1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.layout.impl; |
18 |
|
|
19 |
|
import java.lang.reflect.Constructor; |
20 |
|
import java.security.Permission; |
21 |
|
import java.security.Principal; |
22 |
|
import java.util.LinkedList; |
23 |
|
import java.util.List; |
24 |
|
import java.util.Map; |
25 |
|
import java.util.StringTokenizer; |
26 |
|
|
27 |
|
import org.apache.commons.logging.Log; |
28 |
|
import org.apache.commons.logging.LogFactory; |
29 |
|
import org.apache.jetspeed.JetspeedActions; |
30 |
|
import org.apache.jetspeed.ajax.AJAXException; |
31 |
|
import org.apache.jetspeed.ajax.AjaxAction; |
32 |
|
import org.apache.jetspeed.ajax.AjaxBuilder; |
33 |
|
import org.apache.jetspeed.layout.PortletActionSecurityBehavior; |
34 |
|
import org.apache.jetspeed.request.RequestContext; |
35 |
|
import org.apache.jetspeed.security.PermissionManager; |
36 |
|
import org.apache.jetspeed.security.SecurityException; |
37 |
|
import org.apache.jetspeed.security.impl.RolePrincipalImpl; |
38 |
|
|
39 |
|
|
40 |
|
|
41 |
|
|
42 |
|
|
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
|
47 |
|
|
48 |
|
|
49 |
|
|
50 |
|
|
51 |
|
|
52 |
|
|
53 |
|
|
54 |
|
public class SecurityPermissionAction |
55 |
|
extends BasePortletAction |
56 |
|
implements AjaxAction, AjaxBuilder, Constants |
57 |
|
{ |
58 |
0 |
protected static final Log log = LogFactory.getLog(SecurityPermissionAction.class); |
59 |
0 |
protected PermissionManager pm = null; |
60 |
0 |
protected Map permissionMap = null; |
61 |
|
|
62 |
|
public SecurityPermissionAction(String template, |
63 |
|
String errorTemplate, |
64 |
|
PermissionManager pm, |
65 |
|
PortletActionSecurityBehavior securityBehavior, |
66 |
|
Map permissionMap) |
67 |
|
{ |
68 |
0 |
super(template, errorTemplate, securityBehavior); |
69 |
0 |
this.pm = pm; |
70 |
0 |
this.permissionMap = permissionMap; |
71 |
0 |
} |
72 |
|
|
73 |
|
public boolean run(RequestContext requestContext, Map resultMap) |
74 |
|
throws AJAXException |
75 |
|
{ |
76 |
0 |
boolean success = true; |
77 |
0 |
String status = "success"; |
78 |
|
try |
79 |
|
{ |
80 |
0 |
resultMap.put(ACTION, "permissions"); |
81 |
|
|
82 |
0 |
String method = getActionParameter(requestContext, "method"); |
83 |
0 |
if (method == null) |
84 |
|
{ |
85 |
0 |
throw new RuntimeException("Method not provided"); |
86 |
|
} |
87 |
0 |
resultMap.put("method", method); |
88 |
0 |
if (false == checkAccess(requestContext, JetspeedActions.EDIT)) |
89 |
|
{ |
90 |
0 |
success = false; |
91 |
0 |
resultMap.put(REASON, "Insufficient access to administer portal permissions"); |
92 |
0 |
return success; |
93 |
|
} |
94 |
0 |
int count = 0; |
95 |
0 |
if (method.equals("add")) |
96 |
|
{ |
97 |
0 |
count = addPermission(requestContext, resultMap); |
98 |
|
} |
99 |
0 |
else if (method.equals("update")) |
100 |
|
{ |
101 |
0 |
count = updatePermission(requestContext, resultMap); |
102 |
|
} |
103 |
0 |
else if (method.equals("remove")) |
104 |
|
{ |
105 |
0 |
count = removePermission(requestContext, resultMap); |
106 |
|
} |
107 |
|
else |
108 |
|
{ |
109 |
0 |
success = false; |
110 |
0 |
resultMap.put(REASON, "Unsupported portal permissions method: " + method); |
111 |
0 |
return success; |
112 |
|
} |
113 |
0 |
resultMap.put("count", Integer.toString(count)); |
114 |
0 |
resultMap.put("resource", getActionParameter(requestContext, "resource")); |
115 |
0 |
resultMap.put("type", getActionParameter(requestContext, "type")); |
116 |
0 |
resultMap.put("actions", getActionParameter(requestContext, "actions")); |
117 |
0 |
resultMap.put("roles", getActionParameter(requestContext, "roles")); |
118 |
0 |
resultMap.put(STATUS, status); |
119 |
|
} |
120 |
0 |
catch (Exception e) |
121 |
|
{ |
122 |
0 |
log.error("exception administering portal permissions", e); |
123 |
0 |
resultMap.put(REASON, e.toString()); |
124 |
0 |
success = false; |
125 |
0 |
} |
126 |
0 |
return success; |
127 |
|
} |
128 |
|
|
129 |
|
protected int addPermission(RequestContext requestContext, Map resultMap) |
130 |
|
throws AJAXException |
131 |
|
{ |
132 |
|
try |
133 |
|
{ |
134 |
0 |
String type = getActionParameter(requestContext, "type"); |
135 |
0 |
if (type == null) |
136 |
0 |
throw new AJAXException("Missing 'type' parameter"); |
137 |
0 |
String resource = getActionParameter(requestContext, "resource"); |
138 |
0 |
if (resource == null) |
139 |
0 |
throw new AJAXException("Missing 'resource' parameter"); |
140 |
0 |
String actions = getActionParameter(requestContext, "actions"); |
141 |
0 |
if (actions == null) |
142 |
0 |
throw new AJAXException("Missing 'actions' parameter"); |
143 |
|
|
144 |
0 |
Permission permission = createPermissionFromClass(type, resource, actions); |
145 |
0 |
if (pm.permissionExists(permission)) |
146 |
|
{ |
147 |
0 |
throw new AJAXException("Permission " + resource + " already exists"); |
148 |
|
} |
149 |
|
|
150 |
0 |
pm.addPermission(permission); |
151 |
0 |
String roleNames = getActionParameter(requestContext, "roles"); |
152 |
0 |
return updateRoles(permission, roleNames); |
153 |
|
} |
154 |
0 |
catch (SecurityException e) |
155 |
|
{ |
156 |
0 |
throw new AJAXException(e.toString(), e); |
157 |
|
} |
158 |
|
} |
159 |
|
|
160 |
|
protected int updatePermission(RequestContext requestContext, Map resultMap) |
161 |
|
throws AJAXException |
162 |
|
{ |
163 |
|
try |
164 |
|
{ |
165 |
0 |
String type = getActionParameter(requestContext, "type"); |
166 |
0 |
if (type == null) |
167 |
0 |
throw new AJAXException("Missing 'type' parameter"); |
168 |
0 |
String resource = getActionParameter(requestContext, "resource"); |
169 |
0 |
if (resource == null) |
170 |
0 |
throw new AJAXException("Missing 'resource' parameter"); |
171 |
0 |
String actions = getActionParameter(requestContext, "actions"); |
172 |
0 |
if (actions == null) |
173 |
0 |
throw new AJAXException("Missing 'actions' parameter"); |
174 |
0 |
String oldActions = getActionParameter(requestContext, "oldactions"); |
175 |
0 |
if (oldActions == null) |
176 |
|
{ |
177 |
|
|
178 |
0 |
oldActions = actions; |
179 |
|
} |
180 |
0 |
Permission permission = null; |
181 |
0 |
if (!oldActions.equals(actions)) |
182 |
|
{ |
183 |
0 |
permission = createPermissionFromClass(type, resource, oldActions); |
184 |
0 |
pm.removePermission(permission); |
185 |
0 |
permission = createPermissionFromClass(type, resource, actions); |
186 |
0 |
pm.addPermission(permission); |
187 |
|
} |
188 |
|
else |
189 |
|
{ |
190 |
0 |
permission = createPermissionFromClass(type, resource, actions); |
191 |
|
} |
192 |
0 |
String roleNames = getActionParameter(requestContext, "roles"); |
193 |
0 |
return updateRoles(permission, roleNames); |
194 |
|
} |
195 |
0 |
catch (SecurityException e) |
196 |
|
{ |
197 |
0 |
throw new AJAXException(e.toString(), e); |
198 |
|
} |
199 |
|
} |
200 |
|
|
201 |
|
protected int updateRoles(Permission permission, String roleNames) |
202 |
|
throws SecurityException |
203 |
|
{ |
204 |
0 |
List principals = new LinkedList(); |
205 |
0 |
if (roleNames != null) |
206 |
|
{ |
207 |
0 |
StringTokenizer toke = new StringTokenizer(roleNames, ","); |
208 |
0 |
while (toke.hasMoreTokens()) |
209 |
|
{ |
210 |
0 |
String roleName = toke.nextToken(); |
211 |
0 |
Principal role = new RolePrincipalImpl(roleName); |
212 |
0 |
principals.add(role); |
213 |
0 |
} |
214 |
|
} |
215 |
0 |
return pm.updatePermission(permission, principals); |
216 |
|
} |
217 |
|
|
218 |
|
protected int removePermission(RequestContext requestContext, Map resultMap) |
219 |
|
throws AJAXException |
220 |
|
{ |
221 |
|
try |
222 |
|
{ |
223 |
0 |
String type = getActionParameter(requestContext, "type"); |
224 |
0 |
if (type == null) |
225 |
0 |
throw new AJAXException("Missing 'type' parameter"); |
226 |
0 |
String resource = getActionParameter(requestContext, "resource"); |
227 |
0 |
if (resource == null) |
228 |
0 |
throw new AJAXException("Missing 'resource' parameter"); |
229 |
0 |
String actions = getActionParameter(requestContext, "actions"); |
230 |
0 |
if (actions == null) |
231 |
0 |
throw new AJAXException("Missing 'actions' parameter"); |
232 |
0 |
Permission permission = createPermissionFromClass(type, resource, actions); |
233 |
0 |
if (pm.permissionExists(permission)) |
234 |
|
{ |
235 |
0 |
pm.removePermission(permission); |
236 |
0 |
return 1; |
237 |
|
} |
238 |
0 |
return 0; |
239 |
|
} |
240 |
0 |
catch (SecurityException e) |
241 |
|
{ |
242 |
0 |
throw new AJAXException(e.toString(), e); |
243 |
|
} |
244 |
|
} |
245 |
|
|
246 |
|
protected String mapTypeToClassname(String type) |
247 |
|
throws AJAXException |
248 |
|
{ |
249 |
0 |
String classname = (String)this.permissionMap.get(type); |
250 |
0 |
if (classname != null) |
251 |
0 |
return classname; |
252 |
0 |
throw new AJAXException("Bad resource 'type' parameter: " + type); |
253 |
|
} |
254 |
|
|
255 |
|
protected Permission createPermissionFromClass(String type, String resource, String actions) |
256 |
|
throws AJAXException |
257 |
|
{ |
258 |
0 |
String classname = this.mapTypeToClassname(type); |
259 |
|
try |
260 |
|
{ |
261 |
0 |
Class permissionClass = Class.forName(classname); |
262 |
0 |
Class[] parameterTypes = { String.class, String.class }; |
263 |
0 |
Constructor permissionConstructor = permissionClass.getConstructor(parameterTypes); |
264 |
0 |
Object[] initArgs = { resource, actions }; |
265 |
0 |
return (Permission)permissionConstructor.newInstance(initArgs); |
266 |
|
} |
267 |
0 |
catch (Exception e) |
268 |
|
{ |
269 |
0 |
throw new AJAXException("Failed to create permission: " + type, e); |
270 |
|
} |
271 |
|
} |
272 |
|
|
273 |
|
} |