PageLayoutService.java

woonsan Thu, 11 Feb 2010 06:32:37 -0800

Author: woonsan
Date: Thu Feb 11 14:32:03 2010
New Revision: 908997

URL: http://svn.apache.org/viewvc?rev=908997&view=rev
Log:
JS2-1057: Set forbidden status on security exception


Modified:
    
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java

Modified: 
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java
URL: 
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java?rev=908997&r1=908996&r2=908997&view=diff
==============================================================================
--- 
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java
 (original)
+++ 
portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java
 Thu Feb 11 14:32:03 2010
@@ -35,6 +35,7 @@
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.UriInfo;
+import javax.ws.rs.core.Response.Status;
 
 import org.apache.commons.lang.BooleanUtils;
 import org.apache.commons.lang.StringUtils;
@@ -106,7 +107,16 @@
                                           @Context UriInfo uriInfo)
     {
         RequestContext requestContext = (RequestContext) 
servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, 
JetspeedActions.VIEW);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
+        
         return new ContentPageBean(contentPage);
     }
     
@@ -122,7 +132,15 @@
         }
         
         RequestContext requestContext = (RequestContext) 
servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, 
JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = 
contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -149,7 +167,15 @@
         }
         
         RequestContext requestContext = (RequestContext) 
servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, 
JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         
         int row = NumberUtils.toInt(rowParam, -1);
         int col = NumberUtils.toInt(colParam, -1);
@@ -202,7 +228,15 @@
         }
         
         RequestContext requestContext = (RequestContext) 
servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, 
JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = 
contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -254,7 +288,15 @@
         }
         
         RequestContext requestContext = (RequestContext) 
servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, 
JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = 
contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -432,7 +474,15 @@
         }
         
         RequestContext requestContext = (RequestContext) 
servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, 
JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.EDIT);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = 
contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -460,7 +510,15 @@
         }
         
         RequestContext requestContext = (RequestContext) 
servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV);
-        ContentPage contentPage = getContentPage(requestContext, 
JetspeedActions.EDIT);
+        ContentPage contentPage = null;
+        try
+        {
+            contentPage = getContentPage(requestContext, JetspeedActions.VIEW);
+        }
+        catch (SecurityException e)
+        {
+            throw new WebApplicationException(e, Status.FORBIDDEN);
+        }
         ContentFragment contentFragment = 
contentPage.getFragmentById(fragmentId);
         
         if (contentFragment == null)
@@ -477,30 +535,23 @@
         
         return new DecorationBean(decoration);
     }
-        
+    
     /**
      * Returns the content page of the current portal request context with 
security check.
      * 
      * @param requestContext the portal request context
      * @param action the action to check the security against.
      * @return
-     * @throws WebApplicationException
+     * @throws SecurityException
      */
-    private ContentPage getContentPage(RequestContext requestContext, String 
action) throws WebApplicationException
+    private ContentPage getContentPage(RequestContext requestContext, String 
action) throws SecurityException
     {
-        try
+        if (securityBehavior != null && 
!securityBehavior.checkAccess(requestContext, action))
         {
-            if (securityBehavior != null && 
!securityBehavior.checkAccess(requestContext, action))
-            {
-                throw new SecurityException("Insufficient access to view 
page");
-            }
-            
-            return requestContext.getPage();
-        }
-        catch (Exception e)
-        {
-            throw new WebApplicationException(e);
+            throw new SecurityException("Insufficient access to view page");
         }
+        
+        return requestContext.getPage();
     }
     
     /**



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r908997 - /portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/PageLayoutService.java

Reply via email to