[jboss-svn-commits] JBoss Portal SVN: r5359 - in trunk: core core/src/main/org/jboss/portal/core/model/instance core/src/main/org/jboss/portal/core/model/portal core/src/main/org/jboss/portal/test/core/model/portal portlet/src/main/org/jboss/portal/portlet/security security/src/main/org/jboss/portal/security security/src/main/org/jboss/portal/security/impl/jacc security/src/main/org/jboss/portal/test/security
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Sun Oct 8 09:38:27 EDT 2006
Author: julien at jboss.com
Date: 2006-10-08 09:38:12 -0400 (Sun, 08 Oct 2006)
New Revision: 5359
Modified:
trunk/core/build.xml
trunk/core/src/main/org/jboss/portal/core/model/instance/InstancePermission.java
trunk/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java
trunk/core/src/main/org/jboss/portal/test/core/model/portal/PortalObjectPermissionTestCase.java
trunk/portlet/src/main/org/jboss/portal/portlet/security/PortletPermission.java
trunk/security/src/main/org/jboss/portal/security/PortalPermission.java
trunk/security/src/main/org/jboss/portal/security/PortalPermissionCollection.java
trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalPermissionCollection.java
trunk/security/src/main/org/jboss/portal/test/security/FlatPermission.java
trunk/security/src/main/org/jboss/portal/test/security/HierarchyPermission.java
trunk/security/src/main/org/jboss/portal/test/security/Server.java
Log:
- support for dashboard security in PortalObjectPermission
- added getCaller() to retrieve the caller subject on PortalPermissionCollection
Modified: trunk/core/build.xml
===================================================================
--- trunk/core/build.xml 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/core/build.xml 2006-10-08 13:38:12 UTC (rev 5359)
@@ -568,6 +568,7 @@
<parameter name="CloneOnCreate" value="false"/>
</zest>
<test todir="${test.reports}" name="org.jboss.portal.test.core.deployment.JBossApplicationMetaDataFactoryTestCase"/>
+ <test todir="${test.reports}" name="org.jboss.portal.test.core.model.portal.PortalObjectPermissionTestCase"/>
</x-test>
<x-classpath>
<pathelement location="${build.lib}/portal-core-lib.jar"/>
Modified: trunk/core/src/main/org/jboss/portal/core/model/instance/InstancePermission.java
===================================================================
--- trunk/core/src/main/org/jboss/portal/core/model/instance/InstancePermission.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/core/src/main/org/jboss/portal/core/model/instance/InstancePermission.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -26,6 +26,7 @@
import org.jboss.portal.security.PortalSecurityException;
import org.jboss.portal.security.spi.provider.PermissionRepository;
+import javax.security.auth.Subject;
import java.security.Permission;
import java.util.StringTokenizer;
import java.util.Collection;
@@ -117,7 +118,7 @@
}
}
- public boolean implies(PermissionRepository repository, String roleName, PortalPermission permission) throws PortalSecurityException
+ public boolean implies(PermissionRepository repository, Subject caller, String roleName, PortalPermission permission) throws PortalSecurityException
{
if (permission instanceof InstancePermission)
{
Modified: trunk/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java
===================================================================
--- trunk/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/core/src/main/org/jboss/portal/core/model/portal/PortalObjectPermission.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -25,11 +25,14 @@
import org.jboss.portal.security.PortalPermissionCollection;
import org.jboss.portal.security.PortalSecurityException;
import org.jboss.portal.security.spi.provider.PermissionRepository;
+import org.jboss.portal.identity.auth.UserPrincipal;
+import javax.security.auth.Subject;
import java.security.Permission;
import java.util.StringTokenizer;
import java.util.Collection;
import java.util.Iterator;
+import java.util.Set;
/**
* The permission for portal objects hierarchy.
@@ -58,6 +61,9 @@
/** The personalize action name. */
public static final String PERSONALIZE_RECURSIVE_ACTION = "personalizerecursive";
+ /** The create action name. */
+ public static final String DASHBOARD_ACTION = "dashboard";
+
/** No Perms mask. */
public static final int NONE_MASK = 0x00;
@@ -70,8 +76,11 @@
/** The create mask. */
public static final int PERSONALIZE_MASK = 0x04;
+ /** The dashboard mask. */
+ public static final int DASHBOARD_MASK = 0x08;
+
/** The action names. */
- private static final String[] ACTION_NAMES = {VIEW_ACTION, CREATE_ACTION, PERSONALIZE_ACTION};
+ private static final String[] ACTION_NAMES = {VIEW_ACTION, CREATE_ACTION, PERSONALIZE_ACTION, DASHBOARD_ACTION};
/** The imply mask. */
private int mask;
@@ -167,13 +176,17 @@
{
recursiveMask |= PERSONALIZE_MASK;
}
+ else if (DASHBOARD_ACTION.equals(action))
+ {
+ mask |= DASHBOARD_MASK;
+ }
else
{
throw new IllegalArgumentException("Illegal action " + action);
}
}
- public boolean implies(PermissionRepository repository, String roleName, PortalPermission permission) throws PortalSecurityException
+ public boolean implies(PermissionRepository repository, Subject caller, String roleName, PortalPermission permission) throws PortalSecurityException
{
if (permission instanceof PortalObjectPermission)
{
@@ -222,6 +235,11 @@
public boolean implies(Permission permission)
{
+ return implies(permission, null);
+ }
+
+ public boolean implies(Permission permission, Subject caller)
+ {
if (permission instanceof PortalObjectPermission && isContainer() == false)
{
PortalObjectPermission that = (PortalObjectPermission)permission;
@@ -229,6 +247,37 @@
//
if (that.isContainer() == false)
{
+ if ((this.mask & DASHBOARD_MASK) == DASHBOARD_MASK)
+ {
+ if (caller != null)
+ {
+ Set tmp = caller.getPrincipals(UserPrincipal.class);
+ if (tmp.size() > 0)
+ {
+ Iterator i = tmp.iterator();
+ UserPrincipal user = (UserPrincipal)i.next();
+ String userName = user.getName();
+
+ //
+ int a = this.uri.length();
+ if (a > 0)
+ {
+ a++;
+ }
+ if (a < that.uri.length())
+ {
+ int b = that.uri.indexOf('.', a);
+ if (b == -1)
+ {
+ b = that.uri.length();
+ }
+ String name = that.uri.substring(a, b);
+ return name.equals(userName);
+ }
+ }
+ }
+ }
+
if (that.uri.equals(this.uri))
{
return (this.mask & that.mask) == that.mask;
Modified: trunk/core/src/main/org/jboss/portal/test/core/model/portal/PortalObjectPermissionTestCase.java
===================================================================
--- trunk/core/src/main/org/jboss/portal/test/core/model/portal/PortalObjectPermissionTestCase.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/core/src/main/org/jboss/portal/test/core/model/portal/PortalObjectPermissionTestCase.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -32,8 +32,10 @@
import org.jboss.portal.test.security.PortalPermissionTestCase;
import org.jboss.portal.test.security.BaseAuthorizationDomain;
import org.jboss.portal.test.security.Server;
+import org.jboss.portal.identity.auth.UserPrincipal;
import org.jboss.security.SimplePrincipal;
+import javax.security.auth.Subject;
import java.util.Collection;
import java.util.Collections;
import java.security.Principal;
@@ -80,6 +82,90 @@
assertTrue(vr.implies(vr));
}
+ public void testDashboard1() throws Exception
+ {
+ PortalObjectPermission v = new PortalObjectPermission("", "dashboard");
+ PortalObjectPermission v1 = new PortalObjectPermission("abc", "view");
+ PortalObjectPermission v2 = new PortalObjectPermission("abc.def", "view");
+ PortalObjectPermission v3 = new PortalObjectPermission("def", "view");
+ PortalObjectPermission v4 = new PortalObjectPermission("def.ghi", "view");
+
+ Subject abc = new Subject();
+ abc.getPrincipals().add(new UserPrincipal("abc"));
+
+ Subject foo = new Subject();
+ foo.getPrincipals().add(new UserPrincipal("foo"));
+
+ assertTrue(v.implies(v1, abc));
+ assertFalse(v1.implies(v, abc));
+ assertTrue(v.implies(v2, abc));
+ assertFalse(v2.implies(v, abc));
+ assertFalse(v.implies(v3, abc));
+ assertFalse(v3.implies(v, abc));
+ assertFalse(v.implies(v4, abc));
+ assertFalse(v4.implies(v, abc));
+
+ assertFalse(v.implies(v1));
+ assertFalse(v1.implies(v));
+ assertFalse(v.implies(v2));
+ assertFalse(v2.implies(v));
+ assertFalse(v.implies(v3));
+ assertFalse(v3.implies(v));
+ assertFalse(v.implies(v4));
+ assertFalse(v4.implies(v));
+
+ assertFalse(v.implies(v1, foo));
+ assertFalse(v1.implies(v, foo));
+ assertFalse(v.implies(v2, foo));
+ assertFalse(v2.implies(v, foo));
+ assertFalse(v.implies(v3, foo));
+ assertFalse(v3.implies(v, foo));
+ assertFalse(v.implies(v4, foo));
+ assertFalse(v4.implies(v, foo));
+ }
+
+ public void testDashboard2() throws Exception
+ {
+ PortalObjectPermission v = new PortalObjectPermission("abc", "dashboard");
+ PortalObjectPermission v1 = new PortalObjectPermission("abc.def", "view");
+ PortalObjectPermission v2 = new PortalObjectPermission("abc.def.ghi", "view");
+ PortalObjectPermission v3 = new PortalObjectPermission("jkl", "view");
+ PortalObjectPermission v4 = new PortalObjectPermission("jkl.mno", "view");
+
+ Subject def = new Subject();
+ def.getPrincipals().add(new UserPrincipal("def"));
+
+ Subject foo = new Subject();
+ foo.getPrincipals().add(new UserPrincipal("foo"));
+
+ assertTrue(v.implies(v1, def));
+ assertFalse(v1.implies(v, def));
+ assertTrue(v.implies(v2, def));
+ assertFalse(v2.implies(v, def));
+ assertFalse(v.implies(v3, def));
+ assertFalse(v3.implies(v, def));
+ assertFalse(v.implies(v4, def));
+ assertFalse(v4.implies(v, def));
+
+ assertFalse(v.implies(v1));
+ assertFalse(v1.implies(v));
+ assertFalse(v.implies(v2));
+ assertFalse(v2.implies(v));
+ assertFalse(v.implies(v3));
+ assertFalse(v3.implies(v));
+ assertFalse(v.implies(v4));
+ assertFalse(v4.implies(v));
+
+ assertFalse(v.implies(v1, foo));
+ assertFalse(v1.implies(v, foo));
+ assertFalse(v.implies(v2, foo));
+ assertFalse(v2.implies(v, foo));
+ assertFalse(v.implies(v3, foo));
+ assertFalse(v3.implies(v, foo));
+ assertFalse(v.implies(v4, foo));
+ assertFalse(v4.implies(v, foo));
+ }
+
/** . */
private AuthorizationDomain domain;
Modified: trunk/portlet/src/main/org/jboss/portal/portlet/security/PortletPermission.java
===================================================================
--- trunk/portlet/src/main/org/jboss/portal/portlet/security/PortletPermission.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/portlet/src/main/org/jboss/portal/portlet/security/PortletPermission.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -26,6 +26,7 @@
import org.jboss.portal.security.PortalSecurityException;
import org.jboss.portal.security.spi.provider.PermissionRepository;
+import javax.security.auth.Subject;
import java.security.Permission;
import java.util.StringTokenizer;
import java.util.Collection;
@@ -137,7 +138,7 @@
}
}
- public boolean implies(PermissionRepository repository, String roleName, PortalPermission permission) throws PortalSecurityException
+ public boolean implies(PermissionRepository repository, Subject caller, String roleName, PortalPermission permission) throws PortalSecurityException
{
if (permission instanceof PortletPermission)
{
Modified: trunk/security/src/main/org/jboss/portal/security/PortalPermission.java
===================================================================
--- trunk/security/src/main/org/jboss/portal/security/PortalPermission.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/security/src/main/org/jboss/portal/security/PortalPermission.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -23,6 +23,7 @@
import org.jboss.portal.security.spi.provider.PermissionRepository;
+import javax.security.auth.Subject;
import java.security.Permission;
import java.security.PermissionCollection;
@@ -103,8 +104,9 @@
* Implement the imply logic when we check the permission against a domain.
*
* @param repository
+ * @param caller
* @param permission
* @return true if the permission is implied
*/
- public abstract boolean implies(PermissionRepository repository, String roleName, PortalPermission permission) throws PortalSecurityException;
+ public abstract boolean implies(PermissionRepository repository, Subject caller, String roleName, PortalPermission permission) throws PortalSecurityException;
}
Modified: trunk/security/src/main/org/jboss/portal/security/PortalPermissionCollection.java
===================================================================
--- trunk/security/src/main/org/jboss/portal/security/PortalPermissionCollection.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/security/src/main/org/jboss/portal/security/PortalPermissionCollection.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -25,6 +25,7 @@
import org.jboss.portal.security.spi.provider.PermissionRepository;
import org.apache.log4j.Logger;
+import javax.security.auth.Subject;
import java.security.PermissionCollection;
import java.security.Permission;
import java.util.Enumeration;
@@ -90,9 +91,10 @@
try
{
PortalPermission portalPermission = (PortalPermission)permission;
+ Subject caller = getCaller();
String roleName = getRoleName();
PermissionRepository repository = domain.getPermissionRepository();
- boolean implied = owner.implies(repository, roleName, portalPermission);
+ boolean implied = owner.implies(repository, caller, roleName, portalPermission);
return implied;
}
catch (Exception e)
@@ -111,4 +113,11 @@
* @return the role name
*/
public abstract String getRoleName();
+
+ /**
+ * Return the subject being used or null.
+ *
+ * @return the current subject
+ */
+ public abstract Subject getCaller();
}
Modified: trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalPermissionCollection.java
===================================================================
--- trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalPermissionCollection.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/security/src/main/org/jboss/portal/security/impl/jacc/JACCPortalPermissionCollection.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -24,6 +24,9 @@
import org.jboss.portal.security.PortalPermissionCollection;
import org.jboss.portal.security.spi.provider.AuthorizationDomain;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
import java.util.Enumeration;
import java.util.Vector;
@@ -63,4 +66,17 @@
// Noop for now
return new Vector().elements();
}
+
+
+ public Subject getCaller()
+ {
+ try
+ {
+ return (Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
+ }
+ catch (PolicyContextException e)
+ {
+ return null;
+ }
+ }
}
Modified: trunk/security/src/main/org/jboss/portal/test/security/FlatPermission.java
===================================================================
--- trunk/security/src/main/org/jboss/portal/test/security/FlatPermission.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/security/src/main/org/jboss/portal/test/security/FlatPermission.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -26,6 +26,7 @@
import org.jboss.portal.security.PortalSecurityException;
import org.jboss.portal.security.spi.provider.PermissionRepository;
+import javax.security.auth.Subject;
import java.security.Permission;
/**
@@ -51,7 +52,7 @@
super(PERMISSION_TYPE, uri);
}
- public boolean implies(PermissionRepository repository, String roleName, PortalPermission permission) throws PortalSecurityException
+ public boolean implies(PermissionRepository repository, Subject caller, String roleName, PortalPermission permission) throws PortalSecurityException
{
if (permission instanceof FlatPermission && permission.getURI() != null)
{
Modified: trunk/security/src/main/org/jboss/portal/test/security/HierarchyPermission.java
===================================================================
--- trunk/security/src/main/org/jboss/portal/test/security/HierarchyPermission.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/security/src/main/org/jboss/portal/test/security/HierarchyPermission.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -26,6 +26,7 @@
import org.jboss.portal.security.PortalSecurityException;
import org.jboss.portal.security.spi.provider.PermissionRepository;
+import javax.security.auth.Subject;
import java.security.Permission;
/**
@@ -67,7 +68,7 @@
this.action = action;
}
- public boolean implies(PermissionRepository repository, String roleName, PortalPermission permission) throws PortalSecurityException
+ public boolean implies(PermissionRepository repository, Subject caller, String roleName, PortalPermission permission) throws PortalSecurityException
{
if (permission instanceof HierarchyPermission)
{
Modified: trunk/security/src/main/org/jboss/portal/test/security/Server.java
===================================================================
--- trunk/security/src/main/org/jboss/portal/test/security/Server.java 2006-10-08 12:06:09 UTC (rev 5358)
+++ trunk/security/src/main/org/jboss/portal/test/security/Server.java 2006-10-08 13:38:12 UTC (rev 5359)
@@ -95,6 +95,14 @@
public void associateRoles(String[] roleNames) throws Exception
{
+ associateRoles(null, roleNames);
+ }
+
+ public void associateRoles(Principal userPrincipal, String[] roleNames) throws Exception
+ {
+ Subject subject = new Subject();
+
+ //
Group roleGroup = new SimpleGroup("Roles");
for (int i = 0; i < roleNames.length; i++)
{
@@ -102,8 +110,15 @@
Principal rolePrincipal = new SimplePrincipal(roleName);
roleGroup.addMember(rolePrincipal);
}
- Subject subject = new Subject();
subject.getPrincipals().add(roleGroup);
+
+ //
+ if (userPrincipal != null)
+ {
+ subject.getPrincipals().add(userPrincipal);
+ }
+
+ //
SecurityAssociation.setSubject(subject);
}
}
More information about the jboss-svn-commits
mailing list