taylor 2002/06/11 11:09:31 Modified: src/java/org/apache/jetspeed/services Tag: security_14 JetspeedSecurity.java src/java/org/apache/jetspeed/services/security/registry Tag: security_14 RegistryAccessController.java TestAccessController.java src/java/org/apache/jetspeed/services/security/turbine Tag: security_14 TurbineAuthentication.java TurbineUserManagement.java webapp/WEB-INF/conf Tag: security_14 JetspeedSecurity.properties webapp/WEB-INF/db Tag: security_14 jetspeed.properties jetspeed.script Log: - New Security Status: 1. performant ACL implementation. DONE 2. Security/Profiler refactoring (AddUser, RemoveUser...) STARTED 3. Roles and Groups 4. Sufficient privilege checks on all security methods 5. Global setting to turn off all portlet security checks during aggregation Plan to complete #1, #3 and #5 today Revision Changes Path No revision No revision 1.10.2.8 +56 -2 jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java Index: JetspeedSecurity.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java,v retrieving revision 1.10.2.7 retrieving revision 1.10.2.8 diff -u -r1.10.2.7 -r1.10.2.8 --- JetspeedSecurity.java 10 Jun 2002 05:36:19 -0000 1.10.2.7 +++ JetspeedSecurity.java 11 Jun 2002 18:09:30 -0000 1.10.2.8 @@ -61,6 +61,12 @@ import org.apache.turbine.om.security.Group; import org.apache.turbine.om.security.Role; import org.apache.turbine.om.security.Permission; +import org.apache.jetspeed.om.profile.Profile; +import org.apache.jetspeed.om.profile.BaseProfile; +import org.apache.jetspeed.services.Profiler; +import org.apache.jetspeed.services.PsmlManager; +import org.apache.jetspeed.services.rundata.JetspeedRunDataService; +import org.apache.turbine.services.rundata.RunDataService; import org.apache.turbine.util.Log; import org.apache.jetspeed.services.rundata.JetspeedRunData; @@ -84,6 +90,7 @@ import org.apache.jetspeed.services.security.PortalResource; import org.apache.jetspeed.services.security.LoginException; + /** * <P>This is a commodity static accessor class around the * <code>JetspeedSecurityService</code></P> @@ -403,13 +410,37 @@ org.apache.turbine.util.security.EntityExistsException { org.apache.turbine.services.security.TurbineSecurity.addGroup(group); + try + { + JetspeedRunDataService runDataService = + (JetspeedRunDataService)TurbineServices.getInstance() + .getService(RunDataService.SERVICE_NAME); + JetspeedRunData rundata = runDataService.getCurrentRunData(); + Profile profile = new BaseProfile(); + profile.setGroup(group); + profile.setMediaType("html"); + Profiler.createProfile(rundata, profile); + } + catch (ProfileException e) + { + try + { + removeGroup(group); + } + catch(Exception e2) + { + } + throw new org.apache.turbine.util.security.DataBackendException("Failed to create Group PSML", e); + } + } public static void removeGroup( Group group ) throws org.apache.turbine.util.security.DataBackendException, org.apache.turbine.util.security.UnknownEntityException { - org.apache.turbine.services.security.TurbineSecurity.removeGroup(group); + PsmlManager.removeGroupDocuments(group); + org.apache.turbine.services.security.TurbineSecurity.removeGroup(group); } public static void addRole(Role role) @@ -417,12 +448,35 @@ org.apache.turbine.util.security.EntityExistsException { org.apache.turbine.services.security.TurbineSecurity.addRole(role); + try + { + JetspeedRunDataService runDataService = + (JetspeedRunDataService)TurbineServices.getInstance() + .getService(RunDataService.SERVICE_NAME); + JetspeedRunData rundata = runDataService.getCurrentRunData(); + Profile profile = new BaseProfile(); + profile.setRole(role); + profile.setMediaType("html"); + Profiler.createProfile(rundata, profile); + } + catch (ProfileException e) + { + try + { + removeRole(role); + } + catch(Exception e2) + { + } + throw new org.apache.turbine.util.security.DataBackendException("Failed to create Role PSML", e); + } } public static void removeRole(Role role) throws org.apache.turbine.util.security.DataBackendException, org.apache.turbine.util.security.UnknownEntityException { + PsmlManager.removeRoleDocuments(role); org.apache.turbine.services.security.TurbineSecurity.removeRole(role); } No revision No revision 1.1.2.2 +2 -2 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/RegistryAccessController.java Index: RegistryAccessController.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/RegistryAccessController.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- RegistryAccessController.java 5 Jun 2002 03:42:36 -0000 1.1.2.1 +++ RegistryAccessController.java 11 Jun 2002 18:09:30 -0000 1.1.2.2 @@ -61,7 +61,7 @@ // Jetspeed import import org.apache.jetspeed.om.SecurityReference; import org.apache.jetspeed.om.profile.Entry; -import org.apache.jetspeed.om.profile.Security; +//import org.apache.jetspeed.om.profile.Security; import org.apache.jetspeed.om.registry.RegistryEntry; import org.apache.jetspeed.om.registry.Security; import org.apache.jetspeed.om.registry.SecurityEntry; 1.1.2.2 +2 -2 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/TestAccessController.java Index: TestAccessController.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/TestAccessController.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- TestAccessController.java 5 Jun 2002 03:42:36 -0000 1.1.2.1 +++ TestAccessController.java 11 Jun 2002 18:09:30 -0000 1.1.2.2 @@ -65,7 +65,7 @@ import org.apache.jetspeed.om.profile.Profile; import org.apache.jetspeed.om.profile.ProfileLocator; import org.apache.jetspeed.om.profile.Portlets; -import org.apache.jetspeed.om.profile.Security; +//import org.apache.jetspeed.om.profile.Security; import org.apache.jetspeed.om.profile.PSMLDocument; import org.apache.jetspeed.om.profile.psml.PsmlController; import org.apache.jetspeed.om.profile.psml.PsmlEntry; No revision No revision 1.1.2.9 +5 -3 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAuthentication.java Index: TurbineAuthentication.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAuthentication.java,v retrieving revision 1.1.2.8 retrieving revision 1.1.2.9 diff -u -r1.1.2.8 -r1.1.2.9 --- TurbineAuthentication.java 8 Jun 2002 17:48:25 -0000 1.1.2.8 +++ TurbineAuthentication.java 11 Jun 2002 18:09:30 -0000 1.1.2.9 @@ -148,8 +148,10 @@ { user.updateLastLogin(); JetspeedRunData data = putUserIntoContext(user); - getRunData().save(); - + if (data != null) + { + data.save(); + } } catch (Exception e) { 1.1.2.5 +86 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineUserManagement.java Index: TurbineUserManagement.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineUserManagement.java,v retrieving revision 1.1.2.4 retrieving revision 1.1.2.5 diff -u -r1.1.2.4 -r1.1.2.5 --- TurbineUserManagement.java 7 Jun 2002 10:02:07 -0000 1.1.2.4 +++ TurbineUserManagement.java 11 Jun 2002 18:09:30 -0000 1.1.2.5 @@ -74,6 +74,10 @@ import org.apache.jetspeed.om.security.turbine.TurbineUser; import org.apache.jetspeed.om.security.turbine.TurbineUserPeer; + +import org.apache.jetspeed.om.profile.BaseProfile; +import org.apache.jetspeed.om.profile.Profile; + // Jetspeed Security import org.apache.jetspeed.om.security.JetspeedUser; import org.apache.jetspeed.om.security.BaseJetspeedUser; @@ -81,6 +85,8 @@ import org.apache.jetspeed.om.security.UserIdPrincipal; import org.apache.jetspeed.services.JetspeedSecurity; +import org.apache.jetspeed.services.Profiler; +import org.apache.jetspeed.services.PsmlManager; import org.apache.jetspeed.services.security.UserManagement; import org.apache.jetspeed.services.security.JetspeedSecurityService; @@ -89,6 +95,9 @@ import org.apache.jetspeed.services.security.UnknownUserException; import org.apache.jetspeed.services.security.NotUniqueUserException; import org.apache.jetspeed.services.security.JetspeedSecurityException; +import org.apache.jetspeed.services.rundata.JetspeedRunDataService; +import org.apache.jetspeed.services.rundata.JetspeedRunData; +import org.apache.turbine.services.rundata.RunDataService; // Password encryption import javax.mail.internet.MimeUtility; @@ -115,6 +124,15 @@ boolean securePasswords = false; String passwordsAlgorithm = "SHA"; + private final static String CONFIG_NEWUSER_ROLES = "newuser.roles"; + private final static String [] DEFAULT_CONFIG_NEWUSER_ROLES = + { "user" }; + + String roles[] = null; + + /** The JetspeedRunData Service. */ + private JetspeedRunDataService runDataService = null; + /////////////////////////////////////////////////////////////////////////// // User Management Interfaces /////////////////////////////////////////////////////////////////////////// @@ -297,8 +315,49 @@ user.getUserName() + "'", e); } + addDefaultPSML(user); } + /* + * A default PSML page is added for the user, and the Jetspeed default roles + * are assigned to the new user. + * + * @param user The new user. + * @throws + */ + protected void addDefaultPSML(JetspeedUser user) + throws JetspeedSecurityException + { + for (int ix = 0; ix < roles.length; ix++) + { + try + { + JetspeedSecurity.grant(user, + JetspeedSecurity.getGroup(JetspeedSecurity.JETSPEED_GROUP), + JetspeedSecurity.getRole(roles[ix])); + } + catch(Exception e) + { + Log.error("Could not grant role: " + roles[ix] + " to user " + user.getUserName(), e); + } + } + try + { + JetspeedRunData rundata = getRunData(); + if (rundata != null) + { + Profile profile = new BaseProfile(); + profile.setUser(user); + profile.setMediaType("html"); + Profiler.createProfile(getRunData(), profile); + } + } + catch (Exception e) + { + removeUser(new UserNamePrincipal(user.getUserName())); + throw new UserException("Failed to create profile for new user ", e); + } + } /** * Removes a <code>JetspeedUser</code> from the permanent store. @@ -332,6 +391,7 @@ try { + PsmlManager.removeUserDocuments(user); TurbineUserPeer.doDelete(criteria); } catch(Exception e) @@ -487,6 +547,21 @@ passwordsAlgorithm = serviceConf.getString(CONFIG_SECURE_PASSWORDS_ALGORITHM, passwordsAlgorithm); + try + { + roles = serviceConf.getStringArray(CONFIG_NEWUSER_ROLES); + } + catch (Exception e) + {} + + if (null == roles || roles.length == 0) + { + roles = DEFAULT_CONFIG_NEWUSER_ROLES; + } + + this.runDataService = + (JetspeedRunDataService)TurbineServices.getInstance() + .getService(RunDataService.SERVICE_NAME); setInit(true); } @@ -541,6 +616,16 @@ } return true; } + + protected JetspeedRunData getRunData() + { + JetspeedRunData rundata = null; + if (this.runDataService != null) + { + rundata = this.runDataService.getCurrentRunData(); + } + return rundata; + } No revision No revision 1.1.2.10 +1 -1 jakarta-jetspeed/webapp/WEB-INF/conf/Attic/JetspeedSecurity.properties Index: JetspeedSecurity.properties =================================================================== RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/Attic/JetspeedSecurity.properties,v retrieving revision 1.1.2.9 retrieving revision 1.1.2.10 diff -u -r1.1.2.9 -r1.1.2.10 --- JetspeedSecurity.properties 10 Jun 2002 05:39:17 -0000 1.1.2.9 +++ JetspeedSecurity.properties 11 Jun 2002 18:09:30 -0000 1.1.2.10 @@ -19,7 +19,7 @@ # Authorization Service # ######################################### -services.PortalAccessController.classname=org.apache.jetspeed.services.security.turbine.TurbineAccessController +services.PortalAccessController.classname=org.apache.jetspeed.services.security.registry.RegistryAccessController ######################################### # User Management Service # No revision No revision 1.11.2.5 +1 -1 jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.properties Index: jetspeed.properties =================================================================== RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.properties,v retrieving revision 1.11.2.4 retrieving revision 1.11.2.5 diff -u -r1.11.2.4 -r1.11.2.5 --- jetspeed.properties 7 Jun 2002 10:02:07 -0000 1.11.2.4 +++ jetspeed.properties 11 Jun 2002 18:09:30 -0000 1.11.2.5 @@ -1,4 +1,4 @@ #Hypersonic SQL database -#Fri Jun 07 02:56:59 PDT 2002 +#Tue Jun 11 11:06:44 PDT 2002 version=1.4 modified=yes 1.13.2.5 +2 -2 jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.script Index: jetspeed.script =================================================================== RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.script,v retrieving revision 1.13.2.4 retrieving revision 1.13.2.5 diff -u -r1.13.2.4 -r1.13.2.5 --- jetspeed.script 7 Jun 2002 10:02:07 -0000 1.13.2.4 +++ jetspeed.script 11 Jun 2002 18:09:30 -0000 1.13.2.5 @@ -120,7 +120,7 @@ INSERT INTO ID_TABLE VALUES(1,'TURBINE_PERMISSION',100,10) INSERT INTO ID_TABLE VALUES(2,'TURBINE_ROLE',120,10) INSERT INTO ID_TABLE VALUES(3,'TURBINE_GROUP',100,10) -INSERT INTO ID_TABLE VALUES(4,'TURBINE_USER',290,10) +INSERT INTO ID_TABLE VALUES(4,'TURBINE_USER',330,10) INSERT INTO ID_TABLE VALUES(5,'TURBINE_SCHEDULED_JOB',100,10) INSERT INTO ID_TABLE VALUES(6,'TURBINE_ROLE_PERMISSION',100,10) INSERT INTO ID_TABLE VALUES(7,'TURBINE_USER_GROUP_ROLE',100,10) @@ -139,4 +139,4 @@ INSERT INTO COFFEES VALUES('KenyanGrade',2,7.99,1,2) INSERT INTO COFFEES VALUES('JoeGrade',3,7.99,1,2) INSERT INTO COFFEES VALUES('CantThinkOfAnymoreGrade',4,7.99,1,2) -/*C4*/CONNECT USER sa PASSWORD "" +/*C1*/CONNECT USER sa PASSWORD ""
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>