Author: woonsan
Date: Fri Dec 4 18:07:47 2009
New Revision: 887303
URL: http://svn.apache.org/viewvc?rev=887303&view=rev
Log:
JS2-1087: Adding access control for portlet definition query
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java?rev=887303&r1=887302&r2=887303&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PortletRegistryService.java
Fri Dec 4 18:07:47 2009
@@ -18,6 +18,7 @@
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
import java.util.List;
import javax.servlet.ServletConfig;
@@ -33,12 +34,14 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
+import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.components.portletregistry.PortletRegistry;
import org.apache.jetspeed.om.portlet.PortletApplication;
import org.apache.jetspeed.om.portlet.PortletDefinition;
import org.apache.jetspeed.search.ParsedObject;
import org.apache.jetspeed.search.SearchEngine;
import org.apache.jetspeed.search.SearchResults;
+import org.apache.jetspeed.security.SecurityAccessController;
import org.apache.jetspeed.services.beans.PortletApplicationBean;
import org.apache.jetspeed.services.beans.PortletApplicationBeanCollection;
import org.apache.jetspeed.services.beans.PortletDefinitionBean;
@@ -66,12 +69,15 @@
@Context
private ServletContext servletContext;
+ private SecurityAccessController securityAccessController;
+
private PortletRegistry portletRegistry;
private SearchEngine searchEngine;
- public PortletRegistryService(PortletRegistry portletRegistry,
SearchEngine searchEngine)
+ public PortletRegistryService(SecurityAccessController
securityAccessController, PortletRegistry portletRegistry, SearchEngine
searchEngine)
{
+ this.securityAccessController = securityAccessController;
this.portletRegistry = portletRegistry;
this.searchEngine = searchEngine;
}
@@ -194,9 +200,9 @@
"AND " + queryParam;
SearchResults searchResults = searchEngine.search(queryText);
List<ParsedObject> searchResultList = searchResults.getResults();
- pdBeans.setTotalSize(searchResultList.size());
+ ArrayList<PortletDefinition> searchedPortletDefinitions = new
ArrayList<PortletDefinition>();
- for (ParsedObject parsedObject : (List<ParsedObject>)
PaginationUtils.subList(searchResultList, beginIndex, maxResults))
+ for (ParsedObject parsedObject : searchResultList)
{
String uniqueName =
SearchEngineUtils.getPortletUniqueName(parsedObject);
@@ -207,17 +213,25 @@
PortletDefinition pd =
portletRegistry.getPortletDefinitionByUniqueName(uniqueName);
- if (pd != null)
+ if (pd != null &&
securityAccessController.checkPortletAccess(pd, JetspeedActions.MASK_VIEW))
{
- pdBeanList.add(new PortletDefinitionBean(pd));
+ searchedPortletDefinitions.add(pd);
}
}
+
+ Collection<PortletDefinition> filteredPortletDefinitions =
filterPortletDefinitionsBySecurityAccess(searchedPortletDefinitions,
JetspeedActions.MASK_VIEW);
+ pdBeans.setTotalSize(filteredPortletDefinitions.size());
+
+ for (PortletDefinition pd : (Collection<PortletDefinition>)
PaginationUtils.subCollection(filteredPortletDefinitions, beginIndex,
maxResults))
+ {
+ pdBeanList.add(new PortletDefinitionBean(pd));
+ }
}
else
{
if (StringUtils.isBlank(applicationName) &&
StringUtils.isBlank(definitionName))
{
- Collection<PortletDefinition> pds =
portletRegistry.getAllPortletDefinitions();
+ Collection<PortletDefinition> pds =
filterPortletDefinitionsBySecurityAccess(portletRegistry.getAllPortletDefinitions(),
JetspeedActions.MASK_VIEW);
pdBeans.setTotalSize(pds.size());
for (PortletDefinition pd : (Collection<PortletDefinition>)
PaginationUtils.subCollection(pds, beginIndex, maxResults))
@@ -233,22 +247,19 @@
{
if (StringUtils.isBlank(definitionName))
{
- if (pa != null)
+ Collection<PortletDefinition> pds =
filterPortletDefinitionsBySecurityAccess(pa.getPortlets(),
JetspeedActions.MASK_VIEW);
+ pdBeans.setTotalSize(pds.size());
+
+ for (PortletDefinition pd : (List<PortletDefinition>)
PaginationUtils.subCollection(pds, beginIndex, maxResults))
{
- Collection<PortletDefinition> pds =
pa.getPortlets();
- pdBeans.setTotalSize(pds.size());
-
- for (PortletDefinition pd :
(List<PortletDefinition>) PaginationUtils.subList(pa.getPortlets(), beginIndex,
maxResults))
- {
- pdBeanList.add(new PortletDefinitionBean(pd));
- }
+ pdBeanList.add(new PortletDefinitionBean(pd));
}
}
else
{
PortletDefinition pd = pa.getPortlet(definitionName);
- if (pd != null)
+ if (pd != null &&
securityAccessController.checkPortletAccess(pd, JetspeedActions.MASK_VIEW))
{
pdBeanList.add(new PortletDefinitionBean(pd));
pdBeans.setTotalSize(1);
@@ -263,4 +274,29 @@
return pdBeans;
}
+ private Collection<PortletDefinition>
filterPortletDefinitionsBySecurityAccess(Collection<PortletDefinition>
collection, int mask)
+ {
+ if (securityAccessController == null)
+ {
+ return collection;
+ }
+
+ if (collection == null || collection.isEmpty())
+ {
+ return Collections.emptyList();
+ }
+
+ ArrayList<PortletDefinition> filteredCollection = new
ArrayList<PortletDefinition>();
+
+ for (PortletDefinition pd : collection)
+ {
+ if (securityAccessController.checkPortletAccess(pd, mask))
+ {
+ filteredCollection.add(pd);
+ }
+ }
+
+ return filteredCollection;
+ }
+
}
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java?rev=887303&r1=887302&r2=887303&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/util/PaginationUtils.java
Fri Dec 4 18:07:47 2009
@@ -59,35 +59,13 @@
public static Collection<? extends Object> subCollection(final
Collection<? extends Object> collection, int beginIndex, int maxResults)
{
- if (beginIndex < 0 || (beginIndex == 0 && maxResults < 0))
+ if (collection instanceof List)
{
- return collection;
- }
- else if (beginIndex >= collection.size())
- {
- return Collections.emptyList();
+ return subList((List<? extends Object>) collection, beginIndex,
maxResults);
}
else
{
- List<Object> list = null;
-
- if (collection instanceof List)
- {
- list = (List<Object>) collection;
- }
- else
- {
- list = new ArrayList<Object>(collection);
- }
-
- if (maxResults < 0)
- {
- return list.subList(beginIndex, list.size());
- }
- else
- {
- return list.subList(beginIndex, Math.min(list.size(),
beginIndex + maxResults));
- }
+ return subList(new ArrayList<Object>(collection), beginIndex,
maxResults);
}
}
Modified:
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml?rev=887303&r1=887302&r2=887303&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml
(original)
+++
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/jetspeed-restful-services.xml
Fri Dec 4 18:07:47 2009
@@ -108,6 +108,7 @@
<!-- Portlet Registry JAX-RS Service -->
<bean id="jaxrsPortletRegistryService"
class="org.apache.jetspeed.services.rest.PortletRegistryService">
<meta key="j2:cat" value="default" />
+ <constructor-arg
ref="org.apache.jetspeed.security.SecurityAccessController" />
<constructor-arg
ref="org.apache.jetspeed.components.portletregistry.PortletRegistry" />
<constructor-arg ref="org.apache.jetspeed.search.SearchEngine" />
</bean>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
