001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.page;
018:
019: import java.io.File;
020: import java.io.FileFilter;
021: import java.security.CodeSource;
022: import java.security.Permission;
023: import java.security.PermissionCollection;
024: import java.security.Permissions;
025: import java.security.Policy;
026: import java.security.Principal;
027: import java.security.PrivilegedAction;
028: import java.security.ProtectionDomain;
029: import java.util.ArrayList;
030: import java.util.HashMap;
031: import java.util.HashSet;
032: import java.util.Iterator;
033: import java.util.List;
034: import java.util.Map;
035: import java.util.Set;
036: import java.util.StringTokenizer;
037:
038: import javax.security.auth.Subject;
039:
040: import junit.framework.TestCase;
041:
042: import org.apache.jetspeed.cache.file.FileCache;
043: import org.apache.jetspeed.idgenerator.IdGenerator;
044: import org.apache.jetspeed.idgenerator.JetspeedIdGenerator;
045: import org.apache.jetspeed.om.common.SecurityConstraint;
046: import org.apache.jetspeed.om.common.SecurityConstraints;
047: import org.apache.jetspeed.om.folder.Folder;
048: import org.apache.jetspeed.om.folder.FolderNotFoundException;
049: import org.apache.jetspeed.om.folder.psml.FolderMetaDataImpl;
050: import org.apache.jetspeed.om.page.Fragment;
051: import org.apache.jetspeed.om.page.Link;
052: import org.apache.jetspeed.om.page.Page;
053: import org.apache.jetspeed.om.page.PageSecurity;
054: import org.apache.jetspeed.om.page.SecurityConstraintsDef;
055: import org.apache.jetspeed.om.page.psml.LinkImpl;
056: import org.apache.jetspeed.om.page.psml.PageImpl;
057: import org.apache.jetspeed.om.page.psml.PageSecurityImpl;
058: import org.apache.jetspeed.page.document.DocumentHandler;
059: import org.apache.jetspeed.page.document.DocumentHandlerFactory;
060: import org.apache.jetspeed.page.document.FolderHandler;
061: import org.apache.jetspeed.page.document.psml.CastorFileSystemDocumentHandler;
062: import org.apache.jetspeed.page.document.psml.DocumentHandlerFactoryImpl;
063: import org.apache.jetspeed.page.document.psml.FileSystemFolderHandler;
064: import org.apache.jetspeed.page.psml.CastorXmlPageManager;
065: import org.apache.jetspeed.security.FolderPermission;
066: import org.apache.jetspeed.security.FragmentPermission;
067: import org.apache.jetspeed.security.JSSubject;
068: import org.apache.jetspeed.security.PagePermission;
069: import org.apache.jetspeed.security.RolePrincipal;
070: import org.apache.jetspeed.security.UserPrincipal;
071: import org.apache.jetspeed.security.impl.PrincipalsSet;
072: import org.apache.jetspeed.security.impl.RolePrincipalImpl;
073: import org.apache.jetspeed.security.impl.UserPrincipalImpl;
074:
075: /**
076: * PageManagerTestShared
077: *
078: * @author <a href="rwatler@apache.org">Randy Watler</a>
079: * @version $Id: $
080: *
081: */
082: interface PageManagerTestShared {
083: class Shared {
084: /**
085: * makeCastorXMLPageManager
086: *
087: * Create and configure a Castor XML PageManager.
088: *
089: * @param pagesDirName
090: * @param permissionsEnabled
091: * @param constraintsEnabled
092: * @return page manager instance
093: */
094: static CastorXmlPageManager makeCastorXMLPageManager(
095: String pagesDirName, boolean permissionsEnabled,
096: boolean constraintsEnabled) throws Exception {
097: Map extensionsToXslt = new HashMap();
098: extensionsToXslt.put("psml", "resources/stripIds.xslt");
099:
100: File pagesDirFile = new File("target/testdata/"
101: + pagesDirName);
102:
103: DirectoryXMLTransform dirHelper = new DirectoryXMLTransform(
104: pagesDirFile, extensionsToXslt);
105: FileFilter noCVSorSVNorBackups = new FileFilter() {
106: public boolean accept(File pathname) {
107: return !pathname.getName().equals("CVS")
108: && !pathname.getName().equals(".svn")
109: && !pathname.getName().endsWith("~");
110: }
111: };
112: dirHelper.copyFrom(new File("testdata/" + pagesDirName),
113: noCVSorSVNorBackups);
114:
115: // copy documents under webapp/pages folder and strip fragment Ids
116: File webappDestDirFile = new File("target/testdata/"
117: + pagesDirName + "/webapp-no-ids");
118: dirHelper.setBaseDirectory(webappDestDirFile);
119: File webappPagesDirFile = new File(
120: "../../src/webapp/WEB-INF/pages");
121: dirHelper.copyFromAndTransform(webappPagesDirFile,
122: noCVSorSVNorBackups);
123:
124: // copy documents under webapp/pages folder without transforming them
125: webappDestDirFile = new File("target/testdata/"
126: + pagesDirName + "/webapp-ids");
127: dirHelper.setBaseDirectory(webappDestDirFile);
128: dirHelper.copyFrom(webappPagesDirFile, noCVSorSVNorBackups);
129:
130: IdGenerator idGen = new JetspeedIdGenerator(65536, "P-", "");
131: FileCache cache = new FileCache(10, 12);
132:
133: DocumentHandler psmlHandler = new CastorFileSystemDocumentHandler(
134: "/JETSPEED-INF/castor/page-mapping.xml",
135: Page.DOCUMENT_TYPE, PageImpl.class,
136: "target/testdata/" + pagesDirName, cache);
137: DocumentHandler linkHandler = new CastorFileSystemDocumentHandler(
138: "/JETSPEED-INF/castor/page-mapping.xml",
139: Link.DOCUMENT_TYPE, LinkImpl.class,
140: "target/testdata/" + pagesDirName, cache);
141: DocumentHandler folderMetaDataHandler = new CastorFileSystemDocumentHandler(
142: "/JETSPEED-INF/castor/page-mapping.xml",
143: FolderMetaDataImpl.DOCUMENT_TYPE,
144: FolderMetaDataImpl.class, "target/testdata/"
145: + pagesDirName, cache);
146: DocumentHandler pageSecurityHandler = new CastorFileSystemDocumentHandler(
147: "/JETSPEED-INF/castor/page-mapping.xml",
148: PageSecurityImpl.DOCUMENT_TYPE, PageSecurity.class,
149: "target/testdata/" + pagesDirName, cache);
150:
151: DocumentHandlerFactory handlerFactory = new DocumentHandlerFactoryImpl();
152: handlerFactory.registerDocumentHandler(psmlHandler);
153: handlerFactory.registerDocumentHandler(linkHandler);
154: handlerFactory
155: .registerDocumentHandler(folderMetaDataHandler);
156: handlerFactory.registerDocumentHandler(pageSecurityHandler);
157: FolderHandler folderHandler = new FileSystemFolderHandler(
158: "target/testdata/" + pagesDirName, handlerFactory,
159: cache);
160:
161: return new CastorXmlPageManager(idGen, handlerFactory,
162: folderHandler, cache, permissionsEnabled,
163: constraintsEnabled);
164: }
165:
166: /**
167: * makeListFromCSV
168: *
169: * Create List of String values from CSV String for principals/permissions.
170: *
171: * @param csv CSV string
172: * @return values list
173: */
174: static List makeListFromCSV(String csv) {
175: if (csv != null) {
176: List csvList = new ArrayList();
177: if (csv.indexOf(',') != -1) {
178: StringTokenizer csvTokens = new StringTokenizer(
179: csv, ",");
180: while (csvTokens.hasMoreTokens()) {
181: csvList.add(csvTokens.nextToken().trim());
182: }
183: } else {
184: csvList.add(csv);
185: }
186: return csvList;
187: }
188: return null;
189: }
190:
191: /**
192: * makeCSVFromList
193: *
194: * Create CSV String for principals/permissions from List of String values
195: *
196: * @param list values list
197: * @return CSV string
198: */
199: static String makeCSVFromList(List list) {
200: if ((list != null) && !list.isEmpty()) {
201: StringBuffer csv = new StringBuffer();
202: Iterator listIter = list.iterator();
203: while (listIter.hasNext()) {
204: if (csv.length() > 0) {
205: csv.append(",");
206: }
207: csv.append((String) listIter.next());
208: }
209: return csv.toString();
210: }
211: return null;
212: }
213:
214: /**
215: * testSecurePageManager
216: *
217: * @param test case
218: * @param page manager
219: */
220: static void testSecurePageManager(final TestCase test,
221: final PageManager pageManager) throws Exception {
222: // tracking
223: final String[] somePortletId = new String[1];
224:
225: // reset page manager cache
226: pageManager.reset();
227:
228: // setup test subjects
229: Principal userPrincipal = new UserPrincipalImpl("admin");
230: Principal rolePrincipal = new RolePrincipalImpl("admin");
231: Set principals = new PrincipalsSet();
232: principals.add(userPrincipal);
233: principals.add(rolePrincipal);
234: Subject adminSubject = new Subject(true, principals,
235: new HashSet(), new HashSet());
236:
237: userPrincipal = new UserPrincipalImpl("user");
238: principals = new PrincipalsSet();
239: principals.add(userPrincipal);
240: Subject userSubject = new Subject(true, principals,
241: new HashSet(), new HashSet());
242:
243: userPrincipal = new UserPrincipalImpl("manager");
244: rolePrincipal = new RolePrincipalImpl("manager");
245: principals = new PrincipalsSet();
246: principals.add(userPrincipal);
247: principals.add(rolePrincipal);
248: Subject managerSubject = new Subject(true, principals,
249: new HashSet(), new HashSet());
250:
251: userPrincipal = new UserPrincipalImpl("guest");
252: principals = new PrincipalsSet();
253: principals.add(userPrincipal);
254: Subject guestSubject = new Subject(true, principals,
255: new HashSet(), new HashSet());
256:
257: // setup test as admin user
258: Exception setup = (Exception) JSSubject.doAsPrivileged(
259: adminSubject, new PrivilegedAction() {
260: public Object run() {
261: try {
262: // reset page manager to initial state
263: try {
264: Folder removeRootFolder = pageManager
265: .getFolder("/");
266: pageManager
267: .removeFolder(removeRootFolder);
268: pageManager.reset();
269: } catch (FolderNotFoundException e) {
270: }
271:
272: // create test documents and folders
273: Folder folder = pageManager
274: .newFolder("/");
275: SecurityConstraints constraints = pageManager
276: .newSecurityConstraints();
277: constraints.setOwner("admin");
278: List constraintsRefs = new ArrayList(1);
279: constraintsRefs.add("public-view");
280: constraints
281: .setSecurityConstraintsRefs(constraintsRefs);
282: folder
283: .setSecurityConstraints(constraints);
284: pageManager.updateFolder(folder);
285:
286: PageSecurity pageSecurity = pageManager
287: .newPageSecurity();
288: List constraintsDefs = new ArrayList(2);
289: SecurityConstraintsDef constraintsDef = pageManager
290: .newSecurityConstraintsDef();
291: constraintsDef.setName("public-view");
292: List defConstraints = new ArrayList(1);
293: SecurityConstraint defConstraint = pageManager
294: .newPageSecuritySecurityConstraint();
295: defConstraint.setUsers(Shared
296: .makeListFromCSV("*"));
297: defConstraint.setPermissions(Shared
298: .makeListFromCSV("view"));
299: defConstraints.add(defConstraint);
300: constraintsDef
301: .setSecurityConstraints(defConstraints);
302: constraintsDefs.add(constraintsDef);
303: constraintsDef = pageManager
304: .newSecurityConstraintsDef();
305: constraintsDef.setName("admin-all");
306: defConstraints = new ArrayList(1);
307: defConstraint = pageManager
308: .newPageSecuritySecurityConstraint();
309: defConstraint.setRoles(Shared
310: .makeListFromCSV("admin"));
311: defConstraint.setPermissions(Shared
312: .makeListFromCSV("view,edit"));
313: defConstraints.add(defConstraint);
314: constraintsDef
315: .setSecurityConstraints(defConstraints);
316: constraintsDefs.add(constraintsDef);
317: pageSecurity
318: .setSecurityConstraintsDefs(constraintsDefs);
319: List globalConstraintsRefs = new ArrayList(
320: 1);
321: globalConstraintsRefs.add("admin-all");
322: pageSecurity
323: .setGlobalSecurityConstraintsRefs(globalConstraintsRefs);
324: pageManager
325: .updatePageSecurity(pageSecurity);
326:
327: Page page = pageManager
328: .newPage("/default-page.psml");
329: constraints = pageManager
330: .newSecurityConstraints();
331: constraints.setOwner("admin");
332: List inlineConstraints = new ArrayList(
333: 1);
334: SecurityConstraint constraint = pageManager
335: .newPageSecurityConstraint();
336: constraint.setRoles(Shared
337: .makeListFromCSV("manager"));
338: constraint.setPermissions(Shared
339: .makeListFromCSV("edit"));
340: inlineConstraints.add(constraint);
341: constraints
342: .setSecurityConstraints(inlineConstraints);
343: constraintsRefs = new ArrayList(1);
344: constraintsRefs.add("public-view");
345: constraints
346: .setSecurityConstraintsRefs(constraintsRefs);
347: page
348: .setSecurityConstraints(constraints);
349: Fragment root = page.getRootFragment();
350: root
351: .setName("jetspeed-layouts::VelocityTwoColumns");
352: Fragment portlet = pageManager
353: .newPortletFragment();
354: portlet
355: .setName("security::LoginPortlet");
356: root.getFragments().add(portlet);
357: portlet = pageManager
358: .newPortletFragment();
359: portlet
360: .setName("some-app::SomePortlet");
361: SecurityConstraints fragmentConstraints = pageManager
362: .newSecurityConstraints();
363: fragmentConstraints.setOwner("user");
364: portlet
365: .setSecurityConstraints(fragmentConstraints);
366: root.getFragments().add(portlet);
367: pageManager.updatePage(page);
368: TestCase.assertNotNull(page
369: .getRootFragment());
370: TestCase.assertNotNull(page
371: .getRootFragment()
372: .getFragments());
373: TestCase.assertEquals(2, page
374: .getRootFragment()
375: .getFragments().size());
376: TestCase.assertEquals(
377: "some-app::SomePortlet",
378: ((Fragment) page
379: .getRootFragment()
380: .getFragments().get(1))
381: .getName());
382: TestCase.assertFalse("0"
383: .equals(((Fragment) page
384: .getRootFragment()
385: .getFragments().get(1))
386: .getId()));
387: somePortletId[0] = ((Fragment) page
388: .getRootFragment()
389: .getFragments().get(1)).getId();
390:
391: page = pageManager
392: .newPage("/user-page.psml");
393: constraints = pageManager
394: .newSecurityConstraints();
395: inlineConstraints = new ArrayList(1);
396: constraint = pageManager
397: .newPageSecurityConstraint();
398: constraint.setUsers(Shared
399: .makeListFromCSV("user"));
400: constraint.setPermissions(Shared
401: .makeListFromCSV("view,edit"));
402: inlineConstraints.add(constraint);
403: constraints
404: .setSecurityConstraints(inlineConstraints);
405: page
406: .setSecurityConstraints(constraints);
407: pageManager.updatePage(page);
408:
409: Link link = pageManager
410: .newLink("/default.link");
411: link.setUrl("http://www.default.org/");
412: constraints = pageManager
413: .newSecurityConstraints();
414: constraints.setOwner("admin");
415: inlineConstraints = new ArrayList(1);
416: constraint = pageManager
417: .newLinkSecurityConstraint();
418: constraint.setRoles(Shared
419: .makeListFromCSV("manager"));
420: constraint.setPermissions(Shared
421: .makeListFromCSV("edit"));
422: inlineConstraints.add(constraint);
423: constraints
424: .setSecurityConstraints(inlineConstraints);
425: link
426: .setSecurityConstraints(constraints);
427: pageManager.updateLink(link);
428:
429: return null;
430: } catch (Exception e) {
431: return e;
432: }
433: }
434: }, null);
435: if (setup != null) {
436: throw setup;
437: }
438:
439: // reset page manager cache
440: pageManager.reset();
441:
442: // access test as admin user
443: Exception adminAccess = (Exception) JSSubject
444: .doAsPrivileged(adminSubject,
445: new PrivilegedAction() {
446: public Object run() {
447: try {
448: // test view access
449: Folder folder = pageManager
450: .getFolder("/");
451: TestCase.assertNotNull(folder
452: .getPageSecurity());
453: TestCase.assertNotNull(folder
454: .getPages());
455: TestCase.assertEquals(2, folder
456: .getPages().size());
457: TestCase
458: .assertNotNull(pageManager
459: .getPages(folder));
460: TestCase.assertEquals(2,
461: pageManager.getPages(
462: folder).size());
463: PageSecurity pageSecurity = pageManager
464: .getPageSecurity();
465: Page page0 = pageManager
466: .getPage("/default-page.psml");
467: TestCase.assertNotNull(page0
468: .getRootFragment());
469: TestCase.assertNotNull(page0
470: .getRootFragment()
471: .getFragments());
472: TestCase.assertEquals(2, page0
473: .getRootFragment()
474: .getFragments().size());
475: TestCase
476: .assertNotNull(page0
477: .getFragmentById(somePortletId[0]));
478: TestCase
479: .assertNotNull(page0
480: .getFragmentsByName("some-app::SomePortlet"));
481: TestCase
482: .assertEquals(
483: 1,
484: page0
485: .getFragmentsByName(
486: "some-app::SomePortlet")
487: .size());
488: Page page1 = pageManager
489: .getPage("/user-page.psml");
490: Link link = pageManager
491: .getLink("/default.link");
492: // test edit access
493: pageManager
494: .updateFolder(folder);
495: pageManager
496: .updatePageSecurity(pageSecurity);
497: pageManager.updatePage(page0);
498: pageManager.updatePage(page1);
499: pageManager.updateLink(link);
500: return null;
501: } catch (Exception e) {
502: return e;
503: }
504: }
505: }, null);
506: if (adminAccess != null) {
507: throw adminAccess;
508: }
509:
510: // access test as user user
511: Exception userAccess = (Exception) JSSubject
512: .doAsPrivileged(userSubject,
513: new PrivilegedAction() {
514: public Object run() {
515: try {
516: // test view access
517: Folder folder = pageManager
518: .getFolder("/");
519: TestCase.assertNotNull(folder
520: .getPageSecurity());
521: TestCase.assertNotNull(folder
522: .getPages());
523: TestCase.assertEquals(2, folder
524: .getPages().size());
525: PageSecurity pageSecurity = pageManager
526: .getPageSecurity();
527: Page page0 = pageManager
528: .getPage("/default-page.psml");
529: TestCase.assertNotNull(page0
530: .getRootFragment());
531: TestCase.assertNotNull(page0
532: .getRootFragment()
533: .getFragments());
534: TestCase.assertEquals(2, page0
535: .getRootFragment()
536: .getFragments().size());
537: TestCase
538: .assertNotNull(page0
539: .getFragmentById(somePortletId[0]));
540: TestCase
541: .assertNotNull(page0
542: .getFragmentsByName("some-app::SomePortlet"));
543: TestCase
544: .assertEquals(
545: 1,
546: page0
547: .getFragmentsByName(
548: "some-app::SomePortlet")
549: .size());
550: Page page1 = pageManager
551: .getPage("/user-page.psml");
552: Link link = pageManager
553: .getLink("/default.link");
554: // test edit access
555: try {
556: pageManager
557: .updateFolder(folder);
558: TestCase
559: .assertTrue(
560: "Folder / not editable for user",
561: false);
562: } catch (SecurityException se) {
563: }
564: try {
565: pageManager
566: .updatePageSecurity(pageSecurity);
567: TestCase
568: .assertTrue(
569: "PageSecurity not editable for user",
570: false);
571: } catch (SecurityException se) {
572: }
573: try {
574: pageManager
575: .updatePage(page0);
576: TestCase
577: .assertTrue(
578: "Page /default-page.psml not editable for user",
579: false);
580: } catch (SecurityException se) {
581: }
582: pageManager.updatePage(page1);
583: try {
584: pageManager
585: .updateLink(link);
586: TestCase
587: .assertTrue(
588: "Page /default.link not editable for user",
589: false);
590: } catch (SecurityException se) {
591: }
592: return null;
593: } catch (Exception e) {
594: return e;
595: }
596: }
597: }, null);
598: if (userAccess != null) {
599: throw userAccess;
600: }
601:
602: // access test as manager user
603: Exception managerAccess = (Exception) JSSubject
604: .doAsPrivileged(managerSubject,
605: new PrivilegedAction() {
606: public Object run() {
607: try {
608: // test view access
609: Folder folder = pageManager
610: .getFolder("/");
611: TestCase.assertNotNull(folder
612: .getPageSecurity());
613: TestCase.assertNotNull(folder
614: .getPages());
615: TestCase.assertEquals(1, folder
616: .getPages().size());
617: PageSecurity pageSecurity = pageManager
618: .getPageSecurity();
619: Page page0 = pageManager
620: .getPage("/default-page.psml");
621: TestCase.assertNotNull(page0
622: .getRootFragment());
623: TestCase.assertNotNull(page0
624: .getRootFragment()
625: .getFragments());
626: TestCase.assertEquals(1, page0
627: .getRootFragment()
628: .getFragments().size());
629: TestCase
630: .assertNull(page0
631: .getFragmentById(somePortletId[0]));
632: TestCase
633: .assertTrue(page0
634: .getFragmentsByName(
635: "some-app::SomePortlet")
636: .isEmpty());
637: Link link = pageManager
638: .getLink("/default.link");
639: try {
640: pageManager
641: .getPage("/user-page.psml");
642: TestCase
643: .assertTrue(
644: "Page /user-page.psml not viewable for manager",
645: false);
646: } catch (SecurityException se) {
647: }
648: // test edit access
649: try {
650: pageManager
651: .updateFolder(folder);
652: TestCase
653: .assertTrue(
654: "Folder / not editable for manager",
655: false);
656: } catch (SecurityException se) {
657: }
658: try {
659: pageManager
660: .updatePageSecurity(pageSecurity);
661: TestCase
662: .assertTrue(
663: "PageSecurity not editable for manager",
664: false);
665: } catch (SecurityException se) {
666: }
667: pageManager.updatePage(page0);
668: pageManager.updateLink(link);
669: return null;
670: } catch (Exception e) {
671: return e;
672: }
673: }
674: }, null);
675: if (managerAccess != null) {
676: throw managerAccess;
677: }
678:
679: // access test as guest user
680: Exception guestAccess = (Exception) JSSubject
681: .doAsPrivileged(guestSubject,
682: new PrivilegedAction() {
683: public Object run() {
684: try {
685: // test view access
686: Folder folder = pageManager
687: .getFolder("/");
688: TestCase.assertNotNull(folder
689: .getPageSecurity());
690: TestCase.assertNotNull(folder
691: .getPages());
692: TestCase.assertEquals(1, folder
693: .getPages().size());
694: PageSecurity pageSecurity = pageManager
695: .getPageSecurity();
696: Page page0 = pageManager
697: .getPage("/default-page.psml");
698: TestCase.assertNotNull(page0
699: .getRootFragment());
700: TestCase.assertNotNull(page0
701: .getRootFragment()
702: .getFragments());
703: TestCase.assertEquals(1, page0
704: .getRootFragment()
705: .getFragments().size());
706: TestCase
707: .assertNull(page0
708: .getFragmentById(somePortletId[0]));
709: TestCase
710: .assertTrue(page0
711: .getFragmentsByName(
712: "some-app::SomePortlet")
713: .isEmpty());
714: Link link = pageManager
715: .getLink("/default.link");
716: try {
717: pageManager
718: .getPage("/user-page.psml");
719: TestCase
720: .assertTrue(
721: "Page /user-page.psml not viewable for guest",
722: false);
723: } catch (SecurityException se) {
724: }
725: // test edit access
726: try {
727: pageManager
728: .updateFolder(folder);
729: TestCase
730: .assertTrue(
731: "Folder / not editable for guest",
732: false);
733: } catch (SecurityException se) {
734: }
735: try {
736: pageManager
737: .updatePageSecurity(pageSecurity);
738: TestCase
739: .assertTrue(
740: "PageSecurity not editable for guest",
741: false);
742: } catch (SecurityException se) {
743: }
744: try {
745: pageManager
746: .updatePage(page0);
747: TestCase
748: .assertTrue(
749: "Page /default-page.psml not editable for guest",
750: false);
751: } catch (SecurityException se) {
752: }
753: try {
754: pageManager
755: .updateLink(link);
756: TestCase
757: .assertTrue(
758: "Page /default.link not editable for guest",
759: false);
760: } catch (SecurityException se) {
761: }
762: return null;
763: } catch (Exception e) {
764: return e;
765: }
766: }
767: }, null);
768: if (guestAccess != null) {
769: throw guestAccess;
770: }
771:
772: // reset page manager cache
773: pageManager.reset();
774:
775: // cleanup test as admin user
776: Exception cleanup = (Exception) JSSubject.doAsPrivileged(
777: adminSubject, new PrivilegedAction() {
778: public Object run() {
779: try {
780: // cleanup by removing root folder
781: try {
782: Folder remove = pageManager
783: .getFolder("/");
784: TestCase.assertEquals("/", remove
785: .getPath());
786: pageManager.removeFolder(remove);
787: } catch (FolderNotFoundException e) {
788: TestCase
789: .assertTrue(
790: "Folder / NOT FOUND",
791: false);
792: }
793:
794: return null;
795: } catch (Exception e) {
796: return e;
797: }
798: }
799: }, null);
800: if (cleanup != null) {
801: throw cleanup;
802: }
803: }
804: }
805:
806: /**
807: * PageManagerPermissionsPolicy
808: *
809: * Policy implementation for permissions based security
810: * tests against testSecurePageManager test case above.
811: */
812: static class PageManagerPermissionsPolicy extends Policy {
813: private Policy defaultPolicy;
814:
815: public PageManagerPermissionsPolicy(Policy defaultPolicy) {
816: this .defaultPolicy = defaultPolicy;
817: }
818:
819: public boolean implies(ProtectionDomain domain,
820: Permission permission) {
821: // classify policy query for local test case; this implementation
822: // is not optimized: multiple protection domains exist on the
823: // call stack, so this method will be invoked 2-3 times for each
824: // access check with the identical principals and permission
825: Principal[] principals = domain.getPrincipals();
826: if ((principals != null)
827: && (principals.length > 0)
828: && ((permission instanceof FolderPermission)
829: || (permission instanceof PagePermission) || (permission instanceof FragmentPermission))) {
830: // check permission using principals if available
831: Permissions permissions = new Permissions();
832: for (int i = 0; (i < principals.length); i++) {
833: if (principals[i] instanceof UserPrincipal) {
834: // get permissions for users
835: String user = principals[i].getName();
836: if (user.equals("admin")) {
837: // owner permissions
838: permissions.add(new FolderPermission("/",
839: "view, edit"));
840: permissions
841: .add(new PagePermission(
842: "/default-page.psml",
843: "view, edit"));
844: } else if (user.equals("user")) {
845: // owner permissions
846: permissions
847: .add(new FragmentPermission(
848: "/default-page.psml/some-app::SomePortlet",
849: "view, edit"));
850:
851: // granted permissions
852: permissions.add(new PagePermission(
853: "/user-page.psml", "view, edit"));
854: permissions.add(new FragmentPermission(
855: "/user-page.psml/*", "view"));
856: }
857:
858: // public view permissions
859: permissions.add(new FolderPermission("/",
860: "view"));
861: permissions.add(new PagePermission(
862: "/default-page.psml", "view"));
863: permissions.add(new PagePermission(
864: "/page.security", "view"));
865: permissions.add(new FragmentPermission(
866: "security::*", "view"));
867: } else if (principals[i] instanceof RolePrincipal) {
868: // get permissions for roles
869: String role = principals[i].getName();
870: if (role.equals("admin")) {
871: // global permissions
872: permissions.add(new FolderPermission(
873: "<<ALL FILES>>", "view, edit"));
874: permissions.add(new FragmentPermission(
875: "<<ALL FRAGMENTS>>", "view, edit"));
876: } else if (role.equals("manager")) {
877: // granted permissions
878: permissions.add(new PagePermission(
879: "/default-page.psml", "edit"));
880: permissions.add(new PagePermission(
881: "/default.link", "edit"));
882: }
883: }
884: }
885:
886: // check permission
887: if (permissions.implies(permission)) {
888: return true;
889: }
890: }
891:
892: // check default permissions
893: if (defaultPolicy != null) {
894: return defaultPolicy.implies(domain, permission);
895: }
896: return false;
897: }
898:
899: public PermissionCollection getPermissions(
900: ProtectionDomain domain) {
901: // return default permissions only since
902: // domain and permsission not available
903: if (defaultPolicy != null) {
904: return defaultPolicy.getPermissions(domain);
905: }
906: return new Permissions();
907: }
908:
909: public PermissionCollection getPermissions(CodeSource codesource) {
910: // return default permissions only since
911: // domain and permsission not available
912: if (defaultPolicy != null) {
913: return defaultPolicy.getPermissions(codesource);
914: }
915: return new Permissions();
916: }
917:
918: public void refresh() {
919: // propagate refresh
920: if (defaultPolicy != null) {
921: defaultPolicy.refresh();
922: }
923: }
924: }
925: }
|