+ commands = new ArrayList<String>();
+ }
+ commands.add(commandClassName);
+ aclCommands.put(type, commands);
+ }
+
+
+ /**
* @param securityContext
* @return
*/
@@ -104,23 +120,23 @@
JCRCommand command =
(JCRCommand)cmsSecurityContext.getAttribute("command");
//get the action code of the action being protected
- int actionCode = -1;
+ Type actionType = Type.UNKNOWN;
if (command != null)
{
- actionCode = this.getActionCode(command);
+ actionType = this.getActionType(command);
}
- switch (actionCode)
+ switch (actionType)
{
- case read:
+ case READ:
hasAccess = this.hasReadAccess(loggedInUser, command);
break;
- case write:
+ case WRITE:
hasAccess = this.hasWriteAccess(loggedInUser, command);
break;
- case manage:
+ case MANAGE:
hasAccess = this.hasManageAccess(loggedInUser, command);
break;
@@ -154,23 +170,17 @@
* @param command
* @return
*/
- private int getActionCode(JCRCommand command)
+ private Type getActionType(JCRCommand command)
{
- int actionCode = -1;
-
- if (this.readCommands.contains(command.getClass().getName()))
+ for (Type type: Type.values())
{
- actionCode = read;
+ List<String> commands = aclCommands.get(type);
+ if (commands != null &&
commands.contains(command.getClass().getName()))
+ {
+ return type;
+ }
}
- else if (this.writeCommands.contains(command.getClass().getName()))
- {
- actionCode = write;
- }
- else if (this.manageCommands.contains(command.getClass().getName()))
- {
- actionCode = manage;
- }
- return actionCode;
+ return Type.UNKNOWN;
}
//---------------------------------------------------------------------------------------------------------------------------------------
Modified:
branches/JBoss_Portal_Branch_2_7/cms/src/main/org/jboss/portal/cms/security/AuthorizationManagerImpl.java
===================================================================
---
branches/JBoss_Portal_Branch_2_7/cms/src/main/org/jboss/portal/cms/security/AuthorizationManagerImpl.java 2008-06-26
10:27:56 UTC (rev 11155)
+++
branches/JBoss_Portal_Branch_2_7/cms/src/main/org/jboss/portal/cms/security/AuthorizationManagerImpl.java 2008-06-26
10:28:42 UTC (rev 11156)
@@ -93,7 +93,7 @@
}
//initialize the authorization/policy enforcer
- enforcer = new ACLEnforcer(this);
+ setEnforcer(new ACLEnforcer(this));
}
//---PortalAuthorizationManagerFactory
implementation-----------------------------------------------
@@ -121,4 +121,9 @@
{
return this.checkPermission(permission);
}
+
+ protected void setEnforcer(ACLEnforcer enforcer)
+ {
+ this.enforcer = enforcer;
+ }
}