portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r1178943 - in /portals/jetspeed-2: applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/ portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/
Date Tue, 04 Oct 2011 20:17:59 GMT
Author: ate
Date: Tue Oct  4 20:17:59 2011
New Revision: 1178943

URL: http://svn.apache.org/viewvc?rev=1178943&view=rev
Log:
JS2-1267: Protected anonymous guest user against removal and restrict modifications allowed
See: http://issues.apache.org/jira/browse/JS2-1267

Modified:
    portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java

Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java?rev=1178943&r1=1178942&r2=1178943&view=diff
==============================================================================
--- portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
(original)
+++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
Tue Oct  4 20:17:59 2011
@@ -1996,6 +1996,7 @@ public class JetspeedPrincipalManagement
         TabbedPanel panel = (TabbedPanel) get("tabs");
         ITab tab;
         panel.getTabs().clear();
+        boolean guestUserSelected;
         if (userSelecteed)
         {
             if (principalType.getName().equals(JetspeedPrincipalType.USER))
@@ -2027,26 +2028,21 @@ public class JetspeedPrincipalManagement
                     return;
                 }
             }
-            tab = new AbstractTab(new Model("Status"))
+            guestUserSelected = (principalType.getName().equals(JetspeedPrincipalType.USER)
&& 
+                            principal.getName().equals(((UserManager)getManager()).getAnonymousUser()));
+            
+            if (!guestUserSelected)
             {
-                public Panel getPanel(String panelId)
+                // if guest user: don't show status panel
+                tab = new AbstractTab(new Model("Status"))
                 {
-                    return new PrincipalStatusPanel(panelId);
-                }
-            };
-            panel.getTabs().add(tab);
-            if (principalType.getName().equals(JetspeedPrincipalType.USER))
-            {
-                tab = new AbstractTab(new Model("User Profile"))
-                {
-
                     public Panel getPanel(String panelId)
                     {
-                        return new UserPrincipalProfilePanel(panelId);
+                        return new PrincipalStatusPanel(panelId);
                     }
                 };
                 panel.getTabs().add(tab);
-            } 
+            }
             tab = new AbstractTab(new Model("Associations"))
             {
 
@@ -2065,7 +2061,7 @@ public class JetspeedPrincipalManagement
                 }
             };
             panel.getTabs().add(tab);
-            if (principalType.getName().equals(JetspeedPrincipalType.USER))
+            if (!guestUserSelected && principalType.getName().equals(JetspeedPrincipalType.USER))
             {
                 tab = new AbstractTab(new Model("Credentials"))
                 {
@@ -2077,6 +2073,18 @@ public class JetspeedPrincipalManagement
                 };
                 panel.getTabs().add(tab);
             }
+            if (principalType.getName().equals(JetspeedPrincipalType.USER))
+            {
+                tab = new AbstractTab(new Model("User Profile"))
+                {
+
+                    public Panel getPanel(String panelId)
+                    {
+                        return new UserPrincipalProfilePanel(panelId);
+                    }
+                };
+                panel.getTabs().add(tab);
+            } 
             panel.setSelectedTab(0);
         } else
         {

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java?rev=1178943&r1=1178942&r2=1178943&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
Tue Oct  4 20:17:59 2011
@@ -238,11 +238,30 @@ public class UserManagerImpl extends Bas
 
 	public void removeUser(String username) throws SecurityException
 	{
+        if (username != null && username.equals(getAnonymousUser()))
+        {
+            throw new SecurityException(SecurityException.ANONYMOUS_USER_PROTECTED.create(username));
+        }
 		JetspeedPrincipal user;
 		
 		user = getUser(username);
 		super.removePrincipal(user);
 	}
+	
+	public void removePrincipal(String principalName) throws SecurityException
+	{
+	    removeUser(principalName);
+	}
+
+    public void removePrincipal(JetspeedPrincipal principal) throws SecurityException
+    {
+        validatePrincipal(principal);
+        if (principal.getName().equals(getAnonymousUser()))
+        {
+            throw new SecurityException(SecurityException.ANONYMOUS_USER_PROTECTED.create(principal.getName()));
+        }
+        super.removePrincipal(principal);
+    }
 
 	public void storePasswordCredential(PasswordCredential credential) throws SecurityException
 	{



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message