taylor 01/06/06 23:24:39 Modified: src/java/org/apache/jetspeed/services/security JetspeedDBSecurityService.java Log: modified security service to only use one group, the Jetspeed group. all acls are role-based. if a user is in a role, and if the user has permission, access is granted Revision Changes Path 1.2 +7 -11 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java Index: JetspeedDBSecurityService.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedDBSecurityService.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- JetspeedDBSecurityService.java 2001/06/04 07:16:07 1.1 +++ JetspeedDBSecurityService.java 2001/06/07 06:24:39 1.2 @@ -67,13 +67,17 @@ * * @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a> * @author <a href="mailto:[EMAIL PROTECTED]">Santiago Gala</a> - * @version $Id: JetspeedDBSecurityService.java,v 1.1 2001/06/04 07:16:07 taylor Exp $ + * @version $Id: JetspeedDBSecurityService.java,v 1.2 2001/06/07 06:24:39 taylor Exp $ */ public class JetspeedDBSecurityService extends DBSecurityService implements JetspeedSecurityService { + // Jetspeed security only has one group. + // Access Control checks are only role-based. + // If a user has the specified role for the resource, then the user can access that resource + public static final String JETSPEED_GROUP = "Jetspeed"; /** * given a user, checks if a user has access to a given portlet for the given action @@ -111,20 +115,12 @@ if (null == securityRole) return true; // grant permission if no security role given - // TODO: - // the portlet name by itself may not be a unique enough identifier since - // other resources (panes, configs) may have the same name - // we may need to prefix the portletName with something like: - // "portlet_" + portletName - // the alternative would be to add a column to the turbine database - // but this would mean deviating from the basic turbine security model - // determine if Portlet has specified role AccessControlList acl = runData.getACL(); if (null == acl) return false; - if (!acl.hasRole( securityRole, portletName )) + if (!acl.hasRole( securityRole, JETSPEED_GROUP )) return false; // check for role having permission @@ -134,7 +130,7 @@ if ( acl.hasPermission( permission ) ) return true; - if ( !acl.hasPermission( permission, portletName ) ) + if ( !acl.hasPermission( permission, JETSPEED_GROUP ) ) return false; } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]