Coverage report

  %line %branch
org.apache.jetspeed.om.page.psml.AbstractBaseElement
0% 
0% 

 1  
 /*
 2  
  * Licensed to the Apache Software Foundation (ASF) under one or more
 3  
  * contributor license agreements.  See the NOTICE file distributed with
 4  
  * this work for additional information regarding copyright ownership.
 5  
  * The ASF licenses this file to You under the Apache License, Version 2.0
 6  
  * (the "License"); you may not use this file except in compliance with
 7  
  * the License.  You may obtain a copy of the License at
 8  
  * 
 9  
  *      http://www.apache.org/licenses/LICENSE-2.0
 10  
  * 
 11  
  * Unless required by applicable law or agreed to in writing, software
 12  
  * distributed under the License is distributed on an "AS IS" BASIS,
 13  
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 14  
  * See the License for the specific language governing permissions and
 15  
  * limitations under the License.
 16  
  */
 17  
 
 18  
 package org.apache.jetspeed.om.page.psml;
 19  
 
 20  
 import java.security.AccessController;
 21  
 import java.security.Principal;
 22  
 import java.util.ArrayList;
 23  
 import java.util.Iterator;
 24  
 import java.util.LinkedList;
 25  
 import java.util.List;
 26  
 
 27  
 import javax.security.auth.Subject;
 28  
 
 29  
 import org.apache.commons.logging.Log;
 30  
 import org.apache.commons.logging.LogFactory;
 31  
 import org.apache.jetspeed.JetspeedActions;
 32  
 import org.apache.jetspeed.om.common.SecuredResource;
 33  
 import org.apache.jetspeed.om.common.SecurityConstraint;
 34  
 import org.apache.jetspeed.om.common.SecurityConstraints;
 35  
 import org.apache.jetspeed.om.page.BaseElement;
 36  
 import org.apache.jetspeed.om.page.PageSecurity;
 37  
 import org.apache.jetspeed.om.page.SecurityConstraintImpl;
 38  
 import org.apache.jetspeed.page.document.DocumentHandlerFactory;
 39  
 import org.apache.jetspeed.page.document.Node;
 40  
 import org.apache.jetspeed.page.document.NodeSet;
 41  
 import org.apache.jetspeed.page.document.psml.NodeSetImpl;
 42  
 import org.apache.jetspeed.security.FolderPermission;
 43  
 import org.apache.jetspeed.security.GroupPrincipal;
 44  
 import org.apache.jetspeed.security.JSSubject;
 45  
 import org.apache.jetspeed.security.PagePermission;
 46  
 import org.apache.jetspeed.security.PortalResourcePermission;
 47  
 import org.apache.jetspeed.security.RolePrincipal;
 48  
 import org.apache.jetspeed.security.UserPrincipal;
 49  
 
 50  
 
 51  
 /**
 52  
  *
 53  
  * @version $Id: AbstractBaseElement.java 516448 2007-03-09 16:25:47Z ate $
 54  
  */
 55  0
 public abstract class AbstractBaseElement implements java.io.Serializable, SecuredResource
 56  
 {
 57  0
     private final static Log log = LogFactory.getLog(AbstractBaseElement.class);
 58  
 
 59  0
     private String id = null;
 60  
 
 61  0
     private String title = null;
 62  
 
 63  0
     private String shortTitle = null;
 64  
 
 65  
     private boolean constraintsEnabled;
 66  
 
 67  0
     private SecurityConstraints constraints = null;
 68  
 
 69  
     private boolean permissionsEnabled;
 70  
     
 71  0
     private DocumentHandlerFactory handlerFactory = null;
 72  
 
 73  
     public String getId()
 74  
     {
 75  0
          return this.id;
 76  
     }
 77  
 
 78  
     public void setId(String id)
 79  
     {
 80  0
         this.id = id;
 81  0
     }
 82  
 
 83  
     /**
 84  
      * <p>
 85  
      * getTitle
 86  
      * </p>
 87  
      *
 88  
      * @see org.apache.jetspeed.om.page.BaseElement#getTitle()
 89  
      * @return
 90  
      */
 91  
     public String getTitle()
 92  
     {
 93  0
         return this.title;
 94  
     }
 95  
 
 96  
     /**
 97  
      * <p>
 98  
      * setTitle
 99  
      * </p>
 100  
      *
 101  
      * @see org.apache.jetspeed.om.page.BaseElement#setTitle(java.lang.String)
 102  
      * @param title
 103  
      */
 104  
     public void setTitle(String title)
 105  
     {
 106  0
         this.title = title;
 107  0
     }
 108  
     /**
 109  
      * <p>
 110  
      * getShortTitle
 111  
      * </p>
 112  
      *
 113  
      * @see org.apache.jetspeed.om.page.BaseElement#getShortTitle()
 114  
      * @return short title
 115  
      */
 116  
     public String getShortTitle()
 117  
     {
 118  
         // default to title if not specified
 119  0
         String title = this.shortTitle;
 120  0
         if (title == null)
 121  
         {
 122  0
             title = this.title;
 123  
         }
 124  0
         return title;
 125  
     }
 126  
     /**
 127  
      * <p>
 128  
      * setShortTitle
 129  
      * </p>
 130  
      *
 131  
      * @see org.apache.jetspeed.om.page.BaseElement#setShortTitle(java.lang.String)
 132  
      * @param title
 133  
      */
 134  
     public void setShortTitle(String title)
 135  
     {
 136  0
         this.shortTitle = title;
 137  0
     }
 138  
 
 139  
     /**
 140  
      * <p>
 141  
      * getConstraintsEnabled
 142  
      * </p>
 143  
      *
 144  
      * @see org.apache.jetspeed.om.common.SecureResource#getConstraintsEnabled()
 145  
      * @return whether security relies on PSML constraints
 146  
      */
 147  
     public boolean getConstraintsEnabled()
 148  
     {
 149  0
         return constraintsEnabled;
 150  
     }
 151  
 
 152  
     /**
 153  
      * <p>
 154  
      * setConstraintsEnabled
 155  
      * </p>
 156  
      *
 157  
      * @param enabled indicator
 158  
      */
 159  
     public void setConstraintsEnabled(boolean enabled)
 160  
     {
 161  0
         constraintsEnabled = enabled;
 162  0
     }
 163  
 
 164  
     /**
 165  
      * <p>
 166  
      * getSecurityConstraints
 167  
      * </p>
 168  
      *
 169  
      * @see org.apache.jetspeed.om.common.SecureResource#getSecurityConstraints()
 170  
      * @return the PSML security constraints
 171  
      */
 172  
     public SecurityConstraints getSecurityConstraints()
 173  
     {
 174  0
         return constraints;
 175  
     }
 176  
     
 177  
     /**
 178  
      * <p>
 179  
      * newSecurityConstraints
 180  
      * </p>
 181  
      *
 182  
      * @see org.apache.jetspeed.om.common.SecureResource#newSecurityConstraints()
 183  
      * @return  a new security constraints object
 184  
      */
 185  
     public SecurityConstraints newSecurityConstraints()
 186  
     {
 187  0
         return new SecurityConstraintsImpl();
 188  
     }
 189  
 
 190  
     /**
 191  
      * <p>
 192  
      * newSecurityConstraint
 193  
      * </p>
 194  
      *
 195  
      * @see org.apache.jetspeed.om.common.SecureResource#newSecurityConstraint()
 196  
      * @return security constraint
 197  
      */
 198  
     public SecurityConstraint newSecurityConstraint()
 199  
     {
 200  0
         return new SecurityConstraintImpl();
 201  
     }
 202  
 
 203  
     /**
 204  
      * <p>
 205  
      * setSecurityConstraints
 206  
      * </p>
 207  
      *
 208  
      * @see org.apache.jetspeed.om.common.SecureResource#setSecurityConstraints(org.apache.jetspeed.om.common.SecurityConstraints)
 209  
      * @param constraints
 210  
      */
 211  
     public void setSecurityConstraints(SecurityConstraints constraints)
 212  
     {
 213  0
         this.constraints = constraints;
 214  0
     }
 215  
 
 216  
     /**
 217  
      * <p>
 218  
      * checkConstraints
 219  
      * </p>
 220  
      *
 221  
      * @see org.apache.jetspeed.om.common.SecureResource#checkConstraints(java.lang.String)
 222  
      * @param actions
 223  
      * @throws SecurityException
 224  
      */
 225  
     public void checkConstraints(String actions) throws SecurityException
 226  
     {
 227  
         // skip checks if not enabled
 228  0
         if (!getConstraintsEnabled())
 229  
         {
 230  0
             return;
 231  
         }
 232  
 
 233  
         // validate specified actions
 234  0
         if (actions == null)
 235  
         {
 236  0
             throw new SecurityException("AbstractBaseElement.checkConstraints(): No actions specified.");
 237  
         }
 238  
 
 239  
         // get action names lists; separate view and other
 240  
         // actions to mimic file system permissions logic
 241  0
         List viewActionList = SecurityConstraintImpl.parseCSVList(actions);
 242  0
         List otherActionsList = null;
 243  0
         if (viewActionList.size() == 1)
 244  
         {
 245  0
             if (!viewActionList.contains(JetspeedActions.VIEW))
 246  
             {
 247  0
                 otherActionsList = viewActionList;
 248  0
                 viewActionList = null;
 249  
             }
 250  
         }
 251  
         else
 252  
         {
 253  0
             otherActionsList = viewActionList;
 254  0
             viewActionList = null;
 255  0
             if (otherActionsList.remove(JetspeedActions.VIEW))
 256  
             {
 257  0
                 viewActionList = new ArrayList(1);
 258  0
                 viewActionList.add(JetspeedActions.VIEW);
 259  
             }
 260  
         }
 261  
 
 262  
         // get current request context subject
 263  0
         Subject subject = JSSubject.getSubject(AccessController.getContext());
 264  0
         if (subject == null)
 265  
         {
 266  0
             throw new SecurityException("AbstractBaseElement.checkConstraints(): Missing JSSubject");
 267  
         }
 268  
 
 269  
         // get user/group/role principal names
 270  0
         List userPrincipals = null;
 271  0
         List rolePrincipals = null;
 272  0
         List groupPrincipals = null;
 273  0
         Iterator principals = subject.getPrincipals().iterator();
 274  0
         while (principals.hasNext())
 275  
         {
 276  0
             Principal principal = (Principal) principals.next();
 277  0
             if (principal instanceof UserPrincipal)
 278  
             {
 279  0
                 if (userPrincipals == null)
 280  
                 {
 281  0
                     userPrincipals = new LinkedList();
 282  
                 }
 283  0
                 userPrincipals.add(principal.getName());
 284  
             }
 285  0
             else if (principal instanceof RolePrincipal)
 286  
             {
 287  0
                 if (rolePrincipals == null)
 288  
                 {
 289  0
                     rolePrincipals = new LinkedList();
 290  
                 }
 291  0
                 rolePrincipals.add(principal.getName());
 292  
             }
 293  0
             else if (principal instanceof GroupPrincipal)
 294  
             {
 295  0
                 if (groupPrincipals == null)
 296  
                 {
 297  0
                     groupPrincipals = new LinkedList();
 298  
                 }
 299  0
                 groupPrincipals.add(principal.getName());
 300  
             }
 301  0
         }
 302  
 
 303  
         // check constraints using parsed action and access lists
 304  0
         if (viewActionList != null)
 305  
         {
 306  0
             checkConstraints(viewActionList, userPrincipals, rolePrincipals, groupPrincipals, false, grantViewActionAccess());
 307  
         }
 308  0
         if (otherActionsList != null)
 309  
         {
 310  0
             checkConstraints(otherActionsList, userPrincipals, rolePrincipals, groupPrincipals, true, false);
 311  
         }
 312  0
     }
 313  
 
 314  
     /**
 315  
      * <p>
 316  
      * checkConstraints
 317  
      * </p>
 318  
      *
 319  
      * @param actions
 320  
      * @param userPrincipals
 321  
      * @param rolePrincipals
 322  
      * @param groupPrincipals
 323  
      * @param checkNodeOnly
 324  
      * @param checkParentsOnly
 325  
      * @throws SecurityException
 326  
      */
 327  
     public void checkConstraints(List actions, List userPrincipals, List rolePrincipals, List groupPrincipals, boolean checkNodeOnly, class="keyword">boolean checkParentsOnly) throws SecurityException
 328  
     {
 329  
         // check node constraints if available
 330  0
         if ((constraints != null) && !constraints.isEmpty())
 331  
         {
 332  0
             ((SecurityConstraintsImpl)constraints).checkConstraints(actions, userPrincipals, rolePrincipals, groupPrincipals, getEffectivePageSecurity());
 333  
         }
 334  0
     }
 335  
 
 336  
     /**
 337  
      * <p>
 338  
      * getPermissionsEnabled
 339  
      * </p>
 340  
      *
 341  
      * @see org.apache.jetspeed.om.common.SecureResource#getPermissionsEnabled()
 342  
      * @return
 343  
      */
 344  
     public boolean getPermissionsEnabled()
 345  
     {
 346  0
         return permissionsEnabled;
 347  
     }
 348  
 
 349  
     /**
 350  
      * <p>
 351  
      * setPermissionsEnabled
 352  
      * </p>
 353  
      *
 354  
      * @param enabled indicator
 355  
      */
 356  
     public void setPermissionsEnabled(boolean enabled)
 357  
     {
 358  0
         permissionsEnabled = enabled;
 359  0
     }
 360  
 
 361  
     /**
 362  
      * <p>
 363  
      * checkPermissions
 364  
      * </p>
 365  
      *
 366  
      * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int)
 367  
      * @param mask Mask of actions requested
 368  
      * @throws SecurityException
 369  
      */
 370  
     public void checkPermissions(int mask) throws SecurityException
 371  
     {
 372  
         // skip checks if not enabled
 373  0
         if (!getPermissionsEnabled())
 374  
         {
 375  0
             return;
 376  
         }
 377  
 
 378  
         // separate view and other actions to mimic file system permissions logic
 379  0
         boolean viewAction = (mask & JetspeedActions.MASK_VIEW) == JetspeedActions.MASK_VIEW;
 380  0
         int otherMask = mask & ~JetspeedActions.MASK_VIEW;
 381  
 
 382  
         // check permissions using parsed actions
 383  0
         if (viewAction)
 384  
         {
 385  0
             checkPermissions(JetspeedActions.MASK_VIEW, false, grantViewActionAccess());
 386  
         }
 387  0
         if (otherMask != 0)
 388  
         {
 389  0
             checkPermissions(otherMask, true, false);
 390  
         }
 391  0
     }
 392  
     /**
 393  
      * <p>
 394  
      * checkPermissions
 395  
      * </p>
 396  
      *
 397  
      * @param mask of actions
 398  
      * @param checkNodeOnly
 399  
      * @param checkParentsOnly
 400  
      * @throws SecurityException
 401  
      */
 402  
     public void checkPermissions(int mask, boolean checkNodeOnly, class="keyword">boolean checkParentsOnly) throws SecurityException
 403  
     {
 404  
         // check page and folder permissions
 405  0
         String physicalPermissionPath = getPhysicalPermissionPath();
 406  0
         if (physicalPermissionPath != null)
 407  
         {
 408  
             // check permissions using physical path
 409  
             try
 410  
             {
 411  0
                 checkPermissions(physicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
 412  
             }
 413  0
             catch (SecurityException physicalSE)
 414  
             {
 415  
                 // fallback check using logical path if available and different
 416  0
                 String logicalPermissionPath = getLogicalPermissionPath();
 417  0
                 if ((logicalPermissionPath != null) && !logicalPermissionPath.equals(physicalPermissionPath))
 418  
                 {
 419  0
                     checkPermissions(logicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
 420  
                 }
 421  
                 else
 422  
                 {
 423  0
                     throw physicalSE;
 424  
                 }
 425  0
             }
 426  
         }
 427  0
     }
 428  
     /**
 429  
      * <p>
 430  
      * checkPermissions
 431  
      * </p>
 432  
      *
 433  
      * @param path
 434  
      * @param mask Mask of actions requested
 435  
      * @param checkNodeOnly
 436  
      * @param checkParentsOnly
 437  
      * @throws SecurityException
 438  
      */
 439  
     public void checkPermissions(String path, int mask, boolean checkNodeOnly, class="keyword">boolean checkParentsOnly) throws SecurityException
 440  
     {
 441  
         // check actions permissions
 442  
         try
 443  
         {
 444  
             // check for granted page permissions
 445  0
             PagePermission permission = new PagePermission(path, mask);
 446  0
             AccessController.checkPermission(permission);
 447  
         }
 448  0
         catch (SecurityException se)
 449  
         {
 450  
             // fallback check for granted folder permissions
 451  0
             FolderPermission permission = new FolderPermission(path, mask);
 452  0
             AccessController.checkPermission(permission);
 453  0
         }
 454  0
     }
 455  
 
 456  
     /**
 457  
      * <p>
 458  
      * getLogicalPermissionPath
 459  
      * </p>
 460  
      *
 461  
      * @return path used for permissions checks
 462  
      */
 463  
     public String getLogicalPermissionPath()
 464  
     {
 465  0
         return getPhysicalPermissionPath();
 466  
     }
 467  
 
 468  
     /**
 469  
      * <p>
 470  
      * getPhysicalPermissionPath
 471  
      * </p>
 472  
      *
 473  
      * @return path used for permissions checks
 474  
      */
 475  
     public String getPhysicalPermissionPath()
 476  
     {
 477  
         // no permissions path available by default
 478  0
         log.warn("getPhysicalPermissionPath(): no permission path available for " + this + " element.");
 479  0
         return null;
 480  
     }
 481  
 
 482  
     /**
 483  
      * <p>
 484  
      * checkAccess
 485  
      * </p>
 486  
      *
 487  
      * @see org.apache.jetspeed.om.common.SecureResource#checkAccess(java.lang.String)
 488  
      * @param actions
 489  
      * @throws SecurityException
 490  
      */
 491  
     public void checkAccess(String actions) throws SecurityException
 492  
     {
 493  
         // check access permissions and constraints as enabled
 494  0
         if (getPermissionsEnabled())
 495  
         {
 496  0
             int mask = PortalResourcePermission.parseActions(actions);
 497  0
             checkPermissions(mask);
 498  
         }
 499  0
         if (getConstraintsEnabled())
 500  
         {
 501  0
             checkConstraints(actions);
 502  
         }
 503  0
     }
 504  
 
 505  
     /**
 506  
      * <p>
 507  
      * grantViewActionAccess
 508  
      * </p>
 509  
      *
 510  
      * @return granted access for view action
 511  
      */
 512  
     public boolean grantViewActionAccess()
 513  
     {
 514  
         // by default, access must be checked
 515  0
         return false;
 516  
     }
 517  
 
 518  
     /**
 519  
      * getEffectivePageSecurity
 520  
      *
 521  
      * @return effective page security object
 522  
      */
 523  
     public PageSecurity getEffectivePageSecurity()
 524  
     {
 525  
         // no page security available by default
 526  0
         return null;
 527  
     }
 528  
 
 529  
     /**
 530  
      * <p>
 531  
      * getHandlerFactory
 532  
      * </p>
 533  
      *
 534  
      * @return element handler factory
 535  
      */
 536  
     public DocumentHandlerFactory getHandlerFactory()
 537  
     {
 538  0
         return handlerFactory;
 539  
     }
 540  
 
 541  
     /**
 542  
      * <p>
 543  
      * setHandlerFactory
 544  
      * </p>
 545  
      *
 546  
      * @param factory element handler factory
 547  
      */
 548  
     public void setHandlerFactory(DocumentHandlerFactory factory)
 549  
     {
 550  0
         this.handlerFactory = factory;
 551  0
     }
 552  
 
 553  
     /**
 554  
      * <p>
 555  
      * equals
 556  
      * </p>
 557  
      *
 558  
      * @see java.lang.Object#equals(java.lang.Object)
 559  
      * @param obj
 560  
      * @return whether the supplied object equals this one
 561  
      */
 562  
     public boolean equals( Object obj )
 563  
     {
 564  0
         if(obj instanceof BaseElement)
 565  
         {
 566  0
             AbstractBaseElement element = (AbstractBaseElement) obj;
 567  0
             return id != null && element.getId() != class="keyword">null && id.equals(element.getId());            
 568  
         }
 569  
         else
 570  
         {
 571  0
             return false;
 572  
         }
 573  
     }
 574  
     
 575  
     /**
 576  
      * <p>
 577  
      * hashCode
 578  
      * </p>
 579  
      *
 580  
      * @see java.lang.Object#hashCode()
 581  
      * @return the hashcode for this object
 582  
      */
 583  
     public int hashCode()
 584  
     {
 585  0
         return ((null != id) ? id.hashCode() : -1);
 586  
     }
 587  
     
 588  
     /**
 589  
      * <p>
 590  
      * toString
 591  
      * </p>
 592  
      *
 593  
      * @see java.lang.Object#toString()
 594  
      * @return the id as a string representation of this object
 595  
      */
 596  
     public String toString()
 597  
     {      
 598  0
         return getId();
 599  
     }
 600  
 
 601  
     /**
 602  
      * <p>
 603  
      * checkAccess returns a set of nodes we can access.  It may be the passed in node set or a partial copy.
 604  
      * </p>
 605  
      *
 606  
      * @param nodes
 607  
      * @param actions
 608  
      * @return a NodeSet containing the nodes allowing access
 609  
      */
 610  
     public static NodeSet checkAccess(NodeSet nodes, String actions)
 611  
     {
 612  0
         if ((nodes != null) && !nodes.isEmpty())
 613  
         {
 614  
             // check permissions and constraints, filter nodes as required
 615  0
             NodeSetImpl filteredNodes = null;
 616  0
             Iterator checkAccessIter = nodes.iterator();
 617  0
             while (checkAccessIter.hasNext())
 618  
             {
 619  0
                 AbstractBaseElement node = (AbstractBaseElement)checkAccessIter.next();
 620  
                 try
 621  
                 {
 622  
                     // check access
 623  0
                     node.checkAccess(actions);
 624  
 
 625  
                     // add to filteredNodes nodes if copying
 626  0
                     if (filteredNodes != null)
 627  
                     {
 628  
                         // permitted, add to filteredNodes nodes
 629  0
                         filteredNodes.add((Node)node);
 630  
                     }
 631  
                 }
 632  0
                 catch (SecurityException se)
 633  
                 {
 634  
                     // create filteredNodes nodes if not already copying
 635  0
                     if (filteredNodes == null)
 636  
                     {
 637  
                         // not permitted, copy previously permitted nodes
 638  
                         // to new filteredNodes node set with same comparator
 639  0
                         filteredNodes = new NodeSetImpl(null, ((NodeSetImpl) nodes).getComparator());
 640  0
                         Iterator copyIter = nodes.iterator();
 641  0
                         while (copyIter.hasNext())
 642  
                         {
 643  0
                             Node copyNode = (Node)copyIter.next();
 644  0
                             if (copyNode != node)
 645  
                             {
 646  0
                                 filteredNodes.add(copyNode);
 647  
                             }
 648  
                             else
 649  
                             {
 650  
                                 break;
 651  
                             }
 652  0
                         }
 653  
                     }
 654  0
                 }
 655  0
             }
 656  
 
 657  
             // return filteredNodes nodes if generated
 658  0
             if (filteredNodes != null)
 659  
             {
 660  0
                 return filteredNodes;
 661  
             }
 662  
         }
 663  0
         return nodes;
 664  
     }
 665  
 
 666  
     /**
 667  
      * unmarshalled - notification that this instance has been
 668  
      *                loaded from the persistent store
 669  
      */
 670  
     public void unmarshalled()
 671  
     {
 672  
         // by default, no action required
 673  0
     }
 674  
 
 675  
     /**
 676  
      * marshalling - notification that this instance is to
 677  
      *               be saved to the persistent store
 678  
      */
 679  
     public void marshalling()
 680  
     {
 681  
         // by default, no action required
 682  0
     }
 683  
 }

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.