ozeigermann 2004/10/19 14:42:46
Modified: src/share/org/apache/slide/macro MacroImpl.java
Log:
Added security and lock check
TODO:
- Add real check if move/copy/delete is inside a single store
Revision Changes Path
1.45 +67 -4 jakarta-slide/src/share/org/apache/slide/macro/MacroImpl.java
Index: MacroImpl.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/share/org/apache/slide/macro/MacroImpl.java,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- MacroImpl.java 19 Oct 2004 11:47:05 -0000 1.44
+++ MacroImpl.java 19 Oct 2004 21:42:46 -0000 1.45
@@ -53,6 +53,7 @@
import org.apache.slide.security.NodePermission;
import org.apache.slide.security.Security;
import org.apache.slide.store.Store;
+import org.apache.slide.structure.ActionNode;
import org.apache.slide.structure.LinkedObjectNotFoundException;
import org.apache.slide.structure.ObjectAlreadyExistsException;
import org.apache.slide.structure.ObjectHasChildrenException;
@@ -62,6 +63,7 @@
import org.apache.slide.util.Configuration;
import org.apache.slide.event.EventDispatcher;
import org.apache.slide.event.MacroEvent;
+import org.apache.slide.event.StructureEvent;
import org.apache.slide.event.VetoException;
/**
@@ -210,6 +212,10 @@
if (store.isMacroCopySupported() && source.getStore() ==
destination.getStore()
&& namespace.canUseMacroStore(source) &&
namespace.canUseMacroStore(destination)) {
try {
+ if (Configuration.useIntegratedSecurity()) {
+ recursiveAccessCheck(source,
namespaceConfig.getReadObjectAction());
+ recursiveAccessCheck(destination,
namespaceConfig.getCreateObjectAction());
+ }
store.macroCopy(source, destination);
Uri parentUri = destination.getParentUri();
@@ -219,6 +225,10 @@
parentNode.addChild(destinationNode);
parentUri.getStore().storeObject(parentUri, parentNode);
+
+ } catch (AccessDeniedException x) {
+ e.addException(x);
+ throw e;
} catch (ObjectNotFoundException x) {
e.addException(x);
throw e;
@@ -228,6 +238,9 @@
} catch (ServiceAccessException x) {
e.addException(x);
throw e;
+ } catch (SlideException x) {
+ e.addException(x);
+ throw e;
}
} else {
// try to writeLock the complete destination tree
@@ -257,6 +270,30 @@
throw new CopyMacroException(ve.getMessage());
}
}
+
+ protected void recursiveAccessCheck(Uri uri, ActionNode action) throws
SlideException, AccessDeniedException {
+ ObjectNode node = uri.getStore().retrieveObject(uri);
+ securityHelper.checkCredentials(uri.getToken(), node, action);
+ Iterator i = node.getChildren().iterator();
+ while (i.hasNext()) {
+ String child = (String) i.next();
+ Uri childUri = namespace.getUri(uri.getToken(), child);
+ recursiveAccessCheck(childUri, action);
+ }
+ }
+
+ protected void recursiveLockCheck(Uri uri) throws SlideException,
ObjectLockedException {
+ ObjectNode node = uri.getStore().retrieveObject(uri);
+ ActionNode action = namespaceConfig.getCreateObjectAction();
+ lockHelper.checkLock(uri.getToken(), node, action);
+ Iterator i = node.getChildren().iterator();
+ while (i.hasNext()) {
+ String child = (String) i.next();
+ Uri childUri = namespace.getUri(uri.getToken(), child);
+ recursiveLockCheck(childUri);
+ }
+ }
+
/**
* WriteLock the specified URI
@@ -477,6 +514,13 @@
if (store.isMacroMoveSupported() && source.getStore() ==
destination.getStore()
&& namespace.canUseMacroStore(source) &&
namespace.canUseMacroStore(destination)) {
try {
+ if (Configuration.useIntegratedSecurity()) {
+ recursiveAccessCheck(source,
namespaceConfig.getRemoveObjectAction());
+ recursiveAccessCheck(destination,
namespaceConfig.getCreateObjectAction());
+ }
+ if (Configuration.useIntegratedLocking()) {
+ recursiveLockCheck(source);
+ }
Uri sourceParentUri = source.getParentUri();
ObjectNode sourceParentNode =
sourceParentUri.getStore().retrieveObject(sourceParentUri);
@@ -503,6 +547,12 @@
} catch (ServiceAccessException x) {
e.addException(x);
throw e;
+ } catch (AccessDeniedException x) {
+ e.addException(x);
+ throw e;
+ } catch (SlideException x) {
+ e.addException(x);
+ throw e;
}
} else {
copy(token, sourceUri, destinationUri, parameters,
@@ -593,6 +643,13 @@
if (store.isMacroDeleteSupported() &&
namespace.canUseMacroStore(destination)) {
try {
+ if (Configuration.useIntegratedSecurity()) {
+ recursiveAccessCheck(destination,
namespaceConfig.getRemoveObjectAction());
+ }
+ if (Configuration.useIntegratedLocking()) {
+ recursiveLockCheck(destination);
+ }
+
Uri parentUri = destination.getParentUri();
ObjectNode parentNode =
parentUri.getStore().retrieveObject(parentUri);
@@ -606,6 +663,12 @@
e.addException(x);
throw e;
} catch (ServiceAccessException x) {
+ e.addException(x);
+ throw e;
+ } catch (AccessDeniedException x) {
+ e.addException(x);
+ throw e;
+ } catch (SlideException x) {
e.addException(x);
throw e;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
