Author: sohil.shah(a)jboss.com
Date: 2007-01-25 21:53:22 -0500 (Thu, 25 Jan 2007)
New Revision: 6102
Modified:
trunk/
trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManager.java
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
trunk/cms/src/main/org/jboss/portal/cms/security/PermRoleAssoc.java
trunk/cms/src/main/org/jboss/portal/cms/security/PermUserAssoc.java
trunk/cms/src/main/org/jboss/portal/cms/security/Permission.java
trunk/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
trunk/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml
trunk/core-cms/src/resources/portal-cms-sar/conf/hibernate/cms/domain.hbm.xml
trunk/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/securenode.jsp
trunk/identity/
Log:
Integrate the CMS Security with the LDAP based installation via the new IdentityModule -
JBPORTAL-1215
Property changes on: trunk
___________________________________________________________________
Name: svn:ignore
- .project
.classpath
thirdparty
eclipseBin
myworkspace
+ .project
.classpath
thirdparty
eclipseBin
myworkspace
bin
Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
===================================================================
---
trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-01-26
00:38:59 UTC (rev 6101)
+++
trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-01-26
02:53:22 UTC (rev 6102)
@@ -58,7 +58,6 @@
import org.jboss.portal.identity.User;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.RoleModule;
-import org.jboss.portal.identity.AnnonymousRole;
/**
* ACLInterceptor is plugged into the CMS system to enforce fine grained security access
control
@@ -383,12 +382,16 @@
String roleName = roleElement.getAttribute("name");
Role role = this.getRole(roleName);
PermRoleAssoc roleAssoc = new PermRoleAssoc();
- if(role.getId()!=null)
+ if(role != null)
{
//makes sure this is not Anonymous
- roleAssoc.setRoleId(((Long)role.getId()).longValue());
+ roleAssoc.setRoleId(roleName);
}
- permission.addRoleAssoc(roleAssoc);
+ else
+ {
+ roleAssoc.setRoleId(AuthorizationManager.Anonymous);
+ }
+ permission.addRoleAssoc(roleAssoc);
}
parsedPermissions.add(permission);
@@ -417,7 +420,7 @@
}
catch(Exception e)
{
- role = new AnnonymousRole();
+ role = null;
}
finally
{
Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-01-26
00:38:59 UTC (rev 6101)
+++ trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-01-26
02:53:22 UTC (rev 6102)
@@ -497,20 +497,19 @@
*/
private Collection getPermissions(User user)
{
- Collection permissions = null;
- long userId = 0;
+ Collection permissions = null;
if(user!=null)
{
//this is not an anonymous access
- userId = ((Long)user.getId()).longValue();
- String uri =
this.authorizationManager.getProvider().getUserURI(String.valueOf(userId));
+ String userId = user.getUserName();
+ String uri = this.authorizationManager.getProvider().getUserURI(userId);
permissions =
this.authorizationManager.getProvider().getSecurityBindings(uri);
}
else
{
//this is an anonymous access
- String uri =
this.authorizationManager.getProvider().getRoleURI(String.valueOf(0));
+ String uri =
this.authorizationManager.getProvider().getRoleURI(AuthorizationManager.Anonymous);
permissions = this.authorizationManager.getProvider().getSecurityBindings(uri);
}
return permissions;
Modified: trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManager.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManager.java 2007-01-26
00:38:59 UTC (rev 6101)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationManager.java 2007-01-26
02:53:22 UTC (rev 6102)
@@ -34,6 +34,8 @@
PortalAuthorizationManagerFactory,
PortalAuthorizationManager
{
+ public static final String Anonymous = "Anonymous";
+
/**
*
* @return
Modified: trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java
===================================================================
---
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java 2007-01-26
00:38:59 UTC (rev 6101)
+++
trunk/cms/src/main/org/jboss/portal/cms/security/AuthorizationProviderImpl.java 2007-01-26
02:53:22 UTC (rev 6102)
@@ -30,8 +30,14 @@
import org.hibernate.Query;
import org.hibernate.Session;
import org.jboss.portal.cms.hibernate.state.Tools;
+import org.jboss.portal.identity.IdentityContext;
+import org.jboss.portal.identity.IdentityServiceController;
+import org.jboss.portal.identity.MembershipModule;
+import org.jboss.portal.identity.UserModule;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.User;
+import org.jboss.portal.identity.AnnonymousRole;
+import org.jboss.portal.identity.ldap.LDAPUserModule;
import org.jboss.portal.jems.as.system.AbstractJBossService;
import org.jboss.portal.security.spi.provider.DomainConfigurator;
@@ -46,12 +52,22 @@
*/
public class AuthorizationProviderImpl extends AbstractJBossService implements
AuthorizationProvider
{
+ private IdentityServiceController identityServiceController = null;
+ private MembershipModule membershipModule = null;
+ private UserModule userModule = null;
+
/**
*
*/
public void startService() throws Exception
{
super.startService();
+ this.membershipModule = (MembershipModule)identityServiceController.
+ getIdentityContext().
+ getObject(IdentityContext.TYPE_MEMBERSHIP_MODULE);
+ this.userModule = (UserModule)identityServiceController.
+ getIdentityContext().
+ getObject(IdentityContext.TYPE_USER_MODULE);
}
//------AuthorizationDomain
impl-----------------------------------------------------------------
@@ -128,7 +144,7 @@
if(uri.startsWith("user://"))
{
String userId = uri.substring("user://".length());
- Collection cour = this.findPermissionsByUser(Long.parseLong(userId));
+ Collection cour = this.findPermissionsByUser(userId);
if(cour != null)
{
permissions.addAll(cour);
@@ -137,7 +153,7 @@
else if(uri.startsWith("role://"))
{
String roleId = uri.substring("role://".length());
- Collection cour = this.findPermissionsByRole(Long.parseLong(roleId));
+ Collection cour = this.findPermissionsByRole(roleId);
if(cour != null)
{
permissions.addAll(cour);
@@ -190,6 +206,24 @@
}
//--------------------------------------------------------------------------------------------------------------
/**
+ *
+ */
+ public IdentityServiceController getIdentityServiceController()
+ {
+ return identityServiceController;
+ }
+
+ /**
+ *
+ * @param identityServiceController
+ */
+ public void setIdentityServiceController(
+ IdentityServiceController identityServiceController)
+ {
+ this.identityServiceController = identityServiceController;
+ }
+ //--------------------------------------------------------------------------------------------------------------
+ /**
* Stores a permission and its associations into peristent storage
*
* @param permission - Permission to be persisted
@@ -206,10 +240,14 @@
{
Role role = (Role)itr.next();
PermRoleAssoc cour = new PermRoleAssoc();
- if(role.getId()!=null)
+ if(!(role instanceof AnnonymousRole))
{
- cour.setRoleId(((Long)role.getId()).longValue());
+ cour.setRoleId(role.getName());
}
+ else
+ {
+ cour.setRoleId(AuthorizationManager.Anonymous);
+ }
roleAssoc.add(cour);
}
permission.setRoleAssoc(roleAssoc);
@@ -228,7 +266,7 @@
{
User user = (User)itr.next();
PermUserAssoc cour = new PermUserAssoc();
- cour.setUserId(((Long)user.getId()).longValue());
+ cour.setUserId(user.getUserName());
userAssoc.add(cour);
}
permission.setUserAssoc(userAssoc);
@@ -279,32 +317,64 @@
* @param user
* @return
*/
- private Collection findPermissionsByUser(long userId)
+ private Collection findPermissionsByUser(String userId)
{
- Collection permissions = new HashSet();
-
- String lookupByUser = "SELECT permission from Permission permission JOIN
permission.userAssoc user WHERE user.userId=?";
- String lookupByRole = "SELECT * from jbp_cms_perm p,jbp_cms_perm_role
r,jbp_role_membership m WHERE " +
- "p.id=r.cms_perm_id AND " +
- "r.role_id=m.jbp_rid AND " +
- "m.jbp_uid=?";
-
- Session session = Tools.getCurrentSession();
-
- //perform lookup by explicitly specified users
- Query userQuery = session.createQuery(lookupByUser);
- userQuery.setLong(0,userId);
- userQuery.setCacheable(true);
- permissions.addAll(userQuery.list());
-
-
- //perform lookup based on role membership
- Query roleQuery =
session.createSQLQuery(lookupByRole).addEntity(Permission.class);
- roleQuery.setLong(0,userId);
- roleQuery.setCacheable(true);
- permissions.addAll(roleQuery.list());
-
- return permissions;
+ try
+ {
+ Collection permissions = new HashSet();
+
+ //this is for db based identity management
+ String lookupByUser = "SELECT permission from Permission permission JOIN
permission.userAssoc user WHERE user.userId=?";
+
+ Session session = Tools.getCurrentSession();
+
+ //perform lookup by explicitly specified users
+ Query userQuery = session.createQuery(lookupByUser);
+ userQuery.setString(0,userId);
+ userQuery.setCacheable(true);
+ permissions.addAll(userQuery.list());
+
+ if(!(this.userModule instanceof LDAPUserModule))
+ {
+ //in case of a database version, use the cache optmized way to lookup the
permissions
+ String lookupByRole = "SELECT * from jbp_cms_perm p,jbp_cms_perm_role
r,jbp_role_membership m,jbp_roles roles,jbp_users users WHERE " +
+ "p.id=r.cms_perm_id AND " +
+ "r.role_id=roles.jbp_name AND " +
+ "m.jbp_rid=roles.jbp_rid AND " +
+ "m.jbp_uid=users.jbp_uid AND " +
+ "users.jbp_uname=?";
+
+ //perform lookup based on role membership
+ Query roleQuery =
session.createSQLQuery(lookupByRole).addEntity(Permission.class);
+ roleQuery.setString(0,userId);
+ roleQuery.setCacheable(true);
+ permissions.addAll(roleQuery.list());
+ }
+ else
+ {
+ //in the case of LDAP use the IdentityModule
+ //now find permissions for all the roles that this user belongs to
+ Set belongedRoles =
this.membershipModule.getRoles(this.userModule.findUserByUserName(userId));
+ if(belongedRoles != null)
+ {
+ for(Iterator itr=belongedRoles.iterator();itr.hasNext();)
+ {
+ Role role = (Role)itr.next();
+ Collection rolePermissions = this.findPermissionsByRole(role.getName());
+ if(rolePermissions != null && !rolePermissions.isEmpty())
+ {
+ permissions.addAll(rolePermissions);
+ }
+ }
+ }
+ }
+
+ return permissions;
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
}
/**
@@ -313,7 +383,7 @@
* @param role
* @return
*/
- private Collection findPermissionsByRole(long roleId)
+ private Collection findPermissionsByRole(String roleId)
{
Collection permissions = new HashSet();
@@ -323,7 +393,7 @@
//perform lookup by explicitly specified users
Query roleQuery = session.createQuery(lookupByRole);
- roleQuery.setLong(0,roleId);
+ roleQuery.setString(0,roleId);
roleQuery.setCacheable(true);
permissions.addAll(roleQuery.list());
@@ -354,5 +424,5 @@
return permissions;
- }
+ }
}
Modified: trunk/cms/src/main/org/jboss/portal/cms/security/PermRoleAssoc.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/PermRoleAssoc.java 2007-01-26
00:38:59 UTC (rev 6101)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/PermRoleAssoc.java 2007-01-26
02:53:22 UTC (rev 6102)
@@ -29,7 +29,7 @@
public class PermRoleAssoc
{
private long id = 0;
- private long roleId = 0;
+ private String roleId = null;
/**
*
@@ -63,7 +63,7 @@
*
* @return
*/
- public long getRoleId()
+ public String getRoleId()
{
return roleId;
}
@@ -72,7 +72,7 @@
*
* @param roleId
*/
- public void setRoleId(long roleId)
+ public void setRoleId(String roleId)
{
this.roleId = roleId;
}
@@ -84,7 +84,7 @@
if(obj instanceof PermRoleAssoc)
{
PermRoleAssoc input = (PermRoleAssoc)obj;
- if(input.roleId == this.roleId)
+ if(input.roleId.equals(this.roleId))
{
equals = true;
}
Modified: trunk/cms/src/main/org/jboss/portal/cms/security/PermUserAssoc.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/PermUserAssoc.java 2007-01-26
00:38:59 UTC (rev 6101)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/PermUserAssoc.java 2007-01-26
02:53:22 UTC (rev 6102)
@@ -29,7 +29,7 @@
public class PermUserAssoc
{
private long id = 0;
- private long userId = 0;
+ private String userId = null;
/**
*
@@ -63,7 +63,7 @@
*
* @return
*/
- public long getUserId()
+ public String getUserId()
{
return userId;
}
@@ -72,7 +72,7 @@
*
* @param roleId
*/
- public void setUserId(long userId)
+ public void setUserId(String userId)
{
this.userId = userId;
}
@@ -84,7 +84,7 @@
if(obj instanceof PermUserAssoc)
{
PermUserAssoc input = (PermUserAssoc)obj;
- if(input.userId == this.userId)
+ if(input.userId.equals(this.userId))
{
equals = true;
}
Modified: trunk/cms/src/main/org/jboss/portal/cms/security/Permission.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/security/Permission.java 2007-01-26 00:38:59
UTC (rev 6101)
+++ trunk/cms/src/main/org/jboss/portal/cms/security/Permission.java 2007-01-26 02:53:22
UTC (rev 6102)
@@ -258,7 +258,7 @@
for(Iterator itr=this.roleAssoc.iterator();itr.hasNext();)
{
PermRoleAssoc cour = (PermRoleAssoc)itr.next();
- ids.add(new Long(cour.getRoleId()));
+ ids.add(cour.getRoleId());
}
}
return ids;
@@ -307,7 +307,7 @@
for(Iterator itr=this.userAssoc.iterator();itr.hasNext();)
{
PermUserAssoc cour = (PermUserAssoc)itr.next();
- ids.add(new Long(cour.getUserId()));
+ ids.add(cour.getUserId());
}
}
return ids;
Modified: trunk/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java
===================================================================
---
trunk/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2007-01-26
00:38:59 UTC (rev 6101)
+++
trunk/core-cms/src/main/org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.java 2007-01-26
02:53:22 UTC (rev 6102)
@@ -1209,11 +1209,11 @@
rolesSet = new HashSet();
for (int i = 0; i < roles.length; i++)
{
- int roleId = Integer.parseInt(roles[i]);
+ String roleId = roles[i];
Role role = null;
- if (roleId > 0)
+ if (!roleId.equals(AuthorizationManager.Anonymous))
{
- role = this.roleModule.findRoleById(roles[i]);
+ role = this.roleModule.findRoleByName(roleId);
}
else
{
@@ -1229,7 +1229,7 @@
usersSet = new HashSet();
for (int i = 0; i < users.length; i++)
{
- User user = this.userModule.findUserById(users[i]);
+ User user = this.userModule.findUserByUserName(users[i]);
usersSet.add(user);
}
}
@@ -1302,7 +1302,7 @@
if (portletRequest.getUserPrincipal() != null)
{
User user =
this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName());
- String uri =
this.authorizationManager.getProvider().getUserURI(((Long)user.getId()).toString());
+ String uri =
this.authorizationManager.getProvider().getUserURI(user.getUserName());
Collection permissions =
this.authorizationManager.getProvider().getSecurityBindings(uri);
if (permissions != null)
{
Modified: trunk/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml
===================================================================
--- trunk/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml 2007-01-26
00:38:59 UTC (rev 6101)
+++ trunk/core-cms/src/resources/portal-cms-sar/META-INF/jboss-service.xml 2007-01-26
02:53:22 UTC (rev 6102)
@@ -452,7 +452,8 @@
name="portal:service=AuthorizationProvider,type=cms"
xmbean-dd=""
xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
- <xmbean/>
+ <xmbean/>
+ <depends optional-attribute-name="IdentityServiceController"
proxy-type="attribute">portal:service=Module,type=IdentityServiceController</depends>
</mbean>
<!-- ACL Security Interceptor -->
Modified: trunk/core-cms/src/resources/portal-cms-sar/conf/hibernate/cms/domain.hbm.xml
===================================================================
---
trunk/core-cms/src/resources/portal-cms-sar/conf/hibernate/cms/domain.hbm.xml 2007-01-26
00:38:59 UTC (rev 6101)
+++
trunk/core-cms/src/resources/portal-cms-sar/conf/hibernate/cms/domain.hbm.xml 2007-01-26
02:53:22 UTC (rev 6102)
@@ -287,7 +287,7 @@
<property
name="roleId"
column="ROLE_ID"
- type="long"
+ type="string"
not-null="true"
/>
</class>
@@ -302,7 +302,7 @@
<property
name="userId"
column="USER_ID"
- type="long"
+ type="string"
not-null="true"
/>
</class>
Modified:
trunk/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/securenode.jsp
===================================================================
---
trunk/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/securenode.jsp 2007-01-26
00:38:59 UTC (rev 6101)
+++
trunk/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/securenode.jsp 2007-01-26
02:53:22 UTC (rev 6102)
@@ -1,6 +1,7 @@
<%@ page import="org.jboss.portal.core.cms.ui.admin.CMSAdminConstants"
%>
<%@ page import="org.jboss.portal.identity.Role" %>
<%@ page import="org.jboss.portal.identity.User" %>
+<%@ page import="org.jboss.portal.cms.security.AuthorizationManager" %>
<%@ page import="java.util.Iterator" %>
<%@ page import="java.util.Set" %>
<%@ page language="java"
extends="org.jboss.portal.core.servlet.jsp.PortalJsp" %>
@@ -63,7 +64,7 @@
<tr>
<td>
<select name="secureroles:read"
multiple="multiple">
- <option value="0" <%if(readRoleSet.contains(new
Long(0))){%>selected<%}%>>
+ <option value="<%=AuthorizationManager.Anonymous%>"
<%if(readRoleSet.contains(AuthorizationManager.Anonymous)){%>selected<%}%>>
Anonymous
</option>
<%
@@ -72,7 +73,7 @@
{
Role role = (Role)iterator.next();
%>
- <option value="<%= role.getId() %>"
<%if(readRoleSet.contains(role.getId())){%>selected<%}%>>
+ <option value="<%= role.getName() %>"
<%if(readRoleSet.contains(role.getName())){%>selected<%}%>>
<%= role.getDisplayName() %>
</option>
<%
@@ -96,7 +97,7 @@
{
User user = (User)iteratorUser.next();
%>
- <option value="<%= user.getId() %>"
<%if(readUserSet.contains(user.getId())){%>selected<%}%>>
+ <option value="<%= user.getUserName() %>"
<%if(readUserSet.contains(user.getUserName())){%>selected<%}%>>
<%= user.getUserName() %>
</option>
<%
@@ -123,7 +124,7 @@
<tr>
<td>
<select name="secureroles:write"
multiple="multiple">
- <option value="0" <%if(writeRoleSet.contains(new
Long(0))){%>selected<%}%>>
+ <option value="<%=AuthorizationManager.Anonymous%>"
<%if(writeRoleSet.contains(AuthorizationManager.Anonymous)){%>selected<%}%>>
Anonymous
</option>
<%
@@ -132,7 +133,7 @@
{
Role role = (Role)iterator.next();
%>
- <option value="<%= role.getId() %>"
<%if(writeRoleSet.contains(role.getId())){%>selected<%}%>>
+ <option value="<%= role.getName() %>"
<%if(writeRoleSet.contains(role.getName())){%>selected<%}%>>
<%= role.getDisplayName() %>
</option>
<%
@@ -156,7 +157,7 @@
{
User user = (User)iteratorUser.next();
%>
- <option value="<%= user.getId() %>"
<%if(writeUserSet.contains(user.getId())){%>selected<%}%>>
+ <option value="<%= user.getUserName() %>"
<%if(writeUserSet.contains(user.getUserName())){%>selected<%}%>>
<%= user.getUserName() %>
</option>
<%
@@ -183,7 +184,7 @@
<tr>
<td>
<select name="secureroles:manage"
multiple="multiple">
- <option value="0" <%if(manageRoleSet.contains(new
Long(0))){%>selected<%}%>>
+ <option value="<%=AuthorizationManager.Anonymous%>"
<%if(manageRoleSet.contains(AuthorizationManager.Anonymous)){%>selected<%}%>>
Anonymous
</option>
<%
@@ -192,7 +193,7 @@
{
Role role = (Role)iterator.next();
%>
- <option value="<%= role.getId() %>"
<%if(manageRoleSet.contains(role.getId())){%>selected<%}%>>
+ <option value="<%= role.getName() %>"
<%if(manageRoleSet.contains(role.getName())){%>selected<%}%>>
<%= role.getDisplayName() %>
</option>
<%
@@ -216,7 +217,7 @@
{
User user = (User)iteratorUser.next();
%>
- <option value="<%= user.getId() %>"
<%if(manageUserSet.contains(user.getId())){%>selected<%}%>>
+ <option value="<%= user.getUserName() %>"
<%if(manageUserSet.contains(user.getUserName())){%>selected<%}%>>
<%= user.getUserName() %>
</option>
<%
Property changes on: trunk/identity
___________________________________________________________________
Name: svn:ignore
- output
bin
+ output
bin
*.log