Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils: [639] trunk/openutils-hibernate-security/src/main/ java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter .java
Revision: 639
http://openutils.svn.sourceforge.net/openutils/?rev=639&view=rev
Author: fcarone
Date: 2008-02-19 07:34:28 -0800 (Tue, 19 Feb 2008)
Log Message:
-----------
SecurityRule based acegi voter added
Added Paths:
-----------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
Added: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java (rev 0)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-19 15:34:28 UTC (rev 639)
@@ -0,0 +1,197 @@
+/*
+ * Copyright Openmind http://www.openmindonline.it
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.dataobject.ModifierEnum;
+import it.openutils.hibernate.security.dataobject.PermissionEnum;
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.lang.reflect.InvocationTargetException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttribute;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.vote.AccessDecisionVoter;
+import org.apache.commons.beanutils.BeanUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang.enums.EnumUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.aop.framework.ReflectiveMethodInvocation;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class SecurityRuleAccessDecisionVoter implements AccessDecisionVoter
+{
+
+ /**
+ * Logger.
+ */
+ private static Logger log = LoggerFactory.getLogger(SecurityRuleAccessDecisionVoter.class);
+
+ private SecurityRuleManager securityRuleManager;
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean supports(ConfigAttribute attribute)
+ {
+ if (attribute.getAttribute() != null)
+ {
+ for (PermissionEnum permission : PermissionEnum.values())
+ {
+ if (StringUtils.equals(permission.getValue(), attribute.getAttribute()))
+ {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @SuppressWarnings("unchecked")
+ public boolean supports(Class clazz)
+ {
+ return true;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config)
+ {
+ List<String> roles = new ArrayList<String>();
+ for (GrantedAuthority authority : authentication.getAuthorities())
+ {
+ roles.add(authority.getAuthority());
+ }
+ if (object instanceof ReflectiveMethodInvocation)
+ {
+ ReflectiveMethodInvocation methodInvocation = ((ReflectiveMethodInvocation) object);
+ for (Object argument : methodInvocation.getArguments())
+ {
+ List<SecurityRule> rules = securityRuleManager.getRulesForRoles(argument.getClass().getName(), roles);
+ boolean permissionMatches = checkPermissions(rules, config);
+ if (!permissionMatches)
+ {
+ return ACCESS_DENIED;
+ }
+
+ boolean areRulesMatching = checkRules(rules, argument);
+ if (!areRulesMatching)
+ {
+ return ACCESS_DENIED;
+ }
+ }
+ }
+
+ return ACCESS_GRANTED;
+ }
+
+ /**
+ * @param rules
+ * @param argument
+ * @return
+ */
+ private boolean checkRules(List<SecurityRule> rules, Object argument)
+ {
+ try
+ {
+ for (SecurityRule rule : rules)
+ {
+ String objProperty = BeanUtils.getSimpleProperty(argument, rule.getProperty());
+ if (rule.getModifier() == ModifierEnum.EQUALS)
+ {
+ if (StringUtils.equals(objProperty, rule.getValue()))
+ {
+ return true;
+ }
+ }
+ else if (rule.getModifier() == ModifierEnum.NOT)
+ {
+ if (StringUtils.equals(objProperty, rule.getValue()))
+ {
+ return true;
+ }
+ }
+ else
+ {
+ throw new RuntimeException("Modifier " + rule.getModifier() + " is not recognized");
+ }
+ }
+ }
+ catch (NoSuchMethodException e)
+ {
+ log.error("{}", e);
+ }
+ catch (IllegalAccessException e)
+ {
+ log.error("{}", e);
+ }
+ catch (InvocationTargetException e)
+ {
+ log.error("{}", e);
+ }
+ return false;
+ }
+
+ /**
+ * @param rules
+ * @param config
+ * @return
+ */
+ @SuppressWarnings("unchecked")
+ private boolean checkPermissions(List<SecurityRule> rules, ConfigAttributeDefinition config)
+ {
+ Iterator iterator = config.getConfigAttributes();
+ while (iterator.hasNext())
+ {
+ String attribute = ((ConfigAttribute) iterator.next()).getAttribute();
+ for (SecurityRule rule : rules)
+ {
+ for (PermissionEnum permission : rule.getPermissions())
+ {
+ if (StringUtils.equals(permission.getValue(), attribute))
+ {
+ return true;
+ }
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Sets the securityRuleManager.
+ * @param securityRuleManager the securityRuleManager to set
+ */
+ public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
+ {
+ this.securityRuleManager = securityRuleManager;
+ }
+
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
