Author: mageshbk(a)jboss.com
Date: 2007-10-23 07:14:01 -0400 (Tue, 23 Oct 2007)
New Revision: 8750
Modified:
branches/JBoss_Portal_2_6_2_JBPORTAL-1772/core-samples/src/main/org/jboss/portal/core/samples/basic/TestPortlet.java
branches/JBoss_Portal_2_6_2_JBPORTAL-1772/core/src/main/org/jboss/portal/core/impl/api/node/AbstractPortalNodeURL.java
branches/JBoss_Portal_2_6_2_JBPORTAL-1772/wsrp/build.xml
Log:
[JBPORTAL-1772] Security fixes for JBoss Portal 2.6.2 - Added changes for [JBPORTAL-1741]
PortalURL security not honored
Modified:
branches/JBoss_Portal_2_6_2_JBPORTAL-1772/core/src/main/org/jboss/portal/core/impl/api/node/AbstractPortalNodeURL.java
===================================================================
---
branches/JBoss_Portal_2_6_2_JBPORTAL-1772/core/src/main/org/jboss/portal/core/impl/api/node/AbstractPortalNodeURL.java 2007-10-23
10:31:14 UTC (rev 8749)
+++
branches/JBoss_Portal_2_6_2_JBPORTAL-1772/core/src/main/org/jboss/portal/core/impl/api/node/AbstractPortalNodeURL.java 2007-10-23
11:14:01 UTC (rev 8750)
@@ -53,6 +53,9 @@
/** . */
protected boolean relative;
+ /** . */
+ protected URLContext urlContext;
+
public AbstractPortalNodeURL(PortalObjectId id, ControllerContext controllerContext)
{
this.id = id;
@@ -74,11 +77,17 @@
public void setAuthenticated(Boolean authenticated)
{
this.wantAuthenticated = authenticated;
+
+ //
+ this.urlContext = null;
}
public void setSecure(Boolean secure)
{
this.wantSecure = secure;
+
+ //
+ this.urlContext = null;
}
public void setRelative(boolean relative)
@@ -88,6 +97,41 @@
protected URLContext getURLContext()
{
- return controllerContext.getServerInvocation().getServerContext().getURLContext();
+ if (urlContext == null)
+ {
+ URLContext tmp =
controllerContext.getServerInvocation().getServerContext().getURLContext();
+
+ //
+ if (wantSecure != null)
+ {
+ if (wantSecure.booleanValue())
+ {
+ tmp = tmp.asSecured();
+ }
+ else
+ {
+ tmp = tmp.asNonSecured();
+ }
+ }
+
+ //
+ if (wantAuthenticated != null)
+ {
+ if (wantAuthenticated.booleanValue())
+ {
+ tmp = tmp.asAuthenticated();
+ }
+ else
+ {
+ tmp = tmp.asNonAuthenticated();
+ }
+ }
+
+ //
+ urlContext = tmp;
+ }
+
+ //
+ return urlContext;
}
}
Modified:
branches/JBoss_Portal_2_6_2_JBPORTAL-1772/core-samples/src/main/org/jboss/portal/core/samples/basic/TestPortlet.java
===================================================================
---
branches/JBoss_Portal_2_6_2_JBPORTAL-1772/core-samples/src/main/org/jboss/portal/core/samples/basic/TestPortlet.java 2007-10-23
10:31:14 UTC (rev 8749)
+++
branches/JBoss_Portal_2_6_2_JBPORTAL-1772/core-samples/src/main/org/jboss/portal/core/samples/basic/TestPortlet.java 2007-10-23
11:14:01 UTC (rev 8750)
@@ -22,6 +22,7 @@
******************************************************************************/
package org.jboss.portal.core.samples.basic;
+import org.jboss.portal.api.node.PortalNodeURL;
import org.jboss.portal.common.transaction.TransactionManagerProvider;
import org.jboss.portal.core.CoreConstants;
import org.jboss.portal.identity.User;
@@ -147,7 +148,32 @@
writer.write("</div>");
writer.write("</p>");
+ PortalNodeURL nodeURL = resp.createRenderURL(req.getPortalNode());
+ String nothingURL = nodeURL.toString();
+ nodeURL.setAuthenticated(Boolean.TRUE);
+ nodeURL.setSecure(Boolean.TRUE);
+ String authenticatedSecureURL = nodeURL.toString();
+ nodeURL.setAuthenticated(Boolean.TRUE);
+ nodeURL.setSecure(Boolean.FALSE);
+ String authenticatedNotSecureURL = nodeURL.toString();
+ nodeURL.setAuthenticated(Boolean.FALSE);
+ nodeURL.setSecure(Boolean.FALSE);
+ String notAuthenticatedNotSecureURL = nodeURL.toString();
+ nodeURL.setAuthenticated(Boolean.FALSE);
+ nodeURL.setSecure(Boolean.TRUE);
+ String notAuthenticatedSecureURL = nodeURL.toString();
writer.write("<p>");
+ writer.write("<div class=\"portlet-section-header\">Portal
node URLs</div>");
+ writer.write("<div class=\"portlet-section-body\">");
+ writer.write("<div><a href=\"" + nothingURL +
"\">Keeping context</a></div>");
+ writer.write("<div><a href=\"" + authenticatedSecureURL +
"\">Authenticated and Secured</a></div>");
+ writer.write("<div><a href=\"" + authenticatedNotSecureURL
+ "\">Authenticated and Not Secured</a></div>");
+ writer.write("<div><a href=\"" +
notAuthenticatedNotSecureURL + "\">Not Authenticated and Not
Secured</a></div>");
+ writer.write("<div><a href=\"" + notAuthenticatedSecureURL
+ "\">Not Authenticated and Secured</a></div>");
+ writer.write("</div>");
+ writer.write("</p>");
+
+ writer.write("<p>");
writer.write("<div
class=\"portlet-section-header\">Path</div>");
writer.write("<div class=\"portlet-section-body\">");
writer.write("<div>portal path info = " +
req.getAttribute("PATH") + "</div>");
Modified: branches/JBoss_Portal_2_6_2_JBPORTAL-1772/wsrp/build.xml
===================================================================
--- branches/JBoss_Portal_2_6_2_JBPORTAL-1772/wsrp/build.xml 2007-10-23 10:31:14 UTC (rev
8749)
+++ branches/JBoss_Portal_2_6_2_JBPORTAL-1772/wsrp/build.xml 2007-10-23 11:14:01 UTC (rev
8750)
@@ -641,8 +641,8 @@
<target name="clean-test">
<!-- remove generated test xml files -->
<delete dir="${reports.dir}"/>
- <delete file="tests.log"/>
- <delete file="output.log"/>
+ <delete file="tests.log" failonerror="false"/>
+ <delete file="output.log" failonerror="false"/>
</target>
<target name="tests-local" depends="clean,output">
Show replies by date