1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.layout.impl; |
18 |
|
|
19 |
|
import java.io.StringReader; |
20 |
|
import java.util.ArrayList; |
21 |
|
import java.util.List; |
22 |
|
import java.util.Map; |
23 |
|
import java.util.StringTokenizer; |
24 |
|
|
25 |
|
import org.apache.commons.logging.Log; |
26 |
|
import org.apache.commons.logging.LogFactory; |
27 |
|
import org.apache.jetspeed.JetspeedActions; |
28 |
|
import org.apache.jetspeed.ajax.AJAXException; |
29 |
|
import org.apache.jetspeed.ajax.AjaxAction; |
30 |
|
import org.apache.jetspeed.ajax.AjaxBuilder; |
31 |
|
import org.apache.jetspeed.layout.PortletActionSecurityBehavior; |
32 |
|
import org.apache.jetspeed.om.common.SecurityConstraint; |
33 |
|
import org.apache.jetspeed.om.page.PageSecurity; |
34 |
|
import org.apache.jetspeed.om.page.SecurityConstraintsDef; |
35 |
|
import org.apache.jetspeed.page.PageManager; |
36 |
|
import org.apache.jetspeed.request.RequestContext; |
37 |
|
import org.jdom.Document; |
38 |
|
import org.jdom.Element; |
39 |
|
import org.jdom.input.SAXBuilder; |
40 |
|
|
41 |
|
|
42 |
|
|
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
|
47 |
|
|
48 |
|
|
49 |
|
|
50 |
|
|
51 |
|
|
52 |
|
|
53 |
|
public class SecurityConstraintsAction |
54 |
|
extends BasePortletAction |
55 |
|
implements AjaxAction, AjaxBuilder, Constants |
56 |
|
{ |
57 |
0 |
protected static final Log log = LogFactory.getLog(SecurityConstraintsAction.class); |
58 |
|
|
59 |
|
public SecurityConstraintsAction(String template, |
60 |
|
String errorTemplate, |
61 |
|
PageManager pm, |
62 |
|
PortletActionSecurityBehavior securityBehavior) |
63 |
|
{ |
64 |
0 |
super(template, errorTemplate, pm, securityBehavior); |
65 |
0 |
} |
66 |
|
|
67 |
|
public SecurityConstraintsAction(String template, |
68 |
|
String errorTemplate, |
69 |
|
PageManager pm) |
70 |
|
{ |
71 |
0 |
this(template, errorTemplate, pm, null); |
72 |
0 |
} |
73 |
|
|
74 |
|
public boolean run(RequestContext requestContext, Map resultMap) |
75 |
|
throws AJAXException |
76 |
|
{ |
77 |
0 |
System.out.println( "SecurityConstraintsAction run" ); |
78 |
0 |
boolean success = true; |
79 |
0 |
String status = "success"; |
80 |
|
try |
81 |
|
{ |
82 |
0 |
resultMap.put(ACTION, "constraints"); |
83 |
|
|
84 |
0 |
String method = getActionParameter(requestContext, "method"); |
85 |
0 |
if (method == null) |
86 |
|
{ |
87 |
0 |
throw new RuntimeException("Method not provided"); |
88 |
|
} |
89 |
0 |
resultMap.put("method", method); |
90 |
0 |
if (false == checkAccess(requestContext, JetspeedActions.EDIT)) |
91 |
|
{ |
92 |
0 |
success = false; |
93 |
0 |
resultMap.put(REASON, "Insufficient access to administer portal permissions"); |
94 |
0 |
return success; |
95 |
|
} |
96 |
0 |
int count = 0; |
97 |
0 |
if (method.equals("add-def") || method.equals("update-def")) |
98 |
|
{ |
99 |
0 |
count = updateConstraintDefinition(requestContext, resultMap); |
100 |
|
} |
101 |
0 |
else if (method.equals("remove-def")) |
102 |
|
{ |
103 |
0 |
count = removeConstraintDefinition(requestContext, resultMap); |
104 |
|
} |
105 |
0 |
else if (method.equals("add-global")) |
106 |
|
{ |
107 |
0 |
count = addGlobal(requestContext, resultMap); |
108 |
|
} |
109 |
0 |
else if (method.equals("remove-global")) |
110 |
|
{ |
111 |
0 |
count = removeGlobal(requestContext, resultMap); |
112 |
|
} |
113 |
|
else |
114 |
|
{ |
115 |
0 |
success = false; |
116 |
0 |
resultMap.put(REASON, "Unsupported portal constraints method: " + method); |
117 |
0 |
return success; |
118 |
|
} |
119 |
0 |
resultMap.put("count", Integer.toString(count)); |
120 |
0 |
resultMap.put(STATUS, status); |
121 |
|
} |
122 |
0 |
catch (Exception e) |
123 |
|
{ |
124 |
0 |
System.out.println( "SecurityConstraintsAction run failure caused by " + e.getClass().getName() + " " + e.getMessage() ); |
125 |
0 |
e.printStackTrace(); |
126 |
0 |
log.error("exception administering portal permissions", e); |
127 |
0 |
resultMap.put(REASON, e.toString()); |
128 |
0 |
success = false; |
129 |
0 |
} |
130 |
0 |
System.out.println( "SecurityConstraintsAction complete " + resultMap.toString() ); |
131 |
0 |
return success; |
132 |
|
} |
133 |
|
|
134 |
|
protected int removeConstraclass="keyword">intDefinition(RequestContext requestContext, Map resultMap) |
135 |
|
throws AJAXException |
136 |
|
{ |
137 |
0 |
String name = getActionParameter(requestContext, "name"); |
138 |
0 |
if (name == null) |
139 |
0 |
throw new AJAXException("Missing 'name' parameter"); |
140 |
|
|
141 |
|
try |
142 |
|
{ |
143 |
0 |
PageSecurity pageSecurity = pageManager.getPageSecurity(); |
144 |
0 |
SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(name); |
145 |
0 |
if (def == null) |
146 |
|
{ |
147 |
0 |
return 0; |
148 |
|
} |
149 |
0 |
List defs = pageSecurity.getSecurityConstraintsDefs(); |
150 |
0 |
defs.remove(def); |
151 |
0 |
pageSecurity.setSecurityConstraintsDefs(defs); |
152 |
0 |
pageManager.updatePageSecurity(pageSecurity); |
153 |
|
} |
154 |
0 |
catch (Exception e) |
155 |
|
{ |
156 |
0 |
throw new AJAXException(e); |
157 |
0 |
} |
158 |
0 |
return 1; |
159 |
|
} |
160 |
|
|
161 |
|
protected int updateConstraclass="keyword">intDefinition(RequestContext requestContext, Map resultMap) |
162 |
|
throws AJAXException |
163 |
|
{ |
164 |
0 |
System.out.println( "SecurityConstraintsAction updateConstraintDefinition started" ); |
165 |
|
|
166 |
0 |
int count = 0; |
167 |
0 |
boolean added = false; |
168 |
0 |
String xml = getActionParameter(requestContext, "xml"); |
169 |
0 |
if (xml == null) |
170 |
0 |
throw new AJAXException("Missing 'xml' parameter"); |
171 |
|
try |
172 |
|
{ |
173 |
0 |
SAXBuilder saxBuilder = new SAXBuilder(); |
174 |
0 |
StringReader reader = new StringReader(xml); |
175 |
0 |
Document document = saxBuilder.build(reader); |
176 |
0 |
Element root = document.getRootElement(); |
177 |
0 |
String name = root.getAttribute("name").getValue(); |
178 |
0 |
PageSecurity pageSecurity = pageManager.getPageSecurity(); |
179 |
0 |
SecurityConstraintsDef def = pageSecurity.getSecurityConstraintsDef(name); |
180 |
0 |
int defsSize = 0; |
181 |
0 |
if (def == null) |
182 |
|
{ |
183 |
0 |
def = pageManager.newSecurityConstraintsDef(); |
184 |
0 |
def.setName(name); |
185 |
0 |
added = true; |
186 |
|
} |
187 |
0 |
int xmlSize = root.getChildren("security-constraint").size(); |
188 |
0 |
if (added == false) |
189 |
|
{ |
190 |
0 |
defsSize = def.getSecurityConstraints().size(); |
191 |
|
} |
192 |
0 |
int min = (xmlSize < defsSize) ? xmlSize : defsSize; |
193 |
0 |
List xmlConstraints = root.getChildren("security-constraint"); |
194 |
0 |
List constraints = def.getSecurityConstraints(); |
195 |
0 |
Element owner = root.getChild("owner"); |
196 |
0 |
if (owner != null) |
197 |
|
{ |
198 |
|
} |
199 |
0 |
for (int ix = 0; ix < min; ix++) |
200 |
|
{ |
201 |
0 |
Element xmlConstraint = (Element)xmlConstraints.get(ix); |
202 |
0 |
SecurityConstraint constraint = (SecurityConstraint)constraints.get(ix); |
203 |
0 |
updateConstraintValues(xmlConstraint, constraint); |
204 |
0 |
count++; |
205 |
|
} |
206 |
0 |
if (xmlSize < defsSize) |
207 |
|
{ |
208 |
|
|
209 |
0 |
List deletes = new ArrayList(defsSize - xmlSize); |
210 |
0 |
for (int ix = min; ix < defsSize; ix++) |
211 |
|
{ |
212 |
0 |
deletes.add(constraints.get(ix)); |
213 |
|
} |
214 |
0 |
for (int ix = 0; ix < deletes.size(); ix++) |
215 |
|
{ |
216 |
0 |
constraints.remove(deletes.get(ix)); |
217 |
0 |
count++; |
218 |
|
} |
219 |
0 |
} |
220 |
0 |
else if (xmlSize > defsSize) |
221 |
|
{ |
222 |
|
|
223 |
0 |
for (int ix = min; ix < xmlSize; ix++) |
224 |
|
{ |
225 |
0 |
Element xmlConstraint = (Element)xmlConstraints.get(ix); |
226 |
0 |
SecurityConstraint constraint = pageManager.newPageSecuritySecurityConstraint(); |
227 |
0 |
updateConstraintValues(xmlConstraint, constraint); |
228 |
0 |
constraints.add(constraint); |
229 |
0 |
count++; |
230 |
|
} |
231 |
|
} |
232 |
0 |
if (added) |
233 |
|
{ |
234 |
0 |
pageSecurity.getSecurityConstraintsDefs().add(def); |
235 |
0 |
pageSecurity.setSecurityConstraintsDefs(pageSecurity.getSecurityConstraintsDefs()); |
236 |
|
} |
237 |
0 |
pageManager.updatePageSecurity(pageSecurity); |
238 |
|
} |
239 |
0 |
catch (Exception e) |
240 |
|
{ |
241 |
0 |
System.out.println( "SecurityConstraintsAction updateConstraintDefinition failure caused by " + e.getClass().getName() + " " + e.getMessage() ); |
242 |
0 |
e.printStackTrace(); |
243 |
0 |
log.error( "SecurityConstraintsAction updateConstraintDefinition failure caused by " + e.getClass().getName() + " " + e.getMessage(), e ); |
244 |
0 |
throw new AJAXException(e); |
245 |
0 |
} |
246 |
0 |
return count; |
247 |
|
} |
248 |
|
|
249 |
|
protected void updateConstraintValues(Element xmlConstraint, SecurityConstraint constraint) |
250 |
|
{ |
251 |
0 |
constraint.setRoles(parseCSVList(xmlConstraint.getChildText("roles"))); |
252 |
0 |
constraint.setGroups(parseCSVList(xmlConstraint.getChildText("groups"))); |
253 |
0 |
constraint.setPermissions(parseCSVList(xmlConstraint.getChildText("permissions"))); |
254 |
0 |
constraint.setUsers(parseCSVList(xmlConstraint.getChildText("users"))); |
255 |
0 |
} |
256 |
|
|
257 |
|
protected List parseCSVList(String csv) |
258 |
|
{ |
259 |
0 |
if (csv != null) |
260 |
|
{ |
261 |
0 |
List csvList = new ArrayList(4); |
262 |
0 |
if (csv.indexOf(',') != -1) |
263 |
|
{ |
264 |
0 |
StringTokenizer csvTokens = new StringTokenizer(csv, ","); |
265 |
0 |
while (csvTokens.hasMoreTokens()) |
266 |
|
{ |
267 |
0 |
csvList.add(csvTokens.nextToken().trim()); |
268 |
|
} |
269 |
0 |
} |
270 |
|
else |
271 |
|
{ |
272 |
0 |
csvList.add(csv); |
273 |
|
} |
274 |
0 |
return csvList; |
275 |
|
} |
276 |
0 |
return null; |
277 |
|
} |
278 |
|
|
279 |
|
protected int removeGlobal(RequestContext requestContext, Map resultMap) |
280 |
|
throws AJAXException |
281 |
|
{ |
282 |
0 |
int count = 0; |
283 |
0 |
String name = getActionParameter(requestContext, "name"); |
284 |
0 |
if (name == null) |
285 |
0 |
throw new AJAXException("Missing 'name' parameter"); |
286 |
|
|
287 |
|
try |
288 |
|
{ |
289 |
0 |
PageSecurity pageSecurity = pageManager.getPageSecurity(); |
290 |
0 |
List globals = pageSecurity.getGlobalSecurityConstraintsRefs(); |
291 |
0 |
if (!globals.contains(name)) |
292 |
|
{ |
293 |
0 |
return 0; |
294 |
|
} |
295 |
0 |
globals.remove(name); |
296 |
0 |
pageSecurity.setGlobalSecurityConstraintsRefs(globals); |
297 |
0 |
pageManager.updatePageSecurity(pageSecurity); |
298 |
0 |
count++; |
299 |
|
} |
300 |
0 |
catch (Exception e) |
301 |
|
{ |
302 |
0 |
throw new AJAXException(e); |
303 |
0 |
} |
304 |
0 |
return count; |
305 |
|
} |
306 |
|
|
307 |
|
protected int addGlobal(RequestContext requestContext, Map resultMap) |
308 |
|
throws AJAXException |
309 |
|
{ |
310 |
0 |
int count = 0; |
311 |
0 |
String name = getActionParameter(requestContext, "name"); |
312 |
0 |
if (name == null) |
313 |
0 |
throw new AJAXException("Missing 'name' parameter"); |
314 |
|
|
315 |
|
try |
316 |
|
{ |
317 |
0 |
PageSecurity pageSecurity = pageManager.getPageSecurity(); |
318 |
0 |
List globals = pageSecurity.getGlobalSecurityConstraintsRefs(); |
319 |
0 |
if (pageSecurity.getSecurityConstraintsDef(name) == null) |
320 |
|
{ |
321 |
0 |
throw new AJAXException("global name doesnt exist in definitions"); |
322 |
|
} |
323 |
0 |
if (globals.contains(name)) |
324 |
|
{ |
325 |
|
|
326 |
0 |
return count; |
327 |
|
} |
328 |
0 |
globals.add(name); |
329 |
0 |
pageSecurity.setGlobalSecurityConstraintsRefs(globals); |
330 |
0 |
pageManager.updatePageSecurity(pageSecurity); |
331 |
0 |
count++; |
332 |
|
} |
333 |
0 |
catch (Exception e) |
334 |
|
{ |
335 |
0 |
throw new AJAXException(e); |
336 |
0 |
} |
337 |
0 |
return count; |
338 |
|
} |
339 |
|
|
340 |
|
} |