Author: ate
Date: Tue Oct 4 20:17:59 2011
New Revision: 1178943
URL: http://svn.apache.org/viewvc?rev=1178943&view=rev
Log:
JS2-1267: Protected anonymous guest user against removal and restrict
modifications allowed
See: http://issues.apache.org/jira/browse/JS2-1267
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
Modified:
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java?rev=1178943&r1=1178942&r2=1178943&view=diff
==============================================================================
---
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
(original)
+++
portals/jetspeed-2/applications/j2-admin/trunk/src/main/java/org/apache/jetspeed/portlets/security/JetspeedPrincipalManagementPortlet.java
Tue Oct 4 20:17:59 2011
@@ -1996,6 +1996,7 @@ public class JetspeedPrincipalManagement
TabbedPanel panel = (TabbedPanel) get("tabs");
ITab tab;
panel.getTabs().clear();
+ boolean guestUserSelected;
if (userSelecteed)
{
if (principalType.getName().equals(JetspeedPrincipalType.USER))
@@ -2027,26 +2028,21 @@ public class JetspeedPrincipalManagement
return;
}
}
- tab = new AbstractTab(new Model("Status"))
+ guestUserSelected =
(principalType.getName().equals(JetspeedPrincipalType.USER) &&
+
principal.getName().equals(((UserManager)getManager()).getAnonymousUser()));
+
+ if (!guestUserSelected)
{
- public Panel getPanel(String panelId)
+ // if guest user: don't show status panel
+ tab = new AbstractTab(new Model("Status"))
{
- return new PrincipalStatusPanel(panelId);
- }
- };
- panel.getTabs().add(tab);
- if (principalType.getName().equals(JetspeedPrincipalType.USER))
- {
- tab = new AbstractTab(new Model("User Profile"))
- {
-
public Panel getPanel(String panelId)
{
- return new UserPrincipalProfilePanel(panelId);
+ return new PrincipalStatusPanel(panelId);
}
};
panel.getTabs().add(tab);
- }
+ }
tab = new AbstractTab(new Model("Associations"))
{
@@ -2065,7 +2061,7 @@ public class JetspeedPrincipalManagement
}
};
panel.getTabs().add(tab);
- if (principalType.getName().equals(JetspeedPrincipalType.USER))
+ if (!guestUserSelected &&
principalType.getName().equals(JetspeedPrincipalType.USER))
{
tab = new AbstractTab(new Model("Credentials"))
{
@@ -2077,6 +2073,18 @@ public class JetspeedPrincipalManagement
};
panel.getTabs().add(tab);
}
+ if (principalType.getName().equals(JetspeedPrincipalType.USER))
+ {
+ tab = new AbstractTab(new Model("User Profile"))
+ {
+
+ public Panel getPanel(String panelId)
+ {
+ return new UserPrincipalProfilePanel(panelId);
+ }
+ };
+ panel.getTabs().add(tab);
+ }
panel.setSelectedTab(0);
} else
{
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
URL:
http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java?rev=1178943&r1=1178942&r2=1178943&view=diff
==============================================================================
---
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
(original)
+++
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/UserManagerImpl.java
Tue Oct 4 20:17:59 2011
@@ -238,11 +238,30 @@ public class UserManagerImpl extends Bas
public void removeUser(String username) throws SecurityException
{
+ if (username != null && username.equals(getAnonymousUser()))
+ {
+ throw new
SecurityException(SecurityException.ANONYMOUS_USER_PROTECTED.create(username));
+ }
JetspeedPrincipal user;
user = getUser(username);
super.removePrincipal(user);
}
+
+ public void removePrincipal(String principalName) throws
SecurityException
+ {
+ removeUser(principalName);
+ }
+
+ public void removePrincipal(JetspeedPrincipal principal) throws
SecurityException
+ {
+ validatePrincipal(principal);
+ if (principal.getName().equals(getAnonymousUser()))
+ {
+ throw new
SecurityException(SecurityException.ANONYMOUS_USER_PROTECTED.create(principal.getName()));
+ }
+ super.removePrincipal(principal);
+ }
public void storePasswordCredential(PasswordCredential credential)
throws SecurityException
{
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
