lenya-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From andr...@apache.org
Subject cvs commit: cocoon-lenya/src/java/org/apache/lenya/cms/ac2/xsp PolicyHelper.java
Date Thu, 07 Aug 2003 10:23:27 GMT
andreas     2003/08/07 03:23:27

  Modified:    src/java/org/apache/lenya/cms/ac2 PolicyBuilder.java
                        URLPolicy.java Policy.java DefaultPolicy.java
               src/java/org/apache/lenya/cms/ac2/xsp PolicyHelper.java
  Log:
  added SSL protection handling
  
  Revision  Changes    Path
  1.5       +13 -2     cocoon-lenya/src/java/org/apache/lenya/cms/ac2/PolicyBuilder.java
  
  Index: PolicyBuilder.java
  ===================================================================
  RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/PolicyBuilder.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- PolicyBuilder.java	30 Jul 2003 15:10:08 -0000	1.4
  +++ PolicyBuilder.java	7 Aug 2003 10:23:27 -0000	1.5
  @@ -101,6 +101,7 @@
       protected static final String WORLD_ELEMENT = "world";
       protected static final String IP_RANGE_ELEMENT = "ip-range";
       protected static final String ID_ATTRIBUTE = "id";
  +    protected static final String SSL_ATTRIBUTE = "ssl";
   
       /**
        * Builds a policy from a file. When the file is not present, an empty policy is returned.
  @@ -164,6 +165,13 @@
   
               policy.addCredential(credential);
           }
  +        
  +        boolean ssl = false;
  +        String sslString = policyElement.getAttribute(SSL_ATTRIBUTE);
  +        if (sslString != null) {
  +            ssl = Boolean.valueOf(sslString).booleanValue();
  +        }
  +        policy.setSSL(ssl);
   
           return policy;
       }
  @@ -221,6 +229,7 @@
           }
   
           Credential[] credentials = policy.getCredentials();
  +        Element policyElement = helper.getDocument().getDocumentElement();
   
           for (int i = 0; i < credentials.length; i++) {
               Accreditable accreditable = credentials[i].getAccreditable();
  @@ -233,8 +242,10 @@
                   accreditableElement.appendChild(roleElement);
               }
               
  -            helper.getDocument().getDocumentElement().appendChild(accreditableElement);
  +            policyElement.appendChild(accreditableElement);
           }
  +        
  +        policyElement.setAttribute(SSL_ATTRIBUTE, Boolean.toString(policy.isSSLProtected()));
   
           return helper.getDocument();
       }
  
  
  
  1.11      +37 -7     cocoon-lenya/src/java/org/apache/lenya/cms/ac2/URLPolicy.java
  
  Index: URLPolicy.java
  ===================================================================
  RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/URLPolicy.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- URLPolicy.java	24 Jul 2003 18:36:36 -0000	1.10
  +++ URLPolicy.java	7 Aug 2003 10:23:27 -0000	1.11
  @@ -86,20 +86,31 @@
   		policyManager = manager;
   
   		assert controller != null;
  -		this.controller = controller;
  +		this.accreditableManager = controller;
   	}
   
   	private String url;
   	private InheritingPolicyManager policyManager;
  -	private AccreditableManager controller;
  +	private AccreditableManager accreditableManager;
  +    private Policy[] policies = null;
  +    
  +    /**
  +     * Obtains the policies from the policy manager.
  +     * This method is expensive and therefore only called when needed.
  +     * @throws AccessControlException when something went wrong.
  +     */
  +    protected void obtainPolicies() throws AccessControlException  {
  +        if (policies == null) {
  +            policies = getPolicyManager().getPolicies(getAccreditableManager(), getUrl());
  +        }
  +    }
   
   	/**
   	 * @see org.apache.lenya.cms.ac2.Policy#getRoles(org.apache.lenya.cms.ac2.Identity)
   	 */
   	public Role[] getRoles(Identity identity) throws AccessControlException {
  -        
  +        obtainPolicies();
           Set roles = new HashSet();
  -        Policy[] policies = getPolicyManager().getPolicies(getAccessController(), getUrl());
           for (int i = 0; i < policies.length; i++) {
               addRoles(policies[i], identity, roles);
           }
  @@ -138,8 +149,27 @@
   	 * Returns the access controller.
   	 * @return An access controller.
   	 */
  -	public AccreditableManager getAccessController() {
  -		return controller;
  +	public AccreditableManager getAccreditableManager() {
  +		return accreditableManager;
   	}
  +
  +    /**
  +     * The URL policy requires SSL protection iff one of its
  +     * member policies requires SSL protection.
  +     * @see org.apache.lenya.cms.ac2.Policy#isSSLProtected()
  +     */
  +    public boolean isSSLProtected() throws AccessControlException {
  +        obtainPolicies();
  +        
  +        boolean ssl = false;
  +        
  +        int i = 0;
  +        while (!ssl && i < policies.length) {
  +            ssl = ssl || policies[i].isSSLProtected();
  +            i++;
  +        }
  +        
  +        return ssl;
  +    }
       
   }
  
  
  
  1.4       +8 -1      cocoon-lenya/src/java/org/apache/lenya/cms/ac2/Policy.java
  
  Index: Policy.java
  ===================================================================
  RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/Policy.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- Policy.java	23 Jul 2003 13:21:23 -0000	1.3
  +++ Policy.java	7 Aug 2003 10:23:27 -0000	1.4
  @@ -73,4 +73,11 @@
        * @throws AccessControlException when something went wrong.
        */
       Role[] getRoles(Identity identity) throws AccessControlException;
  +    
  +    /**
  +     * Returns if this policy requires SSL protection.
  +     * @return A boolean value.
  +     * @throws AccessControlException when something went wrong.
  +     */
  +    boolean isSSLProtected() throws AccessControlException;
   }
  
  
  
  1.5       +19 -1     cocoon-lenya/src/java/org/apache/lenya/cms/ac2/DefaultPolicy.java
  
  Index: DefaultPolicy.java
  ===================================================================
  RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/DefaultPolicy.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- DefaultPolicy.java	24 Jul 2003 18:36:37 -0000	1.4
  +++ DefaultPolicy.java	7 Aug 2003 10:23:27 -0000	1.5
  @@ -170,4 +170,22 @@
       protected Credential getCredential(Accreditable accreditable) {
           return (Credential) accreditableToCredential.get(accreditable);
       }
  +    
  +    private boolean isSSL;
  +
  +    /**
  +     * @see org.apache.lenya.cms.ac2.Policy#isSSLProtected()
  +     */
  +    public boolean isSSLProtected() throws AccessControlException {
  +        return isSSL;
  +    }
  +    
  +    /**
  +     * Sets if this policy requires SSL protection.
  +     * @param ssl A boolean value.
  +     */
  +    public void setSSL(boolean ssl) {
  +        this.isSSL = ssl;
  +    }
  +    
   }
  
  
  
  1.5       +149 -137  cocoon-lenya/src/java/org/apache/lenya/cms/ac2/xsp/PolicyHelper.java
  
  Index: PolicyHelper.java
  ===================================================================
  RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/xsp/PolicyHelper.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- PolicyHelper.java	6 Aug 2003 13:06:00 -0000	1.4
  +++ PolicyHelper.java	7 Aug 2003 10:23:27 -0000	1.5
  @@ -69,12 +69,11 @@
   import org.apache.lenya.cms.ac.Role;
   import org.apache.lenya.cms.ac2.AccessControllerResolver;
   import org.apache.lenya.cms.ac2.Accreditable;
  -import org.apache.lenya.cms.ac2.AccreditableManager;
   import org.apache.lenya.cms.ac2.Credential;
   import org.apache.lenya.cms.ac2.DefaultAccessController;
   import org.apache.lenya.cms.ac2.DefaultPolicy;
   import org.apache.lenya.cms.ac2.InheritingPolicyManager;
  -import org.apache.lenya.cms.ac2.file.FilePolicyManager;
  +import org.apache.lenya.cms.ac2.Policy;
   import org.apache.lenya.cms.publication.PageEnvelope;
   import org.apache.lenya.cms.publication.PageEnvelopeException;
   import org.apache.lenya.cms.publication.PageEnvelopeFactory;
  @@ -84,114 +83,114 @@
    * 
    * @author andreas
    */
  -public final class PolicyHelper {
  -    
  +public class PolicyHelper {
  +
       /**
        * Ctor.
        */
  -    private PolicyHelper() {
  +    public PolicyHelper() {
       }
   
  +    private DefaultAccessController accessController;
  +    private ComponentSelector selector;
  +    private AccessControllerResolver resolver;
  +    private InheritingPolicyManager policyManager;
  +    private ComponentManager manager;
  +    private String url;
  +
       /**
  -     * Returns the URI credential wrappers for the request of this object model.
  +     * Initializes this helper.
        * @param objectModel The Cocoon object model.
  +     * @param manager The component manager.
        * @param area The selected area.
  -     * @param manager The ComponentManager to use.
  -     * @return An array of CredentialWrappers.
        * @throws ProcessingException when something went wrong.
        */
  -    public static CredentialWrapper[] getURICredentials(
  -        Map objectModel,
  -        String area,
  -        ComponentManager manager)
  +    public void setup(Map objectModel, ComponentManager manager, String area)
           throws ProcessingException {
  -        return getCredentials(objectModel, area, manager, true);
  +
  +        this.manager = manager;
  +
  +        accessController = null;
  +        selector = null;
  +        resolver = null;
  +        policyManager = null;
  +
  +        url = computeUrl(objectModel, area);
  +
  +        try {
  +            selector =
  +                (ComponentSelector) manager.lookup(AccessControllerResolver.ROLE + "Selector");
  +            resolver =
  +                (AccessControllerResolver) selector.select(
  +                    AccessControllerResolver.DEFAULT_RESOLVER);
  +
  +            accessController = (DefaultAccessController) resolver.resolveAccessController(url);
  +
  +            policyManager = (InheritingPolicyManager) accessController.getPolicyManager();
  +        } catch (Exception e) {
  +            throw new ProcessingException("Obtaining credentials failed: ", e);
  +        }
  +    }
  +
  +    /**
  +     * Releases all obtained components.
  +     */
  +    public void tearDown() {
  +        if (selector != null) {
  +            if (resolver != null) {
  +                if (accessController != null) {
  +                    resolver.release(accessController);
  +                }
  +                selector.release(resolver);
  +            }
  +            manager.release(selector);
  +        }
  +    }
  +
  +    /**
  +     * Returns the URI credential wrappers for the request of this object model.
  +     * @return An array of CredentialWrappers.
  +     * @throws ProcessingException when something went wrong.
  +     */
  +    public CredentialWrapper[] getURICredentials() throws ProcessingException {
  +        return getCredentials(true);
       }
   
       /**
        * Returns the credential wrappers for the parent URI of the URL
        * belonging to the request of this object model.
  -     * @param objectModel The Cocoon object model.
  -     * @param area The selected area.
  -     * @param manager The ComponentManager to use.
        * @return An array of CredentialWrappers.
        * @throws ProcessingException when something went wrong.
        */
  -    public static CredentialWrapper[] getParentCredentials(
  -        Map objectModel,
  -        String area,
  -        ComponentManager manager)
  -        throws ProcessingException {
  -        return getCredentials(objectModel, area, manager, false);
  +    public CredentialWrapper[] getParentCredentials() throws ProcessingException {
  +        return getCredentials(false);
       }
   
       /**
        * Returns the credentials of the policy of the selected URL.
  -     * @param objectModel The Cocoon object model.
  -     * @param area The selected area.
  -     * @param manager The ComponentManager to use.
        * @param urlOnly If true, the URL policy credentials are returned.
        * If false, the credentials of all ancestor policies are returned.
        * @return An array of CredentialWrappers.
        * @throws ProcessingException when something went wrong.
        */
  -    public static CredentialWrapper[] getCredentials(
  -        Map objectModel,
  -        String area,
  -        ComponentManager manager,
  -        boolean urlOnly)
  -        throws ProcessingException {
  +    public CredentialWrapper[] getCredentials(boolean urlOnly) throws ProcessingException
{
   
  -        DefaultAccessController accessController = null;
  -        ComponentSelector selector = null;
  -        AccessControllerResolver resolver = null;
  -        FilePolicyManager policyManager = null;
           List credentials = new ArrayList();
   
  -        String url = computeUrl(objectModel, area);
  -
  -        try {
  -            selector =
  -                (ComponentSelector) manager.lookup(AccessControllerResolver.ROLE + "Selector");
  -            resolver =
  -                (AccessControllerResolver) selector.select(
  -                    AccessControllerResolver.DEFAULT_RESOLVER);
  -
  -            accessController = (DefaultAccessController) resolver.resolveAccessController(url);
  -
  -            AccreditableManager accreditableManager = accessController.getAccreditableManager();
  -            policyManager = (FilePolicyManager) accessController.getPolicyManager();
  -
  -            DefaultPolicy policies[] =
  -                getPolicies(accreditableManager, policyManager, url, urlOnly);
  -
  -            List policyCredentials = new ArrayList();
  -            for (int i = 0; i < policies.length; i++) {
  -                Credential[] creds = policies[i].getCredentials();
  -                for (int j = 0; j < creds.length; j++) {
  -                    policyCredentials.add(creds[j]);
  -                }
  +        DefaultPolicy policies[] = getPolicies(urlOnly);
  +        List policyCredentials = new ArrayList();
  +        for (int i = 0; i < policies.length; i++) {
  +            Credential[] creds = policies[i].getCredentials();
  +            for (int j = 0; j < creds.length; j++) {
  +                policyCredentials.add(creds[j]);
               }
  -            for (Iterator i = policyCredentials.iterator(); i.hasNext();) {
  -                Credential credential = (Credential) i.next();
  -                Accreditable accreditable = credential.getAccreditable();
  -                Role[] roles = credential.getRoles();
  -                for (int j = 0; j < roles.length; j++) {
  -                    credentials.add(new CredentialWrapper(accreditable, roles[j]));
  -                }
  -            }
  -
  -        } catch (Exception e) {
  -            throw new ProcessingException("Obtaining credentials failed: ", e);
  -        } finally {
  -            if (selector != null) {
  -                if (resolver != null) {
  -                    if (accessController != null) {
  -                        resolver.release(accessController);
  -                    }
  -                    selector.release(resolver);
  -                }
  -                manager.release(selector);
  +        }
  +        for (Iterator i = policyCredentials.iterator(); i.hasNext();) {
  +            Credential credential = (Credential) i.next();
  +            Accreditable accreditable = credential.getAccreditable();
  +            Role[] roles = credential.getRoles();
  +            for (int j = 0; j < roles.length; j++) {
  +                credentials.add(new CredentialWrapper(accreditable, roles[j]));
               }
           }
           return (CredentialWrapper[]) credentials.toArray(new CredentialWrapper[credentials.size()]);
  @@ -219,34 +218,33 @@
   
       /**
        * Returns the policies for a certain URL.
  -     * @param accreditableManager The accreditable manager to use.
  -     * @param policyManager The policy manager to use.
  -     * @param url The URL to get the policies for.
        * @param onlyUrl If true, only the URL policies are returned.
        * Otherwise, all ancestor policies are returned.
        * @return An array of DefaultPolicy objects.
  -     * @throws AccessControlException when something went wrong.
  +     * @throws ProcessingException when something went wrong.
        */
  -    protected static DefaultPolicy[] getPolicies(
  -        AccreditableManager accreditableManager,
  -        InheritingPolicyManager policyManager,
  -        String url,
  -        boolean onlyUrl)
  -        throws AccessControlException {
  +    protected DefaultPolicy[] getPolicies(boolean onlyUrl) throws ProcessingException {
   
           DefaultPolicy[] policies;
   
  -        if (onlyUrl) {
  -            policies = new DefaultPolicy[1];
  -            policies[0] = policyManager.buildSubtreePolicy(accreditableManager, url);
  -        } else {
  -            int lastSlashIndex = url.lastIndexOf("/");
  -            if (lastSlashIndex != -1) {
  -                url = url.substring(0, lastSlashIndex);
  +        try {
  +            if (onlyUrl) {
  +                policies = new DefaultPolicy[1];
  +                policies[0] =
  +                    policyManager.buildSubtreePolicy(
  +                        accessController.getAccreditableManager(),
  +                        url);
               } else {
  -                url = "";
  +                String ancestorUrl = "";
  +                int lastSlashIndex = url.lastIndexOf("/");
  +                if (lastSlashIndex != -1) {
  +                    ancestorUrl = url.substring(0, lastSlashIndex);
  +                }
  +                policies =
  +                    policyManager.getPolicies(accessController.getAccreditableManager(),
ancestorUrl);
               }
  -            policies = policyManager.getPolicies(accreditableManager, url);
  +        } catch (AccessControlException e) {
  +            throw new ProcessingException(e);
           }
   
           return policies;
  @@ -257,44 +255,16 @@
   
       /**
        * Changes a credential by adding or deleting an item for a role.
  -     * @param objectModel The Cocoon object model.
        * @param item The item to add or delete.
        * @param role The role.
  -     * @param area The selected area.
        * @param operation The operation, either {@link #ADD} or {@link #DELETE}.
  -     * @param manager The ComponentManager to use.
        * @throws ProcessingException when something went wrong.
        */
  -    public static void manipulateCredential(
  -        Map objectModel,
  -        Item item,
  -        Role role,
  -        String area,
  -        String operation,
  -        ComponentManager manager)
  +    public void manipulateCredential(Item item, Role role, String operation)
           throws ProcessingException {
   
  -        DefaultAccessController accessController = null;
  -        ComponentSelector selector = null;
  -        AccessControllerResolver resolver = null;
  -        FilePolicyManager policyManager = null;
  -
  -        String url = computeUrl(objectModel, area);
  -
           try {
  -            selector =
  -                (ComponentSelector) manager.lookup(AccessControllerResolver.ROLE + "Selector");
  -            resolver =
  -                (AccessControllerResolver) selector.select(
  -                    AccessControllerResolver.DEFAULT_RESOLVER);
  -
  -            accessController = (DefaultAccessController) resolver.resolveAccessController(url);
  -
  -            AccreditableManager accreditableManager = accessController.getAccreditableManager();
  -            policyManager = (FilePolicyManager) accessController.getPolicyManager();
  -
  -            DefaultPolicy policy = policyManager.buildSubtreePolicy(accreditableManager,
url);
  -
  +            DefaultPolicy policy = policyManager.buildSubtreePolicy(accessController.getAccreditableManager(),
url);
               Accreditable accreditable = (Accreditable) item;
   
               if (operation.equals(ADD)) {
  @@ -307,16 +277,58 @@
   
           } catch (Exception e) {
               throw new ProcessingException("Manipulating credential failed: ", e);
  -        } finally {
  -            if (selector != null) {
  -                if (resolver != null) {
  -                    if (accessController != null) {
  -                        resolver.release(accessController);
  -                    }
  -                    selector.release(resolver);
  -                }
  -                manager.release(selector);
  +        }
  +    }
  +
  +    /**
  +     * Returns if one of the ancestors of this URL is SSL protected.
  +     * @return A boolean value.
  +     * @throws ProcessingException when something went wrong.
  +     */
  +    public boolean isAncestorSSLProtected() throws ProcessingException {
  +        boolean ssl;
  +        try {
  +            String ancestorUrl = "";
  +            int lastSlashIndex = url.lastIndexOf("/");
  +            if (lastSlashIndex != -1) {
  +                ancestorUrl = url.substring(0, lastSlashIndex);
               }
  +            Policy policy = policyManager.getPolicy(accessController.getAccreditableManager(),
ancestorUrl);
  +            ssl = policy.isSSLProtected();
  +        } catch (AccessControlException e) {
  +            throw new ProcessingException("Resolving policy failed: ", e);
  +        }
  +        return ssl;
  +    }
  +
  +    /**
  +     * Returns if this URL is SSL protected.
  +     * @return A boolean value.
  +     * @throws ProcessingException when something went wrong.
  +     */
  +    public boolean isUrlSSLProtected() throws ProcessingException {
  +        boolean ssl;
  +        try {
  +            DefaultPolicy policy = policyManager.buildSubtreePolicy(accessController.getAccreditableManager(),
url);
  +            ssl = policy.isSSLProtected();
  +        } catch (AccessControlException e) {
  +            throw new ProcessingException("Resolving policy failed: ", e);
  +        }
  +        return ssl;
  +    }
  +
  +    /**
  +     * Sets if this URL is SSL protected.
  +     * @param ssl A boolean value.
  +     * @throws ProcessingException when something went wrong.
  +     */
  +    public void setUrlSSLProtected(boolean ssl) throws ProcessingException {
  +        try {
  +            DefaultPolicy policy = policyManager.buildURLPolicy(accessController.getAccreditableManager(),
url);
  +            policy.setSSL(ssl);
  +            policyManager.saveSubtreePolicy(url, policy);
  +        } catch (AccessControlException e) {
  +            throw new ProcessingException("Resolving policy failed: ", e);
           }
       }
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-cvs-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-cvs-help@cocoon.apache.org


Mime
View raw message