Author: julien(a)jboss.com
Date: 2006-11-23 17:49:44 -0500 (Thu, 23 Nov 2006)
New Revision: 5719
Added:
trunk/core/src/main/org/jboss/portal/core/impl/model/CustomizationManagerService.java
trunk/core/src/main/org/jboss/portal/core/model/CustomizationManager.java
Modified:
trunk/core/src/main/org/jboss/portal/core/controller/Controller.java
trunk/core/src/main/org/jboss/portal/core/controller/command/SignOutCommand.java
trunk/core/src/main/org/jboss/portal/core/model/portal/command/PortalObjectCommand.java
trunk/core/src/main/org/jboss/portal/core/model/portal/command/WindowCommand.java
trunk/core/src/main/org/jboss/portal/core/portlet/management/PortalObjectManagerBean.java
trunk/core/src/resources/portal-core-sar/META-INF/jboss-service.xml
trunk/security/src/main/org/jboss/portal/security/PortalPermissionCollection.java
trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManager.java
trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalPermissionCollection.java
trunk/security/src/main/org/jboss/portal/security/spi/auth/PortalAuthorizationManager.java
Log:
- encapsulate customization of instance based on the user + window in an interface
- fix signout bug
- add explicit Subject checking in portal security
- add dashboard permission in portal object manager bean
Modified: trunk/core/src/main/org/jboss/portal/core/controller/Controller.java
===================================================================
--- trunk/core/src/main/org/jboss/portal/core/controller/Controller.java 2006-11-23
21:53:43 UTC (rev 5718)
+++ trunk/core/src/main/org/jboss/portal/core/controller/Controller.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -27,6 +27,7 @@
import org.jboss.portal.core.controller.command.mapper.URLFactory;
import org.jboss.portal.core.model.portal.PortalObjectContainer;
import org.jboss.portal.core.model.instance.InstanceContainer;
+import org.jboss.portal.core.model.CustomizationManager;
import org.jboss.portal.common.invocation.InterceptorStackFactory;
import org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory;
import org.jboss.portal.jems.as.system.AbstractJBossService;
@@ -60,6 +61,19 @@
/** . */
protected PortalAuthorizationManagerFactory portalAuthorizationManagerFactory;
+ /** . */
+ protected CustomizationManager customizationManager;
+
+ public CustomizationManager getCustomizationManager()
+ {
+ return customizationManager;
+ }
+
+ public void setCustomizationManager(CustomizationManager customizationManager)
+ {
+ this.customizationManager = customizationManager;
+ }
+
public PortalAuthorizationManagerFactory getPortalAuthorizationManagerFactory()
{
return portalAuthorizationManagerFactory;
Modified:
trunk/core/src/main/org/jboss/portal/core/controller/command/SignOutCommand.java
===================================================================
---
trunk/core/src/main/org/jboss/portal/core/controller/command/SignOutCommand.java 2006-11-23
21:53:43 UTC (rev 5718)
+++
trunk/core/src/main/org/jboss/portal/core/controller/command/SignOutCommand.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -24,9 +24,9 @@
import org.jboss.portal.core.controller.ControllerCommand;
import org.jboss.portal.core.controller.ControllerException;
-import org.jboss.portal.core.controller.portlet.SignOutResponse;
import org.jboss.portal.core.controller.command.info.ActionCommandInfo;
import org.jboss.portal.core.controller.command.info.CommandInfo;
+import org.jboss.portal.core.controller.command.response.SignOutResponse;
/**
* A global signout.
Added:
trunk/core/src/main/org/jboss/portal/core/impl/model/CustomizationManagerService.java
===================================================================
---
trunk/core/src/main/org/jboss/portal/core/impl/model/CustomizationManagerService.java 2006-11-23
21:53:43 UTC (rev 5718)
+++
trunk/core/src/main/org/jboss/portal/core/impl/model/CustomizationManagerService.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -0,0 +1,186 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.core.impl.model;
+
+import org.jboss.portal.jems.as.system.AbstractJBossService;
+import org.jboss.portal.core.model.CustomizationManager;
+import org.jboss.portal.core.model.instance.Instance;
+import org.jboss.portal.core.model.instance.InstanceContainer;
+import org.jboss.portal.core.model.portal.PortalObject;
+import org.jboss.portal.core.model.portal.Window;
+import org.jboss.portal.core.model.portal.PortalObjectPermission;
+import org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory;
+import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
+import org.jboss.portal.identity.UserModule;
+import org.jboss.portal.identity.RoleModule;
+import org.jboss.portal.identity.User;
+import org.jboss.logging.Logger;
+
+/**
+ * @author <a href="mailto:julien@jboss.org">Julien Viet</a>
+ * @version $Revision: 1.1 $
+ */
+public class CustomizationManagerService extends AbstractJBossService implements
CustomizationManager
+{
+
+ /** . */
+ private static final Logger log = Logger.getLogger(CustomizationManager.class);
+
+ /** . */
+ private InstanceContainer instanceContainer;
+
+ /** . */
+ private PortalAuthorizationManagerFactory pamf;
+
+ /** . */
+ private UserModule userModule;
+
+ /** . */
+ private RoleModule roleModule;
+
+ public InstanceContainer getInstanceContainer()
+ {
+ return instanceContainer;
+ }
+
+ public void setInstanceContainer(InstanceContainer instanceContainer)
+ {
+ this.instanceContainer = instanceContainer;
+ }
+
+ public PortalAuthorizationManagerFactory getPortalAuthorizationManagerFactory()
+ {
+ return pamf;
+ }
+
+ public void setPortalAuthorizationManagerFactory(PortalAuthorizationManagerFactory
portalAuthorizationManagerFactory)
+ {
+ this.pamf = portalAuthorizationManagerFactory;
+ }
+
+ public UserModule getUserModule()
+ {
+ return userModule;
+ }
+
+ public void setUserModule(UserModule userModule)
+ {
+ this.userModule = userModule;
+ }
+
+ public RoleModule getRoleModule()
+ {
+ return roleModule;
+ }
+
+ public void setRoleModule(RoleModule roleModule)
+ {
+ this.roleModule = roleModule;
+ }
+
+ public Instance getInstance(Window window) throws IllegalArgumentException
+ {
+ return getInstance(window, null);
+ }
+
+ public Instance getInstance(Window window, User user) throws IllegalArgumentException
+ {
+ if (window == null)
+ {
+ throw new IllegalArgumentException("No window provided");
+ }
+
+ //
+ String instanceId = window.getInstanceRef();
+ if (instanceId == null)
+ {
+ return null;
+ }
+
+ // Get the instance
+ Instance instance = instanceContainer.getInstance(instanceId);
+ if (instance != null)
+ {
+ // If we are in the context of an existing user we get a customization for that
user
+ if (user != null)
+ {
+ String userId = user.getId().toString();
+
+ // And if it is in a dashboard context we get the per window customization
+ if (isDashboard(window, user))
+ {
+ // That's how we manufacture dash board keys
+ String dashboardId = userId + "." + window.getId();
+
+ //
+ instance = instance.getCustomization(dashboardId);
+ }
+ else
+ {
+ instance = instance.getCustomization(userId);
+ }
+ }
+ }
+
+ //
+ return instance;
+ }
+
+ /**
+ * Return true if the portal object is in a dashboard context for the current
authenticated user.
+ *
+ * @param object
+ * @return
+ */
+ public boolean isDashboard(PortalObject object, User user)
+ {
+ if (object == null)
+ {
+ throw new IllegalArgumentException("No null object");
+ }
+
+ // Anonymous
+ if (user == null)
+ {
+ return false;
+ }
+
+ // todo
+ // We should test that it is the same than the request user
+ // as for now we can only test permission for the currently
+ // authenticated user
+
+ //
+ try
+ {
+ PortalAuthorizationManager pam = pamf.getManager();
+ PortalObjectPermission perm = new PortalObjectPermission(object.getId(),
PortalObjectPermission.DASHBOARD_MASK);
+ return pam.checkPermission(perm);
+ }
+ catch (Exception e)
+ {
+ log.error("Cannot check dashboard for", e);
+ return false;
+ }
+ }
+}
Added: trunk/core/src/main/org/jboss/portal/core/model/CustomizationManager.java
===================================================================
--- trunk/core/src/main/org/jboss/portal/core/model/CustomizationManager.java 2006-11-23
21:53:43 UTC (rev 5718)
+++ trunk/core/src/main/org/jboss/portal/core/model/CustomizationManager.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -0,0 +1,65 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.core.model;
+
+import org.jboss.portal.core.model.instance.Instance;
+import org.jboss.portal.core.model.portal.Window;
+import org.jboss.portal.core.model.portal.PortalObject;
+import org.jboss.portal.identity.User;
+
+/**
+ * Encapsulate portlet customization semantics.
+ *
+ * @author <a href="mailto:julien@jboss.org">Julien Viet</a>
+ * @version $Revision: 1.1 $
+ */
+public interface CustomizationManager
+{
+ /**
+ * Return a top level named portlet instance.
+ *
+ * @param window the window of the portlet instance
+ * @return the target instance or null if it cannot be found
+ * @throws IllegalArgumentException if the window is null
+ */
+ Instance getInstance(Window window) throws IllegalArgumentException;
+
+ /**
+ * Return a contextualized portlet instance for the specified user id. If the window
is in the context
+ * of a dashboard then the portlet instance is further customized for that specific
window.
+ *
+ * @param window the window of the portlet instance
+ * @param user the user that can be null
+ * @return the target instance or null if it cannot be found
+ * @throws IllegalArgumentException if the window is null
+ */
+ Instance getInstance(Window window, User user) throws IllegalArgumentException;
+
+ /**
+ * Return true if the portal object is in a dashboard context for the specified user.
+ *
+ * @param object
+ * @return
+ */
+ boolean isDashboard(PortalObject object, User user);
+}
Modified:
trunk/core/src/main/org/jboss/portal/core/model/portal/command/PortalObjectCommand.java
===================================================================
---
trunk/core/src/main/org/jboss/portal/core/model/portal/command/PortalObjectCommand.java 2006-11-23
21:53:43 UTC (rev 5718)
+++
trunk/core/src/main/org/jboss/portal/core/model/portal/command/PortalObjectCommand.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -31,7 +31,7 @@
import org.jboss.portal.core.model.portal.PortalObjectPermission;
import org.jboss.portal.security.PortalSecurityException;
import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
-import org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory;
+import org.jboss.portal.identity.User;
/**
* @author <a href="mailto:julien@jboss.org">Julien Viet</a>
@@ -104,17 +104,9 @@
{
if (dashboard == null)
{
- try
- {
- PortalAuthorizationManagerFactory pamf =
getControllerContext().getController().getPortalAuthorizationManagerFactory();
- PortalAuthorizationManager pam = pamf.getManager();
- PortalObjectPermission perm = new PortalObjectPermission(targetId,
PortalObjectPermission.DASHBOARD_MASK);
- dashboard = Boolean.valueOf(pam.checkPermission(perm));
- }
- catch (PortalSecurityException e)
- {
- dashboard = Boolean.FALSE;
- }
+ User user =
(User)getControllerContext().getServerInvocation().getRequest().getUser();
+ boolean tmp =
context.getController().getCustomizationManager().isDashboard(target, user);
+ dashboard = Boolean.valueOf(tmp);
}
return dashboard.booleanValue();
}
Modified:
trunk/core/src/main/org/jboss/portal/core/model/portal/command/WindowCommand.java
===================================================================
---
trunk/core/src/main/org/jboss/portal/core/model/portal/command/WindowCommand.java 2006-11-23
21:53:43 UTC (rev 5718)
+++
trunk/core/src/main/org/jboss/portal/core/model/portal/command/WindowCommand.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -31,6 +31,7 @@
import org.jboss.portal.core.model.portal.Window;
import org.jboss.portal.security.PortalSecurityException;
import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
+import org.jboss.portal.identity.User;
/**
* A superclass for command that target a specific window.
@@ -99,26 +100,17 @@
throw new ResourceNotFoundException(targetId);
}
+ // We need the user id
+ User user =
(User)getControllerContext().getServerInvocation().getRequest().getUser();
+
// Get instance
- instance =
context.getController().getInstanceContainer().getInstance(window.getInstanceRef());
+ instance = context.getController().getCustomizationManager().getInstance(window,
user);
+
+ // No instance means we can't continue
if (instance == null)
{
throw new ResourceNotFoundException(window.getInstanceRef());
}
-
- // Get the user customization id
- String userId =
getControllerContext().getServerInvocation().getServerContext().getClientRequest().getRemoteUser();
- if (userId != null)
- {
- instance = instance.getCustomization(userId);
-
- //
- if (isDashboard())
- {
- String dashboardId = userId + targetId;
- instance = instance.getCustomization(dashboardId);
- }
- }
}
/**
Modified:
trunk/core/src/main/org/jboss/portal/core/portlet/management/PortalObjectManagerBean.java
===================================================================
---
trunk/core/src/main/org/jboss/portal/core/portlet/management/PortalObjectManagerBean.java 2006-11-23
21:53:43 UTC (rev 5718)
+++
trunk/core/src/main/org/jboss/portal/core/portlet/management/PortalObjectManagerBean.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -890,6 +890,7 @@
new SelectItem("viewrecursive"),
new SelectItem("personalize"),
new SelectItem("personalizerecursive"),
+ new SelectItem("dashboard"),
};
}
}
Modified: trunk/core/src/resources/portal-core-sar/META-INF/jboss-service.xml
===================================================================
--- trunk/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2006-11-23
21:53:43 UTC (rev 5718)
+++ trunk/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2006-11-23
22:49:44 UTC (rev 5719)
@@ -599,6 +599,27 @@
<attribute name="CacheNaturalId">true</attribute>
</mbean>
+ <!-- Customization maanger -->
+ <mbean
+ code="org.jboss.portal.core.impl.model.CustomizationManagerService"
+ name="portal:service=CustomizationManager"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
+ <depends
+ optional-attribute-name="PortalAuthorizationManagerFactory"
+
proxy-type="attribute">portal:service=PortalAuthorizationManagerFactory</depends>
+ <depends
+ optional-attribute-name="InstanceContainer"
+ proxy-type="attribute">portal:container=Instance</depends>
+ <depends
+ optional-attribute-name="UserModule"
+
proxy-type="attribute">portal:service=Module,type=User</depends>
+ <depends
+ optional-attribute-name="RoleModule"
+
proxy-type="attribute">portal:service=Module,type=Role</depends>
+ </mbean>
+
<!-- Command factories -->
<mbean
code="org.jboss.portal.core.controller.command.mapper.DelegatingCommandFactoryService"
@@ -914,6 +935,9 @@
<depends
optional-attribute-name="PortalAuthorizationManagerFactory"
proxy-type="attribute">portal:service=PortalAuthorizationManagerFactory</depends>
+ <depends
+ optional-attribute-name="CustomizationManager"
+
proxy-type="attribute">portal:service=CustomizationManager</depends>
</mbean>
<!-- The ajax controller -->
@@ -944,6 +968,9 @@
<depends
optional-attribute-name="PortalAuthorizationManagerFactory"
proxy-type="attribute">portal:service=PortalAuthorizationManagerFactory</depends>
+ <depends
+ optional-attribute-name="CustomizationManager"
+
proxy-type="attribute">portal:service=CustomizationManager</depends>
</mbean>
<!-- -->
Modified:
trunk/security/src/main/org/jboss/portal/security/PortalPermissionCollection.java
===================================================================
---
trunk/security/src/main/org/jboss/portal/security/PortalPermissionCollection.java 2006-11-23
21:53:43 UTC (rev 5718)
+++
trunk/security/src/main/org/jboss/portal/security/PortalPermissionCollection.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -90,7 +90,7 @@
try
{
PortalPermission portalPermission = (PortalPermission)permission;
- Subject caller = getCaller();
+ Subject caller = getCheckedSubject();
String roleName = getRoleName();
PermissionRepository repository = domain.getPermissionRepository();
boolean implied = owner.implies(repository, caller, roleName,
portalPermission);
@@ -114,9 +114,9 @@
public abstract String getRoleName();
/**
- * Return the subject being used or null.
+ * Return the subject being checked or null if there is none.
*
* @return the current subject
*/
- public abstract Subject getCaller();
+ public abstract Subject getCheckedSubject();
}
Modified:
trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManager.java
===================================================================
---
trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManager.java 2006-11-23
21:53:43 UTC (rev 5718)
+++
trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManager.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -34,6 +34,7 @@
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
@@ -65,6 +66,9 @@
/** . */
private PolicyConfigurationFactory pcf;
+ /** Used to retrieve the subject in hte jacc portal permission collection. */
+ private static final ThreadLocal checkedSubjectLocal = new ThreadLocal();
+
public JACCPortalAuthorizationManager(JACCPortalAuthorizationManagerFactory factory)
{
this.factory = factory;
@@ -133,16 +137,16 @@
/**
*
*/
- public boolean internalCheckPermission(PortalPermission permission) throws Exception
+ private boolean internalCheckPermission(PortalPermission permission) throws Exception
{
// Get the current context id.
String contextID = PolicyContext.getContextID();
// Get the current authenticated subject through the JACC contract
- Subject currentSubject =
(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
+ Subject currentSubject = (Subject)checkedSubjectLocal.get();
//
- Principal[] principals = null;
+ Principal[] principals;
//
if (currentSubject != null)
@@ -184,25 +188,60 @@
return policy.implies(pd, permission);
}
- public boolean checkPermission(PortalPermission permission) throws
PortalSecurityException
+
+ public boolean checkPermission(Subject checkedSubject, PortalPermission permission)
throws PortalSecurityException
{
try
{
+
+ // Set the subject for later use in that layer
+ checkedSubjectLocal.set(checkedSubject);
if (trace)
{
log.trace("hasPermission:uri=" + permission.getURI() +
"::action=" + permission.getType() + "::type=" +
permission.getType());
}
+
+ //
boolean result = internalCheckPermission(permission);
if (trace)
{
log.trace("hasPermission:result=" + result);
}
+
+ //
return result;
}
catch (Exception e)
{
log.trace("hasPermission:error", e);
- throw new RuntimeException(e);
+
+ //
+ throw new PortalSecurityException(e);
}
+ finally
+ {
+ checkedSubjectLocal.set(null);
+ }
}
+
+ public boolean checkPermission(PortalPermission permission) throws
PortalSecurityException
+ {
+ try
+ {
+ // Get the current authenticated subject through the JACC contract
+ Subject subject =
(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
+
+ //
+ return checkPermission(subject, permission);
+ }
+ catch (PolicyContextException e)
+ {
+ throw new PortalSecurityException(e);
+ }
+ }
+
+ static Subject getCheckedSubject()
+ {
+ return (Subject)checkedSubjectLocal.get();
+ }
}
Modified:
trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalPermissionCollection.java
===================================================================
---
trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalPermissionCollection.java 2006-11-23
21:53:43 UTC (rev 5718)
+++
trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalPermissionCollection.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -26,8 +26,6 @@
import org.jboss.portal.security.spi.provider.AuthorizationDomain;
import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-import javax.security.jacc.PolicyContextException;
import java.util.Enumeration;
import java.util.Vector;
@@ -42,12 +40,11 @@
/** The serialVersionUID */
private static final long serialVersionUID = -4307467280985644450L;
+
/** The role name of the permission container. */
private String roleName;
- public JACCPortalPermissionCollection(
- String roleName,
- AuthorizationDomain repository) throws IllegalArgumentException
+ public JACCPortalPermissionCollection(String roleName, AuthorizationDomain repository)
throws IllegalArgumentException
{
super(repository);
if (roleName == null)
@@ -68,16 +65,8 @@
return new Vector().elements();
}
-
- public Subject getCaller()
+ public Subject getCheckedSubject()
{
- try
- {
- return
(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
- }
- catch (PolicyContextException e)
- {
- return null;
- }
+ return JACCPortalAuthorizationManager.getCheckedSubject();
}
}
Modified:
trunk/security/src/main/org/jboss/portal/security/spi/auth/PortalAuthorizationManager.java
===================================================================
---
trunk/security/src/main/org/jboss/portal/security/spi/auth/PortalAuthorizationManager.java 2006-11-23
21:53:43 UTC (rev 5718)
+++
trunk/security/src/main/org/jboss/portal/security/spi/auth/PortalAuthorizationManager.java 2006-11-23
22:49:44 UTC (rev 5719)
@@ -25,6 +25,8 @@
import org.jboss.portal.security.PortalPermission;
import org.jboss.portal.security.PortalSecurityException;
+import javax.security.auth.Subject;
+
/**
* Portal Authorization Management Interface
*
@@ -39,4 +41,12 @@
* @throws PortalSecurityException
*/
public boolean checkPermission(PortalPermission permission) throws
PortalSecurityException;
+
+ /**
+ * @param checkedSubject
+ * @param permission
+ * @return
+ * @throws PortalSecurityException
+ */
+ public boolean checkPermission(Subject checkedSubject, PortalPermission permission)
throws PortalSecurityException;
}