continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eveni...@apache.org
Subject svn commit: r537900 - in /maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server: AbstractContinuumSecureService.java ContinuumServiceImpl.java
Date Mon, 14 May 2007 16:24:00 GMT
Author: evenisse
Date: Mon May 14 09:23:53 2007
New Revision: 537900

URL: http://svn.apache.org/viewvc?view=rev&rev=537900
Log:
Move security code in parent abtract class

Added:
    maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
  (with props)
Modified:
    maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java

Added: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java?view=auto&rev=537900
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
(added)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
Mon May 14 09:23:53 2007
@@ -0,0 +1,134 @@
+package org.apache.maven.continuum.xmlrpc.server;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.maven.continuum.ContinuumException;
+import org.apache.maven.continuum.security.ContinuumRoleConstants;
+import org.apache.maven.continuum.xmlrpc.ContinuumService;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.util.StringUtils;
+
+/**
+ * @author <a href="mailto:evenisse@apache.org">Emmanuel Venisse</a>
+ * @version $Id$
+ */
+public abstract class AbstractContinuumSecureService
+    implements ContinuumService, ContinuumXmlRpcComponent
+{
+    /**
+     * @plexus.requirement role-hint="default"
+     */
+    private SecuritySystem securitySystem;
+
+    private ContinuumXmlRpcConfig config;
+
+    public void setConfig( ContinuumXmlRpcConfig config )
+    {
+        this.config = config;
+    }
+
+    public SecuritySystem getSecuritySystem()
+    {
+        return securitySystem;
+    }
+
+    /**
+     * Check if the current user is authorized to do the action
+     *
+     * @param role the role
+     * @throws ContinuumException if the user isn't authorized
+     */
+    protected void checkAuthorization( String role )
+        throws ContinuumException
+    {
+        checkAuthorization( role, null, false );
+    }
+
+    /**
+     * Check if the current user is authorized to do the action
+     *
+     * @param role     the role
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized
+     */
+    protected void checkAuthorization( String role, String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( role, resource, true );
+    }
+
+    /**
+     * Check if the current user is authorized to do the action
+     *
+     * @param role             the role
+     * @param resource         the operation resource
+     * @param requiredResource true if resource can't be null
+     * @throws ContinuumException if the user isn't authorized
+     */
+    protected void checkAuthorization( String role, String resource, boolean requiredResource
)
+        throws ContinuumException
+    {
+        try
+        {
+            if ( resource != null && StringUtils.isNotEmpty( resource.trim() ) )
+            {
+                if ( !getSecuritySystem().isAuthorized( config.getSecuritySession(), role,
resource ) )
+                {
+                    throw new ContinuumException( "You're not authorized to execute this
action." );
+                }
+            }
+            else
+            {
+                if ( requiredResource || !getSecuritySystem().isAuthorized( config.getSecuritySession(),
role ) )
+                {
+                    throw new ContinuumException( "You're not authorized to execute this
action." );
+                }
+            }
+        }
+        catch ( AuthorizationException ae )
+        {
+            throw new ContinuumException( "error authorizing request." );
+        }
+    }
+
+    /**
+     * Check if the current user is authorized to add a project group
+     *
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkAddProjectGroupAuthorization()
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION );
+    }
+
+    /**
+     * Check if the current user is authorized to add a project to a specific project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkAddProjectToGroupAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION,
resource );
+    }
+}

Propchange: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java?view=diff&rev=537900&r1=537899&r2=537900
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
(original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
Mon May 14 09:23:53 2007
@@ -23,7 +23,6 @@
 import org.apache.maven.continuum.ContinuumException;
 import org.apache.maven.continuum.project.ContinuumProjectState;
 import org.apache.maven.continuum.project.builder.ContinuumProjectBuildingResult;
-import org.apache.maven.continuum.xmlrpc.ContinuumService;
 import org.apache.maven.continuum.xmlrpc.project.AddingResult;
 import org.apache.maven.continuum.xmlrpc.project.BuildResult;
 import org.apache.maven.continuum.xmlrpc.project.BuildResultSummary;
@@ -32,8 +31,6 @@
 import org.apache.maven.continuum.xmlrpc.project.ProjectGroup;
 import org.apache.maven.continuum.xmlrpc.project.ProjectGroupSummary;
 import org.apache.maven.continuum.xmlrpc.project.ProjectSummary;
-import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.system.SecuritySystem;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -46,25 +43,13 @@
  * @plexus.component role="org.apache.maven.continuum.xmlrpc.server.ContinuumXmlRpcComponent"
role-hint="org.apache.maven.continuum.xmlrpc.ContinuumService"
  */
 public class ContinuumServiceImpl
-    implements ContinuumService, ContinuumXmlRpcComponent
+    extends AbstractContinuumSecureService
 {
     /**
      * @plexus.requirement
      */
     private Continuum continuum;
 
-    /**
-     * @plexus.requirement role-hint="default"
-     */
-    private SecuritySystem securitySystem;
-    
-    private ContinuumXmlRpcConfig config;
-    
-    public void setConfig( ContinuumXmlRpcConfig config )
-    {
-        this.config = config;
-    }
-
     // ----------------------------------------------------------------------
     // Projects
     // ----------------------------------------------------------------------
@@ -211,27 +196,18 @@
     public AddingResult addMavenTwoProject( String url )
         throws ContinuumException
     {
-        try 
-        {
-            if ( securitySystem.isAuthorized( config.getSecuritySession(), "continuum-add-group"
) )
-            {
-                ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url
);
-                return populateAddingResult( result );
-            }
-            else
-            {
-                throw new ContinuumException( "unauthorized add project request" ); 
-            }
-        }
-        catch (AuthorizationException e )
-        {
-            throw new ContinuumException( "error authorizing request", e );
-        }
+        checkAddProjectGroupAuthorization();
+
+        ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url );
+        return populateAddingResult( result );
     }
 
     public AddingResult addMavenTwoProject( String url, int projectGroupId )
         throws ContinuumException
     {
+        ProjectGroupSummary pgs = getProjectGroupSummary( projectGroupId );
+        checkAddProjectToGroupAuthorization( pgs.getName() );
+
         ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url, projectGroupId
);
         return populateAddingResult( result );
     }



Mime
View raw message