Coverage report

  %line %branch
org.apache.jetspeed.layout.impl.SecurityConstraintsAction
0% 
0% 

 1  
 /*
 2  
  * Licensed to the Apache Software Foundation (ASF) under one or more
 3  
  * contributor license agreements.  See the NOTICE file distributed with
 4  
  * this work for additional information regarding copyright ownership.
 5  
  * The ASF licenses this file to You under the Apache License, Version 2.0
 6  
  * (the "License"); you may not use this file except in compliance with
 7  
  * the License.  You may obtain a copy of the License at
 8  
  * 
 9  
  *      http://www.apache.org/licenses/LICENSE-2.0
 10  
  * 
 11  
  * Unless required by applicable law or agreed to in writing, software
 12  
  * distributed under the License is distributed on an "AS IS" BASIS,
 13  
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 14  
  * See the License for the specific language governing permissions and
 15  
  * limitations under the License.
 16  
  */
 17  
 package org.apache.jetspeed.layout.impl;
 18  
 
 19  
 import java.io.StringReader;
 20  
 import java.util.ArrayList;
 21  
 import java.util.List;
 22  
 import java.util.Map;
 23  
 import java.util.StringTokenizer;
 24  
 
 25  
 import org.apache.commons.logging.Log;
 26  
 import org.apache.commons.logging.LogFactory;
 27  
 import org.apache.jetspeed.JetspeedActions;
 28  
 import org.apache.jetspeed.ajax.AJAXException;
 29  
 import org.apache.jetspeed.ajax.AjaxAction;
 30  
 import org.apache.jetspeed.ajax.AjaxBuilder;
 31  
 import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
 32  
 import org.apache.jetspeed.om.common.SecurityConstraint;
 33  
 import org.apache.jetspeed.om.page.PageSecurity;
 34  
 import org.apache.jetspeed.om.page.SecurityConstraintsDef;
 35  
 import org.apache.jetspeed.page.PageManager;
 36  
 import org.apache.jetspeed.request.RequestContext;
 37  
 import org.jdom.Document;
 38  
 import org.jdom.Element;
 39  
 import org.jdom.input.SAXBuilder;
 40  
 
 41  
 /**
 42  
  * Security Permission action
 43  
  * 
 44  
  * AJAX Parameters: 
 45  
  *    action = constraints
 46  
  *    method = add-def | update-def | remove-def | add-global | remove-global   
 47  
  *    name = name of constraint definition or global definition
 48  
  *    xml = the constraints payload, same format as PSML constraint defs
 49  
  *    
 50  
  * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>
 51  
  * @version $Id: $
 52  
  */
 53  
 public class SecurityConstraintsAction 
 54  
     extends BasePortletAction 
 55  
     implements AjaxAction, AjaxBuilder, Constants
 56  
 {
 57  0
     protected static final Log log = LogFactory.getLog(SecurityConstraintsAction.class);
 58  
 
 59  
     public SecurityConstraintsAction(String template, 
 60  
                                      String errorTemplate, 
 61  
                                      PageManager pm,
 62  
                                      PortletActionSecurityBehavior securityBehavior)                                     
 63  
     {
 64  0
         super(template, errorTemplate, pm, securityBehavior); 
 65  0
     }
 66  
 
 67  
     public SecurityConstraintsAction(String template, 
 68  
             String errorTemplate, 
 69  
             PageManager pm)
 70  
     {
 71  0
         this(template, errorTemplate, pm, null); 
 72  0
     }
 73  
     
 74  
     public boolean run(RequestContext requestContext, Map resultMap)
 75  
             throws AJAXException
 76  
     {
 77  0
         boolean success = true;
 78  0
         String status = "success";
 79  
         try
 80  
         {
 81  0
             resultMap.put(ACTION, "constraints");
 82  
             // Get the necessary parameters off of the request
 83  0
             String method = getActionParameter(requestContext, "method");
 84  0
             if (method == null) 
 85  
             { 
 86  0
                 throw new RuntimeException("Method not provided"); 
 87  
             }            
 88  0
             resultMap.put("method", method);
 89  0
             if (false == checkAccess(requestContext, JetspeedActions.EDIT))
 90  
             {
 91  0
                 success = false;
 92  0
                 resultMap.put(REASON, "Insufficient access to administer portal permissions");                
 93  0
                 return success;
 94  
             }           
 95  0
             int count = 0;
 96  0
             if (method.equals("add-def") || method.equals("update-def"))
 97  
             {
 98  0
                 count = updateConstraintDefinition(requestContext, resultMap);
 99  
             }
 100  0
             else if (method.equals("remove-def"))
 101  
             {
 102  0
                 count = removeConstraintDefinition(requestContext, resultMap);
 103  
             }
 104  0
             else if (method.equals("add-global"))
 105  
             {
 106  0
                 count = addGlobal(requestContext, resultMap);
 107  
             }
 108  0
             else if (method.equals("remove-global"))
 109  
             {
 110  0
                 count = removeGlobal(requestContext, resultMap);
 111  
             }
 112  
             else
 113  
             {
 114  0
                 success = false;
 115  0
                 resultMap.put(REASON, "Unsupported portal constraints method: " + method);                
 116  0
                 return success;                
 117  
             }
 118  0
             resultMap.put("count", Integer.toString(count));
 119  0
             resultMap.put(STATUS, status);
 120  
         } 
 121  0
         catch (Exception e)
 122  
         {
 123  0
             log.error("exception administering portal permissions", e);
 124  0
             resultMap.put(REASON, e.toString());
 125  0
             success = false;
 126  0
         }
 127  0
         return success;
 128  
     }
 129  
     
 130  
     protected int removeConstraclass="keyword">intDefinition(RequestContext requestContext, Map resultMap)
 131  
     throws AJAXException
 132  
     {
 133  0
         String name = getActionParameter(requestContext, "name");
 134  0
         if (name == null)
 135  0
             throw new AJAXException("Missing 'name' parameter");
 136  
         
 137  
         try
 138  
         {
 139  0
             PageSecurity pageSecurity = pageManager.getPageSecurity();        
 140  0
             SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(name);
 141  0
             if (def == null)
 142  
             {
 143  0
                 return 0;
 144  
             }
 145  0
             List defs = pageSecurity.getSecurityConstraintsDefs();
 146  0
             defs.remove(def);
 147  0
             pageSecurity.setSecurityConstraintsDefs(defs);
 148  0
             pageManager.updatePageSecurity(pageSecurity);
 149  
         }
 150  0
         catch (Exception e)
 151  
         {
 152  0
             throw new AJAXException(e);
 153  0
         }        
 154  0
         return 1;
 155  
     }
 156  
     
 157  
     protected int updateConstraclass="keyword">intDefinition(RequestContext requestContext, Map resultMap)
 158  
     throws AJAXException
 159  
     {
 160  0
         int count = 0;
 161  0
         boolean added = false;
 162  0
         String xml = getActionParameter(requestContext, "xml");
 163  0
         if (xml == null)
 164  0
             throw new AJAXException("Missing 'xml' parameter");
 165  
         try
 166  
         {
 167  0
             SAXBuilder saxBuilder = new SAXBuilder();
 168  0
             StringReader reader = new StringReader(xml);
 169  0
             Document document = saxBuilder.build(reader);
 170  0
             Element root = document.getRootElement();
 171  0
             String name = root.getAttribute("name").getValue();
 172  0
             PageSecurity pageSecurity = pageManager.getPageSecurity();
 173  0
             SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(name);
 174  0
             int defsSize = 0;
 175  0
             if (def == null)
 176  
             {
 177  0
                 def = pageManager.newSecurityConstraintsDef();
 178  0
                 def.setName(name);
 179  0
                 added = true;
 180  
             }
 181  0
             int xmlSize = root.getChildren("security-constraint").size();
 182  0
             if (added == false)
 183  
             {
 184  0
                 defsSize = def.getSecurityConstraints().size();
 185  
             }
 186  0
             int min = (xmlSize < defsSize) ? xmlSize : defsSize;
 187  0
             List xmlConstraints = root.getChildren("security-constraint");
 188  0
             List constraints = def.getSecurityConstraints();
 189  0
             Element owner = root.getChild("owner");
 190  0
             if (owner != null)
 191  
             {
 192  
             }
 193  0
             for (int ix = 0; ix < min; ix++)
 194  
             {
 195  0
                 Element xmlConstraint = (Element)xmlConstraints.get(ix);
 196  0
                 SecurityConstraint constraint =  (SecurityConstraint)constraints.get(ix);                
 197  0
                 updateConstraintValues(xmlConstraint, constraint);
 198  0
                 count++;                
 199  
             }
 200  0
             if (xmlSize < defsSize)
 201  
             {
 202  
                 // remove constraints
 203  0
                 List deletes = new ArrayList(defsSize - xmlSize);
 204  0
                 for (int ix = min; ix < defsSize; ix++)
 205  
                 {
 206  0
                     deletes.add(constraints.get(ix));
 207  
                 }
 208  0
                 for (int ix = 0; ix < deletes.size(); ix++)
 209  
                 {
 210  0
                     constraints.remove(deletes.get(ix));
 211  0
                     count++;                    
 212  
                 }                
 213  0
             }
 214  0
             else if (xmlSize > defsSize)
 215  
             {
 216  
                 // add new constraints
 217  0
                 for (int ix = min; ix < xmlSize; ix++)
 218  
                 {
 219  0
                     Element xmlConstraint = (Element)xmlConstraints.get(ix);
 220  0
                     SecurityConstraint constraint =  pageManager.newPageSecuritySecurityConstraint();                    
 221  0
                     updateConstraintValues(xmlConstraint, constraint);
 222  0
                     constraints.add(constraint);                    
 223  0
                     count++;
 224  
                 }                
 225  
             }
 226  0
             if (added)
 227  
             {                
 228  0
                 pageSecurity.getSecurityConstraintsDefs().add(def);
 229  0
                 pageSecurity.setSecurityConstraintsDefs(pageSecurity.getSecurityConstraintsDefs());
 230  
             }
 231  0
             pageManager.updatePageSecurity(pageSecurity);
 232  
         }
 233  0
         catch (Exception e)
 234  
         {
 235  0
             throw new AJAXException(e);
 236  0
         }
 237  0
         return count;
 238  
     }
 239  
     
 240  
     protected void updateConstraintValues(Element xmlConstraint, SecurityConstraint constraint)
 241  
     {
 242  0
         constraint.setRoles(parseCSVList(xmlConstraint.getChildText("roles")));
 243  0
         constraint.setGroups(parseCSVList(xmlConstraint.getChildText("groups")));
 244  0
         constraint.setPermissions(parseCSVList(xmlConstraint.getChildText("permissions")));
 245  0
         constraint.setUsers(parseCSVList(xmlConstraint.getChildText("users")));        
 246  0
     }
 247  
     
 248  
     protected List parseCSVList(String csv)
 249  
     {
 250  0
         if (csv != null)
 251  
         {
 252  0
             List csvList = new ArrayList(4);
 253  0
             if (csv.indexOf(',') != -1)
 254  
             {
 255  0
                 StringTokenizer csvTokens = new StringTokenizer(csv, ",");
 256  0
                 while (csvTokens.hasMoreTokens())
 257  
                 {
 258  0
                     csvList.add(csvTokens.nextToken().trim());
 259  
                 }
 260  0
             }
 261  
             else
 262  
             {
 263  0
                 csvList.add(csv);
 264  
             }
 265  0
             return csvList;
 266  
         }
 267  0
         return null;
 268  
     }
 269  
     
 270  
     protected int removeGlobal(RequestContext requestContext, Map resultMap)
 271  
     throws AJAXException
 272  
     {
 273  0
         int count = 0;
 274  0
         String name = getActionParameter(requestContext, "name");
 275  0
         if (name == null)
 276  0
             throw new AJAXException("Missing 'name' parameter");
 277  
         
 278  
         try
 279  
         {
 280  0
             PageSecurity pageSecurity = pageManager.getPageSecurity();        
 281  0
             List globals = pageSecurity.getGlobalSecurityConstraintsRefs();
 282  0
             if (!globals.contains(name))
 283  
             {
 284  0
                 return 0;
 285  
             }
 286  0
             globals.remove(name);
 287  0
             pageSecurity.setGlobalSecurityConstraintsRefs(globals);
 288  0
             pageManager.updatePageSecurity(pageSecurity);
 289  0
             count++;
 290  
         }
 291  0
         catch (Exception e)
 292  
         {
 293  0
             throw new AJAXException(e);
 294  0
         }        
 295  0
         return count;
 296  
     }
 297  
        
 298  
     protected int addGlobal(RequestContext requestContext, Map resultMap)
 299  
     throws AJAXException
 300  
     {
 301  0
         int count = 0;
 302  0
         String name = getActionParameter(requestContext, "name");
 303  0
         if (name == null)
 304  0
             throw new AJAXException("Missing 'name' parameter");
 305  
         
 306  
         try
 307  
         {
 308  0
             PageSecurity pageSecurity = pageManager.getPageSecurity();        
 309  0
             List globals = pageSecurity.getGlobalSecurityConstraintsRefs();
 310  0
             if (pageSecurity.getSecurityConstraintsDef(name) == null)
 311  
             {
 312  0
                 throw new AJAXException("global name doesnt exist in definitions");
 313  
             }
 314  0
             if (globals.contains(name))
 315  
             {
 316  
                 // already exist;
 317  0
                 return count;
 318  
             }
 319  0
             globals.add(name);
 320  0
             pageSecurity.setGlobalSecurityConstraintsRefs(globals);
 321  0
             pageManager.updatePageSecurity(pageSecurity);
 322  0
             count++;
 323  
         }
 324  0
         catch (Exception e)
 325  
         {
 326  0
             throw new AJAXException(e);
 327  0
         }        
 328  0
         return count;
 329  
     }
 330  
     
 331  
 }

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.