Author: sohil.shah(a)jboss.com
Date: 2009-08-01 11:10:09 -0400 (Sat, 01 Aug 2009)
New Revision: 13650
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java
Log:
Enforcement Phase integration
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml 2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/META-INF/authz-config.xml 2009-08-01
15:10:09 UTC (rev 13650)
@@ -22,4 +22,13 @@
<property name="guestGroup">/platform/guests</property>
<property
name="navigationCreatorMembershipType">manager</property>
</bean>
+
+ <bean name="/exo/jboss/PolicyEnforcementPoint"
class="org.exoplatform.portal.jboss.security.enforcement.ExoEnforcementPoint">
+ <property name="enforcer">
+ <inject bean="/agent/LocalEnforcementPoint"/>
+ </property>
+ <property name="policyProvisioner">
+ <inject bean="/exo/jboss/PolicyProvisioner"/>
+ </property>
+ </bean>
</deployment>
\ No newline at end of file
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java
(rev 0)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/enforcement/ExoEnforcementPoint.java 2009-08-01
15:10:09 UTC (rev 13650)
@@ -0,0 +1,268 @@
+/**
+ *
+ */
+package org.exoplatform.portal.jboss.security.enforcement;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Collection;
+
+import org.apache.log4j.Logger;
+
+import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.portal.config.model.PageNavigation;
+import org.exoplatform.portal.config.model.Page;
+import org.exoplatform.services.security.MembershipEntry;
+import org.exoplatform.portal.jboss.security.components.CreatePortal;
+import org.exoplatform.portal.jboss.security.provisioning.ExoPolicyProvisioner;
+
+import org.jboss.security.authz.agent.enforcement.EnforcementContext;
+import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
+import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
+import org.jboss.security.authz.agent.enforcement.EnforcementException;
+import org.jboss.security.authz.components.resource.URIResource;
+import org.jboss.security.authz.components.action.Read;
+import org.jboss.security.authz.components.action.Write;
+import org.jboss.security.authz.components.subject.Identity;
+import org.jboss.security.authz.components.subject.Roles;
+
+/**
+ * This EnforcementPoint is ok for the first phase of integration. This can be made much
more flexible and much more decoupled from
+ * any direct knowledge of the Resource and Action Security Components. This clean
decoupling is possible with an interceptor approach
+ *
+ * This will do the job and then more later
+ *
+ * @author soshah
+ *
+ */
+public class ExoEnforcementPoint
+{
+ private static Logger log = Logger.getLogger(ExoEnforcementPoint.class);
+
+ private PolicyEnforcementPoint enforcer;
+ private ExoPolicyProvisioner policyProvisioner;
+
+ public ExoEnforcementPoint()
+ {
+
+ }
+
+ public void start()
+ {
+ log.debug("----------------------------------------------------------------");
+ log.debug("Exo-JBoss Policy Enforcement Point successfully
started..............."+this.enforcer);
+ log.debug("----------------------------------------------------------------");
+ }
+
+ public void stop()
+ {
+
+ }
+
+ public PolicyEnforcementPoint getEnforcer()
+ {
+ return enforcer;
+ }
+
+ public void setEnforcer(PolicyEnforcementPoint enforcer)
+ {
+ this.enforcer = enforcer;
+ }
+
+ public ExoPolicyProvisioner getPolicyProvisioner()
+ {
+ return policyProvisioner;
+ }
+
+ public void setPolicyProvisioner(ExoPolicyProvisioner policyProvisioner)
+ {
+ this.policyProvisioner = policyProvisioner;
+ }
+ //-----------------------------------------------------------------------------------------------------------------------------------------
+ public boolean checkCreatePortalAccess(org.exoplatform.services.security.Identity user)
throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ CreatePortal action = new CreatePortal();
+ EnforcementContext context = this.generateEnforcementContext(user, action.getName());
+
+ context.setAttribute("action", action);
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkReadAccess(org.exoplatform.services.security.Identity user,
PortalConfig portal) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user,
"portal://"+portal.getName());
+
+ context.setAttribute("action", new Read());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkWriteAccess(org.exoplatform.services.security.Identity user,
PortalConfig portal) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user,
"portal://"+portal.getName());
+
+ context.setAttribute("action", new Write());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkReadAccess(org.exoplatform.services.security.Identity user,
PageNavigation nav) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user,
"pagenav://"+nav.getDescription());
+
+ context.setAttribute("action", new Read());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkWriteAccess(org.exoplatform.services.security.Identity user,
PageNavigation nav) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user,
"pagenav://"+nav.getDescription());
+
+ context.setAttribute("action", new Write());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkReadAccess(org.exoplatform.services.security.Identity user, Page
page) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user,
"page://"+page.getName());
+
+ context.setAttribute("action", new Read());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+
+ public boolean checkWriteAccess(org.exoplatform.services.security.Identity user, Page
page) throws EnforcementException
+ {
+ try
+ {
+ // Create an EnforcementContext
+ EnforcementContext context = this.generateEnforcementContext(user,
"page://"+page.getName());
+
+ context.setAttribute("action", new Write());
+
+ //Perform the access check and assert the response
+ EnforcementResponse response = this.enforcer.checkAccess(context);
+
+ return response.isAccessGranted();
+ }
+ catch(URISyntaxException uriexception)
+ {
+ throw new EnforcementException(uriexception);
+ }
+ }
+ //----------------------------------------------------------------------------------------------------------------------------------------------
+ private EnforcementContext
generateEnforcementContext(org.exoplatform.services.security.Identity user,
+ String resourceUri) throws URISyntaxException
+ {
+ EnforcementContext context = new EnforcementContext();
+
+ // Create Resource
+ URIResource portalRes = new URIResource();
+ portalRes.setUri(new URI(resourceUri));
+ context.setAttribute("resource", portalRes);
+
+ if(user != null && user.getUserId() != null)
+ {
+ // Create Identity
+ Identity identity = new Identity();
+ identity.setName(user.getUserId());
+ context.setAttribute("identity", identity);
+
+ // Create Roles
+ Roles roles = new Roles();
+ Collection<MembershipEntry> memberships = user.getMemberships();
+ if (memberships != null && !memberships.isEmpty())
+ {
+ for (MembershipEntry membership : memberships)
+ {
+ roles.addName(membership.toString());
+ }
+ }
+
+ roles.addName("Everyone");
+ context.setAttribute("roles", roles);
+ }
+ else
+ {
+ Roles roles = new Roles();
+ // This is a guest user
+ //TODO: change this to something like whatever:guestGroup once custom Roles component
is used
+ roles.addName("*:"+this.policyProvisioner.getGuestGroup());
+ roles.addName(Roles.ANONYMOUS);
+
+ roles.addName("Everyone");
+ context.setAttribute("roles", roles);
+ }
+
+ return context;
+ }
+}
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java 2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractIntegrationTest.java 2009-08-01
15:10:09 UTC (rev 13650)
@@ -8,14 +8,13 @@
import org.exoplatform.test.BasicTestCase;
import org.exoplatform.portal.jboss.security.provisioning.ExoPolicyProvisioner;
+import org.exoplatform.portal.jboss.security.enforcement.ExoEnforcementPoint;
+import org.exoplatform.portal.config.model.PortalConfig;
+import org.exoplatform.portal.config.model.PageNavigation;
+import org.exoplatform.portal.config.model.Page;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
import org.jboss.security.authz.bootstrap.ServiceContainer;
-
-
/**
* @author soshah
*
@@ -27,15 +26,15 @@
User root, administrator, manager, user, guest;
ExoPolicyProvisioner exoPolicyProvisioner;
- PolicyEnforcementPoint enforcer;
+ ExoEnforcementPoint exoEnforcementPoint;
+
protected void setUp() throws Exception
{
ServiceContainer.bootstrap();
-
- this.enforcer = (PolicyEnforcementPoint) ServiceContainer
- .lookup("/agent/LocalEnforcementPoint");
+
this.exoPolicyProvisioner =
(ExoPolicyProvisioner)ServiceContainer.lookup("/exo/jboss/PolicyProvisioner");
+ this.exoEnforcementPoint =
(ExoEnforcementPoint)ServiceContainer.lookup("/exo/jboss/PolicyEnforcementPoint");
this.root = new User(this.exoPolicyProvisioner.getSuperuser());
@@ -48,23 +47,124 @@
this.user = new User("user");
this.guest = new User(null);
- }
+ }
- protected void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
+ protected void checkCreatePortalAccess(User user, boolean mustBePermitted) throws
Exception
{
- EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
+ boolean access =
this.exoEnforcementPoint.checkCreatePortalAccess(user.getIdentity());
- assertNotNull(response);
log.info("-----------------------------------");
- log.info("Decision="+response.getMessage());
+ log.info("Decision="+access);
if(mustBePermitted)
{
- assertTrue("Access must be granted!!!", response.isAccessGranted());
+ assertTrue("Access must be granted!!!", access);
}
else
{
- assertFalse("Access must be denied!!!", response.isAccessGranted());
+ assertFalse("Access must be denied!!!", access);
}
}
+
+ protected void checkReadAccess(User user, PortalConfig portal, boolean mustBePermitted)
throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(),
portal);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkWriteAccess(User user, PortalConfig portal, boolean mustBePermitted)
throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(),
portal);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkReadAccess(User user, PageNavigation nav, boolean mustBePermitted)
throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(), nav);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkWriteAccess(User user, PageNavigation nav, boolean mustBePermitted)
throws Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(),
nav);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkReadAccess(User user, Page page, boolean mustBePermitted) throws
Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkReadAccess(user.getIdentity(),
page);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
+
+ protected void checkWriteAccess(User user, Page page, boolean mustBePermitted) throws
Exception
+ {
+ boolean access = this.exoEnforcementPoint.checkWriteAccess(user.getIdentity(),
page);
+
+ log.info("-----------------------------------");
+ log.info("Decision="+access);
+
+ if(mustBePermitted)
+ {
+ assertTrue("Access must be granted!!!", access);
+ }
+ else
+ {
+ assertFalse("Access must be denied!!!", access);
+ }
+ }
}
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java 2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossIntegrationSharedPageACL.java 2009-08-01
15:10:09 UTC (rev 13650)
@@ -40,19 +40,18 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page),
- false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page),
- false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, false);
}
public void testPageAccessibleByEveryone() throws Exception
@@ -70,19 +69,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page),
- false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page,false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page),
- true);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), true);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page,true);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageEditableByEveryone() throws Exception
@@ -101,17 +98,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), true);
- this.enforce(this.writePageEnforcementContext(this.manager, page), true);
- this.enforce(this.writePageEnforcementContext(this.user, page), true);
- this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, true);
+ this.checkWriteAccess(this.manager, page, true);
+ this.checkWriteAccess(this.user, page, true);
+ this.checkWriteAccess(this.guest, page, true);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), true);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, true);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageAccessibleByGuests() throws Exception
@@ -129,17 +126,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageEditableByGuests() throws Exception
@@ -158,17 +155,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), true);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, true);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageAccessibleByEveryOneAndGuests() throws Exception
@@ -186,17 +183,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), true);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), true);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, true);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, true);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageAccessibleByGuestsOnly() throws Exception
@@ -214,17 +211,17 @@
this.exoPolicyProvisioner.debug();
// Assert
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), false);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), true);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
public void testPageWithAccessPermission() throws Exception
@@ -241,17 +238,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), false);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, false);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, false);
//TODO: test with *:/manageable once wild card based custom Roles component is
implemented
}
@@ -271,101 +268,18 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageEnforcementContext(this.root, page), true);
- this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
- this.enforce(this.writePageEnforcementContext(this.manager, page), true);
- this.enforce(this.writePageEnforcementContext(this.user, page), false);
- this.enforce(this.writePageEnforcementContext(this.guest, page), false);
+ this.checkWriteAccess(this.root, page, true);
+ this.checkWriteAccess(this.administrator, page, false);
+ this.checkWriteAccess(this.manager, page, true);
+ this.checkWriteAccess(this.user, page, false);
+ this.checkWriteAccess(this.guest, page, false);
- this.enforce(this.readPageEnforcementContext(this.root, page), true);
- this.enforce(this.readPageEnforcementContext(this.administrator, page), false);
- this.enforce(this.readPageEnforcementContext(this.manager, page), true);
- this.enforce(this.readPageEnforcementContext(this.user, page), false);
- this.enforce(this.readPageEnforcementContext(this.guest, page), false);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, false);
+ this.checkReadAccess(this.manager, page, true);
+ this.checkReadAccess(this.user, page, false);
+ this.checkReadAccess(this.guest, page, false);
//TODO: test with *:/manageable once wild card based custom Roles component is
implemented
- }
- //
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request
- * that is trying to "Read the Page Object". The EnforcementContext is
- * populated with "Security Components" whose state comes from the state of
- * the application for the incoming thread
- */
- private EnforcementContext readPageEnforcementContext(User user, Page page)
- throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = this.accessPageEnforcementContext(user, page);
-
- // Create Action
- context.setAttribute("action", new Read());
-
- return context;
- }
-
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request
- * that is trying to "Edit the Portal Object". The EnforcementContext is
- * populated with "Security Components" whose state comes from the state of
- * the application for the incoming thread
- */
- private EnforcementContext writePageEnforcementContext(User user, Page page)
- throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = this.accessPageEnforcementContext(user, page);
-
- // Create Action
- context.setAttribute("action", new Write());
-
- return context;
- }
-
- private EnforcementContext accessPageEnforcementContext(User user, Page page)
- throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Create Resource
- URIResource portalRes = new URIResource();
- portalRes.setUri(new URI("page://"+page.getName()));
- context.setAttribute("resource", portalRes);
-
- // Create Identity
- Identity identity = new Identity();
- if (user.getId() != null)
- {
- identity.setName(user.getId());
- context.setAttribute("identity", identity);
- }
-
- // Create Roles
- Roles roles = new Roles();
- Collection<MembershipEntry> memberships = user.getMemberships();
- if (memberships != null && !memberships.isEmpty())
- {
- for (MembershipEntry membership : memberships)
- {
- roles.addName(membership.toString());
- }
- }
- else
- {
- // Check to see if this is guest access
- if (user.getId() == null)
- {
- // This is a guest user
- //TODO: chage this to something like whatever:guestGroup once custom Roles component
is used
- roles.addName("*:"+this.exoPolicyProvisioner.getGuestGroup());
-
- roles.addName(Roles.ANONYMOUS);
- }
- }
- roles.addName("Everyone");
- context.setAttribute("roles", roles);
-
- return context;
- }
+ }
}
Added:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java
(rev 0)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationCreatePortalACL.java 2009-08-01
15:10:09 UTC (rev 13650)
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2003-2007 eXo Platform SAS.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Affero General Public License
+ * as published by the Free Software Foundation; either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not,
see<http://www.gnu.org/licenses/>.
+ */
+package org.exoplatform.portal.config.security.jboss;
+
+/**
+ * @author soshah
+ *
+ */
+public class TestJBossIntegrationCreatePortalACL extends JBossAbstractIntegrationTest
+{
+ public void testCreatePortal() throws Exception
+ {
+ // Generate an EnforcementContext to see if the superuser and administrator
+ // are allowed to create a Portal...Result: They should be
+ this.checkCreatePortalAccess(this.root, true);
+ this.checkCreatePortalAccess(this.administrator, true);
+
+ // Generate an EnforcementContext to see if a standard manager and a regular
+ // user are allowed to create a Portal..Result: They shouldn't be
+ this.checkCreatePortalAccess(this.manager, false);
+ this.checkCreatePortalAccess(this.user, false);
+ this.checkCreatePortalAccess(this.guest, false);
+ }
+}
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java 2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPageNavACL.java 2009-08-01
15:10:09 UTC (rev 13650)
@@ -17,17 +17,8 @@
package org.exoplatform.portal.config.security.jboss;
import org.exoplatform.portal.config.model.PageNavigation;
-import java.util.Collection;
-import java.net.URI;
-
import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.services.security.MembershipEntry;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.subject.Roles;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
/**
*
@@ -50,11 +41,11 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.manager, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+ this.checkWriteAccess(this.root, nav, true);
+ this.checkWriteAccess(this.administrator, nav, false);
+ this.checkWriteAccess(this.manager, nav, true);
+ this.checkWriteAccess(this.user, nav, false);
+ this.checkWriteAccess(this.guest, nav, false);
}
public void testNavEditByFooGroup() throws Exception
@@ -70,11 +61,11 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+ this.checkWriteAccess(this.root, nav, true);
+ this.checkWriteAccess(this.administrator, nav, false);
+ this.checkWriteAccess(this.manager, nav, false);
+ this.checkWriteAccess(this.user, nav, false);
+ this.checkWriteAccess(this.guest, nav, false);
}
public void testNavEditByUser() throws Exception
@@ -90,11 +81,11 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.user, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
+ this.checkWriteAccess(this.root, nav, true);
+ this.checkWriteAccess(this.administrator, nav, false);
+ this.checkWriteAccess(this.manager, nav, false);
+ this.checkWriteAccess(this.user, nav, true);
+ this.checkWriteAccess(this.guest, nav, false);
}
public void testNavEditByGuest() throws Exception
@@ -110,62 +101,10 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
- this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
- this.enforce(this.writePageNavEnforcementContext(this.guest, nav), true);
- }
- //
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request that is
trying to "Edit the Page Navigation Object". The EnforcementContext is populated
with
- * "Security Components" whose state comes from the state of the application
for the incoming thread
- */
- private EnforcementContext writePageNavEnforcementContext(User user, PageNavigation
pageNavigation) throws Exception
- {
- //Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Create Resource
- URIResource portalRes = new URIResource();
- portalRes.setUri(new URI("pagenav://"+pageNavigation.getDescription()));
- context.setAttribute("resource", portalRes);
-
- // Create Identity
- Identity identity = new Identity();
- if(user.getId() != null)
- {
- identity.setName(user.getId());
- context.setAttribute("identity", identity);
- }
-
- //Create Roles
- Roles roles = new Roles();
- Collection<MembershipEntry> memberships = user.getMemberships();
- if (memberships != null && !memberships.isEmpty())
- {
- for (MembershipEntry membership : memberships)
- {
- roles.addName(membership.toString());
- }
- }
- else
- {
- // Check to see if this is guest access
- if (user.getId() == null)
- {
- // This is a guest user
- //TODO: chage this to something like whatever:guestGroup once custom Roles component
is used
- roles.addName("*:"+this.exoPolicyProvisioner.getGuestGroup());
-
- roles.addName(Roles.ANONYMOUS);
- }
- }
- roles.addName("Everyone");
- context.setAttribute("roles", roles);
-
- context.setAttribute("action", new Write());
-
- return context;
- }
+ this.checkWriteAccess(this.root, nav, true);
+ this.checkWriteAccess(this.administrator, nav, false);
+ this.checkWriteAccess(this.manager, nav, false);
+ this.checkWriteAccess(this.user, nav, false);
+ this.checkWriteAccess(this.guest, nav, true);
+ }
}
\ No newline at end of file
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java 2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossIntegrationPortalConfigACL.java 2009-08-01
15:10:09 UTC (rev 13650)
@@ -3,17 +3,7 @@
*/
package org.exoplatform.portal.config.security.jboss;
-import java.net.URI;
-import java.util.Collection;
-
import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.services.security.MembershipEntry;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.components.action.Read;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.subject.Roles;
/**
* @author soshah
@@ -32,21 +22,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.manager, portal),
- false);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal,false);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, false);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this
- .enforce(this.readPortalEnforcementContext(this.manager, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, false);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, false);
}
public void testPortalOnlyReadAccess() throws Exception
@@ -61,20 +47,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.manager, portal),
- false);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal,false);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, false);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, true);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, false);
}
public void testPortalEditableAndReadImplied() throws Exception
@@ -89,20 +72,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this
- .enforce(this.writePortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal, true);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, false);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, true);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, false);
}
public void testPortalReadAndEditableExplicit() throws Exception
@@ -118,20 +98,17 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this
- .enforce(this.writePortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal, true);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, false);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, true);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, false);
}
public void testGuestAllowedEdit() throws Exception
@@ -146,103 +123,16 @@
//Debug
this.exoPolicyProvisioner.debug();
- this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
- this.enforce(
- this.writePortalEnforcementContext(this.administrator, portal), false);
- this
- .enforce(this.writePortalEnforcementContext(this.manager, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
- this.enforce(this.writePortalEnforcementContext(this.guest, portal), true);
+ this.checkWriteAccess(this.root, portal, true);
+ this.checkWriteAccess(this.administrator, portal, false);
+ this.checkWriteAccess(this.manager, portal, false);
+ this.checkWriteAccess(this.user, portal, false);
+ this.checkWriteAccess(this.guest, portal, true);
- this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
- this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
- false);
- this.enforce(this.readPortalEnforcementContext(this.manager, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
- this.enforce(this.readPortalEnforcementContext(this.guest, portal), true);
+ this.checkReadAccess(this.root, portal, true);
+ this.checkReadAccess(this.administrator, portal,false);
+ this.checkReadAccess(this.manager, portal, false);
+ this.checkReadAccess(this.user, portal, false);
+ this.checkReadAccess(this.guest, portal, true);
}
- //----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request
- * that is trying to "Read the Portal Object". The EnforcementContext is
- * populated with "Security Components" whose state comes from the state of
- * the application for the incoming thread
- */
- private EnforcementContext readPortalEnforcementContext(User user,
- PortalConfig portal) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = this.accessPortalEnforcementContext(user,
- portal);
-
- // Create Action
- context.setAttribute("action", new Read());
-
- return context;
- }
-
- /**
- * Enforcement Phase: Creates an EnforcementContext for an incoming request
- * that is trying to "Edit the Portal Object". The EnforcementContext is
- * populated with "Security Components" whose state comes from the state of
- * the application for the incoming thread
- */
- private EnforcementContext writePortalEnforcementContext(User user,
- PortalConfig portal) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = this.accessPortalEnforcementContext(user,
- portal);
-
- // Create Action
- context.setAttribute("action", new Write());
-
- return context;
- }
-
- private EnforcementContext accessPortalEnforcementContext(User user,
- PortalConfig portal) throws Exception
- {
- // Create an EnforcementContext
- EnforcementContext context = new EnforcementContext();
-
- // Create Resource
- URIResource portalRes = new URIResource();
- portalRes.setUri(new URI("portal://"+portal.getName()));
- context.setAttribute("resource", portalRes);
-
- // Create Identity
- Identity identity = new Identity();
- if (user.getId() != null)
- {
- identity.setName(user.getId());
- context.setAttribute("identity", identity);
- }
-
- // Create Roles
- Roles roles = new Roles();
- Collection<MembershipEntry> memberships = user.getMemberships();
- if (memberships != null && !memberships.isEmpty())
- {
- for (MembershipEntry membership : memberships)
- {
- roles.addName(membership.toString());
- }
- }
- else
- {
- // Check to see if this is guest access
- if (user.getId() == null)
- {
- // This is a guest user
- //TODO: chage this to something like whatever:guestGroup once custom Roles component
is used
- roles.addName("*:"+this.exoPolicyProvisioner.getGuestGroup());
- roles.addName(Roles.ANONYMOUS);
- }
- }
- roles.addName("Everyone");
- context.setAttribute("roles", roles);
-
- return context;
- }
}
Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java 2009-07-31
22:55:19 UTC (rev 13649)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/User.java 2009-08-01
15:10:09 UTC (rev 13650)
@@ -34,6 +34,11 @@
identity = null;
}
}
+
+ public Identity getIdentity()
+ {
+ return this.identity;
+ }
public String getId()
{