cvs commit: jakarta-jetspeed/fusion project.xml
taylor 2004/11/22 23:25:19 Modified:fusion project.xml Log: upgrade to 1.0 CVS: -- CVS: PR: CVS: If this change addresses a PR in the problem report tracking CVS: database, then enter the PR number(s) here. CVS: Obtained from: CVS: If this change has been taken from another system, such as NCSA, CVS: then name the system in this line, otherwise delete it. CVS: Submitted by: CVS: If this code has been contributed to Apache by someone else; i.e., CVS: they sent us a patch or a new module, then include their name/email CVS: address here. If this is your work then delete this line. CVS: Reviewed by: CVS: If we are doing pre-commit code reviews and someone else has CVS: reviewed your changes, include their name(s) here. CVS: If you have not had it reviewed then delete this line. Revision ChangesPath 1.9 +1 -1 jakarta-jetspeed/fusion/project.xml Index: project.xml === RCS file: /home/cvs/jakarta-jetspeed/fusion/project.xml,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- project.xml 8 Nov 2004 05:20:45 - 1.8 +++ project.xml 23 Nov 2004 07:25:19 - 1.9 @@ -94,7 +94,7 @@ jdom - b10 + 1.0 true - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-jetspeed-2/jetspeed-api/src/java/org/apache/jetspeed/om/folder Folder.java
taylor 2004/11/22 16:01:32
Modified:
components/page-manager/src/java/org/apache/jetspeed/page/document
FileSystemFolderHandler.java
CastorFileSystemDocumentHandler.java
AbstractNode.java
jetspeed-api/src/java/org/apache/jetspeed/page/document
NodeSet.java
components/page-manager/src/java/org/apache/jetspeed/om/folder/impl
FolderMetaDataImpl.java FolderImpl.java
components/page-manager/src/java/org/apache/jetspeed/om/page/psml
AbstractBaseElement.java
components/page-manager/src/java/org/apache/jetspeed/page/impl
CastorXmlPageManager.java AbstractPageManager.java
jetspeed-api/src/java/org/apache/jetspeed/om/folder
Folder.java
Log:
patch from Randy Watler
The security checks implemented on the PageManager and Folder element
accessors are as follows:
- All folder and page.security document read access is always granted to
facilitate navigation.
- Pages, links, and document set documents are checked for "view" access on
read.
- Page update/register/remove usage is checked for "edit" access.
Revision ChangesPath
1.5 +8 -8
jakarta-jetspeed-2/components/page-manager/src/java/org/apache/jetspeed/page/document/FileSystemFolderHandler.java
Index: FileSystemFolderHandler.java
===
RCS file:
/home/cvs/jakarta-jetspeed-2/components/page-manager/src/java/org/apache/jetspeed/page/document/FileSystemFolderHandler.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- FileSystemFolderHandler.java 21 Oct 2004 02:28:07 - 1.4
+++ FileSystemFolderHandler.java 23 Nov 2004 00:01:31 - 1.5
@@ -384,7 +384,7 @@
if (regexp)
{
// get regexp matched folders
-matchedFolders =
folder.getFolders().inclusiveSubset(folderPath);
+matchedFolders =
((FolderImpl)folder).getFolders(false).inclusiveSubset(folderPath);
}
else
{
@@ -418,7 +418,7 @@
if (regexp)
{
// get regexp matched nodes
-Iterator addIter =
folder.getAllNodes().inclusiveSubset(nodePath).iterator();
+Iterator addIter =
((FolderImpl)folder).getAllNodes().inclusiveSubset(nodePath).iterator();
while (addIter.hasNext())
{
matched.add((Node) addIter.next());
@@ -427,7 +427,7 @@
else
{
// get single matched node
-Iterator findIter = folder.getAllNodes().iterator();
+Iterator findIter =
((FolderImpl)folder).getAllNodes().iterator();
while (findIter.hasNext())
{
Node addNode = (Node) findIter.next();
@@ -486,18 +486,18 @@
{
Folder folder = (Folder) entry.getDocument();
entry.setDocument(getFolder(folder.getPath(), false));
-if(folder.getParent() != null)
+if (((AbstractNode)folder).getParent(false) != null)
{
-FileCacheEntry parentEntry =
(FileCacheEntry)fileCache.get(folder.getParent().getPath());
+FileCacheEntry parentEntry =
(FileCacheEntry)fileCache.get(((AbstractNode)folder).getParent(false).getPath());
refresh(parentEntry);
}
}
else if(entry.getDocument() instanceof Document)
{
Document doc = (Document) entry.getDocument();
-if(doc.getType().equals(FolderMetaData.DOCUMENT_TYPE))
+if (doc.getType().equals(FolderMetaData.DOCUMENT_TYPE))
{
-FileCacheEntry folderEntry =
fileCache.get(doc.getParent().getPath());
+FileCacheEntry folderEntry =
fileCache.get(((AbstractNode)doc).getParent().getPath());
refresh(folderEntry);
}
}
1.9 +5 -5
jakarta-jetspeed-2/components/page-manager/src/java/org/apache/jetspeed/page/document/CastorFileSystemDocumentHandler.java
Index: CastorFileSystemDocumentHandler.java
===
RCS file:
/home/cvs/jakarta-jetspeed-2/components/page-manager/src/java/org/apache/jetspeed/page/document/CastorFileSystemDocumentHandler.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- CastorFileSystemDocumentHandler.java 19 Nov 2004 03:06:44 -
1.8
+++ CastorFileSystemDocumentHandler.java 23 Nov 2004 00:01:31 -
1.9
@@ -30,7 +30,7 @@
import org.apache.je
cvs commit: jakarta-jetspeed-2/portals-bridges/library/velocity/templates modes-states.vm
taylor 2004/11/22 15:58:59 Added: portals-bridges/library/velocity/templates modes-states.vm Log: example mode state vm Revision ChangesPath 1.1 jakarta-jetspeed-2/portals-bridges/library/velocity/templates/modes-states.vm Index: modes-states.vm === #if ($renderRequest.WindowState == $STATE_NORMAL) #if ($renderRequest.isWindowStateAllowed($STATE_MAX)) #set($max = $renderResponse.createRenderURL()) $max.setWindowState($STATE_MAX) Max #end #if ($renderRequest.isWindowStateAllowed($STATE_MIN)) #set($min = $renderResponse.createRenderURL()) $min.setWindowState($STATE_MIN) Min #end #elseif ($renderRequest.WindowState == $STATE_MAX) #set($norm = $renderResponse.createRenderURL()) $norm.setWindowState($STATE_NORMAL) Normal #if ($renderRequest.isWindowStateAllowed($STATE_MIN)) #set($min = $renderResponse.createRenderURL()) $min.setWindowState($STATE_MIN) Min #end #end #if ($renderRequest.PortletMode == $MODE_VIEW) #if ($renderRequest.isPortletModeAllowed($MODE_EDIT)) #set($edit = $renderResponse.createRenderURL()) $edit.setPortletMode($MODE_EDIT) Edit #end #if ($renderRequest.isPortletModeAllowed($MODE_HELP)) #set($help = $renderResponse.createRenderURL()) $help.setPortletMode($MODE_HELP) Help #end #elseif ($renderRequest.PortletMode == $MODE_EDIT) #set($mview = $renderResponse.createRenderURL()) $mview.setPortletMode($MODE_VIEW) View #if ($renderRequest.isPortletModeAllowed($MODE_HELP)) #set($help = $renderResponse.createRenderURL()) $help.setPortletMode($MODE_HELP) Help #end #elseif ($renderRequest.PortletMode == $MODE_HELP) #set($mview = $renderResponse.createRenderURL()) $mview.setPortletMode($MODE_VIEW) View #if ($renderRequest.isPortletModeAllowed($MODE_EDIT)) #set($edit = $renderResponse.createRenderURL()) $edit.setPortletMode($MODE_EDIT) Edit #end #end - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/aggregator/impl Worker.java WorkerMonitor.java
taylor 2004/11/22 15:58:21
Modified:portal/src/java/org/apache/jetspeed/aggregator/impl
Worker.java WorkerMonitor.java
Log:
patch from Randy Watler
run render threads as privileged actions under the current portal subject
Revision ChangesPath
1.4 +50 -6
jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/aggregator/impl/Worker.java
Index: Worker.java
===
RCS file:
/home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/aggregator/impl/Worker.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- Worker.java 8 Mar 2004 00:22:00 - 1.3
+++ Worker.java 22 Nov 2004 23:58:21 - 1.4
@@ -16,6 +16,11 @@
package org.apache.jetspeed.aggregator.impl;
+import java.security.AccessControlContext;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -42,6 +47,9 @@
/** Job to process */
private Runnable job = null;
+/** Context to process job within */
+private AccessControlContext context = null;
+
/** Monitor for this Worker */
private WorkerMonitor monitor = null;
@@ -94,11 +102,21 @@
}
/**
+ * Sets the job to execute in security context
+ */
+public void setJob(Runnable job, AccessControlContext context)
+{
+this.job = job;
+this.context = context;
+}
+
+/**
* Sets the job to execute
*/
public void setJob(Runnable job)
{
this.job = job;
+this.context = null;
}
/**
@@ -136,14 +154,40 @@
// process it
if (this.job != null)
{
-try
+log.debug("Processing job for window :" +
((RenderingJob)job).getWindow().getId());
+Subject subject = null;
+if (this.context != null)
+{
+subject = Subject.getSubject(this.context);
+}
+if (subject != null)
{
-log.debug("Processing job for window :" +
((RenderingJob)job).getWindow().getId());
-this.job.run();
+Subject.doAsPrivileged(subject, new PrivilegedAction()
+{
+public Object run()
+{
+try
+{
+Worker.this.job.run();
+}
+catch (Throwable t)
+{
+log.error("Thread error", t);
+}
+return null;
+}
+}, this.context);
}
-catch (Throwable t)
+else
{
-log.error("Thread error", t);
+try
+{
+this.job.run();
+}
+catch (Throwable t)
+{
+log.error("Thread error", t);
+}
}
}
1.4 +10 -4
jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/aggregator/impl/WorkerMonitor.java
Index: WorkerMonitor.java
===
RCS file:
/home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/aggregator/impl/WorkerMonitor.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- WorkerMonitor.java8 Mar 2004 00:22:00 - 1.3
+++ WorkerMonitor.java22 Nov 2004 23:58:21 - 1.4
@@ -16,6 +16,8 @@
package org.apache.jetspeed.aggregator.impl;
+import java.security.AccessControlContext;
+import java.security.AccessController;
import java.util.Stack;
import org.apache.commons.logging.Log;
@@ -134,9 +136,11 @@
{
Worker worker = this.getWorker();
+AccessControlContext context = AccessController.getContext();
if (worker==null)
{
queue.push(job);
+queue.push(context);
}
else
{
@@ -144,7 +148,7 @@
{
synchronized (worker)
{
-worker.setJob(job);
+worker.setJob(job, context);
worker.no
cvs commit: jakarta-jetspeed-2/portal/src/webapp/WEB-INF/templates/navigation/html/tabs LeftToRight.vm
shinsuke2004/11/22 15:30:53 Modified:portal/src/webapp/WEB-INF/templates/navigation/html/tabs LeftToRight.vm Log: removed width="100%" (tab is too wide on tigris layout) Revision ChangesPath 1.5 +1 -1 jakarta-jetspeed-2/portal/src/webapp/WEB-INF/templates/navigation/html/tabs/LeftToRight.vm Index: LeftToRight.vm === RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/webapp/WEB-INF/templates/navigation/html/tabs/LeftToRight.vm,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- LeftToRight.vm19 Nov 2004 03:07:42 - 1.4 +++ LeftToRight.vm22 Nov 2004 23:30:53 - 1.5 @@ -1,5 +1,5 @@ - + #foreach($childPage in $_nodeSet.iterator()) #set($tabTitle = $childPage.getTitle($preferedLocale)) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: J2 Customizer Issues
Ate: I see the security stuff is working for you, :). See inline comments below: Randy Ate Douma wrote: Is a message missing from the list or did you get a message from 'David' privately? Yes, David sent a message to Scott and I wonding about issues he was having with the Customizer. I'd like to add another problem I encountered. Because the guest user now is a proper user, we should think of some way to disallow login to this user as it is meant to be used as buildin/internal user only. A simple solution to that would be setting the user is_enabled flag to false, but that still leaves the possibility someone enables it again through the UserManager. I personally would like to see a stronger protection against login of this user. This could be done by adding one more boolean attribute to the security_credential table (like is_buildin) or a hardcoded check in the UserManager.authenticate against the anonymous username. This name (default 'guest') is now managed by the Profiler though, so maybe we should move it to the UserManager then. +1, seems like a good idea to limit the login. Another issue: the security rules on the Administrative folder won't allow a non-admin user to change its password. I will move the change-password.psml into the root folder to fix this. I checked in this change to restrict access to the Administrative folder, but I did not spend a whole bunch of time to reorganize the demo site to make sense. David has mentioned over and over again that he was going to go for it one of these days, so I left it to him. Of course, change password needs to be available to every user! Sorry if this caused you too much grief... If time permits, I will also check in tonight the second part of my JS2-151 issue containing enforced password change on first login. This includes automatic navigation to the Change Password psml with no way to navigate from it until the password is changed (logoff is still a way out though). Also included is a configurable set of days before password expiration when a user will be asked to change its password. The last day before expiration will require the password to be changed. These features are currently *not* (longer) working though as result of the new 'guest' user configuration which now *also* is required to change its password, even if this user isn't logged on at all. Kinda blocking problem :( I need this handled before I will check in my changes. Thanks for the notice. I will hold off on upgrading my production site until we get this worked out. Regards, Ate - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
PSML Change in Runtime
Hi people, I need to change the PSML file for a type of user(role) in runtime. According to an action in portal, the panels and portles for the user must be changed. I will have other PSML files and when the user select an option it will change with the portal configuration. Anybody have any idea to how make this? Thank you very much. Regards, Carlos Alberto Torres
Re: J2 Customizer Issues
Randy Watler said: > David, Is a message missing from the list or did you get a message from 'David' privately? > > I have done some significant cleanup in the PageManager and the Customizer > updates seem to be working for me at this point. I think it is safe to say > that the CastorXmlPageManager version out there now is causing at least > some > of the problems you are encountering. Will have a patch in the morning at > some point. I'd like to add another problem I encountered. Because the guest user now is a proper user, we should think of some way to disallow login to this user as it is meant to be used as buildin/internal user only. A simple solution to that would be setting the user is_enabled flag to false, but that still leaves the possibility someone enables it again through the UserManager. I personally would like to see a stronger protection against login of this user. This could be done by adding one more boolean attribute to the security_credential table (like is_buildin) or a hardcoded check in the UserManager.authenticate against the anonymous username. This name (default 'guest') is now managed by the Profiler though, so maybe we should move it to the UserManager then. Another issue: the security rules on the Administrative folder won't allow a non-admin user to change its password. I will move the change-password.psml into the root folder to fix this. If time permits, I will also check in tonight the second part of my JS2-151 issue containing enforced password change on first login. This includes automatic navigation to the Change Password psml with no way to navigate from it until the password is changed (logoff is still a way out though). Also included is a configurable set of days before password expiration when a user will be asked to change its password. The last day before expiration will require the password to be changed. These features are currently *not* (longer) working though as result of the new 'guest' user configuration which now *also* is required to change its password, even if this user isn't logged on at all. Kinda blocking problem :( I need this handled before I will check in my changes. Regards, Ate > > As I replied earlier, the security settings on "/" are preventing you from > viewing the root folder back link after decending into the Public folder. > It > is possible to define the access permissions on a folder to be the union > of > all of its children's access permissions, but that seems like it might be > too computationally intense to be worth it. I don't know what is best. For > now, you can propagate the current constraints in "/" folder.metadata to > its > children and open the permissions on the "/" folder itself to allow guest > access. > > I am currently having issues with the SiteBrowserPortlet: it apparently > does > not set the JAAS subject before it accesses the PageManager. Since the > access is now checked in the PageManager and Folder access methods, it is > getting SecurityExceptions. I have just started looking into this, but am > taking a break until morning. > > Talk to you then, > > Randy > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
