001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.layout.impl;
018:
019: import java.io.StringReader;
020: import java.util.ArrayList;
021: import java.util.List;
022: import java.util.Map;
023: import java.util.StringTokenizer;
024:
025: import org.apache.commons.logging.Log;
026: import org.apache.commons.logging.LogFactory;
027: import org.apache.jetspeed.JetspeedActions;
028: import org.apache.jetspeed.ajax.AJAXException;
029: import org.apache.jetspeed.ajax.AjaxAction;
030: import org.apache.jetspeed.ajax.AjaxBuilder;
031: import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
032: import org.apache.jetspeed.om.common.SecurityConstraint;
033: import org.apache.jetspeed.om.page.PageSecurity;
034: import org.apache.jetspeed.om.page.SecurityConstraintsDef;
035: import org.apache.jetspeed.page.PageManager;
036: import org.apache.jetspeed.request.RequestContext;
037: import org.jdom.Document;
038: import org.jdom.Element;
039: import org.jdom.input.SAXBuilder;
040:
041: /**
042: * Security Permission action
043: *
044: * AJAX Parameters:
045: * action = constraints
046: * method = add-def | update-def | remove-def | add-global | remove-global
047: * name = name of constraint definition or global definition
048: * xml = the constraints payload, same format as PSML constraint defs
049: *
050: * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a>
051: * @version $Id: $
052: */
053: public class SecurityConstraintsAction extends BasePortletAction
054: implements AjaxAction, AjaxBuilder, Constants {
055: protected static final Log log = LogFactory
056: .getLog(SecurityConstraintsAction.class);
057:
058: public SecurityConstraintsAction(String template,
059: String errorTemplate, PageManager pm,
060: PortletActionSecurityBehavior securityBehavior) {
061: super (template, errorTemplate, pm, securityBehavior);
062: }
063:
064: public SecurityConstraintsAction(String template,
065: String errorTemplate, PageManager pm) {
066: this (template, errorTemplate, pm, null);
067: }
068:
069: public boolean run(RequestContext requestContext, Map resultMap)
070: throws AJAXException {
071: System.out.println("SecurityConstraintsAction run");
072: boolean success = true;
073: String status = "success";
074: try {
075: resultMap.put(ACTION, "constraints");
076: // Get the necessary parameters off of the request
077: String method = getActionParameter(requestContext, "method");
078: if (method == null) {
079: throw new RuntimeException("Method not provided");
080: }
081: resultMap.put("method", method);
082: if (false == checkAccess(requestContext,
083: JetspeedActions.EDIT)) {
084: success = false;
085: resultMap
086: .put(REASON,
087: "Insufficient access to administer portal permissions");
088: return success;
089: }
090: int count = 0;
091: if (method.equals("add-def") || method.equals("update-def")) {
092: count = updateConstraintDefinition(requestContext,
093: resultMap);
094: } else if (method.equals("remove-def")) {
095: count = removeConstraintDefinition(requestContext,
096: resultMap);
097: } else if (method.equals("add-global")) {
098: count = addGlobal(requestContext, resultMap);
099: } else if (method.equals("remove-global")) {
100: count = removeGlobal(requestContext, resultMap);
101: } else {
102: success = false;
103: resultMap.put(REASON,
104: "Unsupported portal constraints method: "
105: + method);
106: return success;
107: }
108: resultMap.put("count", Integer.toString(count));
109: resultMap.put(STATUS, status);
110: } catch (Exception e) {
111: System.out
112: .println("SecurityConstraintsAction run failure caused by "
113: + e.getClass().getName()
114: + " "
115: + e.getMessage());
116: e.printStackTrace();
117: log.error("exception administering portal permissions", e);
118: resultMap.put(REASON, e.toString());
119: success = false;
120: }
121: System.out.println("SecurityConstraintsAction complete "
122: + resultMap.toString());
123: return success;
124: }
125:
126: protected int removeConstraintDefinition(
127: RequestContext requestContext, Map resultMap)
128: throws AJAXException {
129: String name = getActionParameter(requestContext, "name");
130: if (name == null)
131: throw new AJAXException("Missing 'name' parameter");
132:
133: try {
134: PageSecurity pageSecurity = pageManager.getPageSecurity();
135: SecurityConstraintsDef def = pageSecurity
136: .getSecurityConstraintsDef(name);
137: if (def == null) {
138: return 0;
139: }
140: List defs = pageSecurity.getSecurityConstraintsDefs();
141: defs.remove(def);
142: pageSecurity.setSecurityConstraintsDefs(defs);
143: pageManager.updatePageSecurity(pageSecurity);
144: } catch (Exception e) {
145: throw new AJAXException(e);
146: }
147: return 1;
148: }
149:
150: protected int updateConstraintDefinition(
151: RequestContext requestContext, Map resultMap)
152: throws AJAXException {
153: System.out
154: .println("SecurityConstraintsAction updateConstraintDefinition started");
155:
156: int count = 0;
157: boolean added = false;
158: String xml = getActionParameter(requestContext, "xml");
159: if (xml == null)
160: throw new AJAXException("Missing 'xml' parameter");
161: try {
162: SAXBuilder saxBuilder = new SAXBuilder();
163: StringReader reader = new StringReader(xml);
164: Document document = saxBuilder.build(reader);
165: Element root = document.getRootElement();
166: String name = root.getAttribute("name").getValue();
167: PageSecurity pageSecurity = pageManager.getPageSecurity();
168: SecurityConstraintsDef def = pageSecurity
169: .getSecurityConstraintsDef(name);
170: int defsSize = 0;
171: if (def == null) {
172: def = pageManager.newSecurityConstraintsDef();
173: def.setName(name);
174: added = true;
175: }
176: int xmlSize = root.getChildren("security-constraint")
177: .size();
178: if (added == false) {
179: defsSize = def.getSecurityConstraints().size();
180: }
181: int min = (xmlSize < defsSize) ? xmlSize : defsSize;
182: List xmlConstraints = root
183: .getChildren("security-constraint");
184: List constraints = def.getSecurityConstraints();
185: Element owner = root.getChild("owner");
186: if (owner != null) {
187: }
188: for (int ix = 0; ix < min; ix++) {
189: Element xmlConstraint = (Element) xmlConstraints
190: .get(ix);
191: SecurityConstraint constraint = (SecurityConstraint) constraints
192: .get(ix);
193: updateConstraintValues(xmlConstraint, constraint);
194: count++;
195: }
196: if (xmlSize < defsSize) {
197: // remove constraints
198: List deletes = new ArrayList(defsSize - xmlSize);
199: for (int ix = min; ix < defsSize; ix++) {
200: deletes.add(constraints.get(ix));
201: }
202: for (int ix = 0; ix < deletes.size(); ix++) {
203: constraints.remove(deletes.get(ix));
204: count++;
205: }
206: } else if (xmlSize > defsSize) {
207: // add new constraints
208: for (int ix = min; ix < xmlSize; ix++) {
209: Element xmlConstraint = (Element) xmlConstraints
210: .get(ix);
211: SecurityConstraint constraint = pageManager
212: .newPageSecuritySecurityConstraint();
213: updateConstraintValues(xmlConstraint, constraint);
214: constraints.add(constraint);
215: count++;
216: }
217: }
218: if (added) {
219: pageSecurity.getSecurityConstraintsDefs().add(def);
220: pageSecurity.setSecurityConstraintsDefs(pageSecurity
221: .getSecurityConstraintsDefs());
222: }
223: pageManager.updatePageSecurity(pageSecurity);
224: } catch (Exception e) {
225: System.out
226: .println("SecurityConstraintsAction updateConstraintDefinition failure caused by "
227: + e.getClass().getName()
228: + " "
229: + e.getMessage());
230: e.printStackTrace();
231: log.error(
232: "SecurityConstraintsAction updateConstraintDefinition failure caused by "
233: + e.getClass().getName() + " "
234: + e.getMessage(), e);
235: throw new AJAXException(e);
236: }
237: return count;
238: }
239:
240: protected void updateConstraintValues(Element xmlConstraint,
241: SecurityConstraint constraint) {
242: constraint.setRoles(parseCSVList(xmlConstraint
243: .getChildText("roles")));
244: constraint.setGroups(parseCSVList(xmlConstraint
245: .getChildText("groups")));
246: constraint.setPermissions(parseCSVList(xmlConstraint
247: .getChildText("permissions")));
248: constraint.setUsers(parseCSVList(xmlConstraint
249: .getChildText("users")));
250: }
251:
252: protected List parseCSVList(String csv) {
253: if (csv != null) {
254: List csvList = new ArrayList(4);
255: if (csv.indexOf(',') != -1) {
256: StringTokenizer csvTokens = new StringTokenizer(csv,
257: ",");
258: while (csvTokens.hasMoreTokens()) {
259: csvList.add(csvTokens.nextToken().trim());
260: }
261: } else {
262: csvList.add(csv);
263: }
264: return csvList;
265: }
266: return null;
267: }
268:
269: protected int removeGlobal(RequestContext requestContext,
270: Map resultMap) throws AJAXException {
271: int count = 0;
272: String name = getActionParameter(requestContext, "name");
273: if (name == null)
274: throw new AJAXException("Missing 'name' parameter");
275:
276: try {
277: PageSecurity pageSecurity = pageManager.getPageSecurity();
278: List globals = pageSecurity
279: .getGlobalSecurityConstraintsRefs();
280: if (!globals.contains(name)) {
281: return 0;
282: }
283: globals.remove(name);
284: pageSecurity.setGlobalSecurityConstraintsRefs(globals);
285: pageManager.updatePageSecurity(pageSecurity);
286: count++;
287: } catch (Exception e) {
288: throw new AJAXException(e);
289: }
290: return count;
291: }
292:
293: protected int addGlobal(RequestContext requestContext, Map resultMap)
294: throws AJAXException {
295: int count = 0;
296: String name = getActionParameter(requestContext, "name");
297: if (name == null)
298: throw new AJAXException("Missing 'name' parameter");
299:
300: try {
301: PageSecurity pageSecurity = pageManager.getPageSecurity();
302: List globals = pageSecurity
303: .getGlobalSecurityConstraintsRefs();
304: if (pageSecurity.getSecurityConstraintsDef(name) == null) {
305: throw new AJAXException(
306: "global name doesnt exist in definitions");
307: }
308: if (globals.contains(name)) {
309: // already exist;
310: return count;
311: }
312: globals.add(name);
313: pageSecurity.setGlobalSecurityConstraintsRefs(globals);
314: pageManager.updatePageSecurity(pageSecurity);
315: count++;
316: } catch (Exception e) {
317: throw new AJAXException(e);
318: }
319: return count;
320: }
321:
322: }
|