[gatewiki-commits] SF.net SVN: gatewiki:[1812] trunk
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
[gatewiki-commits] SF.net SVN: gatewiki:[1812] trunk
by ian_roberts
::
Rate this Message:
Revision: 1812
http://gatewiki.svn.sourceforge.net/gatewiki/?rev=1812&view=rev Author: ian_roberts Date: 2009-11-14 11:12:30 +0000 (Sat, 14 Nov 2009) Log Message: ----------- Made the links to parent directories in sventon history view respect the permissions set up by cow - only those links you would have permission to visit are made clickable. This is one of those changes that's ended up much wider ranging than it should have been. To implement the check I created a custom JSP EL function to check the CoW session permissions and modified the sventon clickableUrl JSP tag to use this function. However the classes defining EL functions can't be in the default package so I had to put the function class into a package. But then packaged classes can't reference anything else in the default package, so I had to move a whole pile of other classes into packages too... Whoever thought that encouraging the use of the default package in Grails was a good idea should be shot. Or at least made to manually migrate all their applications into sensible packages without the use of any search and replace or refactoring tools... Modified Paths: -------------- trunk/cow/grails-app/conf/Config.groovy trunk/cow/grails-app/conf/spring/resources.xml trunk/cow/grails-app/services/SventonService.groovy trunk/cow/scripts/_Events.groovy trunk/sventon/README trunk/sventon/sventon-2.0.4/WEB-INF/cow-beans.xml trunk/sventon/sventon-2.0.4/WEB-INF/sventon-servlet-extras.xml trunk/sventon/sventon-2.0.4/WEB-INF/tags/clickableUrl.tag Added Paths: ----------- trunk/cow/grails-app/utils/gate/cow/sventon/ trunk/cow/grails-app/utils/gate/cow/sventon/CowSventonJMXControllerMBean.java trunk/cow/grails-app/utils/gate/cow/sventon/CowSventonSession.java trunk/sventon/extras/src/gate/ trunk/sventon/extras/src/gate/cow/ trunk/sventon/extras/src/gate/cow/sventon/ trunk/sventon/extras/src/gate/cow/sventon/CowJspFunctions.java trunk/sventon/extras/src/gate/cow/sventon/CowRCDirFactoryBean.java trunk/sventon/extras/src/gate/cow/sventon/CowSecurityInterceptor.java trunk/sventon/extras/src/gate/cow/sventon/CowSessionManager.java trunk/sventon/extras/src/gate/cow/sventon/CowSetAbstractConfigurer.java trunk/sventon/extras/src/gate/cow/sventon/CowSventonJMXController.java trunk/sventon/patches/ trunk/sventon/patches/clickableUrl.diff trunk/sventon/sventon-2.0.4/WEB-INF/cow.tld Removed Paths: ------------- trunk/cow/grails-app/utils/CowSventonJMXControllerMBean.java trunk/cow/grails-app/utils/CowSventonSession.java trunk/sventon/extras/src/CowRCDirFactoryBean.java trunk/sventon/extras/src/CowSecurityInterceptor.java trunk/sventon/extras/src/CowSetAbstractConfigurer.java trunk/sventon/extras/src/CowSventonJMXController.java Property Changed: ---------------- trunk/sventon/sventon-2.0.4/WEB-INF/classes/ Modified: trunk/cow/grails-app/conf/Config.groovy =================================================================== --- trunk/cow/grails-app/conf/Config.groovy 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/cow/grails-app/conf/Config.groovy 2009-11-14 11:12:30 UTC (rev 1812) @@ -258,8 +258,7 @@ // misc other stuff info logfile:'FileUtilsTests' debug 'CowRepositoryConnectionFactory' - debug logfile:['CowRCDirFactoryBean', - 'CowSecurityInterceptor', + debug logfile:['gate.cow.sventon', 'TestSuite', 'WikiTest', 'PageTest'] Modified: trunk/cow/grails-app/conf/spring/resources.xml =================================================================== --- trunk/cow/grails-app/conf/spring/resources.xml 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/cow/grails-app/conf/spring/resources.xml 2009-11-14 11:12:30 UTC (rev 1812) @@ -85,7 +85,7 @@ <bean name="sventonJmxManager" class="org.springframework.jmx.access.MBeanProxyFactoryBean"> <property name="objectName" value="CoW:name=sventon" /> - <property name="proxyInterface" value="CowSventonJMXControllerMBean" /> + <property name="proxyInterface" value="gate.cow.sventon.CowSventonJMXControllerMBean" /> <property name="connectOnStartup" value="false" /> <!-- if a connection fails (e.g. if sventon hasn't started up yet), try to re-establish the connection next time. --> Modified: trunk/cow/grails-app/services/SventonService.groovy =================================================================== --- trunk/cow/grails-app/services/SventonService.groovy 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/cow/grails-app/services/SventonService.groovy 2009-11-14 11:12:30 UTC (rev 1812) @@ -1,4 +1,5 @@ import gate.cow.CowUtils +import gate.cow.sventon.* import gate.versioning.svnkit.Sandbox import java.security.SecureRandom Deleted: trunk/cow/grails-app/utils/CowSventonJMXControllerMBean.java =================================================================== --- trunk/cow/grails-app/utils/CowSventonJMXControllerMBean.java 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/cow/grails-app/utils/CowSventonJMXControllerMBean.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -1,20 +0,0 @@ -/** - * Simple management interface for CoW to control Sventon. - */ -public interface CowSventonJMXControllerMBean { - /** - * Remove all known repositories from sventon. - */ - void removeAllRepositories(); - - /** - * Reinitialize sventon. - */ - void reInit(); - - /** - * Check whether the sventon management MBean is available. Will either - * return true or throw an exception, which should be caught by the caller. - */ - boolean ping(); -} Deleted: trunk/cow/grails-app/utils/CowSventonSession.java =================================================================== --- trunk/cow/grails-app/utils/CowSventonSession.java 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/cow/grails-app/utils/CowSventonSession.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -1,84 +0,0 @@ -import java.io.Serializable; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -/** - * Class encapsulating a "session" giving permissions to the sventon web app. - */ -public class CowSventonSession implements Serializable { - /** - * Serial version ID. - */ - private static final long serialVersionUID = -5977986860574481391L; - - /** - * Admin flag. A session with this flag set can do anything. - */ - private boolean admin = false; - - /** - * Map from repository name to the set of paths within that repository to - * which this session has access. - */ - private Map<String, Set<String>> grants = new HashMap<String, Set<String>>(); - - public void setAdmin(boolean admin) { - this.admin = admin; - } - - public boolean isAdmin() { - return admin; - } - - - /** - * Add permission for the given repository and path to this session. - */ - public void grant(String repos, String path) { - getGrantsForRepos(repos, true).add(path); - } - - /** - * Check whether the current session permits access to the given repository - * and path. An admin session will always return true here, otherwise we - * check the grants map. - */ - public boolean isPermitted(String repos, String path) { - if(isAdmin()) { - return true; - } - else { - Set<String> grantsForRepos = getGrantsForRepos(repos, false); - return (grantsForRepos != null && grantsForRepos.contains(path)); - } - } - - /** - * Get the permitted set of paths for a given repository, optionally creating - * an empty set if there are currently no grants for that repository. - */ - private Set<String> getGrantsForRepos(String repos, boolean create) { - Set<String> grantsForRepos = grants.get(repos); - if(grantsForRepos == null && create) { - grantsForRepos = new HashSet<String>(); - grants.put(repos, grantsForRepos); - } - return grantsForRepos; - } - - public String toString() { - StringBuilder builder = new StringBuilder("CowSventonSession: admin = "); - builder.append(admin); - if(!grants.isEmpty()) { - for(Map.Entry<String, Set<String>> grant : grants.entrySet()) { - builder.append("\n "); - builder.append(grant.getKey()); - builder.append(": "); - builder.append(grant.getValue()); - } - } - return builder.toString(); - } -} Copied: trunk/cow/grails-app/utils/gate/cow/sventon/CowSventonJMXControllerMBean.java (from rev 1809, trunk/cow/grails-app/utils/CowSventonJMXControllerMBean.java) =================================================================== --- trunk/cow/grails-app/utils/gate/cow/sventon/CowSventonJMXControllerMBean.java (rev 0) +++ trunk/cow/grails-app/utils/gate/cow/sventon/CowSventonJMXControllerMBean.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,22 @@ +package gate.cow.sventon; + +/** + * Simple management interface for CoW to control Sventon. + */ +public interface CowSventonJMXControllerMBean { + /** + * Remove all known repositories from sventon. + */ + void removeAllRepositories(); + + /** + * Reinitialize sventon. + */ + void reInit(); + + /** + * Check whether the sventon management MBean is available. Will either + * return true or throw an exception, which should be caught by the caller. + */ + boolean ping(); +} Copied: trunk/cow/grails-app/utils/gate/cow/sventon/CowSventonSession.java (from rev 1809, trunk/cow/grails-app/utils/CowSventonSession.java) =================================================================== --- trunk/cow/grails-app/utils/gate/cow/sventon/CowSventonSession.java (rev 0) +++ trunk/cow/grails-app/utils/gate/cow/sventon/CowSventonSession.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,86 @@ +package gate.cow.sventon; + +import java.io.Serializable; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +/** + * Class encapsulating a "session" giving permissions to the sventon web app. + */ +public class CowSventonSession implements Serializable { + /** + * Serial version ID. + */ + private static final long serialVersionUID = -5977986860574481391L; + + /** + * Admin flag. A session with this flag set can do anything. + */ + private boolean admin = false; + + /** + * Map from repository name to the set of paths within that repository to + * which this session has access. + */ + private Map<String, Set<String>> grants = new HashMap<String, Set<String>>(); + + public void setAdmin(boolean admin) { + this.admin = admin; + } + + public boolean isAdmin() { + return admin; + } + + + /** + * Add permission for the given repository and path to this session. + */ + public void grant(String repos, String path) { + getGrantsForRepos(repos, true).add(path); + } + + /** + * Check whether the current session permits access to the given repository + * and path. An admin session will always return true here, otherwise we + * check the grants map. + */ + public boolean isPermitted(String repos, String path) { + if(isAdmin()) { + return true; + } + else { + Set<String> grantsForRepos = getGrantsForRepos(repos, false); + return (grantsForRepos != null && grantsForRepos.contains(path)); + } + } + + /** + * Get the permitted set of paths for a given repository, optionally creating + * an empty set if there are currently no grants for that repository. + */ + private Set<String> getGrantsForRepos(String repos, boolean create) { + Set<String> grantsForRepos = grants.get(repos); + if(grantsForRepos == null && create) { + grantsForRepos = new HashSet<String>(); + grants.put(repos, grantsForRepos); + } + return grantsForRepos; + } + + public String toString() { + StringBuilder builder = new StringBuilder("CowSventonSession: admin = "); + builder.append(admin); + if(!grants.isEmpty()) { + for(Map.Entry<String, Set<String>> grant : grants.entrySet()) { + builder.append("\n "); + builder.append(grant.getKey()); + builder.append(": "); + builder.append(grant.getValue()); + } + } + return builder.toString(); + } +} Modified: trunk/cow/scripts/_Events.groovy =================================================================== --- trunk/cow/scripts/_Events.groovy 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/cow/scripts/_Events.groovy 2009-11-14 11:12:30 UTC (rev 1812) @@ -35,13 +35,13 @@ println "Copying authentication and management classes to sventon..." def includes = { include(name:'CowAuthenticationManager*.class') - include(name:'CowSventon*.class') + include(name:'gate/cow/sventon/*.class') include(name:'AuthenticationData*.class') } ant.delete() { - fileset(dir:'../sventon/sventon-2.0.4/WEB-INF/classes', includes) + fileset(dir:'../sventon/web-app/WEB-INF/classes', includes) } - ant.copy(todir: '../sventon/sventon-2.0.4/WEB-INF/classes') { + ant.copy(todir: '../sventon/web-app/WEB-INF/classes') { fileset(dir:classesDirPath, includes) } Modified: trunk/sventon/README =================================================================== --- trunk/sventon/README 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/sventon/README 2009-11-14 11:12:30 UTC (rev 1812) @@ -15,9 +15,12 @@ context-param. cow-beans *must* be the last entry in the param-value, as it overrides some of the beans defined in the normal applicationContext.xml. -- Add groovy-all-1.5.6.jar to WEB-INF/lib (some of the classes CoW adds to - sventon are written in Groovy). +- Apply patches/clickableUrl.diff to WEB-INF/tags/clickableUrl.tag (fix it + manually if necessary). +- Add the groovy-all JAR from Grails to WEB-INF/lib (some of the classes CoW + adds to sventon are written in Groovy). + Additional classes are inserted into WEB-INF/classes by the CoW build. Some of these are copied from CoW, some are compiled from sources in the "extras" directory. Deleted: trunk/sventon/extras/src/CowRCDirFactoryBean.java =================================================================== --- trunk/sventon/extras/src/CowRCDirFactoryBean.java 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/sventon/extras/src/CowRCDirFactoryBean.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -1,51 +0,0 @@ -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.beans.factory.FactoryBean; -import java.io.File; - -/** - * Factory bean to determine the correct cowrc.d directory, taking into account - * the special case of no dot on Windows. - */ -public class CowRCDirFactoryBean implements FactoryBean { - - private final Log logger = LogFactory.getLog(getClass()); - - public Class<?> getObjectType() { - return File.class; - } - - public boolean isSingleton() { - return true; - } - - public Object getObject() { - // First check if there is a system property with an explicit location for - // the cowrc directory - String cowrcd = System.getProperty("gate.cow.cowrc.d"); - if(cowrcd != null) { - logger.debug("Found system property gate.cow.cowrc.d: Using " + cowrcd - + " as CoW RC directory"); - return new File(cowrcd); - } - else { - logger.debug("gate.cow.cowrc.d system property not set, guessing..."); - // determine the cow user home, fall back on the normal user.home if not - // set - String cowUserHome = System.getProperty("gate.cow.user.home", - System.getProperty("user.home")); - - File cowrcFile = null; - if(System.getProperty("os.name").toLowerCase().contains("windows")) { - cowrcFile = new File(cowUserHome, "cowrc.d"); - } - else { - cowrcFile = new File(cowUserHome, ".cowrc.d"); - } - - logger.debug("Using " + cowrcFile.getAbsolutePath() + " as CoW RC directory"); - return cowrcFile; - } - } -} - Deleted: trunk/sventon/extras/src/CowSecurityInterceptor.java =================================================================== --- trunk/sventon/extras/src/CowSecurityInterceptor.java 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/sventon/extras/src/CowSecurityInterceptor.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -1,126 +0,0 @@ -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; -import org.springframework.web.context.ServletContextAware; - -import javax.servlet.*; -import javax.servlet.http.*; -import java.io.File; -import java.io.FileInputStream; -import java.io.BufferedInputStream; -import java.io.ObjectInputStream; -import java.util.Map; -import java.util.Set; -import java.util.List; - -public class CowSecurityInterceptor extends HandlerInterceptorAdapter - implements ServletContextAware { - - private final Log logger = LogFactory.getLog(getClass()); - - public static final String ADMIN_USER_ATTRIBUTE = "gate.cow.isAdmin"; - public static final String GRANTS_ATTRIBUTE = "gate.cow.grants"; - public static final String COW_SESSION_PARAM = "cowSession"; - - private ServletContext ctx; - private File sessionDir; - - private List<Object> unrestrictedHandlers; - - public void setServletContext(ServletContext ctx) { - this.ctx = ctx; - } - - public void setSessionDir(File sessionDir) { - this.sessionDir = sessionDir; - } - - public void setUnrestrictedHandlers(List<Object> unrestrictedHandlers) { - this.unrestrictedHandlers = unrestrictedHandlers; - } - - public boolean preHandle(HttpServletRequest request, - HttpServletResponse response, Object handler) throws Exception { - // check if the handler for this request should be unrestricted - if(unrestrictedHandlers != null && - unrestrictedHandlers.contains(handler)) { - return true; - } - HttpSession httpSession = request.getSession(); - String cowSessionID = request.getParameter(COW_SESSION_PARAM); - // if no explicit session ID in the request, see if there is one in the - // HTTP session - if(cowSessionID == null) { - if(httpSession != null) { - cowSessionID = (String)httpSession.getAttribute(COW_SESSION_PARAM); - } - } - - if(cowSessionID == null) { - logger.warn("No CoW session ID found in request or HTTPSession."); - RequestDispatcher noSessionDispatcher = ctx.getRequestDispatcher( - "/WEB-INF/cow-no-session.jsp"); - noSessionDispatcher.forward(request, response); - return false; - } - else { - httpSession.setAttribute(COW_SESSION_PARAM, cowSessionID); - CowSventonSession cowSession = loadSession(cowSessionID); - logger.debug("Loaded CowSventonSession with ID " + cowSessionID); - logger.debug(cowSession); - if(cowSession == null) { - // couldn't load the session - RequestDispatcher noSessionDispatcher = ctx.getRequestDispatcher( - "/WEB-INF/cow-no-session.jsp"); - noSessionDispatcher.forward(request, response); - return false; - } - else { - // check for the relevant permission, or admin privilege - logger.debug("Checking permissions for repository " + request.getParameter("name") + ", path " + request.getParameter("path")); - if(cowSession.isPermitted(request.getParameter("name"), - request.getParameter("path"))) { - return true; - } - } - } - - // error page - RequestDispatcher dispatcher = ctx.getRequestDispatcher("/WEB-INF/cow-authfailed.jsp"); - dispatcher.forward(request, response); - return false; - } - - /** - * Load the session information from the specified session file. - */ - private CowSventonSession loadSession(String cowSessionID) { - try { - File sessionFile = new File(sessionDir, cowSessionID); - FileInputStream fis = null; - BufferedInputStream bis = null; - ObjectInputStream in = null; - try { - fis = new FileInputStream(sessionFile); - bis = new BufferedInputStream(fis); - in = new ObjectInputStream(bis); - return (CowSventonSession)in.readObject(); - } - finally { - if(in != null) { - in.close(); - } - else if(bis != null) { - bis.close(); - } - else if(fis != null) { - fis.close(); - } - } - } - catch(Exception e) { - logger.debug("Couldn't load CoW session for Sventon", e); - return null; - } - } -} Deleted: trunk/sventon/extras/src/CowSetAbstractConfigurer.java =================================================================== --- trunk/sventon/extras/src/CowSetAbstractConfigurer.java 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/sventon/extras/src/CowSetAbstractConfigurer.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -1,36 +0,0 @@ -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.beans.factory.config.BeanFactoryPostProcessor; -import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; -import org.springframework.beans.factory.support.AbstractBeanDefinition; - -/** - * BeanFactoryPostProcessor that sets the "abstract" flag on a particular bean - * definition. - */ -public class CowSetAbstractConfigurer implements BeanFactoryPostProcessor { - - private final Log logger = LogFactory.getLog(getClass()); - - /** - * The name of the bean to make abstract. - */ - private String beanName; - - public void setBeanName(String beanName) { - this.beanName = beanName; - } - - public void postProcessBeanFactory(ConfigurableListableBeanFactory factory) - throws BeansException { - BeanDefinition bd = factory.getBeanDefinition(beanName); - if(bd instanceof AbstractBeanDefinition) { - ((AbstractBeanDefinition)bd).setAbstract(true); - } - else { - logger.warn("Could not set bean named \"" + beanName + "\" to be abstract"); - } - } -} Deleted: trunk/sventon/extras/src/CowSventonJMXController.java =================================================================== --- trunk/sventon/extras/src/CowSventonJMXController.java 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/sventon/extras/src/CowSventonJMXController.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -1,44 +0,0 @@ -import org.sventon.appl.Application; -import org.sventon.model.RepositoryName; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * Simple management interface to allow CoW to remote-control sventon. - */ -public class CowSventonJMXController implements CowSventonJMXControllerMBean { - - private final Log logger = LogFactory.getLog(getClass()); - - private Application application; - - public void setApplication(Application application) { - this.application = application; - } - - public boolean ping() { - return true; - } - - public void removeAllRepositories() { - logger.info("Removing repositories"); - try { - for(RepositoryName name : application.getRepositoryNames()) { - application.deleteRepository(name); - } - } - catch(Exception e) { - logger.error("Error removing repositories", e); - } - } - - public void reInit() { - logger.info("Re-initing sventon"); - try { - application.init(); - } - catch(Exception e) { - logger.error("Error initializing sventon", e); - } - } -} Added: trunk/sventon/extras/src/gate/cow/sventon/CowJspFunctions.java =================================================================== --- trunk/sventon/extras/src/gate/cow/sventon/CowJspFunctions.java (rev 0) +++ trunk/sventon/extras/src/gate/cow/sventon/CowJspFunctions.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,23 @@ +package gate.cow.sventon; + +import javax.servlet.http.HttpServletRequest; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.springframework.web.servlet.support.RequestContextUtils; + +/** + * Simple class to expose {@link CowSessionManager#isPermitted} as a JSP EL + * function. + */ +public class CowJspFunctions { + + public static boolean isPermitted(String repoName, String path) { + System.err.println("CowJspFunctions.isPermitted(" + repoName + ", " + path + ")"); + // find the current thread-bound request object + HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.currentRequestAttributes()).getRequest(); + // get the session manager from Spring and delegate to that + return ((CowSessionManager)RequestContextUtils + .getWebApplicationContext(request).getBean("cowSessionManager")) + .isPermitted(request, repoName, path); + } +} Property changes on: trunk/sventon/extras/src/gate/cow/sventon/CowJspFunctions.java ___________________________________________________________________ Added: svn:keywords + Id Added: svn:eol-style + native Copied: trunk/sventon/extras/src/gate/cow/sventon/CowRCDirFactoryBean.java (from rev 1809, trunk/sventon/extras/src/CowRCDirFactoryBean.java) =================================================================== --- trunk/sventon/extras/src/gate/cow/sventon/CowRCDirFactoryBean.java (rev 0) +++ trunk/sventon/extras/src/gate/cow/sventon/CowRCDirFactoryBean.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,53 @@ +package gate.cow.sventon; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.beans.factory.FactoryBean; +import java.io.File; + +/** + * Factory bean to determine the correct cowrc.d directory, taking into account + * the special case of no dot on Windows. + */ +public class CowRCDirFactoryBean implements FactoryBean { + + private final Log logger = LogFactory.getLog(getClass()); + + public Class<?> getObjectType() { + return File.class; + } + + public boolean isSingleton() { + return true; + } + + public Object getObject() { + // First check if there is a system property with an explicit location for + // the cowrc directory + String cowrcd = System.getProperty("gate.cow.cowrc.d"); + if(cowrcd != null) { + logger.debug("Found system property gate.cow.cowrc.d: Using " + cowrcd + + " as CoW RC directory"); + return new File(cowrcd); + } + else { + logger.debug("gate.cow.cowrc.d system property not set, guessing..."); + // determine the cow user home, fall back on the normal user.home if not + // set + String cowUserHome = System.getProperty("gate.cow.user.home", + System.getProperty("user.home")); + + File cowrcFile = null; + if(System.getProperty("os.name").toLowerCase().contains("windows")) { + cowrcFile = new File(cowUserHome, "cowrc.d"); + } + else { + cowrcFile = new File(cowUserHome, ".cowrc.d"); + } + + logger.debug("Using " + cowrcFile.getAbsolutePath() + " as CoW RC directory"); + return cowrcFile; + } + } +} + Copied: trunk/sventon/extras/src/gate/cow/sventon/CowSecurityInterceptor.java (from rev 1811, trunk/sventon/extras/src/CowSecurityInterceptor.java) =================================================================== --- trunk/sventon/extras/src/gate/cow/sventon/CowSecurityInterceptor.java (rev 0) +++ trunk/sventon/extras/src/gate/cow/sventon/CowSecurityInterceptor.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,65 @@ +package gate.cow.sventon; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; +import org.springframework.web.context.ServletContextAware; + +import javax.servlet.*; +import javax.servlet.http.*; +import java.util.List; + +/** + * Spring handler interceptor that checks whether requests are permitted based + * on the session information passed to sventon by CoW. + */ +public class CowSecurityInterceptor extends HandlerInterceptorAdapter + implements ServletContextAware { + + private final Log logger = LogFactory.getLog(getClass()); + + private ServletContext ctx; + private CowSessionManager sessionManager; + + private List<Object> unrestrictedHandlers; + + public void setServletContext(ServletContext ctx) { + this.ctx = ctx; + } + + public void setSessionManager(CowSessionManager sessionManager) { + this.sessionManager = sessionManager; + } + + public void setUnrestrictedHandlers(List<Object> unrestrictedHandlers) { + this.unrestrictedHandlers = unrestrictedHandlers; + } + + public boolean preHandle(HttpServletRequest request, + HttpServletResponse response, Object handler) throws Exception { + // check if the handler for this request should be unrestricted + if(unrestrictedHandlers != null && + unrestrictedHandlers.contains(handler)) { + return true; + } + if(sessionManager.hasSession(request)) { + // check for the relevant permission, or admin privilege + logger.debug("Checking permissions for repository " + request.getParameter("name") + ", path " + request.getParameter("path")); + if(sessionManager.isPermitted(request, request.getParameter("name"), + request.getParameter("path"))) { + return true; + } + } + else { + RequestDispatcher noSessionDispatcher = ctx.getRequestDispatcher( + "/WEB-INF/cow-no-session.jsp"); + noSessionDispatcher.forward(request, response); + return false; + } + + // error page + RequestDispatcher dispatcher = ctx.getRequestDispatcher("/WEB-INF/cow-authfailed.jsp"); + dispatcher.forward(request, response); + return false; + } +} Added: trunk/sventon/extras/src/gate/cow/sventon/CowSessionManager.java =================================================================== --- trunk/sventon/extras/src/gate/cow/sventon/CowSessionManager.java (rev 0) +++ trunk/sventon/extras/src/gate/cow/sventon/CowSessionManager.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,126 @@ +package gate.cow.sventon; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import javax.servlet.*; +import javax.servlet.http.*; +import java.util.HashMap; +import java.util.Map; +import java.io.File; +import java.io.FileInputStream; +import java.io.BufferedInputStream; +import java.io.ObjectInputStream; + +/** + * General session manager bean to handle checking sventon requests against + * authentication data provided by CoW. + */ +public class CowSessionManager { + private final Log logger = LogFactory.getLog(getClass()); + + public static final String ADMIN_USER_ATTRIBUTE = "gate.cow.isAdmin"; + public static final String GRANTS_ATTRIBUTE = "gate.cow.grants"; + public static final String COW_SESSION_PARAM = "cowSession"; + + private File sessionDir; + + public void setSessionDir(File sessionDir) { + this.sessionDir = sessionDir; + } + + // cache of most recently accessed session data + private Map<String, CowSventonSession> cachedSessions = new HashMap<String, CowSventonSession>(); + private Map<String, Long> sessionModTimes = new HashMap<String, Long>(); + + /** + * Check whether there is a Cow session available for the current servlet + * request. + */ + public synchronized boolean hasSession(HttpServletRequest req) { + return loadSession(req) != null; + } + + /** + * Check whether the CoW session for the given request permits access to the + * given repository and path. If there is no session, or an error loading + * the session, a message is logged and this method returns false. + */ + public synchronized boolean isPermitted(HttpServletRequest req, String repoName, String path) { + CowSventonSession cowSession = loadSession(req); + if(cowSession != null && cowSession.isPermitted(repoName, path)) { + return true; + } + + return false; + } + + /** + * Load the CoW session for the given request from the cache (if it is fresh) + * or the file on disk. + */ + private CowSventonSession loadSession(HttpServletRequest request) { + String cowSessionID = request.getParameter(COW_SESSION_PARAM); + try { + HttpSession httpSession = request.getSession(); + + // if no explicit session ID in the request, see if there is one in the + // HTTP session + if(cowSessionID == null) { + if(httpSession != null) { + cowSessionID = (String)httpSession.getAttribute(COW_SESSION_PARAM); + } + } + + if(cowSessionID == null) { + logger.warn("No CoW session ID found in request or HTTPSession."); + } + else { + httpSession.setAttribute(COW_SESSION_PARAM, cowSessionID); + + File sessionFile = new File(sessionDir, cowSessionID); + if(cachedSessions.containsKey(cowSessionID)) { + // if we have the session cached and still fresh, return the cached + // copy + if(sessionFile.exists() && + sessionFile.lastModified() <= sessionModTimes.get(cowSessionID)) { + return cachedSessions.get(cowSessionID); + } + // if the session is out of date or dead, remove it from the cache + else { + cachedSessions.remove(cowSessionID); + sessionModTimes.remove(cowSessionID); + } + } + FileInputStream fis = null; + BufferedInputStream bis = null; + ObjectInputStream in = null; + try { + fis = new FileInputStream(sessionFile); + bis = new BufferedInputStream(fis); + in = new ObjectInputStream(bis); + CowSventonSession cowSession = (CowSventonSession)in.readObject(); + cachedSessions.put(cowSessionID, cowSession); + sessionModTimes.put(cowSessionID, sessionFile.lastModified()); + return cowSession; + } + finally { + if(in != null) { + in.close(); + } + else if(bis != null) { + bis.close(); + } + else if(fis != null) { + fis.close(); + } + } + } + } + catch(Exception e) { + logger.warn("Exception loading session" + + (cowSessionID == null ? "" : " with ID " + cowSessionID), e); + } + return null; + } +} Property changes on: trunk/sventon/extras/src/gate/cow/sventon/CowSessionManager.java ___________________________________________________________________ Added: svn:keywords + Id Added: svn:eol-style + native Copied: trunk/sventon/extras/src/gate/cow/sventon/CowSetAbstractConfigurer.java (from rev 1809, trunk/sventon/extras/src/CowSetAbstractConfigurer.java) =================================================================== --- trunk/sventon/extras/src/gate/cow/sventon/CowSetAbstractConfigurer.java (rev 0) +++ trunk/sventon/extras/src/gate/cow/sventon/CowSetAbstractConfigurer.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,38 @@ +package gate.cow.sventon; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.beans.factory.config.BeanFactoryPostProcessor; +import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; +import org.springframework.beans.factory.support.AbstractBeanDefinition; + +/** + * BeanFactoryPostProcessor that sets the "abstract" flag on a particular bean + * definition. + */ +public class CowSetAbstractConfigurer implements BeanFactoryPostProcessor { + + private final Log logger = LogFactory.getLog(getClass()); + + /** + * The name of the bean to make abstract. + */ + private String beanName; + + public void setBeanName(String beanName) { + this.beanName = beanName; + } + + public void postProcessBeanFactory(ConfigurableListableBeanFactory factory) + throws BeansException { + BeanDefinition bd = factory.getBeanDefinition(beanName); + if(bd instanceof AbstractBeanDefinition) { + ((AbstractBeanDefinition)bd).setAbstract(true); + } + else { + logger.warn("Could not set bean named \"" + beanName + "\" to be abstract"); + } + } +} Copied: trunk/sventon/extras/src/gate/cow/sventon/CowSventonJMXController.java (from rev 1809, trunk/sventon/extras/src/CowSventonJMXController.java) =================================================================== --- trunk/sventon/extras/src/gate/cow/sventon/CowSventonJMXController.java (rev 0) +++ trunk/sventon/extras/src/gate/cow/sventon/CowSventonJMXController.java 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,46 @@ +package gate.cow.sventon; + +import org.sventon.appl.Application; +import org.sventon.model.RepositoryName; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * Simple management interface to allow CoW to remote-control sventon. + */ +public class CowSventonJMXController implements CowSventonJMXControllerMBean { + + private final Log logger = LogFactory.getLog(getClass()); + + private Application application; + + public void setApplication(Application application) { + this.application = application; + } + + public boolean ping() { + return true; + } + + public void removeAllRepositories() { + logger.info("Removing repositories"); + try { + for(RepositoryName name : application.getRepositoryNames()) { + application.deleteRepository(name); + } + } + catch(Exception e) { + logger.error("Error removing repositories", e); + } + } + + public void reInit() { + logger.info("Re-initing sventon"); + try { + application.init(); + } + catch(Exception e) { + logger.error("Error initializing sventon", e); + } + } +} Added: trunk/sventon/patches/clickableUrl.diff =================================================================== --- trunk/sventon/patches/clickableUrl.diff (rev 0) +++ trunk/sventon/patches/clickableUrl.diff 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,41 @@ +Index: clickableUrl.tag +=================================================================== +--- clickableUrl.tag (revision 1809) ++++ clickableUrl.tag (working copy) +@@ -14,6 +14,7 @@ + <%@ tag body-content="empty" language="java" pageEncoding="UTF-8" %> + <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> + <%@ taglib prefix="sventon-ui" uri="/WEB-INF/sventon.tld" %> ++<%@ taglib prefix="cow" uri="/WEB-INF/cow.tld" %> + + <%@ attribute name="command" required="true" type="org.sventon.web.command.BaseCommand" %> + <%@ attribute name="url" required="true" type="java.lang.String" %> +@@ -23,11 +24,19 @@ + <c:url value="/repos/${command.name}/list/" var="basePathUrl"> + <c:param name="revision" value="${command.revision}" /> + </c:url> +- <a href="${basePathUrl}">${url}</a> / ++ <c:choose> ++ <c:when test="${cow:isPermitted(command.name, '')}"> ++ <a href="${basePathUrl}">${url}</a> ++ </c:when> ++ <c:otherwise> ++ ${url} ++ </c:otherwise> ++ </c:choose> ++ / + <c:forTokens items="${command.parentPath}" delims="/" var="pathSegment"> + <c:set var="accuPath" scope="page" value="${accuPath}${pathSegment}/"/> + <c:choose> +- <c:when test="${clickable}"> ++ <c:when test="${clickable and cow:isPermitted(command.name, accuPath)}"> + <c:url value="/repos/${command.name}/list/${accuPath}" var="pathUrl"> + <c:param name="revision" value="${command.revision}" /> + </c:url> +@@ -38,4 +47,4 @@ + / + </c:forTokens> + ${command.target} +-</span> +\ No newline at end of file ++</span> Property changes on: trunk/sventon/sventon-2.0.4/WEB-INF/classes ___________________________________________________________________ Modified: svn:ignore - Cow*.class AuthenticationData*.class + Cow*.class AuthenticationData*.class gate Modified: trunk/sventon/sventon-2.0.4/WEB-INF/cow-beans.xml =================================================================== --- trunk/sventon/sventon-2.0.4/WEB-INF/cow-beans.xml 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/sventon/sventon-2.0.4/WEB-INF/cow-beans.xml 2009-11-14 11:12:30 UTC (rev 1812) @@ -10,14 +10,14 @@ <bean id="sventonTempRootDir" class="java.io.File"> <constructor-arg> - <bean class="CowRCDirFactoryBean" /> + <bean class="gate.cow.sventon.CowRCDirFactoryBean" /> </constructor-arg> <constructor-arg value="sventon-config"/> </bean> <bean id="cowSvnconfigDir" class="java.io.File"> <constructor-arg> - <bean class="CowRCDirFactoryBean" /> + <bean class="gate.cow.sventon.CowRCDirFactoryBean" /> </constructor-arg> <constructor-arg value="svnconfig" /> </bean> @@ -41,7 +41,7 @@ </bean> <!-- Bean to enable CoW to control Sventon using JMX --> - <bean id="sventonJmxController" class="CowSventonJMXController"> + <bean id="sventonJmxController" class="gate.cow.sventon.CowSventonJMXController"> <property name="application" ref="application" /> </bean> Added: trunk/sventon/sventon-2.0.4/WEB-INF/cow.tld =================================================================== --- trunk/sventon/sventon-2.0.4/WEB-INF/cow.tld (rev 0) +++ trunk/sventon/sventon-2.0.4/WEB-INF/cow.tld 2009-11-14 11:12:30 UTC (rev 1812) @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="ISO-8859-1" ?> +<taglib xmlns="http://java.sun.com/xml/ns/j2ee" version="2.0"> + <tlib-version>1.0</tlib-version> + <short-name>cow</short-name> + <uri>http://gatewiki.sourceforge.net/taglib/cow</uri> + + <function> + <name>isPermitted</name> + <function-class>gate.cow.sventon.CowJspFunctions</function-class> + <function-signature>boolean isPermitted(java.lang.String,java.lang.String)</function-signature> + </function> +</taglib> Modified: trunk/sventon/sventon-2.0.4/WEB-INF/sventon-servlet-extras.xml =================================================================== --- trunk/sventon/sventon-2.0.4/WEB-INF/sventon-servlet-extras.xml 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/sventon/sventon-2.0.4/WEB-INF/sventon-servlet-extras.xml 2009-11-14 11:12:30 UTC (rev 1812) @@ -5,7 +5,7 @@ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> <!-- make the sventon-servlet.xml defined urlMapping abstract --> - <bean class="CowSetAbstractConfigurer"> + <bean class="gate.cow.sventon.CowSetAbstractConfigurer"> <property name="beanName"><idref bean="urlMapping" /></property> </bean> @@ -20,8 +20,12 @@ </property> </bean> - <bean id="cowSecurityInterceptor" class="CowSecurityInterceptor"> + <bean id="cowSessionManager" class="gate.cow.sventon.CowSessionManager"> <property name="sessionDir" ref="cowSessionsDir" /> + </bean> + + <bean id="cowSecurityInterceptor" class="gate.cow.sventon.CowSecurityInterceptor"> + <property name="sessionManager" ref="cowSessionManager" /> <property name="unrestrictedHandlers"> <list> <ref bean="getStaticContentController" /> Modified: trunk/sventon/sventon-2.0.4/WEB-INF/tags/clickableUrl.tag =================================================================== --- trunk/sventon/sventon-2.0.4/WEB-INF/tags/clickableUrl.tag 2009-11-13 12:46:58 UTC (rev 1811) +++ trunk/sventon/sventon-2.0.4/WEB-INF/tags/clickableUrl.tag 2009-11-14 11:12:30 UTC (rev 1812) @@ -14,6 +14,7 @@ <%@ tag body-content="empty" language="java" pageEncoding="UTF-8" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib prefix="sventon-ui" uri="/WEB-INF/sventon.tld" %> +<%@ taglib prefix="cow" uri="/WEB-INF/cow.tld" %> <%@ attribute name="command" required="true" type="org.sventon.web.command.BaseCommand" %> <%@ attribute name="url" required="true" type="java.lang.String" %> @@ -23,11 +24,19 @@ <c:url value="/repos/${command.name}/list/" var="basePathUrl"> <c:param name="revision" value="${command.revision}" /> </c:url> - <a href="${basePathUrl}">${url}</a> / + <c:choose> + <c:when test="${cow:isPermitted(command.name, '')}"> + <a href="${basePathUrl}">${url}</a> + </c:when> + <c:otherwise> + ${url} + </c:otherwise> + </c:choose> + / <c:forTokens items="${command.parentPath}" delims="/" var="pathSegment"> <c:set var="accuPath" scope="page" value="${accuPath}${pathSegment}/"/> <c:choose> - <c:when test="${clickable}"> + <c:when test="${clickable and cow:isPermitted(command.name, accuPath)}"> <c:url value="/repos/${command.name}/list/${accuPath}" var="pathUrl"> <c:param name="revision" value="${command.revision}" /> </c:url> @@ -38,4 +47,4 @@ / </c:forTokens> ${command.target} -</span> \ No newline at end of file +</span> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ gatewiki-commits mailing list gatewiki-commits@... https://lists.sourceforge.net/lists/listinfo/gatewiki-commits |
| Free embeddable forum powered by Nabble | Forum Help |
