portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject cvs commit: jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/engine/servlet ServletRequestImpl.java
Date Sun, 17 Oct 2004 16:18:21 GMT
ate         2004/10/17 09:18:21

  Modified:    portal/src/java/org/apache/jetspeed/engine/servlet
                        ServletRequestImpl.java
  Log:
  Removed isUserInRole(roleName) because it is now provided by Pluto itself (in its PortletRequestImpl,
see issue: PLUTO-46) and is conflicting with
  our own implementation.
  
  Furthermore, our implementation did a roleName/roleLink lookup from portlet.xml definition
(to be able to handle
  the fact Pluto initiall didn't do it yet) which was *not* according to the specs.
  The specs says HttpServletRequest.isUserInRole(roleName) "must provide the functionality
defined by the Servlet Specification 2.3" (PLT.16.3.3, cxxxvi).
  This means that roleName must *only* be checked against web.xml definition, which should
be done by the ServletContainer itself (hence the removal of this method).
  
  A less nice consequence of this is that potentially different roleNames must be used when
mixing Portlet and Servlet functionality within a PortletApplication:
  the abstraction of portlet.xml:roleName->roleLink->web.xml:roleName is not available
from the HttpServletRequest.isUserInRole(roleName).
  Our  Role Security Test portlet did indeed *misuse* this feature by checking the same roleName
against portlet and servlet request.
  I also fixed that and the portlet now again correctly shows the roles of the logged on user.
  
  Revision  Changes    Path
  1.30      +1 -48     jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/engine/servlet/ServletRequestImpl.java
  
  Index: ServletRequestImpl.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/portal/src/java/org/apache/jetspeed/engine/servlet/ServletRequestImpl.java,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -u -r1.29 -r1.30
  --- ServletRequestImpl.java	15 Oct 2004 21:44:32 -0000	1.29
  +++ ServletRequestImpl.java	17 Oct 2004 16:18:20 -0000	1.30
  @@ -33,14 +33,9 @@
   import org.apache.jetspeed.container.url.PortalURL;
   import org.apache.jetspeed.request.JetspeedRequestContext;
   import org.apache.jetspeed.request.RequestContext;
  -import org.apache.pluto.om.common.SecurityRole;
  -import org.apache.pluto.om.common.SecurityRoleRef;
  -import org.apache.pluto.om.common.SecurityRoleRefSet;
  -import org.apache.pluto.om.common.SecurityRoleSet;
   import org.apache.pluto.om.entity.PortletApplicationEntity;
   import org.apache.pluto.om.entity.PortletEntity;
   import org.apache.pluto.om.portlet.PortletApplicationDefinition;
  -import org.apache.pluto.om.portlet.PortletDefinition;
   import org.apache.pluto.om.window.PortletWindow;
   import org.apache.pluto.util.Enumerator;
   import org.apache.pluto.util.NamespaceMapper;
  @@ -165,48 +160,6 @@
       public String[] getParameterValues( String name )
       {
           return (String[]) this.getParameterMap().get(name);
  -    }
  -
  -    /**
  -     * @see javax.servlet.http.HttpServletRequest#isUserInRole(java.lang.String)
  -     */
  -    public boolean isUserInRole( String roleName )
  -    {
  -        if (roleName == null)
  -        {
  -            return false;
  -        }
  -        if (roleName.length() > 0)
  -        {
  -            PortletDefinition portletDefinition = portletWindow.getPortletEntity().getPortletDefinition();
  -            SecurityRoleRefSet roleRefSet = portletDefinition.getInitSecurityRoleRefSet();
  -            SecurityRoleSet roleSet = portletDefinition.getPortletApplicationDefinition().getWebApplicationDefinition()
  -                    .getSecurityRoles();
  -
  -            Iterator roleRefIter = roleRefSet.iterator();
  -            while (roleRefIter.hasNext())
  -            {
  -                SecurityRoleRef roleRef = (SecurityRoleRef) roleRefIter.next();
  -                if (roleName.equals(roleRef.getRoleName()))
  -                {
  -                    String roleLinkName = roleRef.getRoleLink();
  -                    if (roleLinkName == null || roleLinkName.length() == 0)
  -                    {
  -                        roleLinkName = roleName;
  -                    }
  -                    Iterator roleIter = roleSet.iterator();
  -                    while (roleIter.hasNext())
  -                    {
  -                        SecurityRole role = (SecurityRole) roleIter.next();
  -                        if (roleLinkName.equals(role.getRoleName()))
  -                            return super.isUserInRole(roleLinkName);
  -                    }
  -                    return false;
  -                }
  -
  -            }
  -        }
  -        return false;
       }
   
       /**
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message