portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/services JetspeedSecurity.java
Date Mon, 10 Jun 2002 05:36:19 GMT
taylor      2002/06/09 22:36:19

  Modified:    src/java/org/apache/jetspeed/modules/actions Tag:
                        security_14 CreateNewUserAndConfirm.java
                        JLoginUser.java JetspeedAccessController.java
                        JetspeedSessionValidator.java
               src/java/org/apache/jetspeed/services Tag: security_14
                        JetspeedSecurity.java
  Added:       src/java/org/apache/jetspeed/modules/actions Tag:
                        security_14 TemplateSessionValidator.java
  Log:
  - Completed basic conversion of Jetspeed to new security model.
  - Converted standard actions to use JetspeedSecurity and decouple from TurbineSecurity.
  - Disabled ACL checks. Jetspeed runs much faster without it.
  
  - Still left to complete:
    1. performant ACL implementation.
    2. Security/Profiler refactoring (AddUser, RemoveUser...)
    3. Roles and Groups.
    4. Sufficient privilege checks on all security methods
    5. Global setting to turn off all portlet security checks during aggregation
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.32.2.2  +2 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/CreateNewUserAndConfirm.java
  
  Index: CreateNewUserAndConfirm.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/CreateNewUserAndConfirm.java,v
  retrieving revision 1.32.2.1
  retrieving revision 1.32.2.2
  diff -u -r1.32.2.1 -r1.32.2.2
  --- CreateNewUserAndConfirm.java	7 Jun 2002 10:02:05 -0000	1.32.2.1
  +++ CreateNewUserAndConfirm.java	10 Jun 2002 05:36:19 -0000	1.32.2.2
  @@ -88,6 +88,7 @@
   // security
   import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.turbine.util.security.AccessControlList;
  +import org.apache.jetspeed.services.security.JetspeedSecurityException;
   
   /**
       This action validates the form input from the NewAccount Screen.
  @@ -164,7 +165,7 @@
               {
                   JetspeedSecurity.getUser(username);
               }
  -            catch(SecurityException e)
  +            catch(JetspeedSecurityException e)
               {
                   accountExists = false;
               }
  
  
  
  1.23.2.3  +34 -5     jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JLoginUser.java
  
  Index: JLoginUser.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JLoginUser.java,v
  retrieving revision 1.23.2.2
  retrieving revision 1.23.2.3
  diff -u -r1.23.2.2 -r1.23.2.3
  --- JLoginUser.java	7 Jun 2002 10:02:05 -0000	1.23.2.2
  +++ JLoginUser.java	10 Jun 2002 05:36:19 -0000	1.23.2.3
  @@ -87,6 +87,10 @@
   import org.apache.jetspeed.services.resources.JetspeedResources;
   import org.apache.jetspeed.services.JetspeedSecurity;
   import org.apache.jetspeed.services.security.JetspeedSecurityException;
  +import org.apache.jetspeed.services.security.LoginException;
  +import org.apache.jetspeed.services.security.FailedLoginException;
  +import org.apache.jetspeed.services.security.CredentialExpiredException;
  +import org.apache.jetspeed.services.security.AccountExpiredException;
   
   /**
       This class is responsible for logging a user into the system. It is also
  @@ -190,6 +194,9 @@
           {
               return;
           }
  +        
  +        String username = data.getParameters().getString("username", "");
  +        String password = data.getParameters().getString("password", "");
   
           boolean newUserApproval = JetspeedResources.getBoolean("newuser.approval.enable",
false);
           String secretkey = (String) data.getParameters().getString("secretkey", null);
  @@ -208,8 +215,6 @@
               
               // check to make sure the user entered the right confirmation key
               // if not, then send them to the ConfirmRegistration screen            
  -            String username = data.getParameters().getString("username", "");
  -            String password = data.getParameters().getString("password", "");
               JetspeedUser user = JetspeedSecurity.getUser(username);
   
               if (user == null)
  @@ -248,10 +253,34 @@
               data.setMessage (Localization.getString("JLOGINUSER_WELCOME"));
           }
           
  -        // check for valid username/password - execute Turbine LoginUser action
  -        ActionLoader.getInstance().exec(data, "LoginUser");
  +        JetspeedUser user = null;
  +        try
  +        {
  +            user = JetspeedSecurity.login(username, password);
  +        }
  +        catch (LoginException e)
  +        {
  +            if (e instanceof FailedLoginException)
  +            {
  +                Log.info("JLoginUser: Credential Failure on login", e);
  +            }
  +            else if (e instanceof AccountExpiredException)
  +            {
  +                Log.info("JLoginUser: Account Expired ", e);
  +            } 
  +            else if (e instanceof AccountExpiredException)
  +            {
  +                Log.info("JLoginUser: Credentials Expired ", e);
  +            } 
  +            data.setMessage(e.toString());
  +            String loginTemplate = JetspeedResources.getString(TurbineConstants.TEMPLATE_LOGIN);
  +            data.setScreenTemplate(loginTemplate);
  +            data.setUser(JetspeedSecurity.getAnonymousUser());
  +            data.getUser().setHasLoggedIn(new Boolean (false) );            
  +            return;
  +
  +        }
   
  -        JetspeedUser user = (JetspeedUser)data.getUser();
           if (user.getDisabled())
           {
               data.setMessage(Localization.getString("JLOGINUSER_ACCOUNT_DISABLED"));
  
  
  
  1.4.2.1   +23 -4     jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JetspeedAccessController.java
  
  Index: JetspeedAccessController.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JetspeedAccessController.java,v
  retrieving revision 1.4
  retrieving revision 1.4.2.1
  diff -u -r1.4 -r1.4.2.1
  --- JetspeedAccessController.java	14 May 2002 17:35:32 -0000	1.4
  +++ JetspeedAccessController.java	10 Jun 2002 05:36:19 -0000	1.4.2.1
  @@ -56,7 +56,7 @@
   
   import org.apache.turbine.util.RunData;
   import org.apache.turbine.om.security.User;
  -import org.apache.turbine.modules.actions.AccessController;
  +import org.apache.turbine.modules.Action;
   import org.apache.turbine.util.security.AccessControlList;
   import org.apache.turbine.services.resources.TurbineResources;
   import org.apache.turbine.modules.ActionLoader;
  @@ -72,14 +72,14 @@
       in order to get the cached ACL list from logon
     
   @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
  -@version $Id: JetspeedAccessController.java,v 1.4 2002/05/14 17:35:32 ggolden Exp $
  +@version $Id: JetspeedAccessController.java,v 1.4.2.1 2002/06/10 05:36:19 taylor Exp $
   */
   
  -public class JetspeedAccessController extends AccessController
  +public class JetspeedAccessController extends Action
   {
       public void doPerform( RunData data ) throws Exception
       {
  -        super.doPerform(data);
  +        getACL(data);
           JetspeedRunData jdata = null;
           
           try
  @@ -106,4 +106,23 @@
           }
    
       }
  +
  +    protected void getACL(RunData data)
  +    {
  +    
  +        if ( data.getUser() != null && data.getUser().hasLoggedIn() )
  +        {
  +            AccessControlList acl = (AccessControlList)
  +                data.getSession().getValue(AccessControlList.SESSION_KEY);
  +            if ( acl == null )
  +            {
  +                //acl = TurbineSecurity.getACL( data.getUser() );
  +                acl = null;
  +                data.getSession().putValue( AccessControlList.SESSION_KEY,
  +                                            (Object)acl );
  +            }
  +            data.setACL(acl);
  +        }
  +    }
  +
   }
  
  
  
  1.17.2.1  +3 -4      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JetspeedSessionValidator.java
  
  Index: JetspeedSessionValidator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/JetspeedSessionValidator.java,v
  retrieving revision 1.17
  retrieving revision 1.17.2.1
  diff -u -r1.17 -r1.17.2.1
  --- JetspeedSessionValidator.java	7 May 2002 15:16:08 -0000	1.17
  +++ JetspeedSessionValidator.java	10 Jun 2002 05:36:19 -0000	1.17.2.1
  @@ -59,13 +59,12 @@
   
   import org.apache.turbine.util.RunData;
   import org.apache.turbine.util.Log;
  -import org.apache.turbine.util.security.UnknownEntityException;
   import org.apache.turbine.om.security.User;
  -import org.apache.turbine.modules.actions.sessionvalidator.TemplateSessionValidator;
   import org.apache.turbine.services.resources.TurbineResources;
   
   import org.apache.jetspeed.om.profile.Profile;
   import org.apache.jetspeed.services.JetspeedSecurity;
  +import org.apache.jetspeed.services.security.LoginException;
   import org.apache.jetspeed.services.Profiler;
   import org.apache.jetspeed.services.rundata.JetspeedRunData;
   import org.apache.jetspeed.services.resources.JetspeedResources;
  @@ -83,7 +82,7 @@
   @author <a href="mailto:ingo@raleigh.ibm.com">Ingo Schuster</a>
   @author <a href="mailto:raphael@apache.org">RaphaŽl Luta</a>
   @author <a href="mailto:sgala@apache.org">Santiago Gala</a>
  -@version $Id: JetspeedSessionValidator.java,v 1.17 2002/05/07 15:16:08 ggolden Exp $
  +@version $Id: JetspeedSessionValidator.java,v 1.17.2.1 2002/06/10 05:36:19 taylor Exp $
   */
   public class JetspeedSessionValidator extends TemplateSessionValidator
   {
  @@ -122,7 +121,7 @@
                     user.updateLastLogin();
                     data.save();
                   }
  -              } catch (UnknownEntityException noSuchUser) {
  +              } catch (LoginException noSuchUser) {
                   //user not found - ignore it - they will not be logged in automatically
                 }
               }
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.1.2.1   +171 -0    jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/Attic/TemplateSessionValidator.java
  
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.10.2.7  +3 -2      jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java
  
  Index: JetspeedSecurity.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/JetspeedSecurity.java,v
  retrieving revision 1.10.2.6
  retrieving revision 1.10.2.7
  diff -u -r1.10.2.6 -r1.10.2.7
  --- JetspeedSecurity.java	7 Jun 2002 10:02:06 -0000	1.10.2.6
  +++ JetspeedSecurity.java	10 Jun 2002 05:36:19 -0000	1.10.2.7
  @@ -90,7 +90,7 @@
    * 
    * @see org.apache.jetspeed.services.security.JetspeedSecurityService
    * @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
  - * @version $Id: JetspeedSecurity.java,v 1.10.2.6 2002/06/07 10:02:06 taylor Exp $
  + * @version $Id: JetspeedSecurity.java,v 1.10.2.7 2002/06/10 05:36:19 taylor Exp $
    */
   
   abstract public class JetspeedSecurity /* extends TurbineSecurity */
  @@ -444,7 +444,8 @@
          throws org.apache.turbine.util.security.DataBackendException, 
                 org.apache.turbine.util.security.UnknownEntityException
       {
  -        return org.apache.turbine.services.security.TurbineSecurity.getACL(user);
  +        return null;
  +        //return org.apache.turbine.services.security.TurbineSecurity.getACL(user);
       }
       
       public static org.apache.turbine.om.security.Role getRole( String roleName )
  
  
  

--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message