Author: sohil.shah(a)jboss.com
Date: 2007-01-24 17:24:36 -0500 (Wed, 24 Jan 2007)
New Revision: 6090
Added:
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManager.java
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManagerImpl.java
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
trunk/cms/src/main/org/jboss/portal/cms/security/CMSPermission.java
trunk/cms/src/main/org/jboss/portal/cms/security/PortalCMSSecurityContext.java
trunk/core/src/resources/portal-cms-sar/
trunk/core/src/resources/portal-cms-sar/META-INF/
Removed:
trunk/cms/src/main/org/jboss/portal/cms/security/PermissionManager.java
trunk/cms/src/main/org/jboss/portal/cms/security/PortalSecurityContext.java
trunk/cms/src/main/org/jboss/portal/cms/security/SecurityContext.java
Modified:
trunk/cms/build.xml
trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProvider.java
trunk/cms/src/main/org/jboss/portal/cms/security/Permission.java
trunk/cms/src/main/org/jboss/portal/test/cms/commands/SecureCommandTestCase.java
trunk/core-cms/
trunk/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
trunk/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml
trunk/core-management/
trunk/core-samples/
trunk/registration/
trunk/workflow/
Log:
Integrate the CMS Fine Grained Security Infrastructure with the Portal Security SPI -
JBPORTAL-1150
Modified: trunk/cms/build.xml
===================================================================
--- trunk/cms/build.xml 2007-01-24 16:55:18 UTC (rev 6089)
+++ trunk/cms/build.xml 2007-01-24 22:24:36 UTC (rev 6090)
@@ -111,7 +111,7 @@
<path refid="jgroups.jgroups.classpath"/>
<path refid="sun.servlet.classpath"/>
<!-- jbpm integration -->
- <path refid="jbpm.jbpm.classpath"/>
+ <path refid="jbpm.jbpm.classpath"/>
</path>
@@ -131,6 +131,7 @@
<path refid="jboss.portal-test.classpath"/>
<!-- fine grained security integration -->
<path refid="jboss.portal-identity.classpath"/>
+ <path refid="jboss.portal-security.classpath"/>
<!-- clustered testcases related -->
<path refid="jboss.portal-portlet.classpath"/>
<path refid="jboss.portlet-api.classpath"/>
Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
===================================================================
---
trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-01-24
16:55:18 UTC (rev 6089)
+++
trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -31,10 +31,14 @@
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
+import java.util.Set;
+import java.util.HashSet;
import javax.naming.InitialContext;
import javax.naming.NamingException;
+import org.jboss.portal.security.PortalPermission;
+
import org.jboss.portal.cms.CMSException;
import org.jboss.portal.cms.CMSInterceptor;
import org.jboss.portal.cms.impl.jcr.JCRCommand;
@@ -53,7 +57,6 @@
import org.jboss.portal.identity.User;
import org.jboss.portal.identity.Role;
-import org.jboss.portal.identity.db.HibernateRoleImpl;
import org.jboss.portal.identity.RoleModule;
import org.jboss.portal.identity.AnnonymousRole;
@@ -65,13 +68,8 @@
*
*/
public class ACLInterceptor extends CMSInterceptor
-{
+{
/**
- *
- */
- private AuthorizationProvider authorizationProvider = null;
-
- /**
* default security policy that the cms service should be booted with
*/
private String defaultPolicy = null;
@@ -88,38 +86,30 @@
/**
*
+ */
+ private AuthorizationManager authorizationManager = null;
+
+
+
+ /**
+ *
* @return
*/
- public String getAuthorizationProviderClass()
+ public AuthorizationManager getAuthorizationManager()
{
- String authorizationProviderStr = null;
- if(this.authorizationProvider!=null)
- {
- authorizationProviderStr = authorizationProvider.getClass().getName();
- }
- return authorizationProviderStr;
+ return this.authorizationManager;
}
/**
*
- * @param authorizationProviderStr
+ * @param authorizationManager
*/
- public void setAuthorizationProviderClass(String authorizationProviderStr)
+ public void setAuthorizationManager(AuthorizationManager authorizationManager)
{
- try
- {
- this.authorizationProvider = (AuthorizationProvider)Thread.currentThread().
- getContextClassLoader().loadClass(authorizationProviderStr).newInstance();
- }
- catch(Exception e)
- {
- this.authorizationProvider = null;
- this.stop();
- throw new RuntimeException(e);
- }
+ this.authorizationManager = authorizationManager;
}
- /**
+ /**
*
* @return
*/
@@ -189,12 +179,13 @@
//setup the security context with enough information for the authorization
provider
//to be able to make an enforcement decision
- PortalSecurityContext securityContext = new PortalSecurityContext(user);
+ PortalCMSSecurityContext securityContext = new PortalCMSSecurityContext(user);
securityContext.setAttribute("command",invocation);
//perform access check
- boolean allowAccess = this.authorizationProvider.hasAccess(securityContext);
+ PortalPermission cmsPermission = new CMSPermission(securityContext);
+ boolean allowAccess = this.authorizationManager.checkPermission(cmsPermission);
tx.commit();
Tools.closeSession(session);
@@ -226,7 +217,7 @@
* @param response
* @return
*/
- private Object applyFilter(Object response,PortalSecurityContext securityContext)
+ private Object applyFilter(Object response,PortalCMSSecurityContext securityContext)
{
Session session = Tools.getOpenSession();
Transaction tx = session.beginTransaction();
@@ -245,8 +236,9 @@
for(Iterator itr=folder.getFolders().iterator();itr.hasNext();)
{
Folder cour = (Folder)itr.next();
- securityContext.setAttribute("applyFilter",cour.getBasePath());
- boolean allow = this.authorizationProvider.hasAccess(securityContext);
+ securityContext.setAttribute("applyFilter",cour.getBasePath());
+ PortalPermission cmsPermission = new CMSPermission(securityContext);
+ boolean allow =
this.authorizationManager.checkPermission(cmsPermission);
if(allow)
{
filteredFolders.add(cour);
@@ -256,7 +248,8 @@
{
File cour = (File)itr.next();
securityContext.setAttribute("applyFilter",cour.getBasePath());
- boolean allow = this.authorizationProvider.hasAccess(securityContext);
+ PortalPermission cmsPermission = new CMSPermission(securityContext);
+ boolean allow =
this.authorizationManager.checkPermission(cmsPermission);
if(allow)
{
filteredFiles.add(cour);
@@ -286,6 +279,8 @@
{
super.startService();
+ log.info("AuthorizationManager
initialized="+this.authorizationManager);
+
Tools.init(this.jndiName);
try
@@ -336,8 +331,10 @@
for(Iterator
itr=parsedPermissions.iterator();itr.hasNext();)
{
Permission permission = (Permission)itr.next();
- permission.addCriteria(new Criteria(name,value));
- PermissionManager.getInstance().store(permission);
+ permission.addCriteria(new Criteria(name,value));
+ Set securityBinding = new HashSet();
+ securityBinding.add(permission);
+
this.authorizationManager.getProvider().setSecurityBindings(null,securityBinding);
}
tx.commit();
}
Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-01-24
16:55:18 UTC (rev 6089)
+++ trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -30,12 +30,11 @@
import org.jboss.portal.cms.impl.jcr.JCRCommand;
import org.jboss.portal.cms.impl.jcr.composite.NewFileCommand;
import org.jboss.portal.cms.impl.jcr.composite.UpdateFileCommand;
-import org.jboss.portal.cms.security.AuthorizationProvider;
-import org.jboss.portal.cms.security.PortalSecurityContext;
-import org.jboss.portal.cms.security.SecurityContext;
+import org.jboss.portal.cms.security.PortalCMSSecurityContext;
import org.jboss.portal.cms.security.Permission;
-import org.jboss.portal.cms.security.PermissionManager;
import org.jboss.portal.cms.security.Criteria;
+import org.jboss.portal.cms.security.AuthorizationManager;
+
import org.jboss.portal.identity.User;
/**
@@ -45,7 +44,7 @@
* @author Sohil Shah - sohil.shah(a)jboss.com - Nov 28, 2006
*
*/
-public class ACLEnforcer implements AuthorizationProvider
+public class ACLEnforcer
{
private Collection readCommands = new ArrayList(); //a list of commands that perform
read action on the cms
private Collection writeCommands = new ArrayList();//a list of commands that perform
write action on the cms
@@ -55,14 +54,17 @@
private static final int write = 1;
private static final int manage = 2;
+ private AuthorizationManager authorizationManager = null;
+
/**
*
*
*/
- public ACLEnforcer()
+ public ACLEnforcer(AuthorizationManager authorizationManager)
{
super();
+ this.authorizationManager = authorizationManager;
String packageName = "org.jboss.portal.cms.impl.jcr.command.";
@@ -96,12 +98,11 @@
* @param securityContext
* @return
*/
- public boolean hasAccess(SecurityContext context)
+ public boolean hasAccess(PortalCMSSecurityContext cmsSecurityContext)
{
- boolean hasAccess = true;
- PortalSecurityContext portalSecurityContext = (PortalSecurityContext)context;
- User loggedInUser = (User)portalSecurityContext.getIdentity();
- JCRCommand command =
(JCRCommand)portalSecurityContext.getAttribute("command");
+ boolean hasAccess = true;
+ User loggedInUser = (User)cmsSecurityContext.getIdentity();
+ JCRCommand command =
(JCRCommand)cmsSecurityContext.getAttribute("command");
int actionCode = -1;
if(command != null)
@@ -125,9 +126,9 @@
default:
//check if a filter needs to be applied here......
//only show resources that the user has write or more access to
- if(context.getAttribute("applyFilter")!=null)
+ if(cmsSecurityContext.getAttribute("applyFilter")!=null)
{
- String path = (String)context.getAttribute("applyFilter");
+ String path =
(String)cmsSecurityContext.getAttribute("applyFilter");
hasAccess = this.computeToolAccess(loggedInUser,path);
}
break;
@@ -375,7 +376,9 @@
for(Iterator itr2=userPermissions.iterator();itr2.hasNext();)
{
Permission userPermission = (Permission)itr2.next();
- if(userPermission.getService().equals("cms")
&& userPermission.getAction().equals(action))
+ if( userPermission.getService().equals("cms")
&&
+ this.isActionImplied(userPermission.getAction(),action)
+ )
{
String pathCriteria =
userPermission.findCriteriaValue("path");
if(pathCriteria.equals(currentNode))
@@ -496,16 +499,19 @@
{
Collection permissions = null;
long userId = 0;
+
if(user!=null)
{
//this is not an anonymous access
userId = ((Long)user.getId()).longValue();
- permissions = PermissionManager.getInstance().findPermissionsByUser(userId);
+ String uri =
this.authorizationManager.getProvider().getUserURI(String.valueOf(userId));
+ permissions =
this.authorizationManager.getProvider().getSecurityBindings(uri);
}
else
{
//this is an anonymous access
- permissions = PermissionManager.getInstance().findPermissionsByRole(0);
+ String uri =
this.authorizationManager.getProvider().getRoleURI(String.valueOf(0));
+ permissions = this.authorizationManager.getProvider().getSecurityBindings(uri);
}
return permissions;
}
@@ -518,7 +524,11 @@
private Collection getPermissions(String path)
{
Criteria criteria = new Criteria("path",path);
- return PermissionManager.getInstance().findPermissionsByCriteria(criteria);
+
+ String uri = this.authorizationManager.getProvider().
+ getCriteriaURI(criteria.getName(), criteria.getValue());
+
+ return this.authorizationManager.getProvider().getSecurityBindings(uri);
}
/**
@@ -618,4 +628,39 @@
return match;
}
+
+ /**
+ *
+ * @param action
+ * @param impliedTarget
+ * @return
+ */
+ private boolean isActionImplied(String action,String impliedTarget)
+ {
+ boolean implied = false;
+
+ if(impliedTarget.equalsIgnoreCase("read"))
+ {
+ if(action.equalsIgnoreCase("read") ||
action.equalsIgnoreCase("write") ||
action.equalsIgnoreCase("manage"))
+ {
+ implied = true;
+ }
+ }
+ else if(impliedTarget.equalsIgnoreCase("write"))
+ {
+ if(action.equalsIgnoreCase("write") ||
action.equalsIgnoreCase("manage"))
+ {
+ implied = true;
+ }
+ }
+ else if(impliedTarget.equalsIgnoreCase("manage"))
+ {
+ if(action.equalsIgnoreCase("manage"))
+ {
+ implied = true;
+ }
+ }
+
+ return implied;
+ }
}
Added: trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManager.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManager.java
(rev 0)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManager.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -0,0 +1,42 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.cms.security;
+
+import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
+import org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory;
+
+/**
+ * Created on : Jan 24, 2007
+ * @author Sohil Shah - sohil.shah(a)jboss.com
+ *
+ */
+public interface AuthorizationManager extends
+PortalAuthorizationManagerFactory,
+PortalAuthorizationManager
+{
+ /**
+ *
+ * @return
+ */
+ public AuthorizationProvider getProvider();
+}
Added: trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManagerImpl.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManagerImpl.java
(rev 0)
+++
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManagerImpl.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -0,0 +1,137 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.cms.security;
+
+import javax.security.auth.Subject;
+
+import org.jboss.portal.jems.as.system.AbstractJBossService;
+
+import org.jboss.portal.security.PortalPermission;
+import org.jboss.portal.security.PortalSecurityException;
+import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
+
+import org.jboss.portal.cms.impl.jcr.command.ACLEnforcer;
+import org.jboss.portal.common.util.JNDI;
+
+/**
+ * Created on : Jan 23, 2007
+ * @author Sohil Shah - sohil.shah(a)jboss.com
+ *
+ */
+public class AuthorizationManagerImpl extends AbstractJBossService implements
AuthorizationManager
+{
+ /**
+ *
+ */
+ private ACLEnforcer enforcer = null;
+
+ /**
+ *
+ */
+ private AuthorizationProvider provider = null;
+
+ /**
+ *
+ */
+ private String jndiName = null;
+ private JNDI.Binding jndiBinding = null;
+
+ /**
+ *
+ * @return
+ */
+ public AuthorizationProvider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ *
+ * @param provider
+ */
+ public void setProvider(AuthorizationProvider provider)
+ {
+ this.provider = provider;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public String getJNDIName()
+ {
+ return this.jndiName;
+ }
+
+ /**
+ *
+ * @param jndiName
+ */
+ public void setJNDIName(String jndiName)
+ {
+ this.jndiName = jndiName;
+ }
+
+ /**
+ *
+ */
+ public void startService() throws Exception
+ {
+ super.startService();
+
+ //perform jndi registration for this service
+ if (this.jndiName != null)
+ {
+ jndiBinding = new JNDI.Binding(jndiName, this);
+ jndiBinding.bind();
+ }
+
+ //initialize the authorization/policy enforcer
+ enforcer = new ACLEnforcer(this);
+ }
+
+ //---PortalAuthorizationManagerFactory
implementation-----------------------------------------------
+ /**
+ *
+ */
+ public PortalAuthorizationManager getManager() throws PortalSecurityException
+ {
+ return this;
+ }
+ //---PortalAuthorizationManager
implementation-------------------------------------------------------
+ /**
+ *
+ */
+ public boolean checkPermission(PortalPermission permission) throws
PortalSecurityException
+ {
+ return this.enforcer.hasAccess(((CMSPermission)permission).getSecurityContext());
+ }
+
+ /**
+ *
+ */
+ public boolean checkPermission(Subject checkedSubject, PortalPermission permission)
throws PortalSecurityException
+ {
+ return this.checkPermission(permission);
+ }
+}
Modified: trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProvider.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProvider.java 2007-01-24
16:55:18 UTC (rev 6089)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProvider.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -1,39 +1,58 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
-*/
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
package org.jboss.portal.cms.security;
+import org.jboss.portal.security.spi.provider.AuthorizationDomain;
+import org.jboss.portal.security.spi.provider.DomainConfigurator;
+
/**
- *
- * @author Sohil Shah - sohil.shah(a)jboss.com - Nov 27, 2006
+ * Created on : Jan 24, 2007
+ * @author Sohil Shah - sohil.shah(a)jboss.com
*
*/
-public interface AuthorizationProvider
+public interface AuthorizationProvider extends
+AuthorizationDomain,
+DomainConfigurator
{
- /**
- * Checks if the currently logged in user has the necessary privileges to access the
resources
- * encapsulated within the securityContext
- *
- * @param context security context containing the information used to enforce access
control
- * @return true - access should be granted, false - access should not be granted
- */
- public boolean hasAccess(SecurityContext context);
+ /**
+ *
+ * @param userId
+ * @return
+ */
+ public String getUserURI(String userId);
+
+ /**
+ *
+ * @param roleId
+ * @return
+ */
+ public String getRoleURI(String roleId);
+
+ /**
+ *
+ * @param name
+ * @param value
+ * @return
+ */
+ public String getCriteriaURI(String name,String value);
}
Added: trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
(rev 0)
+++
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -0,0 +1,358 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.cms.security;
+
+import java.util.Collection;
+import java.util.Set;
+import java.util.Iterator;
+import java.util.HashSet;
+
+import org.hibernate.Query;
+import org.hibernate.Session;
+import org.jboss.portal.cms.hibernate.state.Tools;
+import org.jboss.portal.identity.Role;
+import org.jboss.portal.identity.User;
+import org.jboss.portal.jems.as.system.AbstractJBossService;
+
+import org.jboss.portal.security.spi.provider.DomainConfigurator;
+import org.jboss.portal.security.spi.provider.PermissionFactory;
+import org.jboss.portal.security.spi.provider.PermissionRepository;
+import org.jboss.portal.security.spi.provider.SecurityConfigurationException;
+
+/**
+ * Created on : Jan 23, 2007
+ * @author Sohil Shah - sohil.shah(a)jboss.com
+ *
+ */
+public class AuthorizationProviderImpl extends AbstractJBossService implements
AuthorizationProvider
+{
+ /**
+ *
+ */
+ public void startService() throws Exception
+ {
+ super.startService();
+ }
+
+ //------AuthorizationDomain
impl-----------------------------------------------------------------
+ /**
+ *
+ */
+ public DomainConfigurator getConfigurator()
+ {
+ return this;
+ }
+
+ /**
+ *
+ */
+ public PermissionFactory getPermissionFactory()
+ {
+ return null;
+ }
+
+ /**
+ *
+ */
+ public PermissionRepository getPermissionRepository()
+ {
+ return null;
+ }
+
+ /**
+ *
+ */
+ public String getType()
+ {
+ return this.getClass().getName();
+ }
+ //------DomainConfigurator
impl------------------------------------------------------------------
+ /**
+ *
+ */
+ public void setSecurityBindings(String uri, Set securityBindings) throws
SecurityConfigurationException
+ {
+ if(securityBindings != null)
+ {
+ for(Iterator itr=securityBindings.iterator();itr.hasNext();)
+ {
+ Permission securityBinding = (Permission)itr.next();
+ if(securityBinding.getRoles()!=null || securityBinding.getUsers()!=null)
+ {
+ this.store(securityBinding,securityBinding.getRoles(),securityBinding.getUsers());
+ }
+ else
+ {
+ this.store(securityBinding);
+ }
+ }
+ }
+ }
+
+ /**
+ *
+ */
+ public void removeSecurityBindings(String uri) throws SecurityConfigurationException
+ {
+ Set permissions = this.getSecurityBindings(uri);
+ this.remove(permissions);
+ }
+
+ /**
+ *
+ */
+ public Set getSecurityBindings(String uri)
+ {
+ Set permissions = new HashSet();
+
+ if(uri.startsWith("user://"))
+ {
+ String userId = uri.substring("user://".length());
+ Collection cour = this.findPermissionsByUser(Long.parseLong(userId));
+ if(cour != null)
+ {
+ permissions.addAll(cour);
+ }
+ }
+ else if(uri.startsWith("role://"))
+ {
+ String roleId = uri.substring("role://".length());
+ Collection cour = this.findPermissionsByRole(Long.parseLong(roleId));
+ if(cour != null)
+ {
+ permissions.addAll(cour);
+ }
+ }
+ else if(uri.startsWith("criteria://"))
+ {
+ String criteria = uri.substring("criteria://".length());
+ int index = criteria.indexOf('/');
+ String name = criteria.substring(0,index);
+ String value = criteria.substring(index+1);
+ Criteria input = new Criteria(name,value);
+ Collection cour = this.findPermissionsByCriteria(input);
+ if(cour != null)
+ {
+ permissions.addAll(cour);
+ }
+ }
+
+ return permissions;
+ }
+ //---------URIFactory
impl-----------------------------------------------------------------------------------------
+ /**
+ *
+ */
+ public String getUserURI(String userId)
+ {
+ return "user://"+userId;
+ }
+
+ /**
+ *
+ * @param roleId
+ * @return
+ */
+ public String getRoleURI(String roleId)
+ {
+ return "role://"+roleId;
+ }
+
+ /**
+ *
+ * @param name
+ * @param value
+ * @return
+ */
+ public String getCriteriaURI(String name,String value)
+ {
+ return "criteria://"+name+"/"+value;
+ }
+ //--------------------------------------------------------------------------------------------------------------
+ /**
+ * Stores a permission and its associations into peristent storage
+ *
+ * @param permission - Permission to be persisted
+ * @param roles - Roles associated with this permission
+ * @param users - Individual users associated with this permission
+ */
+ private void store(Permission permission,Collection roles,Collection users)
+ {
+ //setup the role association
+ if(roles != null)
+ {
+ Set roleAssoc = new HashSet();
+ for(Iterator itr=roles.iterator();itr.hasNext();)
+ {
+ Role role = (Role)itr.next();
+ PermRoleAssoc cour = new PermRoleAssoc();
+ if(role.getId()!=null)
+ {
+ cour.setRoleId(((Long)role.getId()).longValue());
+ }
+ roleAssoc.add(cour);
+ }
+ permission.setRoleAssoc(roleAssoc);
+ }
+ else
+ {
+ permission.setRoleAssoc(null);
+ }
+
+
+ //setup the user association
+ if(users != null)
+ {
+ Set userAssoc = new HashSet();
+ for(Iterator itr=users.iterator();itr.hasNext();)
+ {
+ User user = (User)itr.next();
+ PermUserAssoc cour = new PermUserAssoc();
+ cour.setUserId(((Long)user.getId()).longValue());
+ userAssoc.add(cour);
+ }
+ permission.setUserAssoc(userAssoc);
+ }
+ else
+ {
+ permission.setUserAssoc(null);
+ }
+
+ //persist this into the database
+ this.store(permission);
+ }
+
+ /**
+ * Stores a permission and its associations into peristent storage
+ *
+ * @param permission - Permission to be persisted
+ */
+ private void store(Permission permission)
+ {
+ //persist this into the database
+ Session session = Tools.getCurrentSession();
+ session.saveOrUpdate(permission);
+ }
+
+ /**
+ * Deletes the specified permissions from the database
+ *
+ * @param permissions
+ */
+ private void remove(Collection permissions)
+ {
+ Session session = Tools.getCurrentSession();
+ if(permissions!=null)
+ {
+ for(Iterator itr=permissions.iterator();itr.hasNext();)
+ {
+ Permission permission = (Permission)itr.next();
+ session.delete(permission);
+ }
+ }
+ }
+
+
+ /**
+ * Returns all permissions associated with the specified user
+ *
+ * @param user
+ * @return
+ */
+ private Collection findPermissionsByUser(long userId)
+ {
+ Collection permissions = new HashSet();
+
+ String lookupByUser = "SELECT permission from Permission permission JOIN
permission.userAssoc user WHERE user.userId=?";
+ String lookupByRole = "SELECT * from jbp_cms_perm p,jbp_cms_perm_role
r,jbp_role_membership m WHERE " +
+ "p.id=r.cms_perm_id AND " +
+ "r.role_id=m.jbp_rid AND " +
+ "m.jbp_uid=?";
+
+ Session session = Tools.getCurrentSession();
+
+ //perform lookup by explicitly specified users
+ Query userQuery = session.createQuery(lookupByUser);
+ userQuery.setLong(0,userId);
+ userQuery.setCacheable(true);
+ permissions.addAll(userQuery.list());
+
+
+ //perform lookup based on role membership
+ Query roleQuery =
session.createSQLQuery(lookupByRole).addEntity(Permission.class);
+ roleQuery.setLong(0,userId);
+ roleQuery.setCacheable(true);
+ permissions.addAll(roleQuery.list());
+
+ return permissions;
+ }
+
+ /**
+ * Returns all permissions associated with the specified role
+ *
+ * @param role
+ * @return
+ */
+ private Collection findPermissionsByRole(long roleId)
+ {
+ Collection permissions = new HashSet();
+
+ String lookupByRole = "SELECT permission from Permission permission JOIN
permission.roleAssoc role WHERE role.roleId=?";
+
+ Session session = Tools.getCurrentSession();
+
+ //perform lookup by explicitly specified users
+ Query roleQuery = session.createQuery(lookupByRole);
+ roleQuery.setLong(0,roleId);
+ roleQuery.setCacheable(true);
+ permissions.addAll(roleQuery.list());
+
+
+ return permissions;
+ }
+
+ /**
+ * Return all permissions that match the specified criteria
+ *
+ * @param criteria
+ * @return
+ */
+ private Collection findPermissionsByCriteria(Criteria criteria)
+ {
+ Collection permissions = new HashSet();
+
+ String lookupByCriteria = "SELECT permission from Permission permission JOIN
permission.criteria criteria WHERE criteria.name=? AND criteria.value=?";
+
+ Session session = Tools.getCurrentSession();
+
+ //perform lookup by explicitly specified users
+ Query criteriaQuery = session.createQuery(lookupByCriteria);
+ criteriaQuery.setString(0,criteria.getName());
+ criteriaQuery.setString(1,criteria.getValue());
+ criteriaQuery.setCacheable(true);
+ permissions.addAll(criteriaQuery.list());
+
+
+ return permissions;
+ }
+}
Added: trunk/cms/src/main/org/jboss/portal/cms/security/CMSPermission.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/CMSPermission.java
(rev 0)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/CMSPermission.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -0,0 +1,118 @@
+/******************************************************************************
+ * JBoss, a division of Red Hat *
+ * Copyright 2006, Red Hat Middleware, LLC, and individual *
+ * contributors as indicated by the @authors tag. See the *
+ * copyright.txt in the distribution for a full listing of *
+ * individual contributors. *
+ * *
+ * This is free software; you can redistribute it and/or modify it *
+ * under the terms of the GNU Lesser General Public License as *
+ * published by the Free Software Foundation; either version 2.1 of *
+ * the License, or (at your option) any later version. *
+ * *
+ * This software is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * Lesser General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU Lesser General Public *
+ * License along with this software; if not, write to the Free *
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org. *
+ ******************************************************************************/
+package org.jboss.portal.cms.security;
+
+
+import javax.security.auth.Subject;
+
+import org.jboss.portal.security.PortalPermission;
+import org.jboss.portal.security.PortalSecurityException;
+import org.jboss.portal.security.spi.provider.PermissionRepository;
+
+/**
+ * Created on : Jan 23, 2007
+ * @author Sohil Shah - sohil.shah(a)jboss.com
+ *
+ */
+public class CMSPermission extends PortalPermission
+{
+ private PortalCMSSecurityContext securityContext = null;
+
+ /**
+ *
+ */
+ public CMSPermission(String name, String uri)
+ {
+ super(name,uri);
+ }
+
+ /**
+ *
+ * @param wrappedPermission
+ */
+ public CMSPermission(PortalCMSSecurityContext securityContext)
+ {
+ super("","");
+ this.securityContext = securityContext;
+ }
+
+ //--------PortalPermission
implementation------------------------------------------------------------
+ /**
+ *
+ */
+ public String getType()
+ {
+ return this.getClass().getName();
+ }
+
+ /**
+ *
+ */
+ public boolean implies(PermissionRepository repository, Subject caller,
+ String roleName, PortalPermission permission)
+ throws PortalSecurityException
+ {
+ return false;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public PortalCMSSecurityContext getSecurityContext()
+ {
+ return this.securityContext;
+ }
+ //-------Permission
implementation------------------------------------------------------------------
+ /**
+ *
+ */
+ public boolean equals(Object obj)
+ {
+ return false;
+ }
+
+ /**
+ *
+ */
+ public String getActions()
+ {
+ return null;
+ }
+
+ /**
+ *
+ */
+ public int hashCode()
+ {
+ return 0;
+ }
+
+ /**
+ *
+ */
+ public boolean implies(java.security.Permission permission)
+ {
+ return false;
+ }
+}
Modified: trunk/cms/src/main/org/jboss/portal/cms/security/Permission.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/Permission.java 2007-01-24 16:55:18
UTC (rev 6089)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/Permission.java 2007-01-24 22:24:36
UTC (rev 6090)
@@ -37,8 +37,8 @@
*
*/
private long id = 0; //unique id for this permission object in the storage (typically
database)
- private String service = null;
- private String action = null;
+ private String service = null; //portal service that this permission applies to like
cms etc
+ private String action = null; //action on the service that needs to be protected
private boolean isNegated = false;
/**
@@ -50,6 +50,12 @@
/**
*
+ */
+ private Set roles = null; //these are information carrying fields, they are not
persisted in the database
+ private Set users = null; //these are information carrying fields, they are not
persisted in the database
+
+ /**
+ *
*
*/
public Permission()
@@ -306,11 +312,47 @@
}
return ids;
}
-
/**
*
+ * @return
*/
+ public Set getRoles()
+ {
+ return roles;
+ }
+
+ /**
+ *
+ * @param roles
+ */
+ public void setRoles(Set roles)
+ {
+ this.roles = roles;
+ }
+
+ /**
+ *
+ * @return
+ */
+ public Set getUsers()
+ {
+ return users;
+ }
+
+ /**
+ *
+ * @param users
+ */
+ public void setUsers(Set users)
+ {
+ this.users = users;
+ }
+
+
+ /**
+ *
+ */
public String toString()
{
StringBuffer buffer = new StringBuffer();
Deleted: trunk/cms/src/main/org/jboss/portal/cms/security/PermissionManager.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/PermissionManager.java 2007-01-24
16:55:18 UTC (rev 6089)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/PermissionManager.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -1,240 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
-*/
-package org.jboss.portal.cms.security;
-
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.Set;
-import java.util.HashSet;
-
-import org.hibernate.Query;
-import org.hibernate.Session;
-
-
-import org.jboss.portal.cms.hibernate.state.Tools;
-import org.jboss.portal.identity.User;
-import org.jboss.portal.identity.Role;
-
-/**
- * PermissionManager is used to manage (create,read,update,delete) permissions stored in
the database
- *
- * @author Sohil Shah - sohil.shah(a)jboss.com - Dec 1, 2006
- *
- */
-public class PermissionManager
-{
- /**
- * the singleton instance. This is a stateless component
- */
- private static PermissionManager singleton = null;
-
- /**
- *
- *
- */
- private PermissionManager()
- {
- super();
- }
-
- /**
- *
- * @return
- */
- public static PermissionManager getInstance()
- {
- if(PermissionManager.singleton==null)
- {
- PermissionManager.singleton = new PermissionManager();
- }
- return PermissionManager.singleton;
- }
-
-
- //PermissionManager
API--------------------------------------------------------------------------------------------------------------
- /**
- * Stores a permission and its associations into peristent storage
- *
- * @param permission - Permission to be persisted
- * @param roles - Roles associated with this permission
- * @param users - Individual users associated with this permission
- */
- public void store(Permission permission,Collection roles,Collection users)
- {
- //setup the role association
- if(roles != null)
- {
- Set roleAssoc = new HashSet();
- for(Iterator itr=roles.iterator();itr.hasNext();)
- {
- Role role = (Role)itr.next();
- PermRoleAssoc cour = new PermRoleAssoc();
- if(role.getId()!=null)
- {
- cour.setRoleId(((Long)role.getId()).longValue());
- }
- roleAssoc.add(cour);
- }
- permission.setRoleAssoc(roleAssoc);
- }
- else
- {
- permission.setRoleAssoc(null);
- }
-
-
- //setup the user association
- if(users != null)
- {
- Set userAssoc = new HashSet();
- for(Iterator itr=users.iterator();itr.hasNext();)
- {
- User user = (User)itr.next();
- PermUserAssoc cour = new PermUserAssoc();
- cour.setUserId(((Long)user.getId()).longValue());
- userAssoc.add(cour);
- }
- permission.setUserAssoc(userAssoc);
- }
- else
- {
- permission.setUserAssoc(null);
- }
-
- //persist this into the database
- this.store(permission);
- }
-
- /**
- * Stores a permission and its associations into peristent storage
- *
- * @param permission - Permission to be persisted
- */
- public void store(Permission permission)
- {
- //persist this into the database
- Session session = Tools.getCurrentSession();
- session.saveOrUpdate(permission);
- }
-
- /**
- * Deletes the specified permissions from the database
- *
- * @param permissions
- */
- public void remove(Collection permissions)
- {
- Session session = Tools.getCurrentSession();
- if(permissions!=null)
- {
- for(Iterator itr=permissions.iterator();itr.hasNext();)
- {
- Permission permission = (Permission)itr.next();
- session.delete(permission);
- }
- }
- }
-
-
- /**
- * Returns all permissions associated with the specified user
- *
- * @param user
- * @return
- */
- public Collection findPermissionsByUser(long userId)
- {
- Collection permissions = new HashSet();
-
- String lookupByUser = "SELECT permission from Permission permission JOIN
permission.userAssoc user WHERE user.userId=?";
- String lookupByRole = "SELECT * from jbp_cms_perm p,jbp_cms_perm_role
r,jbp_role_membership m WHERE " +
- "p.id=r.cms_perm_id AND " +
- "r.role_id=m.jbp_rid AND " +
- "m.jbp_uid=?";
-
- Session session = Tools.getCurrentSession();
-
- //perform lookup by explicitly specified users
- Query userQuery = session.createQuery(lookupByUser);
- userQuery.setLong(0,userId);
- userQuery.setCacheable(true);
- permissions.addAll(userQuery.list());
-
-
- //perform lookup based on role membership
- Query roleQuery =
session.createSQLQuery(lookupByRole).addEntity(Permission.class);
- roleQuery.setLong(0,userId);
- roleQuery.setCacheable(true);
- permissions.addAll(roleQuery.list());
-
- return permissions;
- }
-
- /**
- * Returns all permissions associated with the specified role
- *
- * @param role
- * @return
- */
- public Collection findPermissionsByRole(long roleId)
- {
- Collection permissions = new HashSet();
-
- String lookupByRole = "SELECT permission from Permission permission JOIN
permission.roleAssoc role WHERE role.roleId=?";
-
- Session session = Tools.getCurrentSession();
-
- //perform lookup by explicitly specified users
- Query roleQuery = session.createQuery(lookupByRole);
- roleQuery.setLong(0,roleId);
- roleQuery.setCacheable(true);
- permissions.addAll(roleQuery.list());
-
-
- return permissions;
- }
-
- /**
- * Return all permissions that match the specified criteria
- *
- * @param criteria
- * @return
- */
- public Collection findPermissionsByCriteria(Criteria criteria)
- {
- Collection permissions = new HashSet();
-
- String lookupByCriteria = "SELECT permission from Permission permission JOIN
permission.criteria criteria WHERE criteria.name=? AND criteria.value=?";
-
- Session session = Tools.getCurrentSession();
-
- //perform lookup by explicitly specified users
- Query criteriaQuery = session.createQuery(lookupByCriteria);
- criteriaQuery.setString(0,criteria.getName());
- criteriaQuery.setString(1,criteria.getValue());
- criteriaQuery.setCacheable(true);
- permissions.addAll(criteriaQuery.list());
-
-
- return permissions;
- }
-}
Added: trunk/cms/src/main/org/jboss/portal/cms/security/PortalCMSSecurityContext.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/PortalCMSSecurityContext.java
(rev 0)
+++
trunk/cms/src/main/org/jboss/portal/cms/security/PortalCMSSecurityContext.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -0,0 +1,109 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+*/
+package org.jboss.portal.cms.security;
+
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.jboss.portal.identity.User;
+
+/**
+ * An implementation of SecurityContext for the core Portal Engine
+ *
+ * @author Sohil Shah - sohil.shah(a)jboss.com - Nov 27, 2006
+ *
+ */
+public class PortalCMSSecurityContext implements Serializable
+{
+ private Map contextMap = null;
+
+ /**
+ * signifies the user currently logged in to the system
+ */
+ private User portalUser = null;
+
+
+ /**
+ *
+ *
+ */
+ public PortalCMSSecurityContext(User portalUser)
+ {
+ super();
+ this.portalUser = portalUser;
+ this.contextMap = new HashMap();
+ }
+
+ /**
+ * This method returns the Identity of the user logged into the portal. The return
value is of type
+ * org.jboss.portal.identity.User
+ *
+ * @return Identity related information associated with the user logged into the
portal
+ */
+ public Object getIdentity()
+ {
+ return this.portalUser;
+ }
+
+ /**
+ * Returns value corresponding to the specified attribute name
+ *
+ * @param name
+ * @return
+ */
+ public Object getAttribute(String name)
+ {
+ return this.contextMap.get(name);
+ }
+
+ /**
+ * Sets a specified value corresponding to the specified name in the context
+ *
+ * @param name
+ * @param value
+ */
+ public void setAttribute(String name,Object value)
+ {
+ this.contextMap.put(name,value);
+ }
+
+ /**
+ * Removes the specified attribute
+ *
+ * @param name
+ */
+ public void removeAttribute(String name)
+ {
+ this.contextMap.remove(name);
+ }
+
+ /**
+ * Returns an array of Strings consisting of all keys/names stored in the context
+ *
+ * @return
+ */
+ public String[] getAttributeNames()
+ {
+ return (String[])this.contextMap.keySet().toArray();
+ }
+}
Deleted: trunk/cms/src/main/org/jboss/portal/cms/security/PortalSecurityContext.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/PortalSecurityContext.java 2007-01-24
16:55:18 UTC (rev 6089)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/PortalSecurityContext.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -1,108 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
-*/
-package org.jboss.portal.cms.security;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.jboss.portal.identity.User;
-
-/**
- * An implementation of SecurityContext for the core Portal Engine
- *
- * @author Sohil Shah - sohil.shah(a)jboss.com - Nov 27, 2006
- *
- */
-public class PortalSecurityContext implements SecurityContext
-{
- private Map contextMap = null;
-
- /**
- * signifies the user currently logged in to the system
- */
- private User portalUser = null;
-
-
- /**
- *
- *
- */
- public PortalSecurityContext(User portalUser)
- {
- super();
- this.portalUser = portalUser;
- this.contextMap = new HashMap();
- }
-
- /**
- * This method returns the Identity of the user logged into the portal. The return
value is of type
- * org.jboss.portal.identity.User
- *
- * @return Identity related information associated with the user logged into the
portal
- */
- public Object getIdentity()
- {
- return this.portalUser;
- }
-
- /**
- * Returns value corresponding to the specified attribute name
- *
- * @param name
- * @return
- */
- public Object getAttribute(String name)
- {
- return this.contextMap.get(name);
- }
-
- /**
- * Sets a specified value corresponding to the specified name in the context
- *
- * @param name
- * @param value
- */
- public void setAttribute(String name,Object value)
- {
- this.contextMap.put(name,value);
- }
-
- /**
- * Removes the specified attribute
- *
- * @param name
- */
- public void removeAttribute(String name)
- {
- this.contextMap.remove(name);
- }
-
- /**
- * Returns an array of Strings consisting of all keys/names stored in the context
- *
- * @return
- */
- public String[] getAttributeNames()
- {
- return (String[])this.contextMap.keySet().toArray();
- }
-}
Deleted: trunk/cms/src/main/org/jboss/portal/cms/security/SecurityContext.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/SecurityContext.java 2007-01-24
16:55:18 UTC (rev 6089)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/SecurityContext.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -1,69 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
-*/
-package org.jboss.portal.cms.security;
-
-/**
- *
- * @author Sohil Shah - sohil.shah(a)jboss.com - Nov 27, 2006
- *
- */
-public interface SecurityContext
-{
- /**
- * This method returns the Identity of the user logged into the portal.
- *
- * @return Identity related information associated with the user logged into the
portal
- */
- public Object getIdentity();
-
- /**
- * Returns value corresponding to the specified attribute name
- *
- * @param name
- * @return
- */
- public Object getAttribute(String name);
-
-
- /**
- * Sets a specified value corresponding to the specified name in the context
- *
- * @param name
- * @param value
- */
- public void setAttribute(String name,Object value);
-
- /**
- * Removes the specified attribute
- *
- * @param name
- */
- public void removeAttribute(String name);
-
-
- /**
- * Returns an array of Strings consisting of all keys/names stored in the context
- *
- * @return
- */
- public String[] getAttributeNames();
-}
Modified:
trunk/cms/src/main/org/jboss/portal/test/cms/commands/SecureCommandTestCase.java
===================================================================
---
trunk/cms/src/main/org/jboss/portal/test/cms/commands/SecureCommandTestCase.java 2007-01-24
16:55:18 UTC (rev 6089)
+++
trunk/cms/src/main/org/jboss/portal/test/cms/commands/SecureCommandTestCase.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -51,7 +51,6 @@
//setup the interceptor stack
CMSInterceptorStackFactory stackFactory = new CMSInterceptorStackFactory();
ACLInterceptor aclInterceptor = new ACLInterceptor();
-
aclInterceptor.setAuthorizationProviderClass("org.jboss.portal.cms.impl.jcr.command.ACLEnforcer");
Interceptor[] interceptors = new Interceptor[1];
interceptors[0] = aclInterceptor;
JBossInterceptorStack stack = new JBossInterceptorStack(interceptors);
Property changes on: trunk/core-cms
___________________________________________________________________
Name: svn:ignore
- bin
+ bin
*.log
output
Modified: trunk/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
---
trunk/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2007-01-24
16:55:18 UTC (rev 6089)
+++
trunk/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2007-01-24
22:24:36 UTC (rev 6090)
@@ -37,7 +37,7 @@
import org.jboss.portal.cms.model.Folder;
import org.jboss.portal.cms.security.Criteria;
import org.jboss.portal.cms.security.Permission;
-import org.jboss.portal.cms.security.PermissionManager;
+import org.jboss.portal.cms.security.AuthorizationManager;
import org.jboss.portal.cms.util.FileUtil;
import org.jboss.portal.cms.util.NodeUtil;
import org.jboss.portal.core.cms.command.StreamContentCommand;
@@ -89,6 +89,7 @@
private RoleModule roleModule;
private MembershipModule membershipModule;
private ApprovePublish approvePublish;
+ private AuthorizationManager authorizationManager;
public void init() throws PortletException
{
@@ -96,6 +97,7 @@
userModule = (UserModule)getPortletContext().getAttribute("UserModule");
roleModule = (RoleModule)getPortletContext().getAttribute("RoleModule");
membershipModule =
(MembershipModule)getPortletContext().getAttribute("MembershipModule");
+ this.initializeAuthorizationManager();
if (CMSService == null)
{
@@ -113,8 +115,12 @@
{
throw new PortletException("No membership module");
}
+ if(this.authorizationManager == null)
+ {
+ throw new PortletException("Authorization Service not found");
+ }
- this.initializeApprovePublishWorkflow();
+ this.initializeApprovePublishWorkflow();
}
protected void doView(final JBossRenderRequest rReq, final JBossRenderResponse rRes)
@@ -471,8 +477,9 @@
roleSet = roleModule.findRoles();
userSet = userModule.findUsers(0, 1000);
- Collection permissions = PermissionManager.getInstance().
- findPermissionsByCriteria(new Criteria("path", sPath));
+ String uri =
this.authorizationManager.getProvider().getCriteriaURI("path", sPath);
+ Collection permissions = this.authorizationManager.getProvider().
+ getSecurityBindings(uri);
readRoleSet = this.processRolePermissions(permissions, "read");
readUserSet = this.processUserPermissions(permissions, "read");
@@ -1164,15 +1171,15 @@
(manageUsers == null || manageUsers.length == 0)
)
{
- //remove all direct permissions on this node
- Collection oldPermissions =
PermissionManager.getInstance().findPermissionsByCriteria(new Criteria("path",
path));
- PermissionManager.getInstance().remove(oldPermissions);
+ //remove all direct permissions on this node
+ String uri =
this.authorizationManager.getProvider().getCriteriaURI("path", path);
+ this.authorizationManager.getProvider().removeSecurityBindings(uri);
return;
}
- //cleanup the old permissions on this node, before new ones are created
- Collection oldPermissions =
PermissionManager.getInstance().findPermissionsByCriteria(new Criteria("path",
path));
- PermissionManager.getInstance().remove(oldPermissions);
+ //cleanup the old permissions on this node, before new ones are created
+ String uri =
this.authorizationManager.getProvider().getCriteriaURI("path", path);
+ this.authorizationManager.getProvider().removeSecurityBindings(uri);
//setup the read permission on this node
this.storePermission("read", path, readRoles, readUsers);
@@ -1227,7 +1234,11 @@
}
}
- PermissionManager.getInstance().store(permission, rolesSet, usersSet);
+ permission.setRoles(rolesSet);
+ permission.setUsers(usersSet);
+ Set securityBinding = new HashSet();
+ securityBinding.add(permission);
+ this.authorizationManager.getProvider().setSecurityBindings(null,securityBinding);
}
/**
@@ -1291,7 +1302,8 @@
if (portletRequest.getUserPrincipal() != null)
{
User user =
this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName());
- Collection permissions =
PermissionManager.getInstance().findPermissionsByUser(((Long)user.getId()).longValue());
+ String uri =
this.authorizationManager.getProvider().getUserURI(((Long)user.getId()).toString());
+ Collection permissions =
this.authorizationManager.getProvider().getSecurityBindings(uri);
if (permissions != null)
{
for (Iterator itr = permissions.iterator(); itr.hasNext();)
@@ -1378,4 +1390,21 @@
{
this.approvePublish = approvePublish;
}
+
+ /**
+ *
+ *
+ */
+ private void initializeAuthorizationManager()
+ {
+ try
+ {
+ InitialContext context = new InitialContext();
+ this.authorizationManager =
(AuthorizationManager)context.lookup("java:portal/cms/AuthorizationManager");
+ }
+ catch (Exception e)
+ {
+ this.setApprovePublish(null);
+ }
+ }
}
\ No newline at end of file
Modified: trunk/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml
===================================================================
--- trunk/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml 2007-01-24
16:55:18 UTC (rev 6089)
+++ trunk/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml 2007-01-24
22:24:36 UTC (rev 6090)
@@ -422,8 +422,7 @@
<attribute
name="CacheLoaderFetchPersistentState">false</attribute>
<attribute name="CacheLoaderAsynchronous">false</attribute-->
</mbean>
-
-
+
<!-- interceptor factory where all cms interceptors are registered -->
<mbean
code="org.jboss.portal.server.impl.invocation.JBossInterceptorStackFactory"
@@ -434,6 +433,26 @@
<depends-list optional-attribute-name="InterceptorNames">
<depends-list-element>portal:service=Interceptor,type=Cms,name=ACL</depends-list-element>
</depends-list>
+ </mbean>
+
+ <!-- CMS Authorization Security Service -->
+ <mbean
+ code="org.jboss.portal.cms.security.AuthorizationManagerImpl"
+ name="portal:service=AuthorizationManager,type=cms"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
+ <attribute
name="JNDIName">java:portal/cms/AuthorizationManager</attribute>
+ <depends optional-attribute-name="Provider"
proxy-type="attribute">
+ portal:service=AuthorizationProvider,type=cms
+ </depends>
+ </mbean>
+ <mbean
+ code="org.jboss.portal.cms.security.AuthorizationProviderImpl"
+ name="portal:service=AuthorizationProvider,type=cms"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
</mbean>
<!-- ACL Security Interceptor -->
@@ -444,7 +463,6 @@
xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
<xmbean/>
<attribute
name="JNDIName">java:portal/cms/CMSSessionFactory</attribute>
- <attribute
name="AuthorizationProviderClass">org.jboss.portal.cms.impl.jcr.command.ACLEnforcer</attribute>
<attribute name="DefaultPolicy">
<![CDATA[
<policy>
@@ -481,13 +499,13 @@
</policy>
]]>
</attribute>
+ <depends optional-attribute-name="AuthorizationManager"
proxy-type="attribute">
+ portal:service=AuthorizationManager,type=cms
+ </depends>
<depends>portal:service=Hibernate,type=CMS</depends>
-
<depends>portal:service=Module,type=IdentityServiceController</depends>
- <!--<depends optional-attribute-name="RoleModule"
proxy-type="attribute">
- portal:service=Module,type=Role
- </depends>-->
+ <depends>portal:service=Module,type=IdentityServiceController</depends>
</mbean>
-
+
<!-- logging interceptor -->
<!--mbean
code="org.jboss.portal.cms.impl.interceptors.LogInterceptor"
@@ -637,5 +655,5 @@
optional-attribute-name="CMS"
proxy-type="attribute">portal:service=CMS</depends>
<attribute name="ContentType">cms</attribute>
- </mbean>
+ </mbean>
</server>
Property changes on: trunk/core-management
___________________________________________________________________
Name: svn:ignore
- bin
+ bin
output
Property changes on: trunk/core-samples
___________________________________________________________________
Name: svn:ignore
+ output
Property changes on: trunk/registration
___________________________________________________________________
Name: svn:ignore
+ output
Property changes on: trunk/workflow
___________________________________________________________________
Name: svn:ignore
+ output