1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.page;
18
19 import java.io.File;
20 import java.io.FileFilter;
21 import java.security.CodeSource;
22 import java.security.Permission;
23 import java.security.PermissionCollection;
24 import java.security.Permissions;
25 import java.security.Policy;
26 import java.security.Principal;
27 import java.security.PrivilegedAction;
28 import java.security.ProtectionDomain;
29 import java.util.ArrayList;
30 import java.util.HashMap;
31 import java.util.HashSet;
32 import java.util.Iterator;
33 import java.util.List;
34 import java.util.Map;
35 import java.util.Set;
36 import java.util.StringTokenizer;
37
38 import javax.security.auth.Subject;
39
40 import junit.framework.TestCase;
41
42 import org.apache.jetspeed.cache.file.FileCache;
43 import org.apache.jetspeed.idgenerator.IdGenerator;
44 import org.apache.jetspeed.idgenerator.JetspeedIdGenerator;
45 import org.apache.jetspeed.om.common.SecurityConstraint;
46 import org.apache.jetspeed.om.common.SecurityConstraints;
47 import org.apache.jetspeed.om.folder.Folder;
48 import org.apache.jetspeed.om.folder.FolderNotFoundException;
49 import org.apache.jetspeed.om.folder.psml.FolderMetaDataImpl;
50 import org.apache.jetspeed.om.page.Fragment;
51 import org.apache.jetspeed.om.page.Link;
52 import org.apache.jetspeed.om.page.Page;
53 import org.apache.jetspeed.om.page.PageSecurity;
54 import org.apache.jetspeed.om.page.SecurityConstraintsDef;
55 import org.apache.jetspeed.om.page.psml.LinkImpl;
56 import org.apache.jetspeed.om.page.psml.PageImpl;
57 import org.apache.jetspeed.om.page.psml.PageSecurityImpl;
58 import org.apache.jetspeed.page.document.DocumentHandler;
59 import org.apache.jetspeed.page.document.DocumentHandlerFactory;
60 import org.apache.jetspeed.page.document.FolderHandler;
61 import org.apache.jetspeed.page.document.psml.CastorFileSystemDocumentHandler;
62 import org.apache.jetspeed.page.document.psml.DocumentHandlerFactoryImpl;
63 import org.apache.jetspeed.page.document.psml.FileSystemFolderHandler;
64 import org.apache.jetspeed.page.psml.CastorXmlPageManager;
65 import org.apache.jetspeed.security.FolderPermission;
66 import org.apache.jetspeed.security.FragmentPermission;
67 import org.apache.jetspeed.security.JSSubject;
68 import org.apache.jetspeed.security.PagePermission;
69 import org.apache.jetspeed.security.RolePrincipal;
70 import org.apache.jetspeed.security.UserPrincipal;
71 import org.apache.jetspeed.security.impl.PrincipalsSet;
72 import org.apache.jetspeed.security.impl.RolePrincipalImpl;
73 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
74
75 /***
76 * PageManagerTestShared
77 *
78 * @author <a href="rwatler@apache.org">Randy Watler</a>
79 * @version $Id: $
80 *
81 */
82 interface PageManagerTestShared
83 {
84 class Shared
85 {
86 /***
87 * makeCastorXMLPageManager
88 *
89 * Create and configure a Castor XML PageManager.
90 *
91 * @param pagesDirName
92 * @param permissionsEnabled
93 * @param constraintsEnabled
94 * @return page manager instance
95 */
96 static CastorXmlPageManager makeCastorXMLPageManager(String pagesDirName, boolean permissionsEnabled, boolean constraintsEnabled)
97 throws Exception
98 {
99 Map extensionsToXslt = new HashMap();
100 extensionsToXslt.put("psml","resources/stripIds.xslt");
101
102 File pagesDirFile = new File("target/testdata/" + pagesDirName);
103
104
105 DirectoryXMLTransform dirHelper = new DirectoryXMLTransform(pagesDirFile,extensionsToXslt);
106 FileFilter noCVSorSVNorBackups = new FileFilter()
107 {
108 public boolean accept( File pathname )
109 {
110 return !pathname.getName().equals("CVS") && !pathname.getName().equals(".svn") && !pathname.getName().endsWith("~");
111 }
112 };
113 dirHelper.copyFrom(new File("testdata/" + pagesDirName), noCVSorSVNorBackups);
114
115
116 File webappDestDirFile = new File("target/testdata/" + pagesDirName+"/webapp-no-ids");
117 dirHelper.setBaseDirectory(webappDestDirFile);
118 File webappPagesDirFile = new File("../../src/webapp/WEB-INF/pages");
119 dirHelper.copyFromAndTransform(webappPagesDirFile, noCVSorSVNorBackups);
120
121
122 webappDestDirFile = new File("target/testdata/" + pagesDirName+"/webapp-ids");
123 dirHelper.setBaseDirectory(webappDestDirFile);
124 dirHelper.copyFrom(webappPagesDirFile, noCVSorSVNorBackups);
125
126 IdGenerator idGen = new JetspeedIdGenerator(65536,"P-","");
127 FileCache cache = new FileCache(10, 12);
128
129 DocumentHandler psmlHandler = new CastorFileSystemDocumentHandler("/JETSPEED-INF/castor/page-mapping.xml", Page.DOCUMENT_TYPE, PageImpl.class, "target/testdata/" + pagesDirName, cache);
130 DocumentHandler linkHandler = new CastorFileSystemDocumentHandler("/JETSPEED-INF/castor/page-mapping.xml", Link.DOCUMENT_TYPE, LinkImpl.class, "target/testdata/" + pagesDirName, cache);
131 DocumentHandler folderMetaDataHandler = new CastorFileSystemDocumentHandler("/JETSPEED-INF/castor/page-mapping.xml", FolderMetaDataImpl.DOCUMENT_TYPE, FolderMetaDataImpl.class, "target/testdata/" + pagesDirName, cache);
132 DocumentHandler pageSecurityHandler = new CastorFileSystemDocumentHandler("/JETSPEED-INF/castor/page-mapping.xml", PageSecurityImpl.DOCUMENT_TYPE, PageSecurity.class, "target/testdata/" + pagesDirName, cache);
133
134 DocumentHandlerFactory handlerFactory = new DocumentHandlerFactoryImpl();
135 handlerFactory.registerDocumentHandler(psmlHandler);
136 handlerFactory.registerDocumentHandler(linkHandler);
137 handlerFactory.registerDocumentHandler(folderMetaDataHandler);
138 handlerFactory.registerDocumentHandler(pageSecurityHandler);
139 FolderHandler folderHandler = new FileSystemFolderHandler("target/testdata/" + pagesDirName, handlerFactory, cache);
140
141 return new CastorXmlPageManager(idGen, handlerFactory, folderHandler, cache, permissionsEnabled, constraintsEnabled);
142 }
143
144 /***
145 * makeListFromCSV
146 *
147 * Create List of String values from CSV String for principals/permissions.
148 *
149 * @param csv CSV string
150 * @return values list
151 */
152 static List makeListFromCSV(String csv)
153 {
154 if (csv != null)
155 {
156 List csvList = new ArrayList();
157 if (csv.indexOf(',') != -1)
158 {
159 StringTokenizer csvTokens = new StringTokenizer(csv, ",");
160 while (csvTokens.hasMoreTokens())
161 {
162 csvList.add(csvTokens.nextToken().trim());
163 }
164 }
165 else
166 {
167 csvList.add(csv);
168 }
169 return csvList;
170 }
171 return null;
172 }
173
174 /***
175 * makeCSVFromList
176 *
177 * Create CSV String for principals/permissions from List of String values
178 *
179 * @param list values list
180 * @return CSV string
181 */
182 static String makeCSVFromList(List list)
183 {
184 if ((list != null) && !list.isEmpty())
185 {
186 StringBuffer csv = new StringBuffer();
187 Iterator listIter = list.iterator();
188 while (listIter.hasNext())
189 {
190 if (csv.length() > 0)
191 {
192 csv.append(",");
193 }
194 csv.append((String)listIter.next());
195 }
196 return csv.toString();
197 }
198 return null;
199 }
200
201 /***
202 * testSecurePageManager
203 *
204 * @param test case
205 * @param page manager
206 */
207 static void testSecurePageManager(final TestCase test, final PageManager pageManager) throws Exception
208 {
209
210 final String [] somePortletId = new String[1];
211
212
213 pageManager.reset();
214
215
216 Principal userPrincipal = new UserPrincipalImpl("admin");
217 Principal rolePrincipal = new RolePrincipalImpl("admin");
218 Set principals = new PrincipalsSet();
219 principals.add(userPrincipal);
220 principals.add(rolePrincipal);
221 Subject adminSubject = new Subject(true, principals, new HashSet(), new HashSet());
222
223 userPrincipal = new UserPrincipalImpl("user");
224 principals = new PrincipalsSet();
225 principals.add(userPrincipal);
226 Subject userSubject = new Subject(true, principals, new HashSet(), new HashSet());
227
228 userPrincipal = new UserPrincipalImpl("manager");
229 rolePrincipal = new RolePrincipalImpl("manager");
230 principals = new PrincipalsSet();
231 principals.add(userPrincipal);
232 principals.add(rolePrincipal);
233 Subject managerSubject = new Subject(true, principals, new HashSet(), new HashSet());
234
235 userPrincipal = new UserPrincipalImpl("guest");
236 principals = new PrincipalsSet();
237 principals.add(userPrincipal);
238 Subject guestSubject = new Subject(true, principals, new HashSet(), new HashSet());
239
240
241 Exception setup = (Exception)JSSubject.doAsPrivileged(adminSubject, new PrivilegedAction()
242 {
243 public Object run()
244 {
245 try
246 {
247
248 try
249 {
250 Folder removeRootFolder = pageManager.getFolder("/");
251 pageManager.removeFolder(removeRootFolder);
252 pageManager.reset();
253 }
254 catch (FolderNotFoundException e)
255 {
256 }
257
258
259 Folder folder = pageManager.newFolder("/");
260 SecurityConstraints constraints = pageManager.newSecurityConstraints();
261 constraints.setOwner("admin");
262 List constraintsRefs = new ArrayList(1);
263 constraintsRefs.add("public-view");
264 constraints.setSecurityConstraintsRefs(constraintsRefs);
265 folder.setSecurityConstraints(constraints);
266 pageManager.updateFolder(folder);
267
268 PageSecurity pageSecurity = pageManager.newPageSecurity();
269 List constraintsDefs = new ArrayList(2);
270 SecurityConstraintsDef constraintsDef = pageManager.newSecurityConstraintsDef();
271 constraintsDef.setName("public-view");
272 List defConstraints = new ArrayList(1);
273 SecurityConstraint defConstraint = pageManager.newPageSecuritySecurityConstraint();
274 defConstraint.setUsers(Shared.makeListFromCSV("*"));
275 defConstraint.setPermissions(Shared.makeListFromCSV("view"));
276 defConstraints.add(defConstraint);
277 constraintsDef.setSecurityConstraints(defConstraints);
278 constraintsDefs.add(constraintsDef);
279 constraintsDef = pageManager.newSecurityConstraintsDef();
280 constraintsDef.setName("admin-all");
281 defConstraints = new ArrayList(1);
282 defConstraint = pageManager.newPageSecuritySecurityConstraint();
283 defConstraint.setRoles(Shared.makeListFromCSV("admin"));
284 defConstraint.setPermissions(Shared.makeListFromCSV("view,edit"));
285 defConstraints.add(defConstraint);
286 constraintsDef.setSecurityConstraints(defConstraints);
287 constraintsDefs.add(constraintsDef);
288 pageSecurity.setSecurityConstraintsDefs(constraintsDefs);
289 List globalConstraintsRefs = new ArrayList(1);
290 globalConstraintsRefs.add("admin-all");
291 pageSecurity.setGlobalSecurityConstraintsRefs(globalConstraintsRefs);
292 pageManager.updatePageSecurity(pageSecurity);
293
294 Page page = pageManager.newPage("/default-page.psml");
295 constraints = pageManager.newSecurityConstraints();
296 constraints.setOwner("admin");
297 List inlineConstraints = new ArrayList(1);
298 SecurityConstraint constraint = pageManager.newPageSecurityConstraint();
299 constraint.setRoles(Shared.makeListFromCSV("manager"));
300 constraint.setPermissions(Shared.makeListFromCSV("edit"));
301 inlineConstraints.add(constraint);
302 constraints.setSecurityConstraints(inlineConstraints);
303 constraintsRefs = new ArrayList(1);
304 constraintsRefs.add("public-view");
305 constraints.setSecurityConstraintsRefs(constraintsRefs);
306 page.setSecurityConstraints(constraints);
307 Fragment root = page.getRootFragment();
308 root.setName("jetspeed-layouts::VelocityTwoColumns");
309 Fragment portlet = pageManager.newPortletFragment();
310 portlet.setName("security::LoginPortlet");
311 root.getFragments().add(portlet);
312 portlet = pageManager.newPortletFragment();
313 portlet.setName("some-app::SomePortlet");
314 SecurityConstraints fragmentConstraints = pageManager.newSecurityConstraints();
315 fragmentConstraints.setOwner("user");
316 portlet.setSecurityConstraints(fragmentConstraints);
317 root.getFragments().add(portlet);
318 pageManager.updatePage(page);
319 TestCase.assertNotNull(page.getRootFragment());
320 TestCase.assertNotNull(page.getRootFragment().getFragments());
321 TestCase.assertEquals(2, page.getRootFragment().getFragments().size());
322 TestCase.assertEquals("some-app::SomePortlet", ((Fragment)page.getRootFragment().getFragments().get(1)).getName());
323 TestCase.assertFalse("0".equals(((Fragment)page.getRootFragment().getFragments().get(1)).getId()));
324 somePortletId[0] = ((Fragment)page.getRootFragment().getFragments().get(1)).getId();
325
326 page = pageManager.newPage("/user-page.psml");
327 constraints = pageManager.newSecurityConstraints();
328 inlineConstraints = new ArrayList(1);
329 constraint = pageManager.newPageSecurityConstraint();
330 constraint.setUsers(Shared.makeListFromCSV("user"));
331 constraint.setPermissions(Shared.makeListFromCSV("view,edit"));
332 inlineConstraints.add(constraint);
333 constraints.setSecurityConstraints(inlineConstraints);
334 page.setSecurityConstraints(constraints);
335 pageManager.updatePage(page);
336
337 Link link = pageManager.newLink("/default.link");
338 link.setUrl("http://www.default.org/");
339 constraints = pageManager.newSecurityConstraints();
340 constraints.setOwner("admin");
341 inlineConstraints = new ArrayList(1);
342 constraint = pageManager.newLinkSecurityConstraint();
343 constraint.setRoles(Shared.makeListFromCSV("manager"));
344 constraint.setPermissions(Shared.makeListFromCSV("edit"));
345 inlineConstraints.add(constraint);
346 constraints.setSecurityConstraints(inlineConstraints);
347 link.setSecurityConstraints(constraints);
348 pageManager.updateLink(link);
349
350 return null;
351 }
352 catch (Exception e)
353 {
354 return e;
355 }
356 }
357 }, null);
358 if (setup != null)
359 {
360 throw setup;
361 }
362
363
364 pageManager.reset();
365
366
367 Exception adminAccess = (Exception)JSSubject.doAsPrivileged(adminSubject, new PrivilegedAction()
368 {
369 public Object run()
370 {
371 try
372 {
373
374 Folder folder = pageManager.getFolder("/");
375 TestCase.assertNotNull(folder.getPageSecurity());
376 TestCase.assertNotNull(folder.getPages());
377 TestCase.assertEquals(2, folder.getPages().size());
378 TestCase.assertNotNull(pageManager.getPages(folder));
379 TestCase.assertEquals(2, pageManager.getPages(folder).size());
380 PageSecurity pageSecurity = pageManager.getPageSecurity();
381 Page page0 = pageManager.getPage("/default-page.psml");
382 TestCase.assertNotNull(page0.getRootFragment());
383 TestCase.assertNotNull(page0.getRootFragment().getFragments());
384 TestCase.assertEquals(2, page0.getRootFragment().getFragments().size());
385 TestCase.assertNotNull(page0.getFragmentById(somePortletId[0]));
386 TestCase.assertNotNull(page0.getFragmentsByName("some-app::SomePortlet"));
387 TestCase.assertEquals(1, page0.getFragmentsByName("some-app::SomePortlet").size());
388 Page page1 = pageManager.getPage("/user-page.psml");
389 Link link = pageManager.getLink("/default.link");
390
391 pageManager.updateFolder(folder);
392 pageManager.updatePageSecurity(pageSecurity);
393 pageManager.updatePage(page0);
394 pageManager.updatePage(page1);
395 pageManager.updateLink(link);
396 return null;
397 }
398 catch (Exception e)
399 {
400 return e;
401 }
402 }
403 }, null);
404 if (adminAccess != null)
405 {
406 throw adminAccess;
407 }
408
409
410 Exception userAccess = (Exception)JSSubject.doAsPrivileged(userSubject, new PrivilegedAction()
411 {
412 public Object run()
413 {
414 try
415 {
416
417 Folder folder = pageManager.getFolder("/");
418 TestCase.assertNotNull(folder.getPageSecurity());
419 TestCase.assertNotNull(folder.getPages());
420 TestCase.assertEquals(2, folder.getPages().size());
421 PageSecurity pageSecurity = pageManager.getPageSecurity();
422 Page page0 = pageManager.getPage("/default-page.psml");
423 TestCase.assertNotNull(page0.getRootFragment());
424 TestCase.assertNotNull(page0.getRootFragment().getFragments());
425 TestCase.assertEquals(2, page0.getRootFragment().getFragments().size());
426 TestCase.assertNotNull(page0.getFragmentById(somePortletId[0]));
427 TestCase.assertNotNull(page0.getFragmentsByName("some-app::SomePortlet"));
428 TestCase.assertEquals(1, page0.getFragmentsByName("some-app::SomePortlet").size());
429 Page page1 = pageManager.getPage("/user-page.psml");
430 Link link = pageManager.getLink("/default.link");
431
432 try
433 {
434 pageManager.updateFolder(folder);
435 TestCase.assertTrue("Folder / not editable for user", false);
436 }
437 catch (SecurityException se)
438 {
439 }
440 try
441 {
442 pageManager.updatePageSecurity(pageSecurity);
443 TestCase.assertTrue("PageSecurity not editable for user", false);
444 }
445 catch (SecurityException se)
446 {
447 }
448 try
449 {
450 pageManager.updatePage(page0);
451 TestCase.assertTrue("Page /default-page.psml not editable for user", false);
452 }
453 catch (SecurityException se)
454 {
455 }
456 pageManager.updatePage(page1);
457 try
458 {
459 pageManager.updateLink(link);
460 TestCase.assertTrue("Page /default.link not editable for user", false);
461 }
462 catch (SecurityException se)
463 {
464 }
465 return null;
466 }
467 catch (Exception e)
468 {
469 return e;
470 }
471 }
472 }, null);
473 if (userAccess != null)
474 {
475 throw userAccess;
476 }
477
478
479 Exception managerAccess = (Exception)JSSubject.doAsPrivileged(managerSubject, new PrivilegedAction()
480 {
481 public Object run()
482 {
483 try
484 {
485
486 Folder folder = pageManager.getFolder("/");
487 TestCase.assertNotNull(folder.getPageSecurity());
488 TestCase.assertNotNull(folder.getPages());
489 TestCase.assertEquals(1, folder.getPages().size());
490 PageSecurity pageSecurity = pageManager.getPageSecurity();
491 Page page0 = pageManager.getPage("/default-page.psml");
492 TestCase.assertNotNull(page0.getRootFragment());
493 TestCase.assertNotNull(page0.getRootFragment().getFragments());
494 TestCase.assertEquals(1, page0.getRootFragment().getFragments().size());
495 TestCase.assertNull(page0.getFragmentById(somePortletId[0]));
496 TestCase.assertTrue(page0.getFragmentsByName("some-app::SomePortlet").isEmpty());
497 Link link = pageManager.getLink("/default.link");
498 try
499 {
500 pageManager.getPage("/user-page.psml");
501 TestCase.assertTrue("Page /user-page.psml not viewable for manager", false);
502 }
503 catch (SecurityException se)
504 {
505 }
506
507 try
508 {
509 pageManager.updateFolder(folder);
510 TestCase.assertTrue("Folder / not editable for manager", false);
511 }
512 catch (SecurityException se)
513 {
514 }
515 try
516 {
517 pageManager.updatePageSecurity(pageSecurity);
518 TestCase.assertTrue("PageSecurity not editable for manager", false);
519 }
520 catch (SecurityException se)
521 {
522 }
523 pageManager.updatePage(page0);
524 pageManager.updateLink(link);
525 return null;
526 }
527 catch (Exception e)
528 {
529 return e;
530 }
531 }
532 }, null);
533 if (managerAccess != null)
534 {
535 throw managerAccess;
536 }
537
538
539 Exception guestAccess = (Exception)JSSubject.doAsPrivileged(guestSubject, new PrivilegedAction()
540 {
541 public Object run()
542 {
543 try
544 {
545
546 Folder folder = pageManager.getFolder("/");
547 TestCase.assertNotNull(folder.getPageSecurity());
548 TestCase.assertNotNull(folder.getPages());
549 TestCase.assertEquals(1, folder.getPages().size());
550 PageSecurity pageSecurity = pageManager.getPageSecurity();
551 Page page0 = pageManager.getPage("/default-page.psml");
552 TestCase.assertNotNull(page0.getRootFragment());
553 TestCase.assertNotNull(page0.getRootFragment().getFragments());
554 TestCase.assertEquals(1, page0.getRootFragment().getFragments().size());
555 TestCase.assertNull(page0.getFragmentById(somePortletId[0]));
556 TestCase.assertTrue(page0.getFragmentsByName("some-app::SomePortlet").isEmpty());
557 Link link = pageManager.getLink("/default.link");
558 try
559 {
560 pageManager.getPage("/user-page.psml");
561 TestCase.assertTrue("Page /user-page.psml not viewable for guest", false);
562 }
563 catch (SecurityException se)
564 {
565 }
566
567 try
568 {
569 pageManager.updateFolder(folder);
570 TestCase.assertTrue("Folder / not editable for guest", false);
571 }
572 catch (SecurityException se)
573 {
574 }
575 try
576 {
577 pageManager.updatePageSecurity(pageSecurity);
578 TestCase.assertTrue("PageSecurity not editable for guest", false);
579 }
580 catch (SecurityException se)
581 {
582 }
583 try
584 {
585 pageManager.updatePage(page0);
586 TestCase.assertTrue("Page /default-page.psml not editable for guest", false);
587 }
588 catch (SecurityException se)
589 {
590 }
591 try
592 {
593 pageManager.updateLink(link);
594 TestCase.assertTrue("Page /default.link not editable for guest", false);
595 }
596 catch (SecurityException se)
597 {
598 }
599 return null;
600 }
601 catch (Exception e)
602 {
603 return e;
604 }
605 }
606 }, null);
607 if (guestAccess != null)
608 {
609 throw guestAccess;
610 }
611
612
613 pageManager.reset();
614
615
616 Exception cleanup = (Exception)JSSubject.doAsPrivileged(adminSubject, new PrivilegedAction()
617 {
618 public Object run()
619 {
620 try
621 {
622
623 try
624 {
625 Folder remove = pageManager.getFolder("/");
626 TestCase.assertEquals("/", remove.getPath());
627 pageManager.removeFolder(remove);
628 }
629 catch (FolderNotFoundException e)
630 {
631 TestCase.assertTrue("Folder / NOT FOUND", false);
632 }
633
634 return null;
635 }
636 catch (Exception e)
637 {
638 return e;
639 }
640 }
641 }, null);
642 if (cleanup != null)
643 {
644 throw cleanup;
645 }
646 }
647 }
648
649 /***
650 * PageManagerPermissionsPolicy
651 *
652 * Policy implementation for permissions based security
653 * tests against testSecurePageManager test case above.
654 */
655 static class PageManagerPermissionsPolicy extends Policy
656 {
657 private Policy defaultPolicy;
658
659 public PageManagerPermissionsPolicy(Policy defaultPolicy)
660 {
661 this.defaultPolicy = defaultPolicy;
662 }
663
664 public boolean implies(ProtectionDomain domain, Permission permission)
665 {
666
667
668
669
670 Principal[] principals = domain.getPrincipals();
671 if ((principals != null) && (principals.length > 0) &&
672 ((permission instanceof FolderPermission) ||
673 (permission instanceof PagePermission) ||
674 (permission instanceof FragmentPermission)))
675 {
676
677 Permissions permissions = new Permissions();
678 for (int i = 0; (i < principals.length); i++)
679 {
680 if (principals[i] instanceof UserPrincipal)
681 {
682
683 String user = principals[i].getName();
684 if (user.equals("admin"))
685 {
686
687 permissions.add(new FolderPermission("/", "view, edit"));
688 permissions.add(new PagePermission("/default-page.psml", "view, edit"));
689 }
690 else if (user.equals("user"))
691 {
692
693 permissions.add(new FragmentPermission("/default-page.psml/some-app::SomePortlet", "view, edit"));
694
695
696 permissions.add(new PagePermission("/user-page.psml", "view, edit"));
697 permissions.add(new FragmentPermission("/user-page.psml/*", "view"));
698 }
699
700
701 permissions.add(new FolderPermission("/", "view"));
702 permissions.add(new PagePermission("/default-page.psml", "view"));
703 permissions.add(new PagePermission("/page.security", "view"));
704 permissions.add(new FragmentPermission("security::*", "view"));
705 }
706 else if (principals[i] instanceof RolePrincipal)
707 {
708
709 String role = principals[i].getName();
710 if (role.equals("admin"))
711 {
712
713 permissions.add(new FolderPermission("<<ALL FILES>>", "view, edit"));
714 permissions.add(new FragmentPermission("<<ALL FRAGMENTS>>", "view, edit"));
715 }
716 else if (role.equals("manager"))
717 {
718
719 permissions.add(new PagePermission("/default-page.psml", "edit"));
720 permissions.add(new PagePermission("/default.link", "edit"));
721 }
722 }
723 }
724
725
726 if (permissions.implies(permission))
727 {
728 return true;
729 }
730 }
731
732
733 if (defaultPolicy != null)
734 {
735 return defaultPolicy.implies(domain, permission);
736 }
737 return false;
738 }
739
740 public PermissionCollection getPermissions(ProtectionDomain domain)
741 {
742
743
744 if (defaultPolicy != null)
745 {
746 return defaultPolicy.getPermissions(domain);
747 }
748 return new Permissions();
749 }
750
751 public PermissionCollection getPermissions(CodeSource codesource)
752 {
753
754
755 if (defaultPolicy != null)
756 {
757 return defaultPolicy.getPermissions(codesource);
758 }
759 return new Permissions();
760 }
761
762 public void refresh()
763 {
764
765 if (defaultPolicy != null)
766 {
767 defaultPolicy.refresh();
768 }
769 }
770 }
771 }