Author: sohil.shah(a)jboss.com
Date: 2007-11-27 15:17:12 -0500 (Tue, 27 Nov 2007)
New Revision: 9136
Modified:
branches/JBoss_Portal_Branch_2_6/cms/build.xml
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/JCRCMS.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProvider.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/SecureCommandTestCase.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/AbstractWorkflowTestCase.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/TestApprovedPublish.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/TestDeniedPublish.java
branches/JBoss_Portal_Branch_2_6/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml
branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
branches/JBoss_Portal_Branch_2_6/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml
branches/JBoss_Portal_Branch_2_6/core/build.xml
branches/JBoss_Portal_Branch_2_6/core/src/main/org/jboss/portal/core/aspects/server/UserInterceptor.java
branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/conf/identity/standardidentity-config.xml
Log:
[JBPORTAL-1733],[JBPORTAL-1740],[JBPORTAL-1646] - made 'cms root user' and
'security console accessibility' configurable from end user standpoint
Modified: branches/JBoss_Portal_Branch_2_6/cms/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-11-27 18:41:46 UTC (rev 9135)
+++ branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-11-27 20:17:12 UTC (rev 9136)
@@ -392,7 +392,7 @@
</target>
<target name="tests" depends="init">
<execute-tests>
- <x-sysproperty>
+ <x-sysproperty>
<!--
<jvmarg value="-Xdebug"/>
<jvmarg
value="-Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=y"/>
@@ -404,13 +404,11 @@
<jvmarg value="-Djava.net.preferIPv4Stack=true"/>
</x-sysproperty>
<x-test>
- <!-- general cms setup related tests -->
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.JackrabbitTestCase"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.TestRepositoryBootStrap"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.TestRegEx"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.TestRepositoryUtil"/>
- <!-- cms file command tests -->
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFileCreate"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFileUpdate"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFileArchiveUpload"/>
@@ -422,19 +420,16 @@
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFileDelete"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestSearch"/>
- <!-- cms folder command tests -->
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFolderCopy"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFolderCreate"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFolderDelete"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFolderGet"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFolderUpdate"/>
-
- <!-- cms fine grained security related tests -->
+
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.security.TestReadAccess"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.security.TestWriteAccess"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.security.TestManageAccess"/>
-
- <!-- cms workflow related tests -->
+
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.workflow.TestApprovedPublish"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.workflow.TestDeniedPublish"/>
</x-test>
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -455,14 +455,15 @@
try
{
role = this.roleModule.findRoleByName(name);
+ tx.commit();
}
catch (Exception e)
{
+ tx.rollback();
role = null;
}
finally
{
- tx.rollback();
session.close();
}
@@ -489,10 +490,14 @@
{
bootRequired = true;
}
+ tx.commit();
}
+ catch(Exception e)
+ {
+ tx.rollback();
+ }
finally
{
- tx.rollback();
Tools.closeSession(session);
}
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/JCRCMS.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/JCRCMS.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/JCRCMS.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -40,6 +40,7 @@
import org.jboss.portal.cms.model.Folder;
import org.jboss.portal.cms.util.RepositoryUtil;
import org.jboss.portal.cms.workflow.ApprovePublish;
+import org.jboss.portal.cms.security.AuthorizationManager;
import org.jboss.portal.common.invocation.InterceptorStackFactory;
import org.jboss.portal.common.invocation.Invocation;
import org.jboss.portal.common.invocation.InvocationException;
@@ -48,11 +49,7 @@
import org.jboss.portal.common.net.URLNavigator;
import org.jboss.portal.common.net.URLVisitor;
import org.jboss.portal.common.xml.XMLTools;
-import org.jboss.portal.identity.IdentityContext;
-import org.jboss.portal.identity.IdentityException;
-import org.jboss.portal.identity.IdentityServiceController;
import org.jboss.portal.identity.User;
-import org.jboss.portal.identity.UserModule;
import org.jboss.portal.jems.as.JNDI;
import org.jboss.portal.jems.as.system.AbstractJBossService;
import org.jboss.util.StopWatch;
@@ -97,11 +94,9 @@
private InterceptorStackFactory stackFactory;
private Element config;
+
+ private AuthorizationManager authorizationManager;
- private String identitySessionFactory = null;
-
- private IdentityServiceController identityServiceController;
-
private ApprovePublish approvePublishWorkflow;
private String jndiName;
@@ -220,34 +215,25 @@
{
this.approvePublishWorkflow = approvePublishWorkflow;
}
-
- public UserModule getUserModule()
+
+ /**
+ *
+ * @return
+ */
+ public AuthorizationManager getAuthorizationManager()
{
- if (identityServiceController != null)
- {
- try
- {
- return
(UserModule)identityServiceController.getIdentityContext().getObject(IdentityContext.TYPE_USER_MODULE);
- }
- catch (IdentityException ignore)
- {
- }
- }
-
- //
- return null;
+ return authorizationManager;
}
- public IdentityServiceController getIdentityServiceController()
+ /**
+ *
+ * @param authorizationManager
+ */
+ public void setAuthorizationManager(AuthorizationManager authorizationManager)
{
- return identityServiceController;
+ this.authorizationManager = authorizationManager;
}
- public void setIdentityServiceController(IdentityServiceController
identityServiceController)
- {
- this.identityServiceController = identityServiceController;
- }
-
/** @return */
public String getJNDIName()
{
@@ -260,19 +246,7 @@
this.jndiName = jndiName;
}
- /** @return */
- public String getIdentitySessionFactory()
- {
- return identitySessionFactory;
- }
- /** @param identitySessionFactory */
- public void setIdentitySessionFactory(String identitySessionFactory)
- {
- this.identitySessionFactory = identitySessionFactory;
- }
-
-
/** CMS Start */
public void startService() throws Exception
{
@@ -377,20 +351,16 @@
// Get the content
URL root =
Thread.currentThread().getContextClassLoader().getResource(defaultContentLocation);
- //make the user executing these to create the default content, an 'Admin'
user
- //without this, the fine grained security won't allow the creation
- UserModule userModule = getUserModule();
- if (userModule != null)
+ //make the user executing these to create the default content, an cms root user
+ //without this, the fine grained security won't allow the creation
+ //Get the cms root user to create this content
+ if(this.authorizationManager != null)
{
- org.hibernate.Session session =
org.jboss.portal.cms.hibernate.state.Tools.getOpenSession();
- org.hibernate.Transaction tx = session.beginTransaction();
- User user = userModule.findUserByUserName("admin");
+ User user = this.authorizationManager.getProvider().getRoot();
if (user != null)
{
JCRCMS.getUserInfo().set(user);
- }
- tx.rollback();
- org.jboss.portal.cms.hibernate.state.Tools.closeSession(session);
+ }
}
// Iterate over the content
@@ -677,5 +647,5 @@
public InterceptorStackFactory getStackFactory()
{
return stackFactory;
- }
+ }
}
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -314,12 +314,13 @@
{
boolean hasAccess = false;
- //to prevent any administration issues, if the user is the 'admin'
+ //to prevent any administration issues, if the user is the 'cmsRootUser'
//treat him like a super user with access to everything in the cms
- if (user != null && user.getUserName() != null &&
user.getUserName().equals("admin"))
+ User root = this.authorizationManager.getProvider().getRoot();
+ if (user != null && user.getUserName() != null &&
user.getUserName().equals(root.getUserName()))
{
return true;
- }
+ }
//get the permissions available for the user in question
Collection userPermissions = this.getPermissions(user);
@@ -461,12 +462,13 @@
{
boolean toolAccess = false;
- //to prevent any administration issues, if the user is the 'admin'
+ //to prevent any administration issues, if the user is the 'cmsRoot'
//treat him like a super user with access to everything in the cms
- if (user != null && user.getUserName() != null &&
user.getUserName().equals("admin"))
+ User root = this.authorizationManager.getProvider().getRoot();
+ if (user != null && user.getUserName() != null &&
user.getUserName().equals(root.getUserName()))
{
return true;
- }
+ }
//get the permissions available for the user in question
Collection userPermissions = this.getPermissions(user);
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProvider.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProvider.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProvider.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -23,6 +23,7 @@
package org.jboss.portal.cms.security;
import org.jboss.portal.identity.MembershipModule;
+import org.jboss.portal.identity.User;
import org.jboss.portal.security.spi.provider.AuthorizationDomain;
import org.jboss.portal.security.spi.provider.DomainConfigurator;
@@ -56,4 +57,16 @@
/** @return */
public MembershipModule getMembershipModule();
+
+ /**
+ *
+ * @return
+ */
+ public User getRoot();
+
+ /**
+ *
+ * @return
+ */
+ public String getDefaultAdminRole();
}
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -29,6 +29,9 @@
import org.jboss.portal.identity.AnonymousRole;
import org.jboss.portal.identity.IdentityContext;
import org.jboss.portal.identity.IdentityServiceController;
+import org.jboss.portal.identity.IdentityConfiguration;
+import org.jboss.portal.identity.IdentityContext;
+import org.jboss.portal.identity.IdentityException;
import org.jboss.portal.identity.MembershipModule;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.User;
@@ -58,6 +61,8 @@
private MembershipModule membershipModule = null;
private UserModule userModule = null;
+
+ private String cmsRootUserName = null;
/**
*
@@ -105,7 +110,25 @@
{
return this.getClass().getName();
}
+
+ /**
+ *
+ * @return
+ */
+ public String getCmsRootUserName()
+ {
+ return cmsRootUserName;
+ }
+ /**
+ *
+ * @param cmsRootUserName
+ */
+ public void setCmsRootUserName(String cmsRootUserName)
+ {
+ this.cmsRootUserName = cmsRootUserName;
+ }
+
// ------DomainConfigurator
// impl------------------------------------------------------------------
/**
@@ -184,7 +207,52 @@
return permissions;
}
-
+
+ /**
+ *
+ */
+ public User getRoot()
+ {
+ Session session = Tools.getOpenSession();
+ Transaction tx = session.beginTransaction();
+ try
+ {
+ User cmsRoot = this.userModule.findUserByUserName(this.cmsRootUserName);
+ tx.commit();
+ return cmsRoot;
+ }
+ catch(Exception e)
+ {
+ tx.rollback();
+ throw new RuntimeException(e);
+ }
+ finally
+ {
+ Tools.closeSession(session);
+ }
+ }
+
+ /**
+ *
+ * @return
+ */
+ public String getDefaultAdminRole()
+ {
+ try
+ {
+ String defaultAdminRole = null;
+
+ IdentityConfiguration configuration =
(IdentityConfiguration)this.identityServiceController.getIdentityContext().
+ getObject(IdentityContext.TYPE_IDENTITY_CONFIGURATION);
+ defaultAdminRole = configuration.getValue("defaultAdminRole");
+
+ return defaultAdminRole;
+ }
+ catch(IdentityException ie)
+ {
+ throw new RuntimeException(ie);
+ }
+ }
// ---------URIFactory
//
impl-----------------------------------------------------------------------------------------
/**
@@ -385,6 +453,8 @@
}
}
}
+
+ tx.commit();
return permissions;
}
@@ -395,7 +465,6 @@
}
finally
{
- tx.commit();
Tools.closeSession(session);
}
}
@@ -421,6 +490,8 @@
roleQuery.setString(0, roleId);
roleQuery.setCacheable(true);
permissions.addAll(roleQuery.list());
+
+ tx.commit();
}
catch (Exception e)
{
@@ -429,7 +500,6 @@
}
finally
{
- tx.commit();
Tools.closeSession(session);
}
@@ -458,6 +528,8 @@
criteriaQuery.setString(1, criteria.getValue());
criteriaQuery.setCacheable(true);
permissions.addAll(criteriaQuery.list());
+
+ tx.commit();
}
catch (Exception e)
{
@@ -466,7 +538,6 @@
}
finally
{
- tx.commit();
Tools.closeSession(session);
}
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -105,7 +105,6 @@
Session session = sessionFactory.openSession();
Transaction tx = session.beginTransaction();
- boolean success = false;
try
{
if (userModule.getUserCount() == 0)
@@ -155,22 +154,15 @@
session.save(user);
session.save(sysAdmin);
- success = true;
+ tx.commit();
}
}
- finally
+ catch(Exception e)
{
- if (tx != null)
- {
- if (success)
- {
- tx.commit();
- }
- else
- {
- tx.rollback();
- }
- }
+ tx.rollback();
+ }
+ finally
+ {
if (session != null)
{
session.close();
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/SecureCommandTestCase.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/SecureCommandTestCase.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/SecureCommandTestCase.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -28,7 +28,9 @@
import org.jboss.portal.cms.impl.jcr.JCRCMS;
import org.jboss.portal.cms.security.AuthorizationProviderImpl;
import org.jboss.portal.common.invocation.Interceptor;
+import org.jboss.portal.identity.IdentityContext;
import org.jboss.portal.identity.IdentityServiceController;
+import org.jboss.portal.identity.UserModule;
import org.jboss.portal.server.impl.invocation.JBossInterceptorStack;
import org.jboss.portal.test.cms.commands.AbstractCommandTestCase;
import org.jboss.portal.test.cms.commands.CMSInterceptorStackFactory;
@@ -39,6 +41,11 @@
public abstract class SecureCommandTestCase extends AbstractCommandTestCase
{
/**
+ *
+ */
+ protected UserModule userModule = null;
+
+ /**
*
*/
public SecureCommandTestCase()
@@ -69,7 +76,7 @@
//Register the IdentityService with the JCR service
IdentityServiceController identityService =
((AuthorizationProviderImpl)aclInterceptor.getAuthorizationManager().getProvider()).
getIdentityServiceController();
- this.service.setIdentityServiceController(identityService);
+ this.userModule =
(UserModule)identityService.getIdentityContext().getObject(IdentityContext.TYPE_USER_MODULE);
}
/**
@@ -78,6 +85,7 @@
public void tearDown() throws Exception
{
super.tearDown();
+ this.userModule = null;
}
@@ -94,7 +102,7 @@
SessionFactory sessionFactory = (SessionFactory)new
InitialContext().lookup("java:/SessionFactory");
Session session = sessionFactory.openSession();
Transaction tx = session.beginTransaction();
-
JCRCMS.getUserInfo().set(this.service.getUserModule().findUserByUserName(username));
+ JCRCMS.getUserInfo().set(this.userModule.findUserByUserName(username));
tx.commit();
session.close();
}
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/AbstractWorkflowTestCase.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/AbstractWorkflowTestCase.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/AbstractWorkflowTestCase.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -25,12 +25,14 @@
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
import org.jboss.portal.cms.impl.interceptors.ApprovalWorkflowInterceptor;
+import org.jboss.portal.cms.impl.jcr.JCRCMS;
import org.jboss.portal.cms.workflow.ApprovePublish;
import org.jboss.portal.cms.workflow.ApprovePublishImpl;
import org.jboss.portal.common.invocation.Interceptor;
import org.jboss.portal.identity.IdentityContext;
import org.jboss.portal.identity.IdentityServiceController;
import org.jboss.portal.identity.UserModule;
+import org.jboss.portal.identity.User;
import org.jboss.portal.identity.db.HibernateRoleImpl;
import org.jboss.portal.identity.db.HibernateUserImpl;
import org.jboss.portal.server.impl.invocation.JBossInterceptorStack;
@@ -43,6 +45,11 @@
public abstract class AbstractWorkflowTestCase extends AbstractCommandTestCase
{
/**
+ *
+ */
+ protected UserModule userModule = null;
+
+ /**
*
*/
public AbstractWorkflowTestCase()
@@ -76,7 +83,8 @@
this.service.setStackFactory(stackFactory);
this.service.setApprovePublishWorkflow(approvePublish);
- this.service.setIdentityServiceController(identityService);
+
+ this.userModule =
(UserModule)identityService.getIdentityContext().getObject(IdentityContext.TYPE_USER_MODULE);
}
/**
@@ -85,6 +93,7 @@
public void tearDown() throws Exception
{
super.tearDown();
+ this.userModule = null;
}
@@ -114,7 +123,6 @@
Session session = sessionFactory.openSession();
Transaction tx = session.beginTransaction();
- boolean success = false;
try
{
if (userModule.getUserCount() == 0)
@@ -151,26 +159,26 @@
session.save(admin);
session.save(user);
- success = true;
+ tx.commit();
}
}
+ catch(Exception e)
+ {
+ tx.rollback();
+ }
finally
- {
- if (tx != null)
- {
- if (success)
- {
- tx.commit();
- }
- else
- {
- tx.rollback();
- }
- }
+ {
if (session != null)
{
session.close();
}
}
}
+
+ /** @param username */
+ protected void runAs(String username) throws Exception
+ {
+ User user = this.userModule.findUserByUserName(username);
+ JCRCMS.getUserInfo().set(user);
+ }
}
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/TestApprovedPublish.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/TestApprovedPublish.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/TestApprovedPublish.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -172,11 +172,5 @@
{
assertTrue(queueItems.isEmpty());
}
- }
-
- /** @param username */
- private void runAs(String username) throws Exception
- {
-
JCRCMS.getUserInfo().set(this.service.getUserModule().findUserByUserName(username));
- }
+ }
}
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/TestDeniedPublish.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/TestDeniedPublish.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/workflow/TestDeniedPublish.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -189,11 +189,5 @@
{
assertTrue(queueItems.isEmpty());
}
- }
-
- /** @param username */
- private void runAs(String username) throws Exception
- {
-
JCRCMS.getUserInfo().set(this.service.getUserModule().findUserByUserName(username));
- }
+ }
}
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml
===================================================================
---
branches/JBoss_Portal_Branch_2_6/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml 2007-11-27
20:17:12 UTC (rev 9136)
@@ -83,6 +83,7 @@
<!-- setup for cms security testing -->
<bean name="AuthorizationProvider"
class="org.jboss.portal.cms.security.AuthorizationProviderImpl">
<property name="identityServiceController"><inject
bean="IdentityServiceController"/></property>
+ <property name="cmsRootUserName">admin</property>
</bean>
<bean name="AuthorizationManager"
class="org.jboss.portal.cms.security.AuthorizationManagerImpl">
Modified: branches/JBoss_Portal_Branch_2_6/core/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/core/build.xml 2007-11-27 18:41:46 UTC (rev 9135)
+++ branches/JBoss_Portal_Branch_2_6/core/build.xml 2007-11-27 20:17:12 UTC (rev 9136)
@@ -762,4 +762,14 @@
<fileset dir="${build.lib}/jboss-portal-ha-exploded.sar"/>
</copy>
</target>
+
+ <target name="deploy-ha-explode-dev" description="Deploy high
availability." depends="output-ha,explode-ha">
+ <require file="${jboss.home}/server/${portal-ha.deploy.dir}"/>
+ <copy
todir="${jboss.home}/server/${portal-ha.deploy.dir}/jboss-portal-ha.sar"
overwrite="true">
+ <fileset dir="${build.lib}/jboss-portal-ha-exploded.sar"/>
+ </copy>
+ <copy todir="${jboss.home}/server/ports-02/deploy/jboss-portal-ha.sar"
overwrite="true">
+ <fileset dir="${build.lib}/jboss-portal-ha-exploded.sar"/>
+ </copy>
+ </target>
</project>
Modified:
branches/JBoss_Portal_Branch_2_6/core/src/main/org/jboss/portal/core/aspects/server/UserInterceptor.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/core/src/main/org/jboss/portal/core/aspects/server/UserInterceptor.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/core/src/main/org/jboss/portal/core/aspects/server/UserInterceptor.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -41,6 +41,8 @@
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
+import javax.transaction.UserTransaction;
+import javax.transaction.Transaction;
import java.io.Serializable;
import java.security.Principal;
import java.util.Date;
@@ -239,7 +241,7 @@
}
try
- {
+ {
// Continue the invocation
invocation.invokeNext();
}
@@ -302,45 +304,79 @@
}
protected void finalizeUser() throws Exception
- {
- //
- if (log.isTraceEnabled())
+ {
+ /**
+ * Note: Due to a possible bug in JBoss Cache Transaction propagation within a
cluster,
+ * We need to spawn a separate thread with its own new transaction to perform
the finalizeUser
+ * logic.
+ *
+ * Without that, it results in data deadlocks in the cluster.
+ */
+ Thread thread = new Thread(new FinalizeRunner());
+ thread.start();
+ thread.join();
+ }
+
+ /**
+ *
+ * @author soshah
+ *
+ */
+ private class FinalizeRunner implements Runnable
+ {
+ public void run()
{
- log.trace("Finalizing user " + userId);
- }
-
- //
- // Here we use JNDI to locate the module as this finalizer could have been
- // migrated in the session of another node of the cluster
- UserModule userModule = null;
- UserProfileModule userProfileModule = null;
-
- try
- {
- userModule = (UserModule)new
InitialContext().lookup("java:portal/UserModule");
- userProfileModule = (UserProfileModule)new
InitialContext().lookup("java:portal/UserProfileModule");
- }
- catch (NameNotFoundException ignore)
- {
- // Name is not bound anymore, it could happen during a shutdown, we don't
do anything
- }
-
- // Get user and set last visit date to now if we can
- if (userModule != null && userProfileModule != null)
- {
+ UserTransaction tx = null;
try
{
- User user = userModule.findUserById(userId);
- //user.setLastVisitDate(new Date());
- userProfileModule.setProperty(user, User.INFO_USER_LAST_LOGIN_DATE, new
Date().toString());
-
+ //
+ if (log.isTraceEnabled())
+ {
+ log.trace("Finalizing user " + userId);
+ }
+
+ //
+ // Here we use JNDI to locate the module as this finalizer could have
been
+ // migrated in the session of another node of the cluster
+ UserModule userModule = null;
+ UserProfileModule userProfileModule = null;
+ InitialContext ctx = new InitialContext();
+ tx = (UserTransaction)ctx.lookup("UserTransaction");
+ tx.begin();
+ try
+ {
+ userModule = (UserModule)new
InitialContext().lookup("java:portal/UserModule");
+ userProfileModule = (UserProfileModule)new
InitialContext().lookup("java:portal/UserProfileModule");
+ }
+ catch (NameNotFoundException ignore)
+ {
+ // Name is not bound anymore, it could happen during a shutdown, we
don't do anything
+ }
+
+ // Get user and set last visit date to now if we can
+ if (userModule != null && userProfileModule != null)
+ {
+ try
+ {
+ User user = userModule.findUserById(userId);
+ //user.setLastVisitDate(new Date());
+ userProfileModule.setProperty(user, User.INFO_USER_LAST_LOGIN_DATE,
new Date().toString());
+
+ }
+ catch (NoSuchUserException e)
+ {
+ // User is not found
+ log.warn("Trying to finalize non existing user " +
userId);
+ }
+ }
+ tx.commit();
}
- catch (NoSuchUserException e)
+ catch(Exception e)
{
- // User is not found
- log.warn("Trying to finalize non existing user " + userId);
- }
+ try{tx.rollback();}catch(Exception rbe){}
+ throw new RuntimeException(e);
+ }
}
}
- }
+ }
}
Modified:
branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/conf/identity/standardidentity-config.xml
===================================================================
---
branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/conf/identity/standardidentity-config.xml 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/conf/identity/standardidentity-config.xml 2007-11-27
20:17:12 UTC (rev 9136)
@@ -320,6 +320,11 @@
<name>membershipAttributeIsDN</name>
<value>true</value>
</option>
+ <!-- NOTE: defaultAdminRole is a required option -->
+ <option>
+ <name>defaultAdminRole</name>
+ <value>Admin</value>
+ </option>
</option-group>
<option-group>
<group-name>userCreateAttibutes</group-name>
Modified:
branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
---
branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2007-11-27
20:17:12 UTC (rev 9136)
@@ -1460,6 +1460,11 @@
}
}
+ /**
+ *
+ * @param portletRequest
+ * @return
+ */
private boolean isSecurityConsoleAccessible(PortletRequest portletRequest)
{
try
@@ -1470,12 +1475,13 @@
{
User user =
this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName());
Set roles = this.membershipModule.getRoles(user);
+ String defaultAdminRole =
this.authorizationManager.getProvider().getDefaultAdminRole();
if (roles != null)
{
for (Iterator itr = roles.iterator(); itr.hasNext();)
{
Role role = (Role)itr.next();
- if (role.getName().equalsIgnoreCase("admin"))
+ if (role.getName().equalsIgnoreCase(defaultAdminRole))
{
isAccessible = true;
break;
Modified:
branches/JBoss_Portal_Branch_2_6/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml
===================================================================
---
branches/JBoss_Portal_Branch_2_6/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml 2007-11-27
18:41:46 UTC (rev 9135)
+++
branches/JBoss_Portal_Branch_2_6/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml 2007-11-27
20:17:12 UTC (rev 9136)
@@ -61,7 +61,7 @@
<depends>portal:service=JAASLoginModule</depends>
<depends>portal:service=Hibernate,type=CMS</depends>
<depends>cms.pm.cache:service=TreeCache</depends>
- <depends optional-attribute-name="IdentityServiceController"
proxy-type="attribute">portal:service=Module,type=IdentityServiceController</depends>
+ <depends optional-attribute-name="AuthorizationManager"
proxy-type="attribute">portal:service=AuthorizationManager,type=cms</depends>
<!-- Add this to activate publish/approval workflow integration -->
<!--
@@ -74,7 +74,6 @@
<attribute name="DefaultLocale">en</attribute>
<attribute
name="RepositoryName">PortalRepository</attribute>
<attribute
name="HomeDir">${jboss.server.data.dir}${/}portal${/}cms${/}conf</attribute>
- <attribute
name="IdentitySessionFactory">java:/portal/IdentitySessionFactory</attribute>
<attribute name="Config">
<Repository>
<!--
@@ -466,6 +465,12 @@
xmbean-dd=""
xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
<xmbean/>
+ <!--
+ NOTE: cmsRootUserName denotes a single Portal user that has access to everything
in the CMS. Denote this user
+ carefully and should be synonymous to the 'root' user in a Unix system. By
default: this value is the built-in
+ 'admin' user account. This can be changed to any other user account
registered in your Portal
+ -->
+ <attribute name="CmsRootUserName">admin</attribute>
<depends optional-attribute-name="IdentityServiceController"
proxy-type="attribute">portal:service=Module,type=IdentityServiceController</depends>
</mbean>