Author: ate
Date: Wed May 11 01:14:36 2011
New Revision: 1101715
URL: http://svn.apache.org/viewvc?rev=1101715&view=rev
Log:
JS2-1251: Add support for partly or fully readonly mapping (Ldap) backend:
- configurable global readonly state on mapping SecurityEntityManager
(DefaultLDAPEntityManager)
- configurable allowed create/update/delete operations on entity type level
- configurable allowed create/delete operations on entity relation type level
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/EntityFactory.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/SecurityEntityManager.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/impl/SecurityEntityRelationTypeImpl.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/EntityFactoryImpl.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/dao/DefaultLDAPEntityManager.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/model/SecurityEntityRelationType.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapAssociationStorageManager.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapStorageManager.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityDAO.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityRelationDAO.java
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/EntityFactory.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/EntityFactory.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/EntityFactory.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/EntityFactory.java
Wed May 11 01:14:36 2011
@@ -33,4 +33,10 @@ public interface EntityFactory
Entity createEntity(JetspeedPrincipal principal);
Entity loadEntity(Object providerContext);
+
+ boolean isCreateAllowed();
+
+ boolean isRemoveAllowed();
+
+ boolean isUpdateAllowed();
}
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/SecurityEntityManager.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/SecurityEntityManager.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/SecurityEntityManager.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/SecurityEntityManager.java
Wed May 11 01:14:36 2011
@@ -28,6 +28,8 @@ import org.apache.jetspeed.security.mapp
*/
public interface SecurityEntityManager
{
+ boolean isReadOnly();
+
Set<String> getSupportedEntityTypes();
Set<SecurityEntityRelationType> getSupportedEntityRelationTypes();
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/impl/SecurityEntityRelationTypeImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/impl/SecurityEntityRelationTypeImpl.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/impl/SecurityEntityRelationTypeImpl.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/impl/SecurityEntityRelationTypeImpl.java
Wed May 11 01:14:36 2011
@@ -27,6 +27,8 @@ public class SecurityEntityRelationTypeI
private final String fromEntityType;
private final String toEntityType;
private final String relationType;
+ private final boolean createAllowed;
+ private final boolean removeAllowed;
private final int hashCode;
public SecurityEntityRelationTypeImpl(SecurityEntityRelationType src)
@@ -36,12 +38,19 @@ public class SecurityEntityRelationTypeI
public SecurityEntityRelationTypeImpl(String relationType, String
sourceEntityType, String targetEntityType)
{
+ this(relationType, sourceEntityType, targetEntityType, true, true);
+ }
+
+ public SecurityEntityRelationTypeImpl(String relationType, String
sourceEntityType, String targetEntityType, boolean createAllowed, boolean
removeAllowed)
+ {
this.relationType = relationType;
this.fromEntityType = sourceEntityType;
this.toEntityType = targetEntityType;
+ this.createAllowed = createAllowed;
+ this.removeAllowed = removeAllowed;
this.hashCode = relationType.hashCode() + sourceEntityType.hashCode()
+ targetEntityType.hashCode();
}
-
+
@Override
public int hashCode()
{
@@ -73,4 +82,14 @@ public class SecurityEntityRelationTypeI
{
return relationType;
}
+
+ public boolean isCreateAllowed()
+ {
+ return createAllowed;
+ }
+
+ public boolean isRemoveAllowed()
+ {
+ return removeAllowed;
+ }
}
\ No newline at end of file
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/EntityFactoryImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/EntityFactoryImpl.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/EntityFactoryImpl.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/EntityFactoryImpl.java
Wed May 11 01:14:36 2011
@@ -48,7 +48,10 @@ import org.springframework.ldap.support.
*/
public class EntityFactoryImpl implements EntityFactory
{
- LDAPEntityDAOConfiguration searchConfiguration;
+ private LDAPEntityDAOConfiguration searchConfiguration;
+ private boolean createAllowed = true;
+ private boolean updateAllowed = true;
+ private boolean removeAllowed = true;
public EntityFactoryImpl(LDAPEntityDAOConfiguration searchConfiguration)
{
@@ -60,6 +63,36 @@ public class EntityFactoryImpl implement
return searchConfiguration.getEntityType();
}
+ public boolean isCreateAllowed()
+ {
+ return createAllowed;
+ }
+
+ public void setCreateAllowed(boolean createAllowed)
+ {
+ this.createAllowed = createAllowed;
+ }
+
+ public boolean isUpdateAllowed()
+ {
+ return updateAllowed;
+ }
+
+ public void setUpdateAllowed(boolean updateAllowed)
+ {
+ this.updateAllowed = updateAllowed;
+ }
+
+ public boolean isRemoveAllowed()
+ {
+ return removeAllowed;
+ }
+
+ public void setRemoveAllowed(boolean removeAllowed)
+ {
+ this.removeAllowed = removeAllowed;
+ }
+
protected EntityImpl internalCreateEntity(String entityId, String
internalId, Set<Attribute> attributes)
{
EntityImpl entity = new
EntityImpl(searchConfiguration.getEntityType(), entityId,
searchConfiguration.getAttributeDefinitionsMap());
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/dao/DefaultLDAPEntityManager.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/dao/DefaultLDAPEntityManager.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/dao/DefaultLDAPEntityManager.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/ldap/dao/DefaultLDAPEntityManager.java
Wed May 11 01:14:36 2011
@@ -16,7 +16,6 @@
*/
package org.apache.jetspeed.security.mapping.ldap.dao;
-import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -37,6 +36,8 @@ import org.apache.jetspeed.security.mapp
*/
public class DefaultLDAPEntityManager implements SecurityEntityManager
{
+ private boolean readOnly;
+
// entity type DAOs
private Map<String, EntityDAO> entityDAOs =
new HashMap<String, EntityDAO>();
private Map<SecurityEntityRelationType, EntityRelationDAO>
entityRelationDAOs = new HashMap<SecurityEntityRelationType,
EntityRelationDAO>();
@@ -44,6 +45,13 @@ public class DefaultLDAPEntityManager im
public DefaultLDAPEntityManager(List<EntityDAO> entityDAOs,
List<EntityRelationDAO> entityRelationDAOs)
{
+ this(entityDAOs, entityRelationDAOs, false);
+ }
+
+ public DefaultLDAPEntityManager(List<EntityDAO> entityDAOs,
List<EntityRelationDAO> entityRelationDAOs, boolean readOnly)
+ {
+ this.readOnly = readOnly;
+
for (EntityDAO entityDAO: entityDAOs)
{
this.entityDAOs.put(entityDAO.getEntityType(), entityDAO);
@@ -67,6 +75,11 @@ public class DefaultLDAPEntityManager im
}
}
+ public boolean isReadOnly()
+ {
+ return readOnly;
+ }
+
public SecurityEntityRelationType getSupportedEntityRelationType(String
relationType, String fromEntityType, String toEntityType)
{
SecurityEntityRelationType key = new
SecurityEntityRelationTypeImpl(relationType, fromEntityType, toEntityType);
@@ -92,9 +105,18 @@ public class DefaultLDAPEntityManager im
{
return entityDAOs.get(entity.getType());
}
-
+
+ private void checkReadOnly(String methodName) throws SecurityException
+ {
+ if (readOnly)
+ {
+ throw new
SecurityException(SecurityException.UNEXPECTED.create("DefaultLDAPEntityManager",
methodName, "ReadOnly LDAP"));
+ }
+ }
+
public void addRelation(String fromEntityId, String toEntityId,
SecurityEntityRelationType relationType) throws SecurityException
{
+ checkReadOnly("addRelation");
EntityRelationDAO dao = entityRelationDAOs.get(relationType instanceof
SecurityEntityRelationTypeImpl ? relationType : new
SecurityEntityRelationTypeImpl(relationType));
if (dao != null)
{
@@ -104,6 +126,7 @@ public class DefaultLDAPEntityManager im
public void removeRelation(String fromEntityId, String toEntityId,
SecurityEntityRelationType relationType) throws SecurityException
{
+ checkReadOnly("removeRelation");
EntityRelationDAO dao = entityRelationDAOs.get(relationType instanceof
SecurityEntityRelationTypeImpl ? relationType : new
SecurityEntityRelationTypeImpl(relationType));
if (dao != null)
{
@@ -160,6 +183,7 @@ public class DefaultLDAPEntityManager im
public void updateEntity(Entity entity) throws SecurityException
{
+ checkReadOnly("updateEntity");
EntityDAO dao = getDAOForEntity(entity);
if (dao != null)
{
@@ -169,6 +193,7 @@ public class DefaultLDAPEntityManager im
public void removeEntity(Entity entity) throws SecurityException
{
+ checkReadOnly("removeEntity");
EntityDAO dao = getDAOForEntity(entity);
if (dao != null)
{
@@ -178,6 +203,7 @@ public class DefaultLDAPEntityManager im
public void addEntity(Entity entity) throws SecurityException
{
+ checkReadOnly("addEntity");
EntityDAO dao = getDAOForEntity(entity);
if (dao != null)
{
@@ -187,6 +213,7 @@ public class DefaultLDAPEntityManager im
public void addEntity(Entity entity, Entity parentEntity) throws
SecurityException
{
+ checkReadOnly("addEntity");
EntityDAO parentEntityDao = getDAOForEntity(parentEntity);
EntityDAO dao = getDAOForEntity(entity);
Entity liveParentEntity = null;
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/model/SecurityEntityRelationType.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/model/SecurityEntityRelationType.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/model/SecurityEntityRelationType.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/mapping/model/SecurityEntityRelationType.java
Wed May 11 01:14:36 2011
@@ -27,4 +27,8 @@ public interface SecurityEntityRelationT
String getToEntityType();
String getRelationType();
+
+ boolean isCreateAllowed();
+
+ boolean isRemoveAllowed();
}
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapAssociationStorageManager.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapAssociationStorageManager.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapAssociationStorageManager.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapAssociationStorageManager.java
Wed May 11 01:14:36 2011
@@ -24,7 +24,7 @@ import org.apache.jetspeed.security.spi.
/**
* @author <a href="mailto:[email protected]";>Vivek Kumar</a>
- * @version $Id:
+ * @version $Id$
*/
public class JetspeedPrincipalLdapAssociationStorageManager implements
JetspeedPrincipalAssociationStorageManager
{
@@ -43,10 +43,10 @@ public class JetspeedPrincipalLdapAssoci
public void addAssociation(JetspeedPrincipal from, JetspeedPrincipal to,
String associationName) throws SecurityException
{
- if (!SynchronizationStateAccess.isSynchronizing())
+ if (!SynchronizationStateAccess.isSynchronizing() &&
!ldapEntityManager.isReadOnly())
{
SecurityEntityRelationType relationType =
ldapEntityManager.getSupportedEntityRelationType(associationName,
from.getType().getName(), to.getType().getName());
- if (relationType != null)
+ if (relationType != null && relationType.isCreateAllowed())
{
ldapEntityManager.addRelation(from.getName(), to.getName(),
relationType);
}
@@ -56,10 +56,10 @@ public class JetspeedPrincipalLdapAssoci
public void removeAssociation(JetspeedPrincipal from, JetspeedPrincipal
to, String associationName) throws SecurityException
{
- if (!SynchronizationStateAccess.isSynchronizing())
+ if (!SynchronizationStateAccess.isSynchronizing() &&
!ldapEntityManager.isReadOnly())
{
SecurityEntityRelationType relationType =
ldapEntityManager.getSupportedEntityRelationType(associationName,
from.getType().getName(), to.getType().getName());
- if (relationType != null)
+ if (relationType != null && relationType.isRemoveAllowed())
{
ldapEntityManager.removeRelation(from.getName(), to.getName(),
relationType);
}
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapStorageManager.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapStorageManager.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapStorageManager.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/JetspeedPrincipalLdapStorageManager.java
Wed May 11 01:14:36 2011
@@ -27,7 +27,7 @@ import org.apache.jetspeed.security.spi.
/**
* @author <a href="mailto:[email protected]";>Vivek Kumar</a>
- * @version $Id:
+ * @version $Id$
*/
public class JetspeedPrincipalLdapStorageManager implements
JetspeedPrincipalStorageManager
{
@@ -42,10 +42,13 @@ public class JetspeedPrincipalLdapStorag
public void addPrincipal(JetspeedPrincipal principal,
Set<JetspeedPrincipalAssociationReference> associations) throws
SecurityException
{
- EntityFactory entityFactory =
ldapEntityManager.getEntityFactory(principal.getType().getName());
- if (!SynchronizationStateAccess.isSynchronizing())
+ if (!SynchronizationStateAccess.isSynchronizing() &&
!ldapEntityManager.isReadOnly())
{
- ldapEntityManager.addEntity(entityFactory.createEntity(principal));
+ EntityFactory entityFactory =
ldapEntityManager.getEntityFactory(principal.getType().getName());
+ if (entityFactory.isCreateAllowed())
+ {
+
ldapEntityManager.addEntity(entityFactory.createEntity(principal));
+ }
}
delegateJpsm.addPrincipal(principal, associations);
}
@@ -57,20 +60,26 @@ public class JetspeedPrincipalLdapStorag
public void removePrincipal(JetspeedPrincipal principal) throws
SecurityException
{
- EntityFactory entityFactory =
ldapEntityManager.getEntityFactory(principal.getType().getName());
- if (!SynchronizationStateAccess.isSynchronizing())
+ if (!SynchronizationStateAccess.isSynchronizing() &&
!ldapEntityManager.isReadOnly())
{
-
ldapEntityManager.removeEntity(entityFactory.createEntity(principal));
+ EntityFactory entityFactory =
ldapEntityManager.getEntityFactory(principal.getType().getName());
+ if (entityFactory.isRemoveAllowed())
+ {
+
ldapEntityManager.removeEntity(entityFactory.createEntity(principal));
+ }
}
delegateJpsm.removePrincipal(principal);
}
public void updatePrincipal(JetspeedPrincipal principal) throws
SecurityException
{
- EntityFactory entityFactory =
ldapEntityManager.getEntityFactory(principal.getType().getName());
- if (!SynchronizationStateAccess.isSynchronizing())
+ if (!SynchronizationStateAccess.isSynchronizing() &&
!ldapEntityManager.isReadOnly())
{
-
ldapEntityManager.updateEntity(entityFactory.createEntity(principal));
+ EntityFactory entityFactory =
ldapEntityManager.getEntityFactory(principal.getType().getName());
+ if (entityFactory.isUpdateAllowed())
+ {
+
ldapEntityManager.updateEntity(entityFactory.createEntity(principal));
+ }
}
delegateJpsm.updatePrincipal(principal);
}
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityDAO.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityDAO.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityDAO.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityDAO.java
Wed May 11 01:14:36 2011
@@ -38,6 +38,9 @@ public class StubEntityDAO implements En
public Entity createEntity(JetspeedPrincipal principal) {return null; }
public String getEntityType() { return null; }
public Entity loadEntity(Object entity) { return (Entity)entity; }
+ public boolean isCreateAllowed() { return true; }
+ public boolean isRemoveAllowed() { return true; }
+ public boolean isUpdateAllowed() { return true; }
};
private Map<String,Entity> entities = new HashMap<String,Entity>();
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityRelationDAO.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityRelationDAO.java?rev=1101715&r1=1101714&r2=1101715&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityRelationDAO.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/test/java/org/apache/jetspeed/security/mapping/stubs/StubEntityRelationDAO.java
Wed May 11 01:14:36 2011
@@ -41,6 +41,9 @@ public class StubEntityRelationDAO imple
public Entity createEntity(JetspeedPrincipal principal) {return null; }
public String getEntityType() { return null; }
public Entity loadEntity(Object entity) { return (Entity)entity; }
+ public boolean isCreateAllowed() { return true; }
+ public boolean isRemoveAllowed() { return true; }
+ public boolean isUpdateAllowed() { return true; }
};
private Map<Entity,Collection<Entity>> fromTo = new
HashMap<Entity,Collection<Entity>>();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
