Author: ate Date: Tue Oct 4 20:17:59 2011 New Revision: 1178943 URL: http://svn.apache.org/viewvc?rev=1178943&view=rev Log: JS2-1267: Protected anonymous guest user against removal and restrict modifications allowed See: http://issues.apache.org/jira/browse/JS2-1267
Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java?rev=1178943&r1=1178942&r2=1178943&view=diff ============================================================================== --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java (original) +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java Tue Oct 4 20:17:59 2011 @@ -1996,6 +1996,7 @@ public class JetspeedPrincipalManagement TabbedPanel panel = (TabbedPanel) get("tabs"); ITab tab; panel.getTabs().clear(); + boolean guestUserSelected; if (userSelecteed) { if (principalType.getName().equals(JetspeedPrincipalType.USER)) @@ -2027,26 +2028,21 @@ public class JetspeedPrincipalManagement return; } } - tab = new AbstractTab(new Model("Status")) + guestUserSelected = (principalType.getName().equals(JetspeedPrincipalType.USER) && + principal.getName().equals(((UserManager)getManager()).getAnonymousUser())); + + if (!guestUserSelected) { - public Panel getPanel(String panelId) + // if guest user: don't show status panel + tab = new AbstractTab(new Model("Status")) { - return new PrincipalStatusPanel(panelId); - } - }; - panel.getTabs().add(tab); - if (principalType.getName().equals(JetspeedPrincipalType.USER)) - { - tab = new AbstractTab(new Model("User Profile")) - { - public Panel getPanel(String panelId) { - return new UserPrincipalProfilePanel(panelId); + return new PrincipalStatusPanel(panelId); } }; panel.getTabs().add(tab); - } + } tab = new AbstractTab(new Model("Associations")) { @@ -2065,7 +2061,7 @@ public class JetspeedPrincipalManagement } }; panel.getTabs().add(tab); - if (principalType.getName().equals(JetspeedPrincipalType.USER)) + if (!guestUserSelected && principalType.getName().equals(JetspeedPrincipalType.USER)) { tab = new AbstractTab(new Model("Credentials")) { @@ -2077,6 +2073,18 @@ public class JetspeedPrincipalManagement }; panel.getTabs().add(tab); } + if (principalType.getName().equals(JetspeedPrincipalType.USER)) + { + tab = new AbstractTab(new Model("User Profile")) + { + + public Panel getPanel(String panelId) + { + return new UserPrincipalProfilePanel(panelId); + } + }; + panel.getTabs().add(tab); + } panel.setSelectedTab(0); } else { Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java?rev=1178943&r1=1178942&r2=1178943&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java (original) +++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java Tue Oct 4 20:17:59 2011 @@ -238,11 +238,30 @@ public class UserManagerImpl extends Bas public void removeUser(String username) throws SecurityException { + if (username != null && username.equals(getAnonymousUser())) + { + throw new SecurityException(SecurityException.ANONYMOUS_USER_PROTECTED.create(username)); + } JetspeedPrincipal user; user = getUser(username); super.removePrincipal(user); } + + public void removePrincipal(String principalName) throws SecurityException + { + removeUser(principalName); + } + + public void removePrincipal(JetspeedPrincipal principal) throws SecurityException + { + validatePrincipal(principal); + if (principal.getName().equals(getAnonymousUser())) + { + throw new SecurityException(SecurityException.ANONYMOUS_USER_PROTECTED.create(principal.getName())); + } + super.removePrincipal(principal); + } public void storePasswordCredential(PasswordCredential credential) throws SecurityException { --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org