portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dlest...@apache.org
Subject svn commit: r373218 [1/2] - in /portals/jetspeed-2/trunk: applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/ applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/ commons/src/java/org/apache/jetspeed/security/ compo...
Date Sat, 28 Jan 2006 19:09:59 GMT
Author: dlestrat
Date: Sat Jan 28 11:09:33 2006
New Revision: 373218

URL: http://svn.apache.org/viewcvs?rev=373218&view=rev
Log:
Committing contribution from David Jencks.

For detail, see https://issues.apache.org/jira/browse/JS2-475.

Modified:
    portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java
    portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java
    portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java
    portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java
    portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java
    portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java
    portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/psml/AbstractNode.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/impl/DatabasePageManager.java
    portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/psml/CastorXmlPageManager.java
    portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/TestCastorXmlPageManager.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/PortletAggregatorFragmentImpl.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/AddPortletAction.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/BasePortletAction.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPageAction.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPagesAction.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPortletsAction.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/MovePortletAction.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityPathBehavior.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/RemovePortletAction.java
    portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/velocity/PageActionAccess.java
    portals/jetspeed-2/trunk/components/portal/src/test/resources/assembly/test-layout-api.xml
    portals/jetspeed-2/trunk/components/registry/src/test/org/apache/jetspeed/components/portletentity/TestPortletEntityDAO.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/om/common/SecuredResource.java

Modified: portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java (original)
+++ portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java Sat Jan 28 11:09:33 2006
@@ -15,52 +15,34 @@
  */
 package org.apache.jetspeed.portlets.customizer;
 
-import java.io.File;
 import java.io.IOException;
-import java.io.Serializable;
-import java.sql.Types;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
+import java.security.AccessControlException;
+import java.security.AccessController;
 import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
-import java.util.Map;
-import java.util.ResourceBundle;
 
-import javax.portlet.ActionRequest;
-import javax.portlet.ActionResponse;
 import javax.portlet.PortletConfig;
 import javax.portlet.PortletContext;
 import javax.portlet.PortletException;
-import javax.portlet.PortletRequest;
-import javax.portlet.PortletResponse;
 import javax.portlet.RenderRequest;
 import javax.portlet.RenderResponse;
 import javax.security.auth.Subject;
 
 import org.apache.jetspeed.CommonPortletServices;
+import org.apache.jetspeed.JetspeedActions;
 import org.apache.jetspeed.PortalReservedParameters;
 import org.apache.jetspeed.components.portletregistry.PortletRegistry;
-import org.apache.jetspeed.om.common.SecuredResource;
 import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
 import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
 import org.apache.jetspeed.page.PageManager;
 import org.apache.jetspeed.portlets.PortletInfo;
 import org.apache.jetspeed.portlets.pam.PortletApplicationResources;
 import org.apache.jetspeed.request.RequestContext;
-import org.apache.jetspeed.search.ParsedObject;
-import org.apache.jetspeed.search.SearchEngine;
-import org.apache.jetspeed.security.PermissionManager;
 import org.apache.jetspeed.security.PortletPermission;
-import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.User;
-import org.apache.jetspeed.security.UserManager;
-import org.apache.portals.bridges.frameworks.model.ModelBean;
 import org.apache.portals.bridges.velocity.AbstractVelocityMessagingPortlet;
 import org.apache.portals.gems.util.StatusMessage;
-import org.apache.portals.gems.util.ValidationHelper;
 import org.apache.portals.messaging.PortletMessaging;
 import org.apache.velocity.context.Context;
 
@@ -73,7 +55,6 @@
 public class CustomizerPortlet extends AbstractVelocityMessagingPortlet
 {
     protected PortletRegistry registry;
-    protected PermissionManager permissionManager;
     protected PageManager pageManager;
 
     public void init(PortletConfig config)
@@ -86,11 +67,6 @@
         {
             throw new PortletException("Failed to find the Portlet Registry on portlet initialization");
         }        
-        permissionManager = (PermissionManager)context.getAttribute(CommonPortletServices.CPS_PERMISSION_MANAGER);
-        if (null == permissionManager)
-        {
-            throw new PortletException("Failed to find the Permission Manager on portlet initialization");
-        }
         pageManager = (PageManager)context.getAttribute(CommonPortletServices.CPS_PAGE_MANAGER_COMPONENT);
         if (null == pageManager)
         {
@@ -154,14 +130,14 @@
             
             // SECURITY filtering
             String uniqueName = appName + "::" + portlet.getName();
-            if (subject != null)
+            try
+            {
+                AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), JetspeedActions.MASK_VIEW));
+                list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale), portlet.getDescriptionText(locale)));
+            }
+            catch (AccessControlException ace)
             {
-                if (permissionManager.checkPermission(subject, 
-                    new PortletPermission(portlet.getUniqueName(), 
-                    SecuredResource.VIEW_ACTION, subject )))
-                {
-                    list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale), portlet.getDescriptionText(locale)));
-                }
+                //continue
             }
         }
         this.publishRenderMessage(request, PORTLET_LIST, list);

Modified: portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java (original)
+++ portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java Sat Jan 28 11:09:33 2006
@@ -15,6 +15,8 @@
 package org.apache.jetspeed.portlets.selector;
 
 import java.io.IOException;
+import java.security.AccessControlException;
+import java.security.AccessController;
 import java.sql.Types;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -35,9 +37,9 @@
 import javax.security.auth.Subject;
 
 import org.apache.jetspeed.CommonPortletServices;
+import org.apache.jetspeed.JetspeedActions;
 import org.apache.jetspeed.PortalReservedParameters;
 import org.apache.jetspeed.components.portletregistry.PortletRegistry;
-import org.apache.jetspeed.om.common.SecuredResource;
 import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
 import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite;
 import org.apache.jetspeed.portlets.PortletInfo;
@@ -45,7 +47,6 @@
 import org.apache.jetspeed.request.RequestContext;
 import org.apache.jetspeed.search.ParsedObject;
 import org.apache.jetspeed.search.SearchEngine;
-import org.apache.jetspeed.security.PermissionManager;
 import org.apache.jetspeed.security.PortletPermission;
 import org.apache.portals.gems.browser.BrowserIterator;
 import org.apache.portals.gems.browser.BrowserPortlet;
@@ -67,7 +68,6 @@
 
     protected PortletRegistry registry;
     protected SearchEngine searchEngine;
-    protected PermissionManager permissionManager;
     
     public void init(PortletConfig config)
     throws PortletException 
@@ -83,11 +83,6 @@
         if (null == searchEngine)
         {
             throw new PortletException("Failed to find the Search Engine on portlet initialization");
-        }
-        permissionManager = (PermissionManager)context.getAttribute(CommonPortletServices.CPS_PERMISSION_MANAGER);
-        if (null == permissionManager)
-        {
-            throw new PortletException("Failed to find the Permission Manager on portlet initialization");
         }        
         
     }
@@ -261,19 +256,19 @@
                 
                 // SECURITY filtering
                 String uniqueName = appName + "::" + portlet.getName();
-                if (subject != null)
+                try
                 {
-                    if (permissionManager.checkPermission(subject, 
-                        new PortletPermission(portlet.getUniqueName(), 
-                        SecuredResource.VIEW_ACTION, subject )))
+                    AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), JetspeedActions.MASK_VIEW));
+                    String name = portlet.getDisplayNameText(locale);
+                    if (name == null)
                     {
-                        String name = portlet.getDisplayNameText(locale);
-                        if (name == null)
-                        {
-                            name = portlet.getName();
-                        }
-                        list.add(new PortletInfo(uniqueName, name, portlet.getDescriptionText(locale)));
+                        name = portlet.getName();
                     }
+                    list.add(new PortletInfo(uniqueName, name, portlet.getDescriptionText(locale)));
+                }
+                catch (AccessControlException ace)
+                {
+                    //continue
                 }
             }            
             BrowserIterator iterator = new PortletIterator(

Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java Sat Jan 28 11:09:33 2006
@@ -15,36 +15,26 @@
 package org.apache.jetspeed.security;
 
 import java.security.Permission;
-import java.security.PermissionCollection;
-import java.util.StringTokenizer;
-
-import javax.security.auth.Subject;
-
-//import org.apache.commons.logging.Log;
-//import org.apache.commons.logging.LogFactory;
-import org.apache.jetspeed.JetspeedActions;
-import org.apache.jetspeed.security.PortalResourcePermission;
-import org.apache.jetspeed.security.PortalResourcePermissionCollection;
 
 /**
  * <p>Folder permission.</p>
  * <p>This code was partially inspired from:</p>
  * <ul>
- *    <li>The article : <a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- *    Extend JAAS for class instance-level authorization.</a></li>
- *    <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
+ * <li>The article : <a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
+ * <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
  * </ul>
- * 
+ * <p/>
  * This class represents access to a portal content/folder or document.  A FolderPermission consists
  * of a pathname and a set of actions valid for that pathname.
- * <P>
+ * <p/>
  * Pathname is the pathname of the folder or document granted the specified
  * actions. A pathname that ends in "/*" (where "/" is
- * the  separator character) indicates all the folders and documents contained in that folder. 
+ * the  separator character) indicates all the folders and documents contained in that folder.
  * A pathname that ends with "/-" indicates (recursively) all documents
  * and subfolders contained in that directory. A pathname consisting of
  * the special token "&lt;&lt;ALL FILES&gt;&gt;" matches <b>any</b> folder or document.
- * <P>
+ * <p/>
  *
  * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
  * @author <a href="mailto:christophe.lombart@sword-technologies.com">Christophe Lombart</a>
@@ -52,241 +42,203 @@
  */
 public class FolderPermission extends PortalResourcePermission
 {
-   public static final char RECURSIVE_CHAR = '-';
-   public static final char WILD_CHAR = '*';
-   public static final String WILD_CHAR_STR = new String(new char[]{WILD_CHAR});
-   public static final char FOLDER_SEPARATOR = '/';
-   public static final String FOLDER_SEPARATOR_STR = new String(new char[]{FOLDER_SEPARATOR});
-
-   //private final static Log log = LogFactory.getLog(FolderPermission.class);
-
-   // does path indicate a folder? (wildcard or recursive)
-   private transient boolean folder;
-
-   // is it a recursive directory specification?
-   private transient boolean recursive;
-
-   private transient String cpath;
-
-   /**
-    * <p>Constructor for FolderPermission.</p>
-    * @param name The portlet name.
-    * @param actions The actions on the portlet.
-    */
-   public FolderPermission(String name, String actions)
-   {
-       this(name, actions, null);
-   }
-
-   /**
-    * <p>Constructor for FolderPermission.</p>
-    * @param name The portlet name.
-    * @param actions The actions on the portlet.
-    */
-   public FolderPermission(String name, String actions, Subject subject)
-   {
-       super(name, actions, subject);
-       parseActions(actions);
-       this.subject = subject;
-   }
-
-
-   /**
-    * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
-    * @see java.security.Permission#newPermissionCollection()
-    */
-   public PermissionCollection newPermissionCollection()
-   {
-       return new PortalResourcePermissionCollection();
-   }
-
-   /**
-    * <p>Parses the actions string.</p>
-    * <p>Actions are separated by commas or white space.</p>
-    * @param actions The actions
-    */
-   private void parseActions(String actions)
-   {
-       mask = 0;
-       if (actions != null)
-       {
-           StringTokenizer tokenizer = new StringTokenizer(actions, ",\t ");
-           while (tokenizer.hasMoreTokens())
-           {
-               String token = tokenizer.nextToken();
-               if (token.equals(JetspeedActions.VIEW))
-                   mask |= JetspeedActions.MASK_VIEW;
-               else if (token.equals(JetspeedActions.VIEW) || token.equals(JetspeedActions.RESTORE))
-                   mask |= JetspeedActions.MASK_VIEW;
-               else if (token.equals(JetspeedActions.EDIT))
-                   mask |= JetspeedActions.MASK_EDIT;
-               else if (token.equals(JetspeedActions.MINIMIZE))
-                   mask |= JetspeedActions.MASK_MINIMIZE;
-               else if (token.equals(JetspeedActions.MAXIMIZE))
-                   mask |= JetspeedActions.MASK_MAXIMIZE;
-               else if (token.equals(JetspeedActions.HELP))
-                   mask |= JetspeedActions.MASK_HELP;
-               else if (token.equals(JetspeedActions.SECURE))
-                   mask |= JetspeedActions.MASK_SECURE;
-               else
-                   throw new IllegalArgumentException("Unknown action: " + token);
-           }
-       }
-
-       if ((cpath = getName()) == null)
-           throw new NullPointerException("name can't be null");
-
-       if (cpath.equals("<<ALL FILES>>"))
-       {
-           folder = true;
-           recursive = true;
-           cpath = "";
-           return;
-       }
-       int len = cpath.length();
-
-       if (len == 0)
-       {
-           throw new IllegalArgumentException("invalid folder reference");
-       }
-
-       char last = cpath.charAt(len - 1);
-
-       if (last == RECURSIVE_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR))
-       {
-           folder = true;
-           recursive = true;
-           cpath = cpath.substring(0, --len);
-       }
-       else if (last == WILD_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR))
-       {
-           folder = true;
-           //recursive = false;
-           cpath = cpath.substring(0, --len);
-       }
-   }
-
-   /**
-    * Checks if this FolderPermission object "implies" the specified permission.
-    * <P>
-    * More specifically, this method returns true if:<p>
-    * <ul>
-    * <li> <i>p</i> is an instanceof FolderPermission,<p>
-    * <li> <i>p</i>'s actions are a proper subset of this
-    * object's actions, and <p>
-    * <li> <i>p</i>'s pathname is implied by this object's
-    *      pathname. For example, "/tmp/*" implies "/tmp/foo", since
-    *      "/tmp/*" encompasses the "/tmp" folder and all subfolders or documents in that
-    *      directory, including the one named "foo".
-    * </ul>
-    * @param p the permission to check against.
-    *
-    * @return true if the specified permission is implied by this object,
-    * false if not.  
-    */
-   public boolean implies(Permission p)
-   {
-       if (!(p instanceof FolderPermission))
-       {
-           return false;
-       }
-
-       FolderPermission that = (FolderPermission) p;
-       return ((this.mask & that.mask) == that.mask) && impliesIgnoreMask(that);
-   }
-
-   /**
-    * Checks if the Permission's actions are a proper subset of the
-    * this object's actions. Returns the effective mask iff the
-    * this FolderPermission's path also implies that FolderPermission's path.
-    * 
-    * @param that the FolderPermission to check against.
-    * @return the effective mask
-    */
-   boolean impliesIgnoreMask(FolderPermission that)
-   {
-       if (this.folder)
-       {
-           if (this.recursive)
-           {
-               // make sure that.path is longer then path so
-               // something like /foo/- does not imply /foo
-               if (that.folder)
-               {
-                   return (that.cpath.length() >= this.cpath.length()) && that.cpath.startsWith(this.cpath);
-               }
-               else
-               {
-                   return ((that.cpath.length() > this.cpath.length()) && that.cpath.startsWith(this.cpath));
-               }
-           }
-           else
-           {
-               if (that.folder)
-               {
-                   // if the permission passed in is a folder
-                   // specification, make sure that a non-recursive
-                   // permission (i.e., this object) can't imply a recursive
-                   // permission.
-                   if (that.recursive)
-                       return false;
-                   else
-                       return (this.cpath.equals(that.cpath));
-               }
-               else
-               {
-                   int last = that.cpath.lastIndexOf(FOLDER_SEPARATOR);
-                   if (last == -1)
-                       return false;
-                   else
-                   {
-                       // this.cpath.equals(that.cpath.substring(0, last+1));
-                       // Use regionMatches to avoid creating new string
-
-                       return (this.cpath.length() == (last + 1)) && this.cpath.regionMatches(0, that.cpath, 0, last + 1);
-                   }
-               }
-           }
-       }
-       else
-       {
-           return (this.cpath.equals(that.cpath));
-       }
-   }
-
-   /**
-    * Checks two FolderPermission objects for equality. Checks that <i>obj</i> is
-    * a FolderPermission, and has the same pathname and actions as this object.
-    * <P>
-    * @param obj the object we are testing for equality with this object.
-    * @return true if obj is a FolderPermission, and has the same pathname and
-    * actions as this FolderPermission object.
-    */
-   public boolean equals(Object obj)
-   {
-       if (obj == this)
-           return true;
-
-       if (!(obj instanceof FolderPermission))
-           return false;
-
-       FolderPermission that = (FolderPermission) obj;
-
-       return (this.mask == that.mask) && this.cpath.equals(that.cpath) && (this.folder == that.folder)
-               && (this.recursive == that.recursive);
-   }
-
-   /**
-    * Returns the hash code value for this object.
-    * 
-    * @return a hash code value for this object.
-    */
-
-   public int hashCode()
-   {
-       return this.cpath.hashCode();
-   }
-   
-   
+    public static final char RECURSIVE_CHAR = '-';
+    public static final char WILD_CHAR = '*';
+    public static final String WILD_CHAR_STR = new String(new char[]{WILD_CHAR});
+    public static final char FOLDER_SEPARATOR = '/';
+    public static final String FOLDER_SEPARATOR_STR = new String(new char[]{FOLDER_SEPARATOR});
+
+    // does path indicate a folder? (wildcard or recursive)
+    private boolean folder;
+
+    // is it a recursive directory specification?
+    private boolean recursive;
+
+    private String cpath;
+
+    /**
+     * <p>Constructor for FolderPermission.</p>
+     *
+     * @param name    The portlet name.
+     * @param actions The actions on the portlet.
+     */
+    public FolderPermission(String name, String actions)
+    {
+        super(name, actions);
+        parsePath();
+    }
+
+    /**
+     * <p>Constructor for FolderPermission.</p>
+     *
+     * @param name The portlet name.
+     * @param mask The mask of actions on the portlet.
+     */
+    public FolderPermission(String name, int mask)
+    {
+        super(name, mask);
+        parsePath();
+    }
+
+    /**
+     * <p>Parses the path.</p>
+     */
+    private void parsePath()
+    {
+        if ((cpath = getName()) == null)
+            throw new NullPointerException("name can't be null");
+
+        if (cpath.equals("<<ALL FILES>>"))
+        {
+            folder = true;
+            recursive = true;
+            cpath = "";
+            return;
+        }
+        int len = cpath.length();
+
+        if (len == 0)
+        {
+            throw new IllegalArgumentException("invalid folder reference");
+        }
+
+        char last = cpath.charAt(len - 1);
+
+        if (last == RECURSIVE_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR))
+        {
+            folder = true;
+            recursive = true;
+            cpath = cpath.substring(0, --len);
+        }
+        else if (last == WILD_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR))
+        {
+            folder = true;
+            //recursive = false;
+            cpath = cpath.substring(0, --len);
+        }
+    }
+
+    /**
+     * Checks if this FolderPermission object "implies" the specified permission.
+     * <p/>
+     * More specifically, this method returns true if:<p>
+     * <ul>
+     * <li> <i>p</i> is an instanceof FolderPermission,<p>
+     * <li> <i>p</i>'s actions are a proper subset of this
+     * object's actions, and <p>
+     * <li> <i>p</i>'s pathname is implied by this object's
+     * pathname. For example, "/tmp/*" implies "/tmp/foo", since
+     * "/tmp/*" encompasses the "/tmp" folder and all subfolders or documents in that
+     * directory, including the one named "foo".
+     * </ul>
+     *
+     * @param p the permission to check against.
+     * @return true if the specified permission is implied by this object,
+     *         false if not.
+     */
+    public boolean implies(Permission p)
+    {
+        if (!(p instanceof FolderPermission))
+        {
+            return false;
+        }
+
+        FolderPermission that = (FolderPermission) p;
+        return ((this.mask & that.mask) == that.mask) && impliesIgnoreMask(that);
+    }
+
+    /**
+     * Checks if the Permission's actions are a proper subset of the
+     * this object's actions. Returns the effective mask iff the
+     * this FolderPermission's path also implies that FolderPermission's path.
+     *
+     * @param that the FolderPermission to check against.
+     * @return the effective mask
+     */
+    boolean impliesIgnoreMask(FolderPermission that)
+    {
+        if (this.folder)
+        {
+            if (this.recursive)
+            {
+                // make sure that.path is longer then path so
+                // something like /foo/- does not imply /foo
+                if (that.folder)
+                {
+                    return (that.cpath.length() >= this.cpath.length()) && that.cpath.startsWith(this.cpath);
+                }
+                else
+                {
+                    return ((that.cpath.length() >= this.cpath.length()) && that.cpath.startsWith(this.cpath));
+                }
+            }
+            else
+            {
+                if (that.folder)
+                {
+                    // if the permission passed in is a folder
+                    // specification, make sure that a non-recursive
+                    // permission (i.e., this object) can't imply a recursive
+                    // permission.
+                    if (that.recursive)
+                        return false;
+                    else
+                        return (this.cpath.equals(that.cpath));
+                }
+                else
+                {
+                    int last = that.cpath.lastIndexOf(FOLDER_SEPARATOR);
+                    if (last == -1)
+                        return false;
+                    else
+                    {
+                        // this.cpath.equals(that.cpath.substring(0, last+1));
+                        // Use regionMatches to avoid creating new string
+
+                        return (this.cpath.length() == (last + 1)) && this.cpath.regionMatches(0, that.cpath, 0, last + 1);
+                    }
+                }
+            }
+        }
+        else
+        {
+            return (this.cpath.equals(that.cpath));
+        }
+    }
+
+    /**
+     * Checks two FolderPermission objects for equality. Checks that <i>obj</i> is
+     * a FolderPermission, and has the same pathname and actions as this object.
+     * <p/>
+     *
+     * @param obj the object we are testing for equality with this object.
+     * @return true if obj is a FolderPermission, and has the same pathname and
+     *         actions as this FolderPermission object.
+     */
+    public boolean equals(Object obj)
+    {
+        if (obj == this)
+            return true;
+
+        if (!(obj instanceof FolderPermission))
+            return false;
+
+        FolderPermission that = (FolderPermission) obj;
+
+        return (this.mask == that.mask) && this.cpath.equals(that.cpath) && (this.folder == that.folder)
+                && (this.recursive == that.recursive);
+    }
+
+    /**
+     * Returns the hash code value for this object.
+     *
+     * @return a hash code value for this object.
+     */
+
+    public int hashCode()
+    {
+        return this.cpath.hashCode();
+    }
+
 
-}
+}
\ No newline at end of file

Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java Sat Jan 28 11:09:33 2006
@@ -14,56 +14,53 @@
 */
 package org.apache.jetspeed.security;
 
-import java.security.AccessControlContext;
-import java.security.AccessController;
 import java.security.Permission;
-import java.security.PermissionCollection;
-
-import javax.security.auth.Subject;
 
 /**
  * <p>Fragment permission.</p>
  * <p>This code was partially inspired from articles from:</p>
  * <ul>
- *    <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- *    Extend JAAS for class instance-level authorization.</a></li>
- *    <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
+ * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
+ * <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
  * </ul>
- *
+ * <p/>
  * This class represents access to a fragment within a
  * content document.  A FragmentPermission consists
  * of a path, fragment name, or a simple fragment name
  * pattern and a set of actions valid for that pathname.
- * <P>
+ * <p/>
  * Here are some examples of valid fragment permissions names:
- *    <li>"/folder/page.psml/app::portlet" matches fragments
- *        within a page for a specified portlet contained in a app<li>
- *    <li>"security::*" matches fragments for portlets from the security app<li>
- *    <li>"&lt;&lt;ALL FRAGMENTS&gt;&gt;" matches <b>any</b> fragment<li>
- * <P>
+ * <li>"/folder/page.psml/app::portlet" matches fragments
+ * within a page for a specified portlet contained in a app<li>
+ * <li>"security::*" matches fragments for portlets from the security app<li>
+ * <li>"&lt;&lt;ALL FRAGMENTS&gt;&gt;" matches <b>any</b> fragment<li>
+ * <p/>
  *
  * @author <a href="mailto:rwatler@apache.org">Randy Watler</a>
  */
 public class FragmentPermission extends PortalResourcePermission
-{    
+{
     /**
      * <p>Constructor for FragmentPermission.</p>
-     * @param name The fragment name.
+     *
+     * @param name    The fragment name.
      * @param actions The actions on the fragment.
      */
     public FragmentPermission(String name, String actions)
     {
-        this(name, actions, null);
+        super(name, actions);
     }
 
     /**
      * <p>Constructor for FragmentPermission.</p>
+     *
      * @param name The fragment name.
-     * @param actions The actions on the fragment.
+     * @param mask The mask of actions on the fragment.
      */
-    public FragmentPermission(String name, String actions, Subject subject)
+    public FragmentPermission(String name, int mask)
     {
-        super(name, actions, subject);
+        super(name, mask);
     }
 
     public boolean implies(Permission permission)
@@ -89,16 +86,16 @@
                 ruleName = ruleName.substring(0, ruleName.length() - 3);
                 testName = testName.substring(0, testNamesSeparator);
             }
-            
+
             // trim path components from test name if rule
             // is not prefixed with the path
             if (!ruleName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR) &&
-                testName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR))
+                    testName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR))
             {
                 int testPathIndex = testName.lastIndexOf(FolderPermission.FOLDER_SEPARATOR);
                 testName = testName.substring(testPathIndex + 1);
             }
-            
+
             // remaining name parts must match
             if (!ruleName.equals(testName))
             {
@@ -106,37 +103,22 @@
             }
         }
 
-        // Get the subject.
-        // It was either provide in the constructor.
-        Subject user = fragmentPerm.getSubject();
-        // Or we get it from the AccessControlContext.
-        if (null == user)
-        {
-            AccessControlContext context = AccessController.getContext();
-            user = Subject.getSubject(context);
-        }
-        // No user was passed.  The permission must be denied.
-        if (null == user)
-        {
-            return false;
-        }
-
-        // The action bits in FragmentPerm (permission) 
+        // The action bits in FragmentPerm (permission)
         // must be set in the current mask permission.
-        if ((mask & fragmentPerm.mask) != fragmentPerm.mask)
-        {
-            return false;
-        }
+        return (mask & fragmentPerm.mask) == fragmentPerm.mask;
 
-        return true;
     }
 
     /**
-     * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
-     * @see java.security.Permission#newPermissionCollection()
+     * @see java.security.Permission#equals(Object)
      */
-    public PermissionCollection newPermissionCollection()
+    public boolean equals(Object object)
     {
-        return new PortalResourcePermissionCollection();
+        if (!(object instanceof FragmentPermission))
+            return false;
+
+        FragmentPermission p = (FragmentPermission) object;
+        return ((p.mask == mask) && (p.getName().equals(getName())));
     }
-}
+
+}
\ No newline at end of file

Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java Sat Jan 28 11:09:33 2006
@@ -14,42 +14,40 @@
 */
 package org.apache.jetspeed.security;
 
-import java.security.AccessControlContext;
-import java.security.AccessController;
 import java.security.Permission;
-import java.security.PermissionCollection;
-
-import javax.security.auth.Subject;
 
 /**
  * <p>Folder permission.</p>
  * <p>This code was partially inspired from articles from:</p>
  * <ul>
- *    <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- *    Extend JAAS for class instance-level authorization.</a></li>
+ * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
  * </ul>
+ *
  * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
  */
 public class PagePermission extends PortalResourcePermission
-{    
+{
     /**
      * <p>Constructor for PagePermission.</p>
-     * @param name The portlet name.
+     *
+     * @param name    The portlet name.
      * @param actions The actions on the portlet.
      */
     public PagePermission(String name, String actions)
     {
-        this(name, actions, null);
+        super(name, actions);
     }
 
     /**
      * <p>Constructor for PagePermission.</p>
+     *
      * @param name The portlet name.
-     * @param actions The actions on the portlet.
+     * @param mask The mask for actions on the portlet.
      */
-    public PagePermission(String name, String actions, Subject subject)
+    public PagePermission(String name, int mask)
     {
-        super(name, actions, subject);
+        super(name, mask);
     }
 
     public boolean implies(Permission permission)
@@ -61,7 +59,7 @@
             return false;
         }
 
-        // The portlet name must be the same.
+        // The page name must be the same.
         if (!(permission.getName().equals(getName())))
         {
             return false;
@@ -69,38 +67,22 @@
 
         PagePermission pagePerm = (PagePermission) permission;
 
-        // Get the subject.
-        // It was either provide in the constructor.
-        Subject user = pagePerm.getSubject();
-        // Or we get it from the AccessControlContext.
-        if (null == user)
-        {
-            AccessControlContext context = AccessController.getContext();
-            user = Subject.getSubject(context);
-        }
-        // No user was passed.  The permission must be denied.
-        if (null == user)
-        {
-            return false;
-        }
-
-        // The action bits in PagePerm (permission) 
+        // The action bits in PagePerm (permission)
         // must be set in the current mask permission.
-        if ((mask & pagePerm.mask) != pagePerm.mask)
-        {
-            return false;
-        }
+        return (mask & pagePerm.mask) == pagePerm.mask;
 
-        return true;
     }
 
     /**
-     * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
-     * @see java.security.Permission#newPermissionCollection()
+     * @see java.security.Permission#equals(Object)
      */
-    public PermissionCollection newPermissionCollection()
+    public boolean equals(Object object)
     {
-        return new PortalResourcePermissionCollection();
+        if (!(object instanceof PagePermission))
+            return false;
+
+        PagePermission p = (PagePermission) object;
+        return ((p.mask == mask) && (p.getName().equals(getName())));
     }
 
 }

Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java Sat Jan 28 11:09:33 2006
@@ -14,66 +14,64 @@
 */
 package org.apache.jetspeed.security;
 
+import org.apache.jetspeed.JetspeedActions;
+
 import java.security.Permission;
+import java.security.PermissionCollection;
 import java.util.StringTokenizer;
 
-import javax.security.auth.Subject;
-
-import org.apache.jetspeed.JetspeedActions;
-
 
 /**
  * <p>Generalized Portlet Resoure permission.</p>
  * <p>This code was partially inspired from articles from:</p>
  * <ul>
- *    <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- *    Extend JAAS for class instance-level authorization.</a></li>
+ * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
  * </ul>
+ *
  * @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
  * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
  */
 public abstract class PortalResourcePermission extends Permission
 {
-    /** <p>Mask used for determining what action to perform.</p> */
-    protected int mask;
+    /**
+     * <p>Mask used for determining what actions are allowed or requested.</p>
+     */
+    protected final int mask;
 
-    /** <p>The subject the permission is being performed against.</p> */
-    protected Subject subject;
-    
     /**
      * <p>Constructor for PortletPermission.</p>
-     * @param name The portlet name.
+     *
+     * @param name    The portlet name.
      * @param actions The actions on the portlet.
      */
-    public PortalResourcePermission(String name, String actions, Subject subject)
+    public PortalResourcePermission(String name, String actions)
     {
         super(name);
-        parseActions(actions);
-        this.subject = subject;
+        mask = parseActions(actions);
     }
 
     /**
-     * @see java.security.Permission#hashCode()
+     * <p>Constructor for PortletPermission.</p>
+     *
+     * @param name The portlet name.
+     * @param mask The mask representing actions on the portlet.
      */
-    public int hashCode()
+    public PortalResourcePermission(String name, int mask)
     {
-        StringBuffer value = new StringBuffer(getName());
-        return value.toString().hashCode() ^ mask;
+        super(name);
+        this.mask = mask;
     }
 
     /**
-     * @see java.security.Permission#equals(Object)
+     * @see java.security.Permission#hashCode()
      */
-    public boolean equals(Object object)
+    public int hashCode()
     {
-        if (!(object instanceof PortletPermission))
-            return false;
-
-        PortletPermission p = (PortletPermission) object;
-        boolean isEqual = ((p.getName().equals(getName())) && (p.mask == mask));
-        return isEqual;
+        StringBuffer value = new StringBuffer(getName());
+        return value.toString().hashCode() ^ mask;
     }
-    
+
     /**
      * @see java.security.Permission#getActions()
      */
@@ -130,18 +128,18 @@
      */
     public boolean implies(Permission permission)
     {
-        // TODO Auto-generated method stub
-        return false;
+        throw new IllegalStateException("Permission class did not implement implies");
     }
 
     /**
      * <p>Parses the actions string.</p>
      * <p>Actions are separated by commas or white space.</p>
+     *
      * @param actions The actions
      */
-    private void parseActions(String actions)
+    public static int parseActions(String actions)
     {
-        mask = 0;
+        int mask = 0;
         if (actions != null)
         {
             StringTokenizer tokenizer = new StringTokenizer(actions, ",\t ");
@@ -150,7 +148,7 @@
                 String token = tokenizer.nextToken();
                 if (token.equals(JetspeedActions.VIEW))
                     mask |= JetspeedActions.MASK_VIEW;
-                else if (token.equals(JetspeedActions.VIEW) || token.equals(JetspeedActions.RESTORE))
+                else if (token.equals(JetspeedActions.RESTORE))
                     mask |= JetspeedActions.MASK_VIEW;
                 else if (token.equals(JetspeedActions.EDIT))
                     mask |= JetspeedActions.MASK_EDIT;
@@ -161,20 +159,21 @@
                 else if (token.equals(JetspeedActions.HELP))
                     mask |= JetspeedActions.MASK_HELP;
                 else if (token.equals(JetspeedActions.SECURE))
-                    mask |= JetspeedActions.MASK_SECURE;                
+                    mask |= JetspeedActions.MASK_SECURE;
                 else
                     throw new IllegalArgumentException("Unknown action: " + token);
             }
         }
+        return mask;
     }
-    
+
     /**
-     * <p>Gets the subject.</p>
-     * @return Returns a Subject
+     * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
+     *
+     * @see java.security.Permission#newPermissionCollection()
      */
-    public Subject getSubject()
+    public PermissionCollection newPermissionCollection()
     {
-        return subject;
+        return new PortalResourcePermissionCollection();
     }
-    
 }

Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java (original)
+++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java Sat Jan 28 11:09:33 2006
@@ -14,20 +14,16 @@
  */
 package org.apache.jetspeed.security;
 
-import java.security.AccessController;
-import java.security.AccessControlContext;
 import java.security.Permission;
-import java.security.PermissionCollection;
-
-import javax.security.auth.Subject;
 
 /**
  * <p>Portlet permission.</p>
  * <p>This code was partially inspired from articles from:</p>
  * <ul>
- *    <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
- *    Extend JAAS for class instance-level authorization.</a></li>
+ * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
+ * Extend JAAS for class instance-level authorization.</a></li>
  * </ul>
+ *
  * @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
  */
 public class PortletPermission extends PortalResourcePermission
@@ -35,25 +31,26 @@
 
     /**
      * <p>Constructor for PortletPermission.</p>
-     * @param name The portlet name.
+     *
+     * @param name    The portlet name.
      * @param actions The actions on the portlet.
      */
     public PortletPermission(String name, String actions)
     {
-        this(name, actions, null);
+        super(name, actions);
     }
 
     /**
      * <p>Constructor for PortletPermission.</p>
+     *
      * @param name The portlet name.
-     * @param actions The actions on the portlet.
+     * @param mask The mask of actions on the portlet.
      */
-    public PortletPermission(String name, String actions, Subject subject)
+    public PortletPermission(String name, int mask)
     {
-        super(name, actions, subject);
+        super(name, mask);
     }
 
-
     public boolean implies(Permission permission)
     {
         // The permission must be an instance 
@@ -63,58 +60,42 @@
             return false;
         }
 
-        String name = getName(); 
-        if (name != null)            
+        String name = getName();
+        if (name != null)
         {
-            int index = name.indexOf('*');            
+            int index = name.indexOf('*');
             if (index > -1)
             {
-                if (!(permission.getName().startsWith(name.substring (0, index)))) 
+                if (!(permission.getName().startsWith(name.substring(0, index))))
                 {
                     return false;
                 }
-            } 
+            }
             else if (!(permission.getName().equals(name)))
             {
                 // The portlet name must be the same.
                 return false;
-            }            
+            }
         }
-        
-        PortletPermission portletPerm = (PortletPermission) permission;
 
-        // Get the subject.
-        // It was either provide in the constructor.
-        Subject user = portletPerm.getSubject();
-        // Or we get it from the AccessControlContext.
-        if (null == user)
-        {
-            AccessControlContext context = AccessController.getContext();
-            user = Subject.getSubject(context);
-        }
-        // No user was passed.  The permission must be denied.
-        if (null == user)
-        {
-            return false;
-        }
+        PortletPermission portletPerm = (PortletPermission) permission;
 
         // The action bits in portletPerm (permission) 
         // must be set in the current mask permission.
-        if ((mask & portletPerm.mask) != portletPerm.mask)
-        {
-            return false;
-        }
+        return (mask & portletPerm.mask) == portletPerm.mask;
 
-        return true;
     }
 
     /**
-     * <p>Overrides <code>Permission.newPermissionCollection()</code>.</p>
-     * @see java.security.Permission#newPermissionCollection()
+     * @see java.security.Permission#equals(Object)
      */
-    public PermissionCollection newPermissionCollection()
+    public boolean equals(Object object)
     {
-        return new PortalResourcePermissionCollection();
+        if (!(object instanceof PortletPermission))
+            return false;
+
+        PortletPermission p = (PortletPermission) object;
+        return ((p.mask == mask) && (p.getName().equals(getName())));
     }
 
 }

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java Sat Jan 28 11:09:33 2006
@@ -21,9 +21,8 @@
 import java.util.Comparator;
 import java.util.Iterator;
 import java.util.List;
-import java.util.ListIterator;
 
-import org.apache.jetspeed.om.common.SecuredResource;
+import org.apache.jetspeed.JetspeedActions;
 import org.apache.jetspeed.om.folder.Folder;
 import org.apache.jetspeed.om.folder.FolderNotFoundException;
 import org.apache.jetspeed.om.folder.MenuDefinition;
@@ -383,15 +382,15 @@
     }
 
     /* (non-Javadoc)
-     * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean)
+     * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, int, boolean, boolean)
      */
-    public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+    public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
     {
         // check granted folder permissions unless the check is
         // to be skipped due to explicity granted access
         if (!checkParentsOnly)
         {
-            FolderPermission permission = new FolderPermission(path, actions);
+            FolderPermission permission = new FolderPermission(path, mask);
             AccessController.checkPermission(permission);
         }
 
@@ -402,7 +401,7 @@
             FolderImpl parentFolderImpl = (FolderImpl)ProxyHelper.getRealObject(getParent());
             if (parentFolderImpl != null)
             {
-                parentFolderImpl.checkPermissions(actions, false, false);
+                parentFolderImpl.checkPermissions(mask, false, false);
             }
         }
     }
@@ -569,7 +568,7 @@
         }
 
         // check for view access on folder
-        folder.checkAccess(SecuredResource.VIEW_ACTION);
+        folder.checkAccess(JetspeedActions.VIEW);
 
         return folder;
     }
@@ -596,7 +595,7 @@
         }
 
         // check for view access on page
-        page.checkAccess(SecuredResource.VIEW_ACTION);
+        page.checkAccess(JetspeedActions.VIEW);
 
         return page;
     }
@@ -623,7 +622,7 @@
         }
 
         // check for view access on link
-        link.checkAccess(SecuredResource.VIEW_ACTION);
+        link.checkAccess(JetspeedActions.VIEW);
 
         return link;
     }
@@ -641,7 +640,7 @@
         }
 
         // check for view access on document
-        pageSecurity.checkAccess(SecuredResource.VIEW_ACTION);
+        pageSecurity.checkAccess(JetspeedActions.VIEW);
 
         return pageSecurity;
     }
@@ -902,7 +901,7 @@
                 try
                 {
                     // check access
-                    node.checkAccess(SecuredResource.VIEW_ACTION);
+                    node.checkAccess(JetspeedActions.VIEW);
 
                     // add to filteredNodes nodes if copying
                     if (filteredNodes != null)

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java Sat Jan 28 11:09:33 2006
@@ -23,8 +23,8 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.JetspeedActions;
 import org.apache.jetspeed.om.common.GenericMetadata;
-import org.apache.jetspeed.om.common.SecuredResource;
 import org.apache.jetspeed.om.common.SecurityConstraints;
 import org.apache.jetspeed.om.folder.Folder;
 import org.apache.jetspeed.om.folder.FolderNotFoundException;
@@ -37,7 +37,6 @@
 import org.apache.jetspeed.om.page.Link;
 import org.apache.jetspeed.om.page.Page;
 import org.apache.jetspeed.om.page.PageSecurity;
-import org.apache.jetspeed.page.PageManager;
 import org.apache.jetspeed.page.PageNotFoundException;
 import org.apache.jetspeed.page.document.DocumentException;
 import org.apache.jetspeed.page.document.DocumentHandlerFactory;
@@ -207,7 +206,7 @@
         // filter node set by access
         if (checkAccess)
         {
-            folders = checkAccess(folders, SecuredResource.VIEW_ACTION);
+            folders = checkAccess(folders, JetspeedActions.VIEW);
         }
         return folders;
     }
@@ -246,7 +245,7 @@
         // check access
         if (checkAccess)
         {
-            folder.checkAccess(SecuredResource.VIEW_ACTION);
+            folder.checkAccess(JetspeedActions.VIEW);
         }
         return folder;
     }
@@ -279,7 +278,7 @@
         // filter node set by access
         if (checkAccess)
         {
-            pages = checkAccess(pages, SecuredResource.VIEW_ACTION);
+            pages = checkAccess(pages, JetspeedActions.VIEW);
         }
         return pages;
     }
@@ -318,7 +317,7 @@
         // check access
         if (checkAccess)
         {
-            page.checkAccess(SecuredResource.VIEW_ACTION);
+            page.checkAccess(JetspeedActions.VIEW);
         }
         return page;
     }
@@ -351,7 +350,7 @@
         // filter node set by access
         if (checkAccess)
         {
-            links = checkAccess(links, SecuredResource.VIEW_ACTION);
+            links = checkAccess(links, JetspeedActions.VIEW);
         }
         return links;
     }
@@ -390,7 +389,7 @@
         // check access
         if (checkAccess)
         {
-            link.checkAccess(SecuredResource.VIEW_ACTION);
+            link.checkAccess(JetspeedActions.VIEW);
         }
         return link;
     }
@@ -422,7 +421,7 @@
         // of access to page security document
         if (checkAccess)
         {
-            checkAccess(SecuredResource.VIEW_ACTION);
+            checkAccess(JetspeedActions.VIEW);
         }
 
         // get pageSecurity
@@ -462,7 +461,7 @@
             Node node = (Node)checkAccessIter.next();
             try
             {
-                ((AbstractNode) node).checkAccess(SecuredResource.VIEW_ACTION);
+                ((AbstractNode) node).checkAccess(JetspeedActions.VIEW);
                 if (filteredNodes != null)
                 {
                     filteredNodes.add(node);
@@ -603,7 +602,7 @@
      * </p>
      *
      * @see org.apache.jetspeed.page.document.AbstractNode#getMetadata()
-     * @return
+     * @return metadata
      */
     public GenericMetadata getMetadata()
     {        
@@ -671,18 +670,18 @@
      * </p>
      *
      * @param path
-     * @param actions
+     * @param mask
      * @param checkNodeOnly
      * @param checkParentsOnly
      * @throws SecurityException
      */
-    public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+    public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
     {
         // check granted folder permissions unless the check is
         // to be skipped due to explicity granted access
         if (!checkParentsOnly)
         {
-            FolderPermission permission = new FolderPermission(path, actions);
+            FolderPermission permission = new FolderPermission(path, mask);
             AccessController.checkPermission(permission);
         }
 
@@ -690,7 +689,7 @@
         // all parent permissions in hierarchy
         if (!checkNodeOnly && (getParent() != null))
         {
-            ((AbstractNode)getParent()).checkPermissions(actions, false, false);
+            ((AbstractNode)getParent()).checkPermissions(mask, false, false);
         }
     }
 
@@ -701,7 +700,7 @@
      *
      * @see org.apache.jetspeed.page.document.Node#getTitle(java.util.Locale)
      * @param locale
-     * @return
+     * @return title in specified locale
      */
     public String getTitle( Locale locale )
     {
@@ -713,7 +712,7 @@
      * </p>
      *
      * @see org.apache.jetspeed.om.page.BaseElement#getTitle()
-     * @return
+     * @return title
      */
     public String getTitle()
     {
@@ -738,7 +737,7 @@
      *
      * @see org.apache.jetspeed.page.document.Node#getShortTitle(java.util.Locale)
      * @param locale
-     * @return
+     * @return short title in supplied locate
      */
     public String getShortTitle( Locale locale )
     {
@@ -750,7 +749,7 @@
      * </p>
      *
      * @see org.apache.jetspeed.om.page.BaseElement#getShortTitle()
-     * @return
+     * @return short title
      */
     public String getShortTitle()
     {
@@ -774,7 +773,7 @@
      * </p>
      *
      * @see org.apache.jetspeed.page.document.Node#getType()
-     * @return
+     * @return type string
      */
     public String getType()
     {
@@ -786,7 +785,7 @@
      * </p>
      *
      * @see org.apache.jetspeed.page.document.Node#isHidden()
-     * @return
+     * @return whether folder is hidden
      */
     public boolean isHidden()
     {

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java Sat Jan 28 11:09:33 2006
@@ -67,6 +67,8 @@
         
         if (portletContent != null)
         {
+            //TODO are you sure? Intellij warns, synchronization on a non-final field is
+            //unlikely to have useful semantics.
             synchronized (portletContent)
             {
                 if (portletContent.isComplete())
@@ -348,12 +350,12 @@
     }
 
     /* (non-Javadoc)
-     * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(java.lang.String)
+     * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int)
      */
-    public void checkPermissions(String actions) throws SecurityException
+    public void checkPermissions(int mask) throws SecurityException
     {
         
-        fragment.checkPermissions(actions);
+        fragment.checkPermissions(mask);
     }
 
     /* (non-Javadoc)

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java Sat Jan 28 11:09:33 2006
@@ -375,12 +375,12 @@
     }
 
     /* (non-Javadoc)
-     * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(java.lang.String)
+     * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int)
      */
-    public void checkPermissions(String actions) throws SecurityException
+    public void checkPermissions(int mask) throws SecurityException
     {
         
-        page.checkPermissions(actions);
+        page.checkPermissions(mask);
     }
 
     /* (non-Javadoc)

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java Sat Jan 28 11:09:33 2006
@@ -35,6 +35,8 @@
 import org.apache.jetspeed.security.PagePermission;
 import org.apache.jetspeed.security.RolePrincipal;
 import org.apache.jetspeed.security.UserPrincipal;
+import org.apache.jetspeed.security.PortalResourcePermission;
+import org.apache.jetspeed.JetspeedActions;
 
 /**
  * BaseElementImpl
@@ -138,7 +140,7 @@
         // check node constraints if available
         if ((constraints != null) && !constraints.isEmpty())
         {
-            ((SecurityConstraintsImpl)constraints).checkConstraints(actions, userPrincipals, rolePrincipals, groupPrincipals, getEffectivePageSecurity());
+            constraints.checkConstraints(actions, userPrincipals, rolePrincipals, groupPrincipals, getEffectivePageSecurity());
         }
     }
 
@@ -167,12 +169,12 @@
     /**
      * checkPermissions
      *
-     * @param actions actions to check
+     * @param mask mask of actions to check
      * @param checkNodeOnly check node scope only
      * @param checkParentsOnly check parent folder scope only
      * @throws SecurityException
      */
-    public void checkPermissions(String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+    public void checkPermissions(int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
     {
         // check page and folder permissions
         String physicalPermissionPath = getPhysicalPermissionPath();
@@ -181,7 +183,7 @@
             // check permissions using physical path
             try
             {
-                checkPermissions(physicalPermissionPath, actions, checkNodeOnly, checkParentsOnly);
+                checkPermissions(physicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
             }
             catch (SecurityException physicalSE)
             {
@@ -189,7 +191,7 @@
                 String logicalPermissionPath = getLogicalPermissionPath();
                 if ((logicalPermissionPath != null) && !logicalPermissionPath.equals(physicalPermissionPath))
                 {
-                    checkPermissions(logicalPermissionPath, actions, checkNodeOnly, checkParentsOnly);
+                    checkPermissions(logicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
                 }
                 else
                 {
@@ -203,24 +205,24 @@
      * checkPermissions
      *
      * @param path permissions path to check
-     * @param actions actions to check
+     * @param mask mask of actions to check
      * @param checkNodeOnly check node scope only
      * @param checkParentsOnly check parent folder scope only
      * @throws SecurityException
      */
-    public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+    public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
     {
         // check actions permissions
         try
         {
             // check for granted page permissions
-            PagePermission permission = new PagePermission(path, actions);
+            PagePermission permission = new PagePermission(path, mask);
             AccessController.checkPermission(permission);
         }
         catch (SecurityException se)
         {
             // fallback check for granted folder permissions
-            FolderPermission permission = new FolderPermission(path, actions);
+            FolderPermission permission = new FolderPermission(path, mask);
             AccessController.checkPermission(permission);
         }
     }
@@ -332,7 +334,7 @@
         List otherActionsList = null;
         if (viewActionList.size() == 1)
         {
-            if (!viewActionList.contains(SecuredResource.VIEW_ACTION))
+            if (!viewActionList.contains(JetspeedActions.VIEW))
             {
                 otherActionsList = viewActionList;
                 viewActionList = null;
@@ -342,10 +344,10 @@
         {
             otherActionsList = viewActionList;
             viewActionList = null;
-            if (otherActionsList.remove(SecuredResource.VIEW_ACTION))
+            if (otherActionsList.remove(JetspeedActions.VIEW))
             {
                 viewActionList = new ArrayList(1);
-                viewActionList.add(SecuredResource.VIEW_ACTION);
+                viewActionList.add(JetspeedActions.VIEW);
             }
         }
 
@@ -424,7 +426,7 @@
     /* (non-Javadoc)
      * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(java.lang.String)
      */
-    public void checkPermissions(String actions) throws SecurityException
+    public void checkPermissions(int mask) throws SecurityException
     {
         // skip checks if not enabled
         if (!getPermissionsEnabled())
@@ -433,42 +435,17 @@
         }
 
         // separate view and other actions to mimic file system permissions logic
-        boolean viewAction = false;
-        String otherActions = actions.trim();
-        int viewActionIndex = otherActions.indexOf(SecuredResource.VIEW_ACTION);
-        if (viewActionIndex != -1)
-        {
-            viewAction = true;
-            if (viewActionIndex == 0)
-            {
-                if (otherActions.length() > SecuredResource.VIEW_ACTION.length())
-                {
-                    // remove view action from other actions
-                    int nextDelimIndex = otherActions.indexOf(',', viewActionIndex + SecuredResource.VIEW_ACTION.length());
-                    otherActions = otherActions.substring(nextDelimIndex + 1);
-                }
-                else
-                {
-                    // no other actions
-                    otherActions = null;
-                }
-            }
-            else
-            {
-                // remove view action from other actions
-                int prevDelimIndex = otherActions.lastIndexOf(',', viewActionIndex);
-                otherActions = otherActions.substring(0, prevDelimIndex) + otherActions.substring(viewActionIndex + SecuredResource.VIEW_ACTION.length());
-            }
-        }
+        boolean viewAction = (mask & JetspeedActions.MASK_VIEW) == JetspeedActions.MASK_VIEW;
+        int otherMask = mask & ~JetspeedActions.MASK_VIEW;
 
         // check permissions using parsed actions
         if (viewAction)
         {
-            checkPermissions(SecuredResource.VIEW_ACTION, false, grantViewActionAccess());
+            checkPermissions(JetspeedActions.MASK_VIEW, false, grantViewActionAccess());
         }
-        if (otherActions != null)
+        if (otherMask != 0)
         {
-            checkPermissions(otherActions, true, false);
+            checkPermissions(otherMask, true, false);
         }
     }
 
@@ -480,7 +457,8 @@
         // check access permissions and constraints as enabled
         if (getPermissionsEnabled())
         {
-            checkPermissions(actions);
+            int mask = PortalResourcePermission.parseActions(actions);
+            checkPermissions(mask);
         }
         if (getConstraintsEnabled())
         {

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java Sat Jan 28 11:09:33 2006
@@ -23,6 +23,7 @@
 import java.util.List;
 import java.util.Map;
 
+import org.apache.jetspeed.JetspeedActions;
 import org.apache.jetspeed.om.common.SecuredResource;
 import org.apache.jetspeed.om.folder.Folder;
 import org.apache.jetspeed.om.page.Fragment;
@@ -454,12 +455,12 @@
     }
 
     /* (non-Javadoc)
-     * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean)
+     * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, int, boolean, boolean)
      */
-    public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+    public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
     {
         // always check for granted fragment permissions
-        FragmentPermission permission = new FragmentPermission(path, actions);
+        FragmentPermission permission = new FragmentPermission(path, mask);
         AccessController.checkPermission(permission);
     }
 
@@ -740,7 +741,7 @@
                 try
                 {
                     // check access
-                    fragment.checkAccess(SecuredResource.VIEW_ACTION);
+                    fragment.checkAccess(JetspeedActions.VIEW);
 
                     // add to filteredFragments fragments if copying
                     if (filteredFragments != null)

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java Sat Jan 28 11:09:33 2006
@@ -19,7 +19,7 @@
 import java.util.Collection;
 import java.util.List;
 
-import org.apache.jetspeed.om.common.SecuredResource;
+import org.apache.jetspeed.JetspeedActions;
 import org.apache.jetspeed.om.folder.Folder;
 import org.apache.jetspeed.om.folder.MenuDefinition;
 import org.apache.jetspeed.om.folder.MenuExcludeDefinition;
@@ -263,7 +263,7 @@
             {
                 try
                 {
-                    fragment.checkAccess(SecuredResource.VIEW_ACTION);
+                    fragment.checkAccess(JetspeedActions.VIEW);
                 }
                 catch (SecurityException se)
                 {

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java Sat Jan 28 11:09:33 2006
@@ -42,6 +42,8 @@
 import org.apache.jetspeed.security.PagePermission;
 import org.apache.jetspeed.security.RolePrincipal;
 import org.apache.jetspeed.security.UserPrincipal;
+import org.apache.jetspeed.security.PortalResourcePermission;
+import org.apache.jetspeed.JetspeedActions;
 
 
 /**
@@ -107,7 +109,7 @@
      * </p>
      *
      * @see org.apache.jetspeed.om.page.BaseElement#getShortTitle()
-     * @return
+     * @return short title
      */
     public String getShortTitle()
     {
@@ -138,7 +140,7 @@
      * </p>
      *
      * @see org.apache.jetspeed.om.common.SecureResource#getConstraintsEnabled()
-     * @return
+     * @return whether security relies on PSML constraints
      */
     public boolean getConstraintsEnabled()
     {
@@ -163,7 +165,7 @@
      * </p>
      *
      * @see org.apache.jetspeed.om.common.SecureResource#getSecurityConstraints()
-     * @return
+     * @return the PSML security constraints
      */
     public SecurityConstraints getSecurityConstraints()
     {
@@ -176,7 +178,7 @@
      * </p>
      *
      * @see org.apache.jetspeed.om.common.SecureResource#newSecurityConstraints()
-     * @return security constraints
+     * @return  a new security constraints object
      */
     public SecurityConstraints newSecurityConstraints()
     {
@@ -238,7 +240,7 @@
         List otherActionsList = null;
         if (viewActionList.size() == 1)
         {
-            if (!viewActionList.contains(SecuredResource.VIEW_ACTION))
+            if (!viewActionList.contains(JetspeedActions.VIEW))
             {
                 otherActionsList = viewActionList;
                 viewActionList = null;
@@ -248,10 +250,10 @@
         {
             otherActionsList = viewActionList;
             viewActionList = null;
-            if (otherActionsList.remove(SecuredResource.VIEW_ACTION))
+            if (otherActionsList.remove(JetspeedActions.VIEW))
             {
                 viewActionList = new ArrayList(1);
-                viewActionList.add(SecuredResource.VIEW_ACTION);
+                viewActionList.add(JetspeedActions.VIEW);
             }
         }
 
@@ -359,11 +361,11 @@
      * checkPermissions
      * </p>
      *
-     * @see org.apache.jetspeed.om.common.SecureResource#checkPermissions(java.lang.String)
-     * @param actions
+     * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int)
+     * @param mask Mask of actions requested
      * @throws SecurityException
      */
-    public void checkPermissions(String actions) throws SecurityException
+    public void checkPermissions(int mask) throws SecurityException
     {
         // skip checks if not enabled
         if (!getPermissionsEnabled())
@@ -372,42 +374,17 @@
         }
 
         // separate view and other actions to mimic file system permissions logic
-        boolean viewAction = false;
-        String otherActions = actions.trim();
-        int viewActionIndex = otherActions.indexOf(SecuredResource.VIEW_ACTION);
-        if (viewActionIndex != -1)
-        {
-            viewAction = true;
-            if (viewActionIndex == 0)
-            {
-                if (otherActions.length() > SecuredResource.VIEW_ACTION.length())
-                {
-                    // remove view action from other actions
-                    int nextDelimIndex = otherActions.indexOf(',', viewActionIndex + SecuredResource.VIEW_ACTION.length());
-                    otherActions = otherActions.substring(nextDelimIndex + 1);
-                }
-                else
-                {
-                    // no other actions
-                    otherActions = null;
-                }
-            }
-            else
-            {
-                // remove view action from other actions
-                int prevDelimIndex = otherActions.lastIndexOf(',', viewActionIndex);
-                otherActions = otherActions.substring(0, prevDelimIndex) + otherActions.substring(viewActionIndex + SecuredResource.VIEW_ACTION.length());
-            }
-        }
+        boolean viewAction = (mask & JetspeedActions.MASK_VIEW) == JetspeedActions.MASK_VIEW;
+        int otherMask = mask & ~JetspeedActions.MASK_VIEW;
 
         // check permissions using parsed actions
         if (viewAction)
         {
-            checkPermissions(SecuredResource.VIEW_ACTION, false, grantViewActionAccess());
+            checkPermissions(JetspeedActions.MASK_VIEW, false, grantViewActionAccess());
         }
-        if (otherActions != null)
+        if (otherMask != 0)
         {
-            checkPermissions(otherActions, true, false);
+            checkPermissions(otherMask, true, false);
         }
     }
     /**
@@ -415,12 +392,12 @@
      * checkPermissions
      * </p>
      *
-     * @param actions
+     * @param mask of actions
      * @param checkNodeOnly
      * @param checkParentsOnly
      * @throws SecurityException
      */
-    public void checkPermissions(String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+    public void checkPermissions(int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
     {
         // check page and folder permissions
         String physicalPermissionPath = getPhysicalPermissionPath();
@@ -429,7 +406,7 @@
             // check permissions using physical path
             try
             {
-                checkPermissions(physicalPermissionPath, actions, checkNodeOnly, checkParentsOnly);
+                checkPermissions(physicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
             }
             catch (SecurityException physicalSE)
             {
@@ -437,7 +414,7 @@
                 String logicalPermissionPath = getLogicalPermissionPath();
                 if ((logicalPermissionPath != null) && !logicalPermissionPath.equals(physicalPermissionPath))
                 {
-                    checkPermissions(logicalPermissionPath, actions, checkNodeOnly, checkParentsOnly);
+                    checkPermissions(logicalPermissionPath, mask, checkNodeOnly, checkParentsOnly);
                 }
                 else
                 {
@@ -452,24 +429,24 @@
      * </p>
      *
      * @param path
-     * @param actions
+     * @param mask Mask of actions requested
      * @param checkNodeOnly
      * @param checkParentsOnly
      * @throws SecurityException
      */
-    public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+    public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
     {
         // check actions permissions
         try
         {
             // check for granted page permissions
-            PagePermission permission = new PagePermission(path, actions);
+            PagePermission permission = new PagePermission(path, mask);
             AccessController.checkPermission(permission);
         }
         catch (SecurityException se)
         {
             // fallback check for granted folder permissions
-            FolderPermission permission = new FolderPermission(path, actions);
+            FolderPermission permission = new FolderPermission(path, mask);
             AccessController.checkPermission(permission);
         }
     }
@@ -514,7 +491,8 @@
         // check access permissions and constraints as enabled
         if (getPermissionsEnabled())
         {
-            checkPermissions(actions);
+            int mask = PortalResourcePermission.parseActions(actions);
+            checkPermissions(mask);
         }
         if (getConstraintsEnabled())
         {
@@ -577,7 +555,7 @@
      *
      * @see java.lang.Object#equals(java.lang.Object)
      * @param obj
-     * @return
+     * @return whether the supplied object equals this one
      */
     public boolean equals( Object obj )
     {
@@ -598,7 +576,7 @@
      * </p>
      *
      * @see java.lang.Object#hashCode()
-     * @return
+     * @return the hashcode for this object
      */
     public int hashCode()
     {
@@ -611,7 +589,7 @@
      * </p>
      *
      * @see java.lang.Object#toString()
-     * @return
+     * @return the id as a string representation of this object
      */
     public String toString()
     {      
@@ -620,12 +598,12 @@
 
     /**
      * <p>
-     * checkAccess
+     * checkAccess returns a set of nodes we can access.  It may be the passed in node set or a partial copy.
      * </p>
      *
      * @param nodes
      * @param actions
-     * @return
+     * @return a NodeSet containing the nodes allowing access
      */
     public static NodeSet checkAccess(NodeSet nodes, String actions)
     {

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java Sat Jan 28 11:09:33 2006
@@ -24,7 +24,7 @@
 import java.util.Map;
 import java.util.Vector;
 
-import org.apache.jetspeed.om.common.SecuredResource;
+import org.apache.jetspeed.JetspeedActions;
 import org.apache.jetspeed.om.folder.Folder;
 import org.apache.jetspeed.om.page.Fragment;
 import org.apache.jetspeed.om.page.PageSecurity;
@@ -389,12 +389,12 @@
     }
 
     /* (non-Javadoc)
-     * @see org.apache.jetspeed.om.page.psml.AbstractElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean)
+     * @see org.apache.jetspeed.om.page.psml.AbstractElementImpl#checkPermissions(java.lang.String, int, boolean, boolean)
      */
-    public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+    public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
     {
         // always check for granted fragment permissions
-        FragmentPermission permission = new FragmentPermission(path, actions);
+        FragmentPermission permission = new FragmentPermission(path, mask);
         AccessController.checkPermission(permission);
     }
 
@@ -511,11 +511,11 @@
             Iterator checkAccessIter = fragments.iterator();
             while (checkAccessIter.hasNext())
             {
-                Fragment fragment = (Fragment)checkAccessIter.next();
+                Fragment fragment = (Fragment) checkAccessIter.next();
                 try
                 {
                     // check access
-                    fragment.checkAccess(SecuredResource.VIEW_ACTION);
+                    fragment.checkAccess(JetspeedActions.VIEW);
 
                     // add to filteredFragments fragments if copying
                     if (filteredFragments != null)

Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java?rev=373218&r1=373217&r2=373218&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java (original)
+++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java Sat Jan 28 11:09:33 2006
@@ -277,15 +277,15 @@
     }
 
     /* (non-Javadoc)
-     * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean)
+     * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, int, boolean, boolean)
      */
-    public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
+    public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException
     {
         // check granted node permissions unless the check is
         // to be skipped due to explicity granted access
         if (!checkParentsOnly)
         {
-            super.checkPermissions(path, actions, true, false);
+            super.checkPermissions(path, mask, true, false);
         }
         
         // if not checking node only, recursively check
@@ -295,7 +295,7 @@
             NodeImpl parentNodeImpl = (NodeImpl)ProxyHelper.getRealObject(parent);
             if (parentNodeImpl != null)
             {
-                parentNodeImpl.checkPermissions(actions, false, false);
+                parentNodeImpl.checkPermissions(mask, false, false);
             }
         }
     }



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message