Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils: [644] trunk/openutils-hibernate-security/src/main/ java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter .java
Revision: 644
http://openutils.svn.sourceforge.net/openutils/?rev=644&view=rev
Author: fcarone
Date: 2008-02-19 09:44:08 -0800 (Tue, 19 Feb 2008)
Log Message:
-----------
more logging and some minor refactorings
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-19 17:43:17 UTC (rev 643)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-19 17:44:08 UTC (rev 644)
@@ -22,6 +22,7 @@
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Iterator;
import java.util.List;
@@ -56,16 +57,20 @@
*/
public boolean supports(ConfigAttribute attribute)
{
+ log.debug("Evaluating attribute {}", attribute.getAttribute());
+
if (attribute.getAttribute() != null)
{
for (PermissionEnum permission : PermissionEnum.values())
{
if (StringUtils.equals(permission.getValue(), attribute.getAttribute()))
{
+ log.debug("Support ok.");
return true;
}
}
}
+ log.debug("Not supporting attribute.");
return false;
}
@@ -84,15 +89,14 @@
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config)
{
List<String> roles = new ArrayList<String>();
- for (GrantedAuthority authority : authentication.getAuthorities())
- {
- roles.add(authority.getAuthority());
- }
+ roles.addAll(getRolesFromAuthentication(authentication));
+
if (object instanceof ReflectiveMethodInvocation)
{
ReflectiveMethodInvocation methodInvocation = ((ReflectiveMethodInvocation) object);
for (Object argument : methodInvocation.getArguments())
{
+ log.debug("Evaluating argument {}", argument);
List<SecurityRule> rules = securityRuleManager.getRulesForRoles(argument.getClass().getName(), roles);
boolean permissionMatches = checkPermissions(rules, config);
if (!permissionMatches)
@@ -112,12 +116,28 @@
}
/**
+ * @param authentication
+ * @return
+ */
+ private Collection< ? extends String> getRolesFromAuthentication(Authentication authentication)
+ {
+ List<String> roles = new ArrayList<String>();
+ for (GrantedAuthority authority : authentication.getAuthorities())
+ {
+ log.debug("Granted authority for user {}: {}", authentication.getName(), authority.getAuthority());
+ roles.add(authority.getAuthority());
+ }
+ return roles;
+ }
+
+ /**
* @param rules
* @param argument
* @return
*/
private boolean checkRules(List<SecurityRule> rules, Object argument)
{
+ log.debug("Evaluating rules.");
try
{
for (SecurityRule rule : rules)
@@ -127,13 +147,15 @@
{
if (StringUtils.equals(objProperty, rule.getValue()))
{
+ log.debug("Matching rule found: {}", rule);
return true;
}
}
else if (rule.getModifier() == ModifierEnum.NOT)
{
- if (StringUtils.equals(objProperty, rule.getValue()))
+ if (!StringUtils.equals(objProperty, rule.getValue()))
{
+ log.debug("Matching rule found: {}", rule);
return true;
}
}
@@ -155,6 +177,7 @@
{
log.error("{}", e);
}
+ log.debug("No matching rules found.");
return false;
}
@@ -166,6 +189,7 @@
@SuppressWarnings("unchecked")
private boolean checkPermissions(List<SecurityRule> rules, ConfigAttributeDefinition config)
{
+ log.debug("Evaluation permissions");
Iterator iterator = config.getConfigAttributes();
while (iterator.hasNext())
{
@@ -176,11 +200,13 @@
{
if (StringUtils.equals(permission.getValue(), attribute))
{
+ log.debug("Matching permission: {}", permission.getValue());
return true;
}
}
}
}
+ log.debug("No matching permissions found.");
return false;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
