1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.layout.impl; |
18 |
|
|
19 |
|
import java.io.StringReader; |
20 |
|
import java.util.ArrayList; |
21 |
|
import java.util.List; |
22 |
|
import java.util.Map; |
23 |
|
import java.util.StringTokenizer; |
24 |
|
|
25 |
|
import org.apache.commons.logging.Log; |
26 |
|
import org.apache.commons.logging.LogFactory; |
27 |
|
import org.apache.jetspeed.JetspeedActions; |
28 |
|
import org.apache.jetspeed.ajax.AJAXException; |
29 |
|
import org.apache.jetspeed.ajax.AjaxAction; |
30 |
|
import org.apache.jetspeed.ajax.AjaxBuilder; |
31 |
|
import org.apache.jetspeed.layout.PortletActionSecurityBehavior; |
32 |
|
import org.apache.jetspeed.om.common.SecurityConstraint; |
33 |
|
import org.apache.jetspeed.om.page.PageSecurity; |
34 |
|
import org.apache.jetspeed.om.page.SecurityConstraintsDef; |
35 |
|
import org.apache.jetspeed.page.PageManager; |
36 |
|
import org.apache.jetspeed.request.RequestContext; |
37 |
|
import org.jdom.Document; |
38 |
|
import org.jdom.Element; |
39 |
|
import org.jdom.input.SAXBuilder; |
40 |
|
|
41 |
|
|
42 |
|
|
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
|
47 |
|
|
48 |
|
|
49 |
|
|
50 |
|
|
51 |
|
|
52 |
|
|
53 |
|
public class SecurityConstraintsAction |
54 |
|
extends BasePortletAction |
55 |
|
implements AjaxAction, AjaxBuilder, Constants |
56 |
|
{ |
57 |
0 |
protected static final Log log = LogFactory.getLog(SecurityConstraintsAction.class); |
58 |
|
|
59 |
|
public SecurityConstraintsAction(String template, |
60 |
|
String errorTemplate, |
61 |
|
PageManager pm, |
62 |
|
PortletActionSecurityBehavior securityBehavior) |
63 |
|
{ |
64 |
0 |
super(template, errorTemplate, pm, securityBehavior); |
65 |
0 |
} |
66 |
|
|
67 |
|
public SecurityConstraintsAction(String template, |
68 |
|
String errorTemplate, |
69 |
|
PageManager pm) |
70 |
|
{ |
71 |
0 |
this(template, errorTemplate, pm, null); |
72 |
0 |
} |
73 |
|
|
74 |
|
public boolean run(RequestContext requestContext, Map resultMap) |
75 |
|
throws AJAXException |
76 |
|
{ |
77 |
0 |
boolean success = true; |
78 |
0 |
String status = "success"; |
79 |
|
try |
80 |
|
{ |
81 |
0 |
resultMap.put(ACTION, "constraints"); |
82 |
|
|
83 |
0 |
String method = getActionParameter(requestContext, "method"); |
84 |
0 |
if (method == null) |
85 |
|
{ |
86 |
0 |
throw new RuntimeException("Method not provided"); |
87 |
|
} |
88 |
0 |
resultMap.put("method", method); |
89 |
0 |
if (false == checkAccess(requestContext, JetspeedActions.EDIT)) |
90 |
|
{ |
91 |
0 |
success = false; |
92 |
0 |
resultMap.put(REASON, "Insufficient access to administer portal permissions"); |
93 |
0 |
return success; |
94 |
|
} |
95 |
0 |
int count = 0; |
96 |
0 |
if (method.equals("add-def") || method.equals("update-def")) |
97 |
|
{ |
98 |
0 |
count = updateConstraintDefinition(requestContext, resultMap); |
99 |
|
} |
100 |
0 |
else if (method.equals("remove-def")) |
101 |
|
{ |
102 |
0 |
count = removeConstraintDefinition(requestContext, resultMap); |
103 |
|
} |
104 |
0 |
else if (method.equals("add-global")) |
105 |
|
{ |
106 |
0 |
count = addGlobal(requestContext, resultMap); |
107 |
|
} |
108 |
0 |
else if (method.equals("remove-global")) |
109 |
|
{ |
110 |
0 |
count = removeGlobal(requestContext, resultMap); |
111 |
|
} |
112 |
|
else |
113 |
|
{ |
114 |
0 |
success = false; |
115 |
0 |
resultMap.put(REASON, "Unsupported portal constraints method: " + method); |
116 |
0 |
return success; |
117 |
|
} |
118 |
0 |
resultMap.put("count", Integer.toString(count)); |
119 |
0 |
resultMap.put(STATUS, status); |
120 |
|
} |
121 |
0 |
catch (Exception e) |
122 |
|
{ |
123 |
0 |
log.error("exception administering portal permissions", e); |
124 |
0 |
resultMap.put(REASON, e.toString()); |
125 |
0 |
success = false; |
126 |
0 |
} |
127 |
0 |
return success; |
128 |
|
} |
129 |
|
|
130 |
|
protected int removeConstraclass="keyword">intDefinition(RequestContext requestContext, Map resultMap) |
131 |
|
throws AJAXException |
132 |
|
{ |
133 |
0 |
String name = getActionParameter(requestContext, "name"); |
134 |
0 |
if (name == null) |
135 |
0 |
throw new AJAXException("Missing 'name' parameter"); |
136 |
|
|
137 |
|
try |
138 |
|
{ |
139 |
0 |
PageSecurity pageSecurity = pageManager.getPageSecurity(); |
140 |
0 |
SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(name); |
141 |
0 |
if (def == null) |
142 |
|
{ |
143 |
0 |
return 0; |
144 |
|
} |
145 |
0 |
List defs = pageSecurity.getSecurityConstraintsDefs(); |
146 |
0 |
defs.remove(def); |
147 |
0 |
pageSecurity.setSecurityConstraintsDefs(defs); |
148 |
0 |
pageManager.updatePageSecurity(pageSecurity); |
149 |
|
} |
150 |
0 |
catch (Exception e) |
151 |
|
{ |
152 |
0 |
throw new AJAXException(e); |
153 |
0 |
} |
154 |
0 |
return 1; |
155 |
|
} |
156 |
|
|
157 |
|
protected int updateConstraclass="keyword">intDefinition(RequestContext requestContext, Map resultMap) |
158 |
|
throws AJAXException |
159 |
|
{ |
160 |
0 |
int count = 0; |
161 |
0 |
boolean added = false; |
162 |
0 |
String xml = getActionParameter(requestContext, "xml"); |
163 |
0 |
if (xml == null) |
164 |
0 |
throw new AJAXException("Missing 'xml' parameter"); |
165 |
|
try |
166 |
|
{ |
167 |
0 |
SAXBuilder saxBuilder = new SAXBuilder(); |
168 |
0 |
StringReader reader = new StringReader(xml); |
169 |
0 |
Document document = saxBuilder.build(reader); |
170 |
0 |
Element root = document.getRootElement(); |
171 |
0 |
String name = root.getAttribute("name").getValue(); |
172 |
0 |
PageSecurity pageSecurity = pageManager.getPageSecurity(); |
173 |
0 |
SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(name); |
174 |
0 |
int defsSize = 0; |
175 |
0 |
if (def == null) |
176 |
|
{ |
177 |
0 |
def = pageManager.newSecurityConstraintsDef(); |
178 |
0 |
def.setName(name); |
179 |
0 |
added = true; |
180 |
|
} |
181 |
0 |
int xmlSize = root.getChildren("security-constraint").size(); |
182 |
0 |
if (added == false) |
183 |
|
{ |
184 |
0 |
defsSize = def.getSecurityConstraints().size(); |
185 |
|
} |
186 |
0 |
int min = (xmlSize < defsSize) ? xmlSize : defsSize; |
187 |
0 |
List xmlConstraints = root.getChildren("security-constraint"); |
188 |
0 |
List constraints = def.getSecurityConstraints(); |
189 |
0 |
Element owner = root.getChild("owner"); |
190 |
0 |
if (owner != null) |
191 |
|
{ |
192 |
|
} |
193 |
0 |
for (int ix = 0; ix < min; ix++) |
194 |
|
{ |
195 |
0 |
Element xmlConstraint = (Element)xmlConstraints.get(ix); |
196 |
0 |
SecurityConstraint constraint = (SecurityConstraint)constraints.get(ix); |
197 |
0 |
updateConstraintValues(xmlConstraint, constraint); |
198 |
0 |
count++; |
199 |
|
} |
200 |
0 |
if (xmlSize < defsSize) |
201 |
|
{ |
202 |
|
|
203 |
0 |
List deletes = new ArrayList(defsSize - xmlSize); |
204 |
0 |
for (int ix = min; ix < defsSize; ix++) |
205 |
|
{ |
206 |
0 |
deletes.add(constraints.get(ix)); |
207 |
|
} |
208 |
0 |
for (int ix = 0; ix < deletes.size(); ix++) |
209 |
|
{ |
210 |
0 |
constraints.remove(deletes.get(ix)); |
211 |
0 |
count++; |
212 |
|
} |
213 |
0 |
} |
214 |
0 |
else if (xmlSize > defsSize) |
215 |
|
{ |
216 |
|
|
217 |
0 |
for (int ix = min; ix < xmlSize; ix++) |
218 |
|
{ |
219 |
0 |
Element xmlConstraint = (Element)xmlConstraints.get(ix); |
220 |
0 |
SecurityConstraint constraint = pageManager.newPageSecuritySecurityConstraint(); |
221 |
0 |
updateConstraintValues(xmlConstraint, constraint); |
222 |
0 |
constraints.add(constraint); |
223 |
0 |
count++; |
224 |
|
} |
225 |
|
} |
226 |
0 |
if (added) |
227 |
|
{ |
228 |
0 |
pageSecurity.getSecurityConstraintsDefs().add(def); |
229 |
0 |
pageSecurity.setSecurityConstraintsDefs(pageSecurity.getSecurityConstraintsDefs()); |
230 |
|
} |
231 |
0 |
pageManager.updatePageSecurity(pageSecurity); |
232 |
|
} |
233 |
0 |
catch (Exception e) |
234 |
|
{ |
235 |
0 |
throw new AJAXException(e); |
236 |
0 |
} |
237 |
0 |
return count; |
238 |
|
} |
239 |
|
|
240 |
|
protected void updateConstraintValues(Element xmlConstraint, SecurityConstraint constraint) |
241 |
|
{ |
242 |
0 |
constraint.setRoles(parseCSVList(xmlConstraint.getChildText("roles"))); |
243 |
0 |
constraint.setGroups(parseCSVList(xmlConstraint.getChildText("groups"))); |
244 |
0 |
constraint.setPermissions(parseCSVList(xmlConstraint.getChildText("permissions"))); |
245 |
0 |
constraint.setUsers(parseCSVList(xmlConstraint.getChildText("users"))); |
246 |
0 |
} |
247 |
|
|
248 |
|
protected List parseCSVList(String csv) |
249 |
|
{ |
250 |
0 |
if (csv != null) |
251 |
|
{ |
252 |
0 |
List csvList = new ArrayList(4); |
253 |
0 |
if (csv.indexOf(',') != -1) |
254 |
|
{ |
255 |
0 |
StringTokenizer csvTokens = new StringTokenizer(csv, ","); |
256 |
0 |
while (csvTokens.hasMoreTokens()) |
257 |
|
{ |
258 |
0 |
csvList.add(csvTokens.nextToken().trim()); |
259 |
|
} |
260 |
0 |
} |
261 |
|
else |
262 |
|
{ |
263 |
0 |
csvList.add(csv); |
264 |
|
} |
265 |
0 |
return csvList; |
266 |
|
} |
267 |
0 |
return null; |
268 |
|
} |
269 |
|
|
270 |
|
protected int removeGlobal(RequestContext requestContext, Map resultMap) |
271 |
|
throws AJAXException |
272 |
|
{ |
273 |
0 |
int count = 0; |
274 |
0 |
String name = getActionParameter(requestContext, "name"); |
275 |
0 |
if (name == null) |
276 |
0 |
throw new AJAXException("Missing 'name' parameter"); |
277 |
|
|
278 |
|
try |
279 |
|
{ |
280 |
0 |
PageSecurity pageSecurity = pageManager.getPageSecurity(); |
281 |
0 |
List globals = pageSecurity.getGlobalSecurityConstraintsRefs(); |
282 |
0 |
if (!globals.contains(name)) |
283 |
|
{ |
284 |
0 |
return 0; |
285 |
|
} |
286 |
0 |
globals.remove(name); |
287 |
0 |
pageSecurity.setGlobalSecurityConstraintsRefs(globals); |
288 |
0 |
pageManager.updatePageSecurity(pageSecurity); |
289 |
0 |
count++; |
290 |
|
} |
291 |
0 |
catch (Exception e) |
292 |
|
{ |
293 |
0 |
throw new AJAXException(e); |
294 |
0 |
} |
295 |
0 |
return count; |
296 |
|
} |
297 |
|
|
298 |
|
protected int addGlobal(RequestContext requestContext, Map resultMap) |
299 |
|
throws AJAXException |
300 |
|
{ |
301 |
0 |
int count = 0; |
302 |
0 |
String name = getActionParameter(requestContext, "name"); |
303 |
0 |
if (name == null) |
304 |
0 |
throw new AJAXException("Missing 'name' parameter"); |
305 |
|
|
306 |
|
try |
307 |
|
{ |
308 |
0 |
PageSecurity pageSecurity = pageManager.getPageSecurity(); |
309 |
0 |
List globals = pageSecurity.getGlobalSecurityConstraintsRefs(); |
310 |
0 |
if (pageSecurity.getSecurityConstraintsDef(name) == null) |
311 |
|
{ |
312 |
0 |
throw new AJAXException("global name doesnt exist in definitions"); |
313 |
|
} |
314 |
0 |
if (globals.contains(name)) |
315 |
|
{ |
316 |
|
|
317 |
0 |
return count; |
318 |
|
} |
319 |
0 |
globals.add(name); |
320 |
0 |
pageSecurity.setGlobalSecurityConstraintsRefs(globals); |
321 |
0 |
pageManager.updatePageSecurity(pageSecurity); |
322 |
0 |
count++; |
323 |
|
} |
324 |
0 |
catch (Exception e) |
325 |
|
{ |
326 |
0 |
throw new AJAXException(e); |
327 |
0 |
} |
328 |
0 |
return count; |
329 |
|
} |
330 |
|
|
331 |
|
} |