1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.modules.actions.portlets;
18
19 import java.util.ArrayList;
20 import java.util.Iterator;
21 import java.util.Vector;
22
23 import org.apache.jetspeed.modules.actions.portlets.security.SecurityConstants;
24 import org.apache.jetspeed.om.registry.SecurityAccess;
25 import org.apache.jetspeed.om.registry.SecurityAllow;
26 import org.apache.jetspeed.om.registry.base.BaseSecurityAccess;
27 import org.apache.jetspeed.om.registry.base.BaseSecurityAllow;
28 import org.apache.jetspeed.om.registry.base.BaseSecurityAllowOwner;
29 import org.apache.jetspeed.om.registry.base.BaseSecurityEntry;
30 import org.apache.jetspeed.portal.portlets.VelocityPortlet;
31 import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
32 import org.apache.jetspeed.services.logging.JetspeedLogger;
33 import org.apache.jetspeed.services.JetspeedSecurity;
34 import org.apache.jetspeed.services.Registry;
35 import org.apache.turbine.util.DynamicURI;
36 import org.apache.turbine.util.RunData;
37 import org.apache.velocity.context.Context;
38
39 /***
40 * This action sets up the template context for managing of security entries in the Turbine database.
41 *
42 * @author <a href="mailto:jford@apache.org">Jeremy Ford</a>
43 * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
44 * @version $Id: $
45 */
46 public class SecurityUpdateAction extends RegistryUpdateAction
47 {
48 private static final String SECURITY_UPDATE_PANE = "security-form";
49
50 /***
51 * Static initialization of the logger for this class
52 */
53 private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(SecurityUpdateAction.class.getName());
54
55 public SecurityUpdateAction()
56 {
57 registryEntryName = "security_name";
58 registry = Registry.SECURITY;
59 pane = SECURITY_UPDATE_PANE;
60 }
61
62 /***
63 * @see org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction#buildNormalContext(VelocityPortlet, Context, RunData)
64 */
65 protected void buildNormalContext(
66 VelocityPortlet portlet,
67 Context context,
68 RunData rundata)
69 throws Exception
70 {
71 String mode =
72 rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
73 context.put(SecurityConstants.PARAM_MODE, mode);
74
75 String msgid =
76 rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
77 if (msgid != null)
78 {
79 int id = Integer.parseInt(msgid);
80 if (id < SecurityConstants.MESSAGES.length)
81 {
82 context.put(
83 SecurityConstants.PARAM_MSG,
84 SecurityConstants.MESSAGES[id]);
85 }
86 }
87
88 if (mode != null
89 && (mode.equals(SecurityConstants.PARAM_MODE_DELETE)
90 || mode.equals(SecurityConstants.PARAM_MODE_UPDATE)))
91 {
92 String securityName =
93 rundata.getParameters().getString("security_name");
94 BaseSecurityEntry securityEntry =
95 (BaseSecurityEntry) Registry.getEntry(
96 Registry.SECURITY,
97 securityName);
98
99 String subMode = rundata.getParameters().getString("subMode");
100 if (subMode != null)
101 {
102 context.put("subMode", subMode);
103 int accessIndex =
104 rundata.getParameters().getInt("access_index", -1);
105 if (accessIndex != -1)
106 {
107 context.put("accessIndex", new Integer(accessIndex));
108 accessIndex--;
109 BaseSecurityAccess securityAccess =
110 (BaseSecurityAccess) securityEntry.getAccesses().get(
111 accessIndex);
112 context.put("securityAccess", securityAccess);
113 }
114 }
115
116 Iterator permissionIter = JetspeedSecurity.getPermissions();
117 Iterator userIter = JetspeedSecurity.getUsers();
118 Iterator roleIter = JetspeedSecurity.getRoles();
119 Iterator groupIter = JetspeedSecurity.getGroups();
120
121 context.put("permissions", iteratorToCollection(permissionIter));
122 context.put("users", iteratorToCollection(userIter));
123 context.put("roles", iteratorToCollection(roleIter));
124 context.put("groups", iteratorToCollection(groupIter));
125
126 context.put("entry", securityEntry);
127 }
128
129 if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_INSERT)))
130 {
131 Iterator permissionIter = JetspeedSecurity.getPermissions();
132 context.put("permissions", permissionIter);
133 }
134 }
135
136 /***
137 * Update a security entry in the registry
138 * @param rundata The turbine rundata context for this request.
139 * @param context The velocity context for this request.
140 * @throws Exception
141 */
142 public void doAddaccess(RunData rundata, Context context) throws Exception
143 {
144 try
145 {
146 String securityName =
147 rundata.getParameters().getString("security_name");
148 BaseSecurityEntry securityEntry =
149 (BaseSecurityEntry) Registry.getEntry(
150 Registry.SECURITY,
151 securityName);
152
153 if (securityEntry != null)
154 {
155 String action =
156 rundata.getParameters().getString("access_action");
157
158 if (action != null && action.length() > 0)
159 {
160 BaseSecurityAccess securityAccess =
161 new BaseSecurityAccess();
162 securityAccess.setAction(action);
163
164 addAllow(rundata, securityAccess);
165
166 Vector accesses = securityEntry.getAccesses();
167 accesses.add(securityAccess);
168 securityEntry.setAccesses(accesses);
169
170 Registry.addEntry(Registry.SECURITY, securityEntry);
171 clearUserData(rundata);
172 }
173 else
174 {
175
176 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
177 rundata.setRedirectURI(duri.toString());
178 resetForm(rundata);
179 }
180 }
181 else
182 {
183 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
184 rundata.setRedirectURI(duri.toString());
185 resetForm(rundata);
186
187 logger.error("Failed to find registry entry while trying to add accesses");
188 }
189 }
190 catch (Exception e)
191 {
192 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_UPDATE_FAILED);
193 rundata.setRedirectURI(duri.toString());
194 resetForm(rundata);
195
196 logger.error("Exception", e);
197 }
198 }
199
200 /***
201 * Update a security entry in the registry
202 * @param rundata The turbine rundata context for this request.
203 * @param context The velocity context for this request.
204 * @throws Exception
205 */
206 public void doUpdateaccess(RunData rundata, Context context)
207 throws Exception
208 {
209 try
210 {
211 String securityName =
212 rundata.getParameters().getString("security_name");
213 BaseSecurityEntry securityEntry =
214 (BaseSecurityEntry) Registry.getEntry(
215 Registry.SECURITY,
216 securityName);
217 if (securityEntry != null)
218 {
219 int accessIndex =
220 rundata.getParameters().getInt("access_index", -1);
221 accessIndex--;
222 String action =
223 rundata.getParameters().getString("access_action");
224
225 if (accessIndex >= 0
226 && accessIndex < securityEntry.getAccesses().size())
227 {
228 BaseSecurityAccess securityAccess =
229 (BaseSecurityAccess) securityEntry.getAccesses().get(
230 accessIndex);
231 securityAccess.setAction(action);
232
233 Registry.addEntry(Registry.SECURITY, securityEntry);
234 clearUserData(rundata);
235 }
236 }
237 else
238 {
239 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
240 rundata.setRedirectURI(duri.toString());
241 resetForm(rundata);
242
243 logger.error("Failed to find registry entry while trying to update accesses");
244 }
245 }
246 catch (Exception e)
247 {
248 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_UPDATE_FAILED);
249 rundata.setRedirectURI(duri.toString());
250 resetForm(rundata);
251
252 logger.error("Exception", e);
253 }
254 }
255
256 /***
257 * Remove a access entry from a security entry in the registry
258 * @param rundata The turbine rundata context for this request.
259 * @param context The velocity context for this request.
260 * @throws Exception
261 */
262 public void doRemoveaccess(RunData rundata, Context context)
263 throws Exception
264 {
265 try
266 {
267 String securityName =
268 rundata.getParameters().getString("security_name");
269 BaseSecurityEntry securityEntry =
270 (BaseSecurityEntry) Registry.getEntry(
271 Registry.SECURITY,
272 securityName);
273 if (securityEntry != null)
274 {
275 int[] accessIndexes =
276 rundata.getParameters().getInts("access_index");
277
278 if (accessIndexes != null && accessIndexes.length > 0)
279 {
280 ArrayList deleteList = new ArrayList();
281
282 for (int i = 0; i < accessIndexes.length; i++)
283 {
284 int accessIndex = accessIndexes[i];
285 accessIndex--;
286
287 if (accessIndex >= 0
288 && accessIndex < securityEntry.getAccesses().size())
289 {
290 deleteList.add(
291 securityEntry.getAccesses().get(accessIndex));
292 }
293 else
294 {
295 logger.error(
296 "Access Index: " + i + " is out of range");
297 }
298 }
299
300
301 Vector accesses = securityEntry.getAccesses();
302 Iterator deleteIter = deleteList.iterator();
303 while (deleteIter.hasNext())
304 {
305 SecurityAccess sa = (SecurityAccess) deleteIter.next();
306 accesses.remove(sa);
307 }
308
309 securityEntry.setAccesses(accesses);
310
311 Registry.addEntry(Registry.SECURITY, securityEntry);
312 clearUserData(rundata);
313 }
314 else
315 {
316 DynamicURI duri =
317 redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
318 rundata.setRedirectURI(duri.toString());
319 resetForm(rundata);
320 }
321 }
322 else
323 {
324 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
325 rundata.setRedirectURI(duri.toString());
326 resetForm(rundata);
327
328 logger.error("Failed to find registry entry while trying to remove accesses");
329 }
330 }
331 catch (Exception e)
332 {
333 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_DELETE_FAILED);
334 rundata.setRedirectURI(duri.toString());
335 resetForm(rundata);
336
337 logger.error("Exception", e);
338 }
339 }
340
341 /***
342 * Update a security entry in the registry
343 * @param rundata The turbine rundata context for this request.
344 * @param context The velocity context for this request.
345 * @throws Exception
346 */
347 public void doAddallow(RunData rundata, Context context) throws Exception
348 {
349 try
350 {
351 String securityName =
352 rundata.getParameters().getString("security_name");
353 BaseSecurityEntry securityEntry =
354 (BaseSecurityEntry) Registry.getEntry(
355 Registry.SECURITY,
356 securityName);
357 if (securityEntry != null)
358 {
359 int accessIndex =
360 rundata.getParameters().getInt("access_index", -1);
361 accessIndex--;
362
363 if (accessIndex >= 0
364 && accessIndex < securityEntry.getAccesses().size())
365 {
366 BaseSecurityAccess securityAccess =
367 (BaseSecurityAccess) securityEntry.getAccesses().get(
368 accessIndex);
369 addAllow(rundata, securityAccess);
370 Registry.addEntry(Registry.SECURITY, securityEntry);
371 clearUserData(rundata);
372 }
373 else
374 {
375 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
376 rundata.setRedirectURI(duri.toString());
377 resetForm(rundata);
378 }
379 }
380 else
381 {
382 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
383 rundata.setRedirectURI(duri.toString());
384 resetForm(rundata);
385
386 logger.error("Failed to find registry entry while trying to add allow");
387 }
388 }
389 catch (Exception e)
390 {
391 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_UPDATE_FAILED);
392 rundata.setRedirectURI(duri.toString());
393 resetForm(rundata);
394
395 logger.error("Exception", e);
396 }
397 }
398
399 /***
400 * Update a security entry in the registry
401 * @param rundata The turbine rundata context for this request.
402 * @param context The velocity context for this request.
403 * @throws Exception
404 */
405 public void doRemoveallow(RunData rundata, Context context)
406 throws Exception
407 {
408 try
409 {
410 String securityName =
411 rundata.getParameters().getString("security_name");
412 BaseSecurityEntry securityEntry =
413 (BaseSecurityEntry) Registry.getEntry(
414 Registry.SECURITY,
415 securityName);
416 if (securityEntry != null)
417 {
418 int accessIndex =
419 rundata.getParameters().getInt("access_index", -1);
420 accessIndex--;
421
422 if (accessIndex >= 0
423 && accessIndex < securityEntry.getAccesses().size())
424 {
425 BaseSecurityAccess securityAccess =
426 (BaseSecurityAccess) securityEntry.getAccesses().get(
427 accessIndex);
428
429 String allowType =
430 rundata.getParameters().getString(
431 "allow_type",
432 "allows");
433 int[] allowIndexes =
434 rundata.getParameters().getInts("allow_index");
435
436 if (allowIndexes != null && allowIndexes.length > 0)
437 {
438 for (int i = 0; i < allowIndexes.length; i++)
439 {
440 int allowIndex = allowIndexes[i];
441 allowIndex--;
442
443 if (allowIndex >= 0)
444 {
445
446 if (allowType.equals("owner"))
447 {
448 securityAccess.getOwnerAllows().remove(
449 allowIndex);
450 }
451 else
452 {
453 securityAccess.getAllows().remove(
454 allowIndex);
455 }
456
457 Registry.addEntry(
458 Registry.SECURITY,
459 securityEntry);
460 clearUserData(rundata);
461 }
462 else
463 {
464 logger.error(
465 "Allow Index: "
466 + allowIndex
467 + " is out of range.");
468 }
469 }
470 }
471 else
472 {
473 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
474 rundata.setRedirectURI(duri.toString());
475 resetForm(rundata);
476 }
477 }
478 else
479 {
480 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
481 rundata.setRedirectURI(duri.toString());
482 resetForm(rundata);
483 }
484 }
485 else
486 {
487 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
488 rundata.setRedirectURI(duri.toString());
489 resetForm(rundata);
490
491 logger.error("Failed to find registry entry while trying to remove allow");
492 }
493 }
494 catch (Exception e)
495 {
496 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_DELETE_FAILED);
497 rundata.setRedirectURI(duri.toString());
498 resetForm(rundata);
499
500 logger.error("Exception", e);
501 }
502 }
503
504 private void addAllow(RunData rundata, BaseSecurityAccess securityAccess)
505 {
506 String allowType = rundata.getParameters().getString("allow_type");
507 String allowValue = rundata.getParameters().getString("allow_value");
508 String allowValue2 = rundata.getParameters().getString("allow_value2");
509
510 SecurityAllow allow = null;
511 if (allowType.equals("user"))
512 {
513 allow = new BaseSecurityAllow();
514 allow.setUser(allowValue);
515 securityAccess.getAllows().add(allow);
516 }
517 else if (allowType.equals("role"))
518 {
519 allow = new BaseSecurityAllow();
520 allow.setRole(allowValue);
521
522 securityAccess.getAllows().add(allow);
523 }
524 else if (allowType.equals("group"))
525 {
526 allow = new BaseSecurityAllow();
527 allow.setGroup(allowValue);
528
529 securityAccess.getAllows().add(allow);
530 }
531 else if (allowType.equals("groupRole"))
532 {
533 allow = new BaseSecurityAllow();
534 allow.setGroup(allowValue);
535 allow.setRole(allowValue2);
536
537 securityAccess.getAllows().add(allow);
538 }
539 else if (allowType.equals("owner"))
540 {
541 allow = new BaseSecurityAllowOwner();
542 allow.setOwner(true);
543
544 securityAccess.getOwnerAllows().add(allow);
545 }
546 else
547 {
548
549 }
550 }
551
552 /***
553 * Clears the temporary storage of any data that was used
554 * @param rundata
555 */
556 protected void clearUserData(RunData rundata)
557 {
558 try
559 {
560 super.clearUserData(rundata);
561
562 rundata.getUser().removeTemp("security_name");
563 rundata.getUser().removeTemp("allow_type");
564 rundata.getUser().removeTemp("allow_value");
565 rundata.getUser().removeTemp("access_index");
566 rundata.getUser().removeTemp("access_action");
567 }
568 catch (Exception e)
569 {
570 if (logger.isDebugEnabled())
571 {
572 logger.debug("SecurityUpdateAction: Failed to clear user data");
573 }
574 }
575 }
576
577 /***
578 * Populates the user's temp storage with form data
579 * @param rundata The turbine rundata context for this request.
580 */
581 protected void resetForm(RunData rundata)
582 {
583 String securityName =
584 rundata.getParameters().getString("security_name");
585 String allowType = rundata.getParameters().getString("allow_type");
586 String allowValue = rundata.getParameters().getString("allow_value");
587 String accessIndex = rundata.getParameters().getString("access_index");
588 String accessAction =
589 rundata.getParameters().getString("access_action");
590
591 rundata.getUser().setTemp("security_name", securityName);
592 rundata.getUser().setTemp("allow_type", allowType);
593 rundata.getUser().setTemp("allow_value", allowValue);
594 rundata.getUser().setTemp("access_index", accessIndex);
595 rundata.getUser().setTemp("access_action", accessAction);
596 }
597 }