diff options
author | Eike Stepper | 2013-09-23 08:33:15 +0000 |
---|---|---|
committer | Eike Stepper | 2013-09-23 08:33:15 +0000 |
commit | 3899b0d02e1ec67674511c5cfbaf0605f538fa55 (patch) | |
tree | b40082fbfd5c097729feaa3fe5785b0592de634f /plugins/org.eclipse.emf.cdo.server.security | |
parent | dc8364330b7013c4edd54ef30b9d74f7ad9f234a (diff) | |
download | cdo-3899b0d02e1ec67674511c5cfbaf0605f538fa55.tar.gz cdo-3899b0d02e1ec67674511c5cfbaf0605f538fa55.tar.xz cdo-3899b0d02e1ec67674511c5cfbaf0605f538fa55.zip |
[417483] [Security] Issues in invalidation when missing write Permission
https://bugs.eclipse.org/bugs/show_bug.cgi?id=417483
Diffstat (limited to 'plugins/org.eclipse.emf.cdo.server.security')
2 files changed, 21 insertions, 22 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java index 97a7a7d1c3..5a2d5715b9 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java @@ -25,7 +25,7 @@ import org.eclipse.emf.cdo.net4j.CDONet4jUtil; import org.eclipse.emf.cdo.security.Access; import org.eclipse.emf.cdo.security.Directory; import org.eclipse.emf.cdo.security.Group; -import org.eclipse.emf.cdo.security.Inclusion; +import org.eclipse.emf.cdo.security.PatternStyle; import org.eclipse.emf.cdo.security.Permission; import org.eclipse.emf.cdo.security.Realm; import org.eclipse.emf.cdo.security.Role; @@ -79,6 +79,8 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage { private static final Map<IRepository, InternalSecurityManager> SECURITY_MANAGERS = new HashMap<IRepository, InternalSecurityManager>(); + private static final SecurityFactory SF = SecurityFactory.eINSTANCE; + private final IListener repositoryListener = new LifecycleEventAdapter() { @Override @@ -248,7 +250,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage { public void execute(Realm realm) { - UserPassword userPassword = SecurityFactory.eINSTANCE.createUserPassword(); + UserPassword userPassword = SF.createUserPassword(); userPassword.setEncrypted(new String(password)); result[0] = realm.addUser(id); @@ -528,9 +530,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage protected Realm createRealm() { - final SecurityFactory factory = SecurityFactory.eINSTANCE; - - Realm realm = factory.createRealm("Security Realm"); + Realm realm = SF.createRealm("Security Realm"); realm.setDefaultRoleDirectory(addDirectory(realm, "Roles")); realm.setDefaultGroupDirectory(addDirectory(realm, "Groups")); realm.setDefaultUserDirectory(addDirectory(realm, "Users")); @@ -539,27 +539,25 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage Role allReaderRole = realm.addRole("All Objects Reader"); allReaderRole.getPermissions().add( - factory.createFilterPermission(Access.READ, factory.createResourceFilter(".*", Inclusion.REGEX))); + SF.createFilterPermission(Access.READ, SF.createResourceFilter(".*", PatternStyle.REGEX))); Role allWriterRole = realm.addRole("All Objects Writer"); allWriterRole.getPermissions().add( - factory.createFilterPermission(Access.WRITE, factory.createResourceFilter(".*", Inclusion.REGEX))); + SF.createFilterPermission(Access.WRITE, SF.createResourceFilter(".*", PatternStyle.REGEX))); Role treeReaderRole = realm.addRole("Resource Tree Reader"); treeReaderRole.getPermissions().add( - factory.createFilterPermission(Access.READ, factory.createPackageFilter(EresourcePackage.eINSTANCE))); + SF.createFilterPermission(Access.READ, SF.createPackageFilter(EresourcePackage.eINSTANCE))); Role treeWriterRole = realm.addRole("Resource Tree Writer"); treeWriterRole.getPermissions().add( - factory.createFilterPermission(Access.WRITE, factory.createPackageFilter(EresourcePackage.eINSTANCE))); + SF.createFilterPermission(Access.WRITE, SF.createPackageFilter(EresourcePackage.eINSTANCE))); Role adminRole = realm.addRole("Administration"); - adminRole.getPermissions() - .add( - factory.createFilterPermission(Access.WRITE, - factory.createResourceFilter(realmPath, Inclusion.EXACT_AND_DOWN))); adminRole.getPermissions().add( - factory.createFilterPermission(Access.READ, factory.createResourceFilter(realmPath, Inclusion.EXACT_AND_UP))); + SF.createFilterPermission(Access.WRITE, SF.createResourceFilter(realmPath, PatternStyle.EXACT, false))); + adminRole.getPermissions().add( + SF.createFilterPermission(Access.READ, SF.createResourceFilter(realmPath, PatternStyle.EXACT, true))); // Create groups @@ -578,7 +576,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage protected Directory addDirectory(Realm realm, String name) { - Directory directory = SecurityFactory.eINSTANCE.createDirectory(name); + Directory directory = SF.createDirectory(name); realm.getItems().add(directory); return directory; } diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java index e16756e9aa..bc25ea01c6 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/HomeFolderHandler.java @@ -11,7 +11,7 @@ package org.eclipse.emf.cdo.server.spi.security; import org.eclipse.emf.cdo.security.Access; -import org.eclipse.emf.cdo.security.Inclusion; +import org.eclipse.emf.cdo.security.PatternStyle; import org.eclipse.emf.cdo.security.Realm; import org.eclipse.emf.cdo.security.Role; import org.eclipse.emf.cdo.security.SecurityFactory; @@ -43,6 +43,8 @@ public class HomeFolderHandler implements InternalSecurityManager.CommitHandler2 { public static final String DEFAULT_HOME_FOLDER = "/home"; + private static final SecurityFactory SF = SecurityFactory.eINSTANCE; + private final String homeFolder; public HomeFolderHandler(String homeFolder) @@ -80,12 +82,11 @@ public class HomeFolderHandler implements InternalSecurityManager.CommitHandler2 protected void initRole(Role role) { - role.getPermissions().add( - SecurityFactory.eINSTANCE.createFilterPermission(Access.WRITE, - SecurityFactory.eINSTANCE.createResourceFilter(homeFolder + "/${user}", Inclusion.EXACT_AND_DOWN))); - role.getPermissions().add( - SecurityFactory.eINSTANCE.createFilterPermission(Access.READ, - SecurityFactory.eINSTANCE.createResourceFilter(homeFolder, Inclusion.EXACT_AND_UP))); + role.getPermissions().add(SF.createFilterPermission(Access.WRITE, // + SF.createResourceFilter(homeFolder + "/${user}", PatternStyle.TREE, false))); + + role.getPermissions().add(SF.createFilterPermission(Access.READ, // + SF.createResourceFilter(homeFolder, PatternStyle.EXACT, true))); } public void handleCommit(final InternalSecurityManager securityManager, CommitContext commitContext, User user) |