taylor 2002/06/11 11:09:31
Modified: src/java/org/apache/jetspeed/services Tag: security_14
JetspeedSecurity.java
src/java/org/apache/jetspeed/services/security/registry Tag:
security_14 RegistryAccessController.java
TestAccessController.java
src/java/org/apache/jetspeed/services/security/turbine Tag:
security_14 TurbineAuthentication.java
TurbineUserManagement.java
webapp/WEB-INF/conf Tag: security_14
JetspeedSecurity.properties
webapp/WEB-INF/db Tag: security_14 jetspeed.properties
jetspeed.script
Log:
- New Security Status:
1. performant ACL implementation.
DONE 2. Security/Profiler refactoring (AddUser, RemoveUser...)
STARTED 3. Roles and Groups
4. Sufficient privilege checks on all security methods
5. Global setting to turn off all portlet security checks during aggregation
Plan to complete #1, #3 and #5 today
Revision Changes Path
No revision
No revision
1.10.2.8 +56 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java
Index: JetspeedSecurity.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java,v
retrieving revision 1.10.2.7
retrieving revision 1.10.2.8
diff -u -r1.10.2.7 -r1.10.2.8
--- JetspeedSecurity.java 10 Jun 2002 05:36:19 -0000 1.10.2.7
+++ JetspeedSecurity.java 11 Jun 2002 18:09:30 -0000 1.10.2.8
@@ -61,6 +61,12 @@
import org.apache.turbine.om.security.Group;
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.Permission;
+import org.apache.jetspeed.om.profile.Profile;
+import org.apache.jetspeed.om.profile.BaseProfile;
+import org.apache.jetspeed.services.Profiler;
+import org.apache.jetspeed.services.PsmlManager;
+import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
+import org.apache.turbine.services.rundata.RunDataService;
import org.apache.turbine.util.Log;
import org.apache.jetspeed.services.rundata.JetspeedRunData;
@@ -84,6 +90,7 @@
import org.apache.jetspeed.services.security.PortalResource;
import org.apache.jetspeed.services.security.LoginException;
+
/**
* <P>This is a commodity static accessor class around the
* <code>JetspeedSecurityService</code></P>
@@ -403,13 +410,37 @@
org.apache.turbine.util.security.EntityExistsException
{
org.apache.turbine.services.security.TurbineSecurity.addGroup(group);
+ try
+ {
+ JetspeedRunDataService runDataService =
+ (JetspeedRunDataService)TurbineServices.getInstance()
+ .getService(RunDataService.SERVICE_NAME);
+ JetspeedRunData rundata = runDataService.getCurrentRunData();
+ Profile profile = new BaseProfile();
+ profile.setGroup(group);
+ profile.setMediaType("html");
+ Profiler.createProfile(rundata, profile);
+ }
+ catch (ProfileException e)
+ {
+ try
+ {
+ removeGroup(group);
+ }
+ catch(Exception e2)
+ {
+ }
+ throw new org.apache.turbine.util.security.DataBackendException("Failed
to create Group PSML", e);
+ }
+
}
public static void removeGroup( Group group )
throws org.apache.turbine.util.security.DataBackendException,
org.apache.turbine.util.security.UnknownEntityException
{
- org.apache.turbine.services.security.TurbineSecurity.removeGroup(group);
+ PsmlManager.removeGroupDocuments(group);
+ org.apache.turbine.services.security.TurbineSecurity.removeGroup(group);
}
public static void addRole(Role role)
@@ -417,12 +448,35 @@
org.apache.turbine.util.security.EntityExistsException
{
org.apache.turbine.services.security.TurbineSecurity.addRole(role);
+ try
+ {
+ JetspeedRunDataService runDataService =
+ (JetspeedRunDataService)TurbineServices.getInstance()
+ .getService(RunDataService.SERVICE_NAME);
+ JetspeedRunData rundata = runDataService.getCurrentRunData();
+ Profile profile = new BaseProfile();
+ profile.setRole(role);
+ profile.setMediaType("html");
+ Profiler.createProfile(rundata, profile);
+ }
+ catch (ProfileException e)
+ {
+ try
+ {
+ removeRole(role);
+ }
+ catch(Exception e2)
+ {
+ }
+ throw new org.apache.turbine.util.security.DataBackendException("Failed
to create Role PSML", e);
+ }
}
public static void removeRole(Role role)
throws org.apache.turbine.util.security.DataBackendException,
org.apache.turbine.util.security.UnknownEntityException
{
+ PsmlManager.removeRoleDocuments(role);
org.apache.turbine.services.security.TurbineSecurity.removeRole(role);
}
No revision
No revision
1.1.2.2 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/RegistryAccessController.java
Index: RegistryAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/RegistryAccessController.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- RegistryAccessController.java 5 Jun 2002 03:42:36 -0000 1.1.2.1
+++ RegistryAccessController.java 11 Jun 2002 18:09:30 -0000 1.1.2.2
@@ -61,7 +61,7 @@
// Jetspeed import
import org.apache.jetspeed.om.SecurityReference;
import org.apache.jetspeed.om.profile.Entry;
-import org.apache.jetspeed.om.profile.Security;
+//import org.apache.jetspeed.om.profile.Security;
import org.apache.jetspeed.om.registry.RegistryEntry;
import org.apache.jetspeed.om.registry.Security;
import org.apache.jetspeed.om.registry.SecurityEntry;
1.1.2.2 +2 -2
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/TestAccessController.java
Index: TestAccessController.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/TestAccessController.java,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- TestAccessController.java 5 Jun 2002 03:42:36 -0000 1.1.2.1
+++ TestAccessController.java 11 Jun 2002 18:09:30 -0000 1.1.2.2
@@ -65,7 +65,7 @@
import org.apache.jetspeed.om.profile.Profile;
import org.apache.jetspeed.om.profile.ProfileLocator;
import org.apache.jetspeed.om.profile.Portlets;
-import org.apache.jetspeed.om.profile.Security;
+//import org.apache.jetspeed.om.profile.Security;
import org.apache.jetspeed.om.profile.PSMLDocument;
import org.apache.jetspeed.om.profile.psml.PsmlController;
import org.apache.jetspeed.om.profile.psml.PsmlEntry;
No revision
No revision
1.1.2.9 +5 -3
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAuthentication.java
Index: TurbineAuthentication.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineAuthentication.java,v
retrieving revision 1.1.2.8
retrieving revision 1.1.2.9
diff -u -r1.1.2.8 -r1.1.2.9
--- TurbineAuthentication.java 8 Jun 2002 17:48:25 -0000 1.1.2.8
+++ TurbineAuthentication.java 11 Jun 2002 18:09:30 -0000 1.1.2.9
@@ -148,8 +148,10 @@
{
user.updateLastLogin();
JetspeedRunData data = putUserIntoContext(user);
- getRunData().save();
-
+ if (data != null)
+ {
+ data.save();
+ }
}
catch (Exception e)
{
1.1.2.5 +86 -1
jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineUserManagement.java
Index: TurbineUserManagement.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/Attic/TurbineUserManagement.java,v
retrieving revision 1.1.2.4
retrieving revision 1.1.2.5
diff -u -r1.1.2.4 -r1.1.2.5
--- TurbineUserManagement.java 7 Jun 2002 10:02:07 -0000 1.1.2.4
+++ TurbineUserManagement.java 11 Jun 2002 18:09:30 -0000 1.1.2.5
@@ -74,6 +74,10 @@
import org.apache.jetspeed.om.security.turbine.TurbineUser;
import org.apache.jetspeed.om.security.turbine.TurbineUserPeer;
+
+import org.apache.jetspeed.om.profile.BaseProfile;
+import org.apache.jetspeed.om.profile.Profile;
+
// Jetspeed Security
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.security.BaseJetspeedUser;
@@ -81,6 +85,8 @@
import org.apache.jetspeed.om.security.UserIdPrincipal;
import org.apache.jetspeed.services.JetspeedSecurity;
+import org.apache.jetspeed.services.Profiler;
+import org.apache.jetspeed.services.PsmlManager;
import org.apache.jetspeed.services.security.UserManagement;
import org.apache.jetspeed.services.security.JetspeedSecurityService;
@@ -89,6 +95,9 @@
import org.apache.jetspeed.services.security.UnknownUserException;
import org.apache.jetspeed.services.security.NotUniqueUserException;
import org.apache.jetspeed.services.security.JetspeedSecurityException;
+import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
+import org.apache.jetspeed.services.rundata.JetspeedRunData;
+import org.apache.turbine.services.rundata.RunDataService;
// Password encryption
import javax.mail.internet.MimeUtility;
@@ -115,6 +124,15 @@
boolean securePasswords = false;
String passwordsAlgorithm = "SHA";
+ private final static String CONFIG_NEWUSER_ROLES = "newuser.roles";
+ private final static String [] DEFAULT_CONFIG_NEWUSER_ROLES =
+ { "user" };
+
+ String roles[] = null;
+
+ /** The JetspeedRunData Service. */
+ private JetspeedRunDataService runDataService = null;
+
///////////////////////////////////////////////////////////////////////////
// User Management Interfaces
///////////////////////////////////////////////////////////////////////////
@@ -297,8 +315,49 @@
user.getUserName() + "'", e);
}
+ addDefaultPSML(user);
}
+ /*
+ * A default PSML page is added for the user, and the Jetspeed default roles
+ * are assigned to the new user.
+ *
+ * @param user The new user.
+ * @throws
+ */
+ protected void addDefaultPSML(JetspeedUser user)
+ throws JetspeedSecurityException
+ {
+ for (int ix = 0; ix < roles.length; ix++)
+ {
+ try
+ {
+ JetspeedSecurity.grant(user,
+ JetspeedSecurity.getGroup(JetspeedSecurity.JETSPEED_GROUP),
+ JetspeedSecurity.getRole(roles[ix]));
+ }
+ catch(Exception e)
+ {
+ Log.error("Could not grant role: " + roles[ix] + " to user " +
user.getUserName(), e);
+ }
+ }
+ try
+ {
+ JetspeedRunData rundata = getRunData();
+ if (rundata != null)
+ {
+ Profile profile = new BaseProfile();
+ profile.setUser(user);
+ profile.setMediaType("html");
+ Profiler.createProfile(getRunData(), profile);
+ }
+ }
+ catch (Exception e)
+ {
+ removeUser(new UserNamePrincipal(user.getUserName()));
+ throw new UserException("Failed to create profile for new user ", e);
+ }
+ }
/**
* Removes a <code>JetspeedUser</code> from the permanent store.
@@ -332,6 +391,7 @@
try
{
+ PsmlManager.removeUserDocuments(user);
TurbineUserPeer.doDelete(criteria);
}
catch(Exception e)
@@ -487,6 +547,21 @@
passwordsAlgorithm =
serviceConf.getString(CONFIG_SECURE_PASSWORDS_ALGORITHM,
passwordsAlgorithm);
+ try
+ {
+ roles = serviceConf.getStringArray(CONFIG_NEWUSER_ROLES);
+ }
+ catch (Exception e)
+ {}
+
+ if (null == roles || roles.length == 0)
+ {
+ roles = DEFAULT_CONFIG_NEWUSER_ROLES;
+ }
+
+ this.runDataService =
+ (JetspeedRunDataService)TurbineServices.getInstance()
+ .getService(RunDataService.SERVICE_NAME);
setInit(true);
}
@@ -541,6 +616,16 @@
}
return true;
}
+
+ protected JetspeedRunData getRunData()
+ {
+ JetspeedRunData rundata = null;
+ if (this.runDataService != null)
+ {
+ rundata = this.runDataService.getCurrentRunData();
+ }
+ return rundata;
+ }
No revision
No revision
1.1.2.10 +1 -1
jakarta-jetspeed/webapp/WEB-INF/conf/Attic/JetspeedSecurity.properties
Index: JetspeedSecurity.properties
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed/webapp/WEB-INF/conf/Attic/JetspeedSecurity.properties,v
retrieving revision 1.1.2.9
retrieving revision 1.1.2.10
diff -u -r1.1.2.9 -r1.1.2.10
--- JetspeedSecurity.properties 10 Jun 2002 05:39:17 -0000 1.1.2.9
+++ JetspeedSecurity.properties 11 Jun 2002 18:09:30 -0000 1.1.2.10
@@ -19,7 +19,7 @@
# Authorization Service #
#########################################
-services.PortalAccessController.classname=org.apache.jetspeed.services.security.turbine.TurbineAccessController
+services.PortalAccessController.classname=org.apache.jetspeed.services.security.registry.RegistryAccessController
#########################################
# User Management Service #
No revision
No revision
1.11.2.5 +1 -1 jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.properties
Index: jetspeed.properties
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.properties,v
retrieving revision 1.11.2.4
retrieving revision 1.11.2.5
diff -u -r1.11.2.4 -r1.11.2.5
--- jetspeed.properties 7 Jun 2002 10:02:07 -0000 1.11.2.4
+++ jetspeed.properties 11 Jun 2002 18:09:30 -0000 1.11.2.5
@@ -1,4 +1,4 @@
#Hypersonic SQL database
-#Fri Jun 07 02:56:59 PDT 2002
+#Tue Jun 11 11:06:44 PDT 2002
version=1.4
modified=yes
1.13.2.5 +2 -2 jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.script
Index: jetspeed.script
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/webapp/WEB-INF/db/jetspeed.script,v
retrieving revision 1.13.2.4
retrieving revision 1.13.2.5
diff -u -r1.13.2.4 -r1.13.2.5
--- jetspeed.script 7 Jun 2002 10:02:07 -0000 1.13.2.4
+++ jetspeed.script 11 Jun 2002 18:09:30 -0000 1.13.2.5
@@ -120,7 +120,7 @@
INSERT INTO ID_TABLE VALUES(1,'TURBINE_PERMISSION',100,10)
INSERT INTO ID_TABLE VALUES(2,'TURBINE_ROLE',120,10)
INSERT INTO ID_TABLE VALUES(3,'TURBINE_GROUP',100,10)
-INSERT INTO ID_TABLE VALUES(4,'TURBINE_USER',290,10)
+INSERT INTO ID_TABLE VALUES(4,'TURBINE_USER',330,10)
INSERT INTO ID_TABLE VALUES(5,'TURBINE_SCHEDULED_JOB',100,10)
INSERT INTO ID_TABLE VALUES(6,'TURBINE_ROLE_PERMISSION',100,10)
INSERT INTO ID_TABLE VALUES(7,'TURBINE_USER_GROUP_ROLE',100,10)
@@ -139,4 +139,4 @@
INSERT INTO COFFEES VALUES('KenyanGrade',2,7.99,1,2)
INSERT INTO COFFEES VALUES('JoeGrade',3,7.99,1,2)
INSERT INTO COFFEES VALUES('CantThinkOfAnymoreGrade',4,7.99,1,2)
-/*C4*/CONNECT USER sa PASSWORD ""
+/*C1*/CONNECT USER sa PASSWORD ""
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
