This is a commodity static accessor class around the + *
This is a commodity static accessor class around the
* JetspeedSecurityService
The GroupManagement interface describes contract between
+ *
The GroupManagement interface describes contract between
* the portal and security provider required for Jetspeed Group Management.
- * This interface enables an application to be independent of the underlying
+ * This interface enables an application to be independent of the underlying
* group management technology.
*
* @author David Sean Taylor
@@ -75,51 +76,51 @@
/**
* Retrieves all Groups for a given username principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param username a user principal identity to be retrieved.
* @return Iterator over all groups associated to the user principal.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
Iterator getGroups(String username)
throws JetspeedSecurityException;
/**
* Retrieves all Groups.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @return Iterator over all groups.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
Iterator getGroups()
throws JetspeedSecurityException;
/**
- * Adds a Group into permanent storage.
+ * Adds a Group into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void addGroup(Group group)
throws JetspeedSecurityException;
/**
- * Saves a Group into permanent storage.
+ * Saves a Group into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void saveGroup(Group group)
throws JetspeedSecurityException;
@@ -132,59 +133,97 @@
*
* @param groupname the principal identity of the group to be retrieved.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void removeGroup(String groupname)
throws JetspeedSecurityException;
/**
- * Joins a user to a group.
+ * Joins a user to a group.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving groups.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void joinGroup(String username, String groupname)
throws JetspeedSecurityException;
/**
- * Unjoins a user from a group.
+ * Joins a user into a group with a specific role.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving groups.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ void joinGroup(String username, String groupname, String rolename)
+ throws JetspeedSecurityException;
+
+ /**
+ * Unjoins a user from a group.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving groups.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void unjoinGroup(String username, String groupname)
throws JetspeedSecurityException;
/**
+ * Unjoins a user from a group - specific role.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving groups.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ void unjoinGroup(String username, String groupname, String rolename)
+ throws JetspeedSecurityException;
+
+ /**
* Checks for the relationship of user in a group. Returns true when the user is in the given group.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving groups.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
boolean inGroup(String username, String groupname)
throws JetspeedSecurityException;
/**
* Retrieves a single Group for a given groupname principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param groupname a group principal identity to be retrieved.
* @return Group the group record retrieved.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
Group getGroup(String groupname)
+ throws JetspeedSecurityException;
+
+
+ /**
+ * Retrieves a HashMap which associates Groups with Roles for a given username principal.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @param username a user principal identity to be retrieved.
+ * @return HashMap record retrieved.
+ * @exception GroupException when the security provider has a general failure.
+ */
+ HashMap getTurbineGroupRole(String username)
throws JetspeedSecurityException;
}
Index: src/java/org/apache/jetspeed/services/security/JetspeedGroupManagement.java
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedGroupManagement.java,v
retrieving revision 1.3
diff -u -r1.3 JetspeedGroupManagement.java
--- src/java/org/apache/jetspeed/services/security/JetspeedGroupManagement.java 4 Mar 2003 00:05:10 -0000 1.3
+++ src/java/org/apache/jetspeed/services/security/JetspeedGroupManagement.java 11 Dec 2003 14:38:43 -0000
@@ -55,7 +55,7 @@
package org.apache.jetspeed.services.security;
import java.util.Iterator;
-
+import java.util.HashMap;
// Turbine
import org.apache.turbine.services.TurbineServices;
@@ -65,16 +65,16 @@
import org.apache.jetspeed.services.security.JetspeedSecurityException;
/**
- *
The GroupManagement interface describes contract between
+ *
The GroupManagement interface describes contract between
* the portal and security provider required for Jetspeed Group Management.
- * This interface enables an application to be independent of the underlying
+ * This interface enables an application to be independent of the underlying
* group management technology.
*
* @author David Sean Taylor
* @version $Id: JetspeedGroupManagement.java,v 1.3 2003/03/04 00:05:10 sgala Exp $
*/
-public abstract class JetspeedGroupManagement
+public abstract class JetspeedGroupManagement
{
public String SERVICE_NAME = "GroupManagement";
@@ -92,14 +92,14 @@
/**
* Retrieves all Groups for a given username principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param username a user principal identity to be retrieved.
* @return Iterator over all groups associated to the user principal.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public static Iterator getGroups(String username)
throws JetspeedSecurityException
@@ -109,13 +109,13 @@
/**
* Retrieves all Groups.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @return Iterator over all groups.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public static Iterator getGroups()
throws JetspeedSecurityException
@@ -124,11 +124,11 @@
}
/**
- * Adds a Group into permanent storage.
+ * Adds a Group into permanent storage.
*
*
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public static void addGroup(Group group)
throws JetspeedSecurityException
@@ -137,11 +137,11 @@
}
/**
- * Saves a Group into permanent storage.
+ * Saves a Group into permanent storage.
*
*
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public static void saveGroup(Group group)
throws JetspeedSecurityException
@@ -157,7 +157,7 @@
*
* @param groupname the principal identity of the group to be retrieved.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public static void removeGroup(String groupname)
throws JetspeedSecurityException
@@ -172,7 +172,7 @@
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public static void joinGroup(String username, String groupname)
throws JetspeedSecurityException
@@ -181,13 +181,29 @@
}
/**
+ * Join a user to a group - specific role.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving groups.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static void joinGroup(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ getService().joinGroup(username,groupname, rolename);
+ }
+
+
+ /**
* Unjoin a user from a group.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public static void unjoinGroup(String username, String groupname)
throws JetspeedSecurityException
@@ -196,13 +212,29 @@
}
/**
+ * Unjoin a user from a group - specific role.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static void unjoinGroup(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ getService().unjoinGroup(username,groupname,rolename);
+ }
+
+
+ /**
* Checks for the relationship of user has a group. Returns true when the user has the given group.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public static boolean inGroup(String username, String groupname)
throws JetspeedSecurityException
@@ -212,14 +244,14 @@
/**
* Retrieves a single Group for a given groupname principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param groupname a group principal identity to be retrieved.
* @return Group the group record retrieved.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public static Group getGroup(String groupname)
throws JetspeedSecurityException
@@ -227,6 +259,21 @@
return getService().getGroup(groupname);
}
+ /**
+ * Retrieves a hashtable which associates Groups with Roles for a given username principal.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @param username a user principal identity to be retrieved.
+ * @return Hashtable record retrieved.
+ * @exception GroupException when the security provider has a general failure.
+ */
+ public static HashMap getTurbineGroupRole(String username)
+ throws JetspeedSecurityException
+ {
+ return getService().getTurbineGroupRole(username);
+ }
}
Index: src/java/org/apache/jetspeed/services/security/JetspeedRoleManagement.java
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/JetspeedRoleManagement.java,v
retrieving revision 1.3
diff -u -r1.3 JetspeedRoleManagement.java
--- src/java/org/apache/jetspeed/services/security/JetspeedRoleManagement.java 4 Mar 2003 00:05:10 -0000 1.3
+++ src/java/org/apache/jetspeed/services/security/JetspeedRoleManagement.java 11 Dec 2003 14:38:44 -0000
@@ -55,7 +55,7 @@
package org.apache.jetspeed.services.security;
import java.util.Iterator;
-
+import java.util.Hashtable;
// Turbine
import org.apache.turbine.services.TurbineServices;
@@ -63,180 +63,205 @@
// Jetspeed
import org.apache.jetspeed.om.security.Role;
import org.apache.jetspeed.services.security.JetspeedSecurityException;
+import gr.aegean.syros.jetspeed.om.security.ResourcesExtraQueries;
/**
- *
The RoleManagement interface describes contract between
+ *
The RoleManagement interface describes contract between
* the portal and security provider required for Jetspeed Role Management.
- * This interface enables an application to be independent of the underlying
+ * This interface enables an application to be independent of the underlying
* role management technology.
*
* @author David Sean Taylor
* @version $Id: JetspeedRoleManagement.java,v 1.3 2003/03/04 00:05:10 sgala Exp $
*/
-public abstract class JetspeedRoleManagement
+public abstract class JetspeedRoleManagement
{
- public String SERVICE_NAME = "RoleManagement";
+ public String SERVICE_NAME = "RoleManagement";
- /*
- * Utility method for accessing the service
- * implementation
- *
- * @return a RoleService implementation instance
- */
- protected static RoleManagement getService()
- {
- return (RoleManagement)TurbineServices
+ /*
+ * Utility method for accessing the service
+ * implementation
+ *
+ * @return a RoleService implementation instance
+ */
+ protected static RoleManagement getService()
+ {
+ return (RoleManagement) TurbineServices
.getInstance().getService(RoleManagement.SERVICE_NAME);
- }
-
- /**
- * Retrieves all Roles for a given username principal.
- *
- * The security service may optionally check the current user context
- * to determine if the requestor has permission to perform this action.
- *
- * @param username a user principal identity to be retrieved.
- * @return Iterator over all roles associated to the user principal.
- * @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
- */
- public static Iterator getRoles(String username)
- throws JetspeedSecurityException
- {
- return getService().getRoles(username);
- }
-
- /**
- * Retrieves all Roles.
- *
- * The security service may optionally check the current user context
- * to determine if the requestor has permission to perform this action.
- *
- * @return Iterator over all roles.
- * @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
- */
- public static Iterator getRoles()
- throws JetspeedSecurityException
- {
- return getService().getRoles();
- }
-
- /**
- * Adds a Role into permanent storage.
- *
- *
- * @exception RoleException when the security provider has a general failure.
- * @exception NotUniqueEntityException when the public credentials fail to meet
- * the security provider-specific unique constraints.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
- */
- public static void addRole(Role role)
- throws JetspeedSecurityException
- {
- getService().addRole(role);
- }
-
- /**
- * Save a Role into permanent storage.
- *
- *
- * @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
- */
- public static void saveRole(Role role)
- throws JetspeedSecurityException
- {
- getService().saveRole(role);
- }
+ }
- /**
- * Removes a Role from the permanent store.
- *
- * The security service may optionally check the current user context
- * to determine if the requestor has permission to perform this action.
- *
- * @param rolename the principal identity of the role to be retrieved.
- * @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
- */
- public static void removeRole(String rolename)
- throws JetspeedSecurityException
- {
- getService().removeRole(rolename);
- }
-
- /**
- * Grants a role to a user.
- *
- * The security service may optionally check the current user context
- * to determine if the requestor has permission to perform this action.
- *
- * @exception RoleException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
- */
- public static void grantRole(String username, String rolename)
- throws JetspeedSecurityException
- {
- getService().grantRole(username,rolename);
- }
-
- /**
- * Revokes a role from a user.
- *
- * The security service may optionally check the current user context
- * to determine if the requestor has permission to perform this action.
- *
- * @exception RoleException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
- */
- public static void revokeRole(String username, String rolename)
- throws JetspeedSecurityException
- {
- getService().revokeRole(username,rolename);
- }
-
- /**
- * Checks for the relationship of user has a role. Returns true when the user has the given role.
- *
- * The security service may optionally check the current user context
- * to determine if the requestor has permission to perform this action.
- *
- * @exception RoleException when the security provider has a general failure retrieving users.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
- */
- public static boolean hasRole(String username, String rolename)
- throws JetspeedSecurityException
- {
- return getService().hasRole(username,rolename);
- }
-
- /**
- * Retrieves a single Role for a given rolename principal.
- *
- * The security service may optionally check the current user context
- * to determine if the requestor has permission to perform this action.
- *
- * @param rolename a role principal identity to be retrieved.
- * @return Role the role record retrieved.
- * @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
- */
- public static Role getRole(String rolename)
- throws JetspeedSecurityException
- {
- return getService().getRole(rolename);
- }
+ /**
+ * Retrieves all Roles for a given username principal.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @param username a user principal identity to be retrieved.
+ * @return Iterator over all roles associated to the user principal.
+ * @exception RoleException when the security provider has a general failure.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static Iterator getRoles(String username) throws JetspeedSecurityException
+ {
+ return getService().getRoles(username);
+ }
+
+ /**
+ * Retrieves all Roles.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @return Iterator over all roles.
+ * @exception RoleException when the security provider has a general failure.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static Iterator getRoles() throws JetspeedSecurityException
+ {
+ return getService().getRoles();
+ }
+
+ /**
+ * Adds a Role into permanent storage.
+ *
+ *
+ * @exception RoleException when the security provider has a general failure.
+ * @exception NotUniqueEntityException when the public credentials fail to meet
+ * the security provider-specific unique constraints.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static void addRole(Role role) throws JetspeedSecurityException
+ {
+ getService().addRole(role);
+ }
+
+ /**
+ * Save a Role into permanent storage.
+ *
+ *
+ * @exception RoleException when the security provider has a general failure.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static void saveRole(Role role) throws JetspeedSecurityException
+ {
+ getService().saveRole(role);
+ }
+
+ /**
+ * Removes a Role from the permanent store.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @param rolename the principal identity of the role to be retrieved.
+ * @exception RoleException when the security provider has a general failure.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static void removeRole(String rolename) throws JetspeedSecurityException
+ {
+ getService().removeRole(rolename);
+ }
+
+ /**
+ * Grants a role to a user.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static void grantRole(String username, String rolename) throws JetspeedSecurityException
+ {
+ getService().grantRole(username, rolename);
+ }
+
+ /**
+ * Grants a role to a user for a given group.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static void grantGroupRole(String username, String groupname, String rolename) throws JetspeedSecurityException
+ {
+ getService().grantGroupRole(username, groupname, rolename);
+ }
+
+ /**
+ * Revokes a role from a user.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static void revokeRole(String username, String rolename) throws JetspeedSecurityException
+ {
+ getService().revokeRole(username, rolename);
+ }
+
+ /**
+ * Revokes a role from a user for a specific group.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static void revokeGroupRole(String username, String groupname, String rolename) throws JetspeedSecurityException
+ {
+ getService().revokeGroupRole(username, groupname, rolename);
+ }
+
+
+ /**
+ * Checks for the relationship of user has a role. Returns true when the user has the given role.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static boolean hasRole(String username, String rolename) throws JetspeedSecurityException
+ {
+ return getService().hasRole(username, rolename);
+ }
+
+ public static boolean hasRoleforGroup(String username, String rolename, String groupname) throws
+ JetspeedSecurityException
+ {
+ try
+ {
+ Hashtable turbineUserGroupRole = ResourcesExtraQueries.getTurbineGroupRole(username);
+ }
+ catch (Exception e)
+ {
+ System.out.println("Exception in getting User Group-Role association : " + e);
+ }
+ return getService().hasRole(username, rolename);
+ }
+
+ /**
+ * Retrieves a single Role for a given rolename principal.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @param rolename a role principal identity to be retrieved.
+ * @return Role the role record retrieved.
+ * @exception RoleException when the security provider has a general failure.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public static Role getRole(String rolename) throws JetspeedSecurityException
+ {
+ return getService().getRole(rolename);
+ }
}
-
-
-
-
-
-
-
-
-
-
Index: src/java/org/apache/jetspeed/services/security/RoleManagement.java
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/RoleManagement.java,v
retrieving revision 1.2
diff -u -r1.2 RoleManagement.java
--- src/java/org/apache/jetspeed/services/security/RoleManagement.java 28 Jun 2002 05:37:34 -0000 1.2
+++ src/java/org/apache/jetspeed/services/security/RoleManagement.java 11 Dec 2003 14:38:44 -0000
@@ -60,9 +60,9 @@
import org.apache.jetspeed.om.security.Role;
/**
- *
The RoleManagement interface describes contract between
+ *
The RoleManagement interface describes contract between
* the portal and security provider required for Jetspeed Role Management.
- * This interface enables an application to be independent of the underlying
+ * This interface enables an application to be independent of the underlying
* role management technology.
*
* @author David Sean Taylor
@@ -75,51 +75,51 @@
/**
* Retrieves all Roles for a given username principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param username a user principal identity to be retrieved.
* @return Iterator over all roles associated to the user principal.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
Iterator getRoles(String username)
throws JetspeedSecurityException;
/**
* Retrieves all Roles.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @return Iterator over all roles.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
Iterator getRoles()
throws JetspeedSecurityException;
/**
- * Adds a Role into permanent storage.
+ * Adds a Role into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void addRole(Role role)
throws JetspeedSecurityException;
/**
- * Saves a Role into permanent storage.
+ * Saves a Role into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void saveRole(Role role)
throws JetspeedSecurityException;
@@ -132,57 +132,82 @@
*
* @param rolename the principal identity of the role to be retrieved.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void removeRole(String rolename)
throws JetspeedSecurityException;
/**
- * Grants a role to a user.
+ * Grants a role to a user.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving roles.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void grantRole(String username, String rolename)
throws JetspeedSecurityException;
+
+ /**
+ * Grants a role to a user for A SPECIFIC GROUP.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving roles.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ void grantGroupRole(String username, String groupname, String rolename)
+ throws JetspeedSecurityException;
+
/**
- * Revokes a role from a user.
+ * Revokes a role from a user.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving roles.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
void revokeRole(String username, String rolename)
throws JetspeedSecurityException;
/**
+ * Revokes a role from a user for A SPECIFIC GROUP.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving roles.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ void revokeGroupRole(String username, String groupname, String rolename)
+ throws JetspeedSecurityException;
+
+ /**
* Checks for the relationship of user has a role. Returns true when the user has the given role.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving roles.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
boolean hasRole(String username, String rolename)
throws JetspeedSecurityException;
/**
* Retrieves a single Role for a given rolename principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param rolename a role principal identity to be retrieved.
* @return Role the role record retrieved.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
Role getRole(String rolename)
throws JetspeedSecurityException;
Index: src/java/org/apache/jetspeed/services/security/ldap/LDAPGroupManagement.java
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ldap/LDAPGroupManagement.java,v
retrieving revision 1.6
diff -u -r1.6 LDAPGroupManagement.java
--- src/java/org/apache/jetspeed/services/security/ldap/LDAPGroupManagement.java 4 Mar 2003 00:05:11 -0000 1.6
+++ src/java/org/apache/jetspeed/services/security/ldap/LDAPGroupManagement.java 11 Dec 2003 14:38:44 -0000
@@ -58,6 +58,7 @@
import java.util.Iterator;
import java.util.StringTokenizer;
import java.util.Vector;
+import java.util.HashMap;
import javax.naming.directory.BasicAttributes;
import javax.servlet.ServletConfig;
import org.apache.jetspeed.om.profile.Profile;
@@ -65,6 +66,7 @@
import org.apache.jetspeed.om.security.Group;
import org.apache.jetspeed.om.security.UserNamePrincipal;
import org.apache.jetspeed.om.security.ldap.LDAPGroup;
+import org.apache.jetspeed.om.security.ldap.LDAPRole;
import org.apache.jetspeed.om.security.ldap.LDAPUser;
import org.apache.jetspeed.services.JetspeedLDAP;
import org.apache.jetspeed.services.JetspeedSecurity;
@@ -369,6 +371,41 @@
}
/**
+ * Join a user to a group - specific role.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving groups.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void joinGroup(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ LDAPUser user;
+ LDAPRole role;
+
+ try
+ {
+ user = (LDAPUser)JetspeedSecurity.getUser(new UserNamePrincipal(username));
+ role = (LDAPRole)JetspeedSecurity.getRole(rolename);
+ }
+ catch(JetspeedSecurityException e)
+ {
+ throw new GroupException("Failed to Retrieve User: ", e);
+ }
+ try
+ {
+ user.addGroupRole(groupname, rolename);
+ user.update(false);
+ }
+ catch(Exception e)
+ {
+ throw new GroupException("Failed to add group info ", e);
+ }
+ }
+
+ /**
* Unjoin a user from a group.
*
* The security service may optionally check the current user context
@@ -403,6 +440,41 @@
}
/**
+ * Unjoin a user from a group in which the user has a specific role.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void unjoinGroup(String username, String groupName, String rolename)
+ throws JetspeedSecurityException
+ {
+ LDAPUser user;
+
+ try
+ {
+ user = (LDAPUser)JetspeedSecurity.getUser(new UserNamePrincipal(username));
+ }
+ catch(JetspeedSecurityException e)
+ {
+ throw new GroupException("Failed to Retrieve User: ", e);
+ }
+
+ try
+ {
+ user.removeGroup(groupName);
+ user.update(false);
+ }
+ catch(Exception e)
+ {
+ throw new GroupException("Failed to add group info ", e);
+ }
+ }
+
+
+ /**
* Checks for the relationship of user in a group. Returns true when the user is in the given group.
*
* The security service may optionally check the current user context
@@ -467,7 +539,7 @@
BasicAttributes attr= new BasicAttributes();
LDAPGroup group;
Vector groupurls;
-
+
try
{
groupurls = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=groups"),
@@ -490,6 +562,26 @@
throw new GroupException("Failed to retrieve groups ", e);
}
}
+ /**
+ * Retrieves a hashtable which associates Groups with Roles for a given username principal.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @param username a user principal identity to be retrieved.
+ * @return Hashtable record retrieved.
+ * @exception GroupException when the security provider has a general failure.
+ */
+ public HashMap getTurbineGroupRole(String username)
+ throws JetspeedSecurityException
+ {
+ BasicAttributes attr= new BasicAttributes();
+ LDAPGroup group;
+ Vector groupurls;
+ HashMap h = new HashMap();
+ return h;
+ }
+
///////////////////////////////////////////////////////////////////////////
// Internal
@@ -522,7 +614,7 @@
{
BasicAttributes attr= new BasicAttributes();
Vector groupurls;
-
+
try
{
groupurls = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=groups"),
@@ -572,6 +664,4 @@
setInit(true);
}
-
-
}
Index: src/java/org/apache/jetspeed/services/security/ldap/LDAPRoleManagement.java
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ldap/LDAPRoleManagement.java,v
retrieving revision 1.7
diff -u -r1.7 LDAPRoleManagement.java
--- src/java/org/apache/jetspeed/services/security/ldap/LDAPRoleManagement.java 4 Mar 2003 00:05:11 -0000 1.7
+++ src/java/org/apache/jetspeed/services/security/ldap/LDAPRoleManagement.java 11 Dec 2003 14:38:45 -0000
@@ -65,6 +65,7 @@
import org.apache.jetspeed.om.security.Role;
import org.apache.jetspeed.om.security.UserNamePrincipal;
import org.apache.jetspeed.om.security.ldap.LDAPRole;
+import org.apache.jetspeed.om.security.ldap.LDAPGroup;
import org.apache.jetspeed.om.security.ldap.LDAPUser;
import org.apache.jetspeed.services.JetspeedLDAP;
import org.apache.jetspeed.services.JetspeedSecurity;
@@ -216,7 +217,7 @@
throws JetspeedSecurityException
{
LDAPRole ldapRole = null;
-
+
if(roleExists(role.getName()))
{
throw new RoleException("The role '" +
@@ -234,10 +235,10 @@
role.getName() + "'", e);
}
- if (cachingEnable)
- {
- JetspeedSecurityCache.addRole(ldapRole);
- }
+ if (cachingEnable)
+ {
+ JetspeedSecurityCache.addRole(ldapRole);
+ }
try
{
@@ -369,7 +370,8 @@
user = (LDAPUser)JetspeedSecurity.getUser(new UserNamePrincipal(username));
role = (LDAPRole)JetspeedSecurity.getRole(roleName);
}
- catch(JetspeedSecurityException e)
+ catch(JetspeedSecurityException e)
+
{
throw new RoleException("Failed to Retrieve User or Role: ", e);
}
@@ -391,6 +393,49 @@
}
/**
+ * Grants a role to a user for a specific group.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void grantGroupRole(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ LDAPUser user;
+ LDAPRole role;
+ LDAPGroup group;
+ try
+ {
+ user = (LDAPUser)JetspeedSecurity.getUser(new UserNamePrincipal(username));
+ role = (LDAPRole)JetspeedSecurity.getRole(rolename);
+ group = (LDAPGroup)JetspeedSecurity.getGroup(groupname);
+ }
+ catch(JetspeedSecurityException e)
+
+ {
+ throw new RoleException("Failed to Retrieve User or Role: ", e);
+ }
+
+ try
+ {
+ user.addGroupRole(groupname, rolename);
+ user.update(false);
+
+ if (cachingEnable)
+ {
+ JetspeedSecurityCache.addRole(username, role);
+ }
+ }
+ catch(Exception e)
+ {
+ throw new RoleException("Failed to add role info ", e);
+ }
+ }
+
+ /**
* Revokes a role from a user.
*
* The security service may optionally check the current user context
@@ -399,7 +444,7 @@
* @exception RoleException when the security provider has a general failure retrieving users.
* @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
- public void revokeRole(String username, String roleName)
+ public void revokeRole(String username, String rolename)
throws JetspeedSecurityException
{
LDAPUser user;
@@ -415,12 +460,12 @@
try
{
- user.removeGroupRole(JetspeedSecurity.JETSPEED_GROUP, roleName);
+ user.removeGroupRole(JetspeedSecurity.JETSPEED_GROUP, rolename);
user.update(false);
if (cachingEnable)
{
- JetspeedSecurityCache.removeRole(username, roleName);
+ JetspeedSecurityCache.removeRole(username, rolename);
}
}
catch(Exception e)
@@ -428,6 +473,47 @@
throw new RoleException("Failed to add role info ", e);
}
}
+
+ /**
+ * Revokes a role from a user for a specific group.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void revokeGroupRole(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ LDAPUser user;
+
+ try
+ {
+ user = (LDAPUser)JetspeedSecurity.getUser(new UserNamePrincipal(username));
+ }
+ catch(JetspeedSecurityException e)
+
+ {
+ throw new RoleException("Failed to Retrieve User: ", e);
+ }
+
+ try
+ {
+ user.removeGroupRole(groupname, rolename);
+ user.update(false);
+
+ if (cachingEnable)
+ {
+ JetspeedSecurityCache.removeRole(username, rolename);
+ }
+ }
+ catch(Exception e)
+ {
+ throw new RoleException("Failed to add role info ", e);
+ }
+ }
+
/**
* Checks for the relationship of user has a role. Returns true when the user has the given role.
Index: src/java/org/apache/jetspeed/services/security/nosecurity/NoGroupManagement.java
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/nosecurity/NoGroupManagement.java,v
retrieving revision 1.1
diff -u -r1.1 NoGroupManagement.java
--- src/java/org/apache/jetspeed/services/security/nosecurity/NoGroupManagement.java 6 Sep 2002 03:29:40 -0000 1.1
+++ src/java/org/apache/jetspeed/services/security/nosecurity/NoGroupManagement.java 11 Dec 2003 14:38:45 -0000
@@ -56,6 +56,7 @@
import java.util.Iterator;
import java.util.Vector;
+import java.util.HashMap;
// Jetspeed Security
import org.apache.jetspeed.services.security.GroupManagement;
@@ -84,14 +85,14 @@
{
/**
* Retrieves all Groups for a given username principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param username a user principal identity to be retrieved.
* @return Iterator over all groups associated to the user principal.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getGroups(String username)
throws JetspeedSecurityException
@@ -101,13 +102,13 @@
/**
* Retrieves all Groups.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @return Iterator over all groups.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getGroups()
throws JetspeedSecurityException
@@ -116,13 +117,13 @@
}
/**
- * Adds a Group into permanent storage.
+ * Adds a Group into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void addGroup(Group group)
throws JetspeedSecurityException
@@ -130,13 +131,13 @@
}
/**
- * Saves a Group into permanent storage.
+ * Saves a Group into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void saveGroup(Group group)
throws JetspeedSecurityException
@@ -151,7 +152,7 @@
*
* @param groupname the principal identity of the group to be retrieved.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void removeGroup(String groupname)
throws JetspeedSecurityException
@@ -159,13 +160,13 @@
}
/**
- * Joins a user to a group.
+ * Joins a user to a group.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving groups.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void joinGroup(String username, String groupname)
throws JetspeedSecurityException
@@ -173,13 +174,27 @@
}
/**
- * Unjoins a user from a group.
+ * Join a user to a group - specific role.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving groups.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void joinGroup(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ }
+
+ /**
+ * Unjoins a user from a group.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving groups.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void unjoinGroup(String username, String groupname)
throws JetspeedSecurityException
@@ -187,13 +202,29 @@
}
/**
+ * Unjoin a user from a group in which the user has a specific role instead of JetspeedSecurity.getRole(defaultRole)
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving groups.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+
+ public void unjoinGroup(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ }
+
+
+ /**
* Checks for the relationship of user in a group. Returns true when the user is in the given group.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception GroupException when the security provider has a general failure retrieving groups.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public boolean inGroup(String username, String groupname)
throws JetspeedSecurityException
@@ -203,14 +234,14 @@
/**
* Retrieves a single Group for a given groupname principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param groupname a group principal identity to be retrieved.
* @return Group the group record retrieved.
* @exception GroupException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Group getGroup(String groupname)
throws JetspeedSecurityException
@@ -220,6 +251,23 @@
r.setName(groupname);
r.setId(groupname);
return r;
+ }
+
+ /**
+ * Retrieves a hashtable which associates Groups with Roles for a given username principal.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @param username a user principal identity to be retrieved.
+ * @return Hashtable record retrieved.
+ * @exception GroupException when the security provider has a general failure.
+ */
+ public HashMap getTurbineGroupRole(String username)
+ throws JetspeedSecurityException
+ {
+ HashMap h = new HashMap();
+ return h;
}
}
Index: src/java/org/apache/jetspeed/services/security/nosecurity/NoRoleManagement.java
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/nosecurity/NoRoleManagement.java,v
retrieving revision 1.1
diff -u -r1.1 NoRoleManagement.java
--- src/java/org/apache/jetspeed/services/security/nosecurity/NoRoleManagement.java 6 Sep 2002 03:29:40 -0000 1.1
+++ src/java/org/apache/jetspeed/services/security/nosecurity/NoRoleManagement.java 11 Dec 2003 14:38:45 -0000
@@ -86,14 +86,14 @@
{
/**
* Retrieves all Roles for a given username principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param username a user principal identity to be retrieved.
* @return Iterator over all roles associated to the user principal.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getRoles(String username)
throws JetspeedSecurityException
@@ -110,13 +110,13 @@
/**
* Retrieves all Roles.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @return Iterator over all roles.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Iterator getRoles()
throws JetspeedSecurityException
@@ -125,13 +125,13 @@
}
/**
- * Adds a Role into permanent storage.
+ * Adds a Role into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void addRole(Role role)
throws JetspeedSecurityException
@@ -139,13 +139,13 @@
}
/**
- * Saves a Role into permanent storage.
+ * Saves a Role into permanent storage.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void saveRole(Role role)
throws JetspeedSecurityException
@@ -160,7 +160,7 @@
*
* @param rolename the principal identity of the role to be retrieved.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void removeRole(String rolename)
throws JetspeedSecurityException
@@ -168,13 +168,13 @@
}
/**
- * Grants a role to a user.
+ * Grants a role to a user.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving roles.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void grantRole(String username, String rolename)
throws JetspeedSecurityException
@@ -182,13 +182,27 @@
}
/**
- * Revokes a role from a user.
+ * Grants a role to a user for a specific group.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving roles.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void grantGroupRole(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ }
+
+ /**
+ * Revokes a role from a user.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving roles.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void revokeRole(String username, String rolename)
throws JetspeedSecurityException
@@ -196,33 +210,47 @@
}
/**
+ * Revokes a role from a user for a specific group.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving roles.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void revokeGroupRole(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ }
+
+ /**
* Checks for the relationship of user has a role. Returns true when the user has the given role.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving roles.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public boolean hasRole(String username, String rolename)
throws JetspeedSecurityException
{
// give everyone the "user" role
if (rolename.equals(JetspeedSecurity.JETSPEED_ROLE_USER)) return true;
-
+
return false;
}
/**
* Retrieves a single Role for a given rolename principal.
- *
+ *
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param rolename a role principal identity to be retrieved.
* @return Role the role record retrieved.
* @exception RoleException when the security provider has a general failure.
- * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Role getRole(String rolename)
throws JetspeedSecurityException
Index: src/java/org/apache/jetspeed/services/security/turbine/TurbineGroupManagement.java
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineGroupManagement.java,v
retrieving revision 1.9
diff -u -r1.9 TurbineGroupManagement.java
--- src/java/org/apache/jetspeed/services/security/turbine/TurbineGroupManagement.java 23 Jul 2003 19:50:24 -0000 1.9
+++ src/java/org/apache/jetspeed/services/security/turbine/TurbineGroupManagement.java 11 Dec 2003 14:38:46 -0000
@@ -1,7 +1,7 @@
/* ====================================================================
* The Apache Software License, Version 1.1
*
- * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -58,7 +58,7 @@
import java.util.Iterator;
import java.util.List;
import java.util.HashMap;
-import java.util.Vector;
+import java.util.ListIterator;
import javax.servlet.ServletConfig;
@@ -78,8 +78,6 @@
import org.apache.jetspeed.services.security.JetspeedSecurityException;
import org.apache.jetspeed.services.PsmlManager;
-import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
-import org.apache.jetspeed.services.logging.JetspeedLogger;
// Jetspeed Database OM
import org.apache.jetspeed.om.security.turbine.TurbineGroup;
@@ -103,6 +101,7 @@
import org.apache.turbine.services.rundata.RunDataService;
// Turbine
+import org.apache.turbine.util.Log;
import org.apache.turbine.services.TurbineBaseService;
import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.services.InitializationException;
@@ -113,26 +112,19 @@
*
*
* @author David Sean Taylor
- * @version $Id: TurbineGroupManagement.java,v 1.9 2003/07/23 19:50:24 morciuch Exp $
+ * @version $Id: TurbineGroupManagement.java,v 1.6 2003/03/04 00:05:12 sgala Exp $
*/
public class TurbineGroupManagement extends TurbineBaseService
implements GroupManagement
{
- /**
- * Static initialization of the logger for this class
- */
- private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(TurbineGroupManagement.class.getName());
-
private JetspeedRunDataService runDataService = null;
private final static String CONFIG_DEFAULT_ROLE = "role.default";
String defaultRole = "user";
private final static String CASCADE_DELETE = "programmatic.cascade.delete";
- private final static String CONFIG_SYSTEM_GROUPS = "system.groups";
private final static boolean DEFAULT_CASCADE_DELETE = true;
private boolean cascadeDelete;
- private Vector systemGroups = null;
///////////////////////////////////////////////////////////////////////////
// Group Management Interfaces
@@ -159,7 +151,6 @@
}
catch(JetspeedSecurityException e)
{
- logger.error( "Failed to Retrieve User: " + username, e );
throw new GroupException("Failed to Retrieve User: ", e);
}
Criteria criteria = new Criteria();
@@ -186,7 +177,6 @@
}
catch(Exception e)
{
- logger.error( "Failed to retrieve groups for user " + username, e );
throw new GroupException("Failed to retrieve groups ", e);
}
return groups.values().iterator();
@@ -213,7 +203,6 @@
}
catch(Exception e)
{
- logger.error( "Failed to retrieve groups ", e);
throw new GroupException("Failed to retrieve groups ", e);
}
return groups.iterator();
@@ -251,9 +240,8 @@
}
catch(Exception e)
{
- String message = "Failed to create group '" + group.getName() + "'";
- logger.error( message, e );
- throw new GroupException( message, e );
+ throw new GroupException("Failed to create group '" +
+ group.getName() + "'", e);
}
try
@@ -269,8 +257,7 @@
catch (Exception e2)
{
}
- logger.error( "Failed to add default PSML for Group resource", e );
- throw new GroupException("Failed to add default PSML for Group resource", e);
+ throw new GroupException("failed to add default PSML for Group resource", e);
}
}
@@ -298,7 +285,6 @@
catch(Exception e2)
{
}
- logger.error( "Failed to create Group PSML", e );
throw new GroupException("Failed to create Group PSML", e);
}
}
@@ -337,9 +323,8 @@
}
catch(Exception e)
{
- String message = "Failed to create group '" + group.getName() + "'";
- logger.error( message, e );
- throw new GroupException( message, e );
+ throw new GroupException("Failed to create group '" +
+ group.getName() + "'", e);
}
}
@@ -360,12 +345,6 @@
Connection conn = null;
try
{
-
- if (systemGroups.contains(groupname))
- {
- throw new GroupException("[" + groupname + "] is a system group and cannot be removed");
- }
-
conn = Torque.getConnection();
Group group = this.getGroup(groupname);
@@ -394,11 +373,10 @@
}
catch (java.sql.SQLException sqle)
{
- logger.error("SQLException", sqle);
+ Log.error(sqle);
}
- String message = "Failed to remove group '" + groupname + "'";
- logger.error( message, e );
- throw new GroupException( message, e );
+ throw new GroupException("Failed to remove group '" +
+ groupname + "'", e);
}
finally
{
@@ -406,10 +384,7 @@
{
Torque.closeConnection(conn);
}
- catch (Throwable e)
- {
- logger.error( "Error closing Torque connection", e );
- }
+ catch (Exception e){}
}
}
@@ -440,9 +415,37 @@
}
catch(Exception e)
{
- String message = "Join group '" + groupname + "' to user '" + username + "' failed: ";
- logger.error( message, e);
- throw new GroupException( message, e );
+ throw new GroupException("Join group '" + groupname + "' to user '" + username + "' failed: ", e);
+ }
+ }
+
+ /**
+ * Join a user to a group - specific role.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving groups.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void joinGroup(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ try
+ {
+ JetspeedUser user = JetspeedSecurity.getUser(username);
+ Group group = this.getGroup(groupname);
+ Role role = JetspeedSecurity.getRole(rolename);
+
+ Criteria criteria = new Criteria();
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
+ criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
+ TurbineUserGroupRolePeer.doInsert(criteria);
+ }
+ catch(Exception e)
+ {
+ throw new GroupException("Join group '" + groupname + "' to user '" + username + "' failed: ", e);
}
}
@@ -472,14 +475,44 @@
}
catch(Exception e)
{
- String message = "Unjoin group '" + groupname + "' to user '" + username + "' failed: ";
- logger.error( message, e);
- throw new GroupException( message, e );
+ throw new GroupException("Unjoin group '" + groupname + "' to user '" + username + "' failed: ", e);
}
}
/**
+ * Unjoin a user from a group in which the user has a specific role instead of JetspeedSecurity.getRole(defaultRole)
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception GroupException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+
+ public void unjoinGroup(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ try
+ {
+ JetspeedUser user = JetspeedSecurity.getUser(username);
+ Group group = this.getGroup(groupname);
+ Role role = JetspeedSecurity.getRole(rolename);
+
+ Criteria criteria = new Criteria();
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
+ criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
+ TurbineUserGroupRolePeer.doDelete(criteria);
+ }
+ catch(Exception e)
+ {
+ throw new GroupException("Unjoin group '" + groupname + "' to user '" + username + "' failed: ", e);
+ }
+ }
+
+
+ /**
* Checks for the relationship of user in a group. Returns true when the user is in the given group.
*
* The security service may optionally check the current user context
@@ -506,14 +539,12 @@
}
catch(Exception e)
{
- String message = "Failed to check group '" + groupname + "'";
- logger.error( message, e );
- throw new GroupException( message, e );
+ throw new GroupException("Failed to check group '" +
+ groupname + "'", e);
}
return ( groups.size() > 0 );
}
-
/**
* Retrieves a single Group for a given groupname principal.
*
@@ -537,9 +568,8 @@
}
catch(Exception e)
{
- String message = "Failed to retrieve group '" + groupname + "'";
- logger.error( message, e );
- throw new GroupException(message, e);
+ throw new GroupException("Failed to retrieve group '" +
+ groupname + "'", e);
}
if ( groups.size() > 1 )
{
@@ -555,6 +585,48 @@
}
+ /**
+ * Retrieves a hashtable which associates Groups with Roles for a given username principal.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @param username a user principal identity to be retrieved.
+ * @return Hashtable record retrieved.
+ * @exception GroupException when the security provider has a general failure.
+ */
+ public HashMap getTurbineGroupRole(String username)
+ throws JetspeedSecurityException
+ {
+ JetspeedUser user = null;
+ try
+ {
+ user = JetspeedSecurity.getUser(new UserNamePrincipal(username));
+ }
+ catch(JetspeedSecurityException e)
+ {
+ throw new GroupException("Failed to Retrieve User: ", e);
+ }
+ Criteria criteria = new Criteria();
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ HashMap h = new HashMap();
+ TurbineUserGroupRole turbineUserGroupRole = new TurbineUserGroupRole();
+ try
+ {
+ ListIterator l = turbineUserGroupRole.getPeer().doSelect(criteria).listIterator(0);
+ TurbineUserGroupRole tempturbineUserGroupRole = null;
+ while (l.hasNext())
+ {
+ tempturbineUserGroupRole = (TurbineUserGroupRole) l.next();
+ h.put(tempturbineUserGroupRole.getTurbineGroup(), tempturbineUserGroupRole.getTurbineRole());
+ }
+ }
+ catch(Exception e)
+ {
+ throw new GroupException("Failed to Retrieve User: " + user.getName() + "Groups-Roles hashtable: ", e);
+ }
+ return h;
+ }
///////////////////////////////////////////////////////////////////////////
// Internal
@@ -592,7 +664,6 @@
}
catch(Exception e)
{
- logger.error( "Failed to check account's presence", e );
throw new GroupException(
"Failed to check account's presence", e);
}
@@ -632,11 +703,10 @@
defaultRole = serviceConf.getString(CONFIG_DEFAULT_ROLE, defaultRole);
cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE, DEFAULT_CASCADE_DELETE );
- systemGroups = serviceConf.getVector( CONFIG_SYSTEM_GROUPS, new Vector() );
setInit(true);
}
+}
-}
Index: src/java/org/apache/jetspeed/services/security/turbine/TurbineRoleManagement.java
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/turbine/TurbineRoleManagement.java,v
retrieving revision 1.11
diff -u -r1.11 TurbineRoleManagement.java
--- src/java/org/apache/jetspeed/services/security/turbine/TurbineRoleManagement.java 23 Jul 2003 19:50:24 -0000 1.11
+++ src/java/org/apache/jetspeed/services/security/turbine/TurbineRoleManagement.java 11 Dec 2003 14:38:46 -0000
@@ -1,7 +1,7 @@
/* ====================================================================
* The Apache Software License, Version 1.1
*
- * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
+ * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -58,7 +58,6 @@
import java.util.Iterator;
import java.util.List;
import java.util.HashMap;
-import java.util.Vector;
import javax.servlet.ServletConfig;
@@ -70,6 +69,7 @@
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.security.Role;
+import org.apache.jetspeed.om.security.Group;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.security.JetspeedSecurityService;
@@ -94,10 +94,6 @@
import org.apache.jetspeed.services.Profiler;
import org.apache.jetspeed.om.profile.ProfileException;
-// Jetspeed logging
-import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
-import org.apache.jetspeed.services.logging.JetspeedLogger;
-
// Torque
import org.apache.torque.util.Criteria;
import org.apache.torque.om.NumberKey;
@@ -109,6 +105,7 @@
import org.apache.turbine.services.rundata.RunDataService;
// Turbine
+import org.apache.turbine.util.Log;
import org.apache.turbine.services.TurbineBaseService;
import org.apache.turbine.services.TurbineServices;
import org.apache.turbine.services.InitializationException;
@@ -119,25 +116,18 @@
*
*
* @author David Sean Taylor
- * @version $Id: TurbineRoleManagement.java,v 1.11 2003/07/23 19:50:24 morciuch Exp $
+ * @version $Id: TurbineRoleManagement.java,v 1.8 2003/03/04 00:05:13 sgala Exp $
*/
public class TurbineRoleManagement extends TurbineBaseService
implements RoleManagement
{
- /**
- * Static initialization of the logger for this class
- */
- private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(TurbineRoleManagement.class.getName());
-
private JetspeedRunDataService runDataService = null;
private final static String CASCADE_DELETE = "programmatic.cascade.delete";
- private final static String CONFIG_SYSTEM_ROLES = "system.roles";
private final static boolean DEFAULT_CASCADE_DELETE = true;
private boolean cascadeDelete;
private final static String CACHING_ENABLE = "caching.enable";
private boolean cachingEnable = true;
- private Vector systemRoles = null;
///////////////////////////////////////////////////////////////////////////
@@ -173,7 +163,6 @@
}
catch(JetspeedSecurityException e)
{
- logger.error( "Failed to Retrieve User: " + username, e );
throw new RoleException("Failed to Retrieve User: ", e);
}
Criteria criteria = new Criteria();
@@ -200,7 +189,6 @@
}
catch(Exception e)
{
- logger.error( "Failed to retrieve roles ", e );
throw new RoleException("Failed to retrieve roles ", e);
}
return roles.values().iterator();
@@ -227,7 +215,6 @@
}
catch(Exception e)
{
- logger.error( "Failed to retrieve roles ", e );
throw new RoleException("Failed to retrieve roles ", e);
}
return roles.iterator();
@@ -261,9 +248,8 @@
}
catch(Exception e)
{
- String message = "Failed to create role '" + role.getName() + "'";
- logger.error( message, e );
- throw new RoleException( message, e );
+ throw new RoleException("Failed to create role '" +
+ role.getName() + "'", e);
}
if (cachingEnable)
@@ -284,8 +270,7 @@
catch (Exception e2)
{
}
- logger.error( "Failed to add default PSML for Role resource", e );
- throw new RoleException("Failed to add default PSML for Role resource", e);
+ throw new RoleException("failed to add default PSML for Role resource", e);
}
}
@@ -313,7 +298,6 @@
catch(Exception e2)
{
}
- logger.error( "Failed to create Role PSML", e );
throw new RoleException("Failed to create Role PSML", e);
}
}
@@ -352,9 +336,8 @@
}
catch(Exception e)
{
- String message = "Failed to create role '" + role.getName() + "'";
- logger.error( message, e );
- throw new RoleException( message, e );
+ throw new RoleException("Failed to create role '" +
+ role.getName() + "'", e);
}
}
@@ -375,11 +358,6 @@
Connection conn = null;
try
{
- if (systemRoles.contains(rolename))
- {
- throw new RoleException("[" + rolename + "] is a system role and cannot be removed");
- }
-
conn = Torque.getConnection();
Role role = this.getRole(rolename);
@@ -416,11 +394,10 @@
}
catch (java.sql.SQLException sqle)
{
- logger.error("SQLException", sqle);
+ Log.error(sqle);
}
- String message = "Failed to remove role '" + rolename + "'";
- logger.error( message, e );
- throw new RoleException( message, e );
+ throw new RoleException("Failed to remove role '" +
+ rolename + "'", e);
}
finally
{
@@ -428,10 +405,7 @@
{
Torque.closeConnection(conn);
}
- catch (Throwable t)
- {
- logger.error( "Error closing Torque connection", t );
- }
+ catch (Exception e){}
}
}
@@ -466,13 +440,47 @@
}
catch(Exception e)
{
- String message = "Grant role '" + rolename + "' to user '" + username + "' failed: ";
- logger.error( message, e );
- throw new RoleException( message, e );
+ throw new RoleException("Grant role '" + rolename + "' to user '" + username + "' failed: ", e);
}
}
/**
+ * Grants a role to a user FOR A SPECIFIC GROUP.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void grantGroupRole(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ try
+ {
+ JetspeedUser user = JetspeedSecurity.getUser(username);
+ Role role = this.getRole(rolename);
+ Group group = JetspeedSecurity.getGroup(groupname);
+
+ Criteria criteria = new Criteria();
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
+ criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
+ TurbineUserGroupRolePeer.doInsert(criteria);
+
+ if (cachingEnable)
+ {
+ JetspeedSecurityCache.addRole(username, role);
+ }
+ }
+ catch(Exception e)
+ {
+ throw new RoleException("Grant role '" + rolename + "' to user '" + username + "' failed: ", e);
+ }
+ }
+
+
+ /**
* Revokes a role from a user.
*
* The security service may optionally check the current user context
@@ -503,14 +511,48 @@
}
catch(Exception e)
{
- String message = "Revoke role '" + rolename + "' to user '" + username + "' failed: ";
- logger.error( message, e );
- throw new RoleException( message, e );
+ throw new RoleException("Revoke role '" + rolename + "' to user '" + username + "' failed: ", e);
}
}
/**
+ * Revokes a role from a user FOR A SPECIFIC GROUP.
+ *
+ * The security service may optionally check the current user context
+ * to determine if the requestor has permission to perform this action.
+ *
+ * @exception RoleException when the security provider has a general failure retrieving users.
+ * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
+ */
+ public void revokeGroupRole(String username, String groupname, String rolename)
+ throws JetspeedSecurityException
+ {
+ try
+ {
+ JetspeedUser user = JetspeedSecurity.getUser(username);
+ Role role = this.getRole(rolename);
+ Group group = JetspeedSecurity.getGroup(groupname);
+
+ Criteria criteria = new Criteria();
+ criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
+ criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
+ criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
+ TurbineUserGroupRolePeer.doDelete(criteria);
+
+ if (cachingEnable)
+ {
+ JetspeedSecurityCache.removeRole(username, rolename);
+ }
+
+ }
+ catch(Exception e)
+ {
+ throw new RoleException("Revoke role '" + rolename + "' to user '" + username + "' failed: ", e);
+ }
+ }
+
+ /**
* Checks for the relationship of user has a role. Returns true when the user has the given role.
*
* The security service may optionally check the current user context
@@ -546,9 +588,8 @@
}
catch(Exception e)
{
- String message = "Failed to check role '" + rolename + "'";
- logger.error( message, e );
- throw new RoleException( message, e );
+ throw new RoleException("Failed to check role '" +
+ rolename + "'", e);
}
return ( roles.size() > 0 );
}
@@ -577,9 +618,8 @@
}
catch(Exception e)
{
- String message = "Failed to retrieve role '" + rolename + "'";
- logger.error( message, e );
- throw new RoleException( message, e);
+ throw new RoleException("Failed to retrieve role '" +
+ rolename + "'", e);
}
if ( roles.size() > 1 )
{
@@ -632,7 +672,6 @@
}
catch(Exception e)
{
- logger.error( "Failed to check account's presence", e );
throw new RoleException(
"Failed to check account's presence", e);
}
@@ -672,7 +711,6 @@
cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE, DEFAULT_CASCADE_DELETE );
cachingEnable = serviceConf.getBoolean( CACHING_ENABLE, cachingEnable );
- systemRoles = serviceConf.getVector( CONFIG_SYSTEM_ROLES, new Vector() );
setInit(true);
}
Index: webapp/WEB-INF/conf/admin.xreg
===================================================================
RCS file: /home/cvspublic/jakarta-jetspeed/webapp/WEB-INF/conf/admin.xreg,v
retrieving revision 1.44
diff -u -r1.44 admin.xreg
--- webapp/WEB-INF/conf/admin.xreg 3 Nov 2003 05:26:36 -0000 1.44
+++ webapp/WEB-INF/conf/admin.xreg 11 Dec 2003 14:38:48 -0000
@@ -1,457 +1,624 @@