Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils: [658] trunk/openutils-hibernate-security/src
|
From: <fc...@us...> - 2008-02-20 14:09:09
|
Revision: 658
http://openutils.svn.sourceforge.net/openutils/?rev=658&view=rev
Author: fcarone
Date: 2008-02-20 06:09:10 -0800 (Wed, 20 Feb 2008)
Log Message:
-----------
Some (heavy) refactoring
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/SecurityIntegrationTest.java
trunk/openutils-hibernate-security/src/test/resources/SecurityIntegrationTest-load.xml
Added Paths:
-----------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleBaseHandler.java
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleUtils.java
Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java 2008-02-20 10:38:55 UTC (rev 657)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java 2008-02-20 14:09:10 UTC (rev 658)
@@ -32,7 +32,6 @@
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
-import org.dbunit.dataset.csv.handlers.EscapeHandler;
import org.hibernate.Filter;
import org.hibernate.HibernateException;
import org.hibernate.engine.FilterDefinition;
@@ -149,7 +148,7 @@
startQuote = "\'";
endQuote = startQuote;
}
- else if (field.getType().getSuperclass().isAssignableFrom(Number.class))
+ else if (Number.class.isAssignableFrom(field.getType()))
{
startQuote = StringUtils.EMPTY;
endQuote = StringUtils.EMPTY;
Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-20 10:38:55 UTC (rev 657)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-20 14:09:10 UTC (rev 658)
@@ -15,24 +15,14 @@
*/
package it.openutils.hibernate.security.filter;
-import it.openutils.hibernate.security.dataobject.ModifierEnum;
-import it.openutils.hibernate.security.dataobject.PermissionEnum;
import it.openutils.hibernate.security.dataobject.SecurityRule;
import it.openutils.hibernate.security.services.SecurityRuleManager;
-import java.lang.reflect.InvocationTargetException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
import java.util.List;
import org.acegisecurity.Authentication;
-import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition;
-import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.vote.AccessDecisionVoter;
-import org.apache.commons.beanutils.BeanUtils;
-import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.aop.framework.ReflectiveMethodInvocation;
@@ -42,7 +32,7 @@
* @author fcarone
* @version $Id: $
*/
-public class SecurityRuleAccessDecisionVoter implements AccessDecisionVoter
+public class SecurityRuleAccessDecisionVoter extends SecurityRuleBaseHandler implements AccessDecisionVoter
{
/**
@@ -52,44 +42,14 @@
private SecurityRuleManager securityRuleManager;
- /**
- * {@inheritDoc}
- */
- public boolean supports(ConfigAttribute attribute)
- {
- log.debug("Evaluating attribute {}", attribute.getAttribute());
+ private SecurityRuleUtils ruleUtils = new SecurityRuleUtils();
- if (attribute.getAttribute() != null)
- {
- for (PermissionEnum permission : PermissionEnum.values())
- {
- if (StringUtils.equals(permission.getValue(), attribute.getAttribute()))
- {
- log.debug("Support ok.");
- return true;
- }
- }
- }
- log.debug("Not supporting attribute.");
- return false;
- }
-
/**
* {@inheritDoc}
*/
- @SuppressWarnings("unchecked")
- public boolean supports(Class clazz)
- {
- return true;
- }
-
- /**
- * {@inheritDoc}
- */
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config)
{
- List<String> roles = new ArrayList<String>();
- roles.addAll(getRolesFromAuthentication(authentication));
+ List<String> roles = ruleUtils.getRolesFromAuthentication(authentication);
if (object instanceof ReflectiveMethodInvocation)
{
@@ -98,13 +58,13 @@
{
log.debug("Evaluating argument {}", argument);
List<SecurityRule> rules = securityRuleManager.getRulesForRoles(argument.getClass().getName(), roles);
- boolean permissionMatches = checkPermissions(rules, config);
+ boolean permissionMatches = ruleUtils.checkPermissions(rules, config);
if (!permissionMatches)
{
return ACCESS_DENIED;
}
- boolean areRulesMatching = checkRules(rules, argument);
+ boolean areRulesMatching = ruleUtils.checkRules(rules, argument);
if (!areRulesMatching)
{
return ACCESS_DENIED;
@@ -116,101 +76,6 @@
}
/**
- * @param authentication
- * @return
- */
- private Collection< ? extends String> getRolesFromAuthentication(Authentication authentication)
- {
- List<String> roles = new ArrayList<String>();
- for (GrantedAuthority authority : authentication.getAuthorities())
- {
- log.debug("Granted authority for user {}: {}", authentication.getName(), authority.getAuthority());
- roles.add(authority.getAuthority());
- }
- return roles;
- }
-
- /**
- * @param rules
- * @param argument
- * @return
- */
- private boolean checkRules(List<SecurityRule> rules, Object argument)
- {
- log.debug("Evaluating rules.");
- try
- {
- for (SecurityRule rule : rules)
- {
- String objProperty = BeanUtils.getSimpleProperty(argument, rule.getProperty());
- if (rule.getModifier().equals(ModifierEnum.EQUALS))
- {
- if (StringUtils.equals(objProperty, rule.getValue()))
- {
- log.debug("Matching rule found: {}", rule);
- return true;
- }
- }
- else if (rule.getModifier().equals(ModifierEnum.NOT))
- {
- if (!StringUtils.equals(objProperty, rule.getValue()))
- {
- log.debug("Matching rule found: {}", rule);
- return true;
- }
- }
- else
- {
- throw new RuntimeException("Modifier " + rule.getModifier() + " is not recognized");
- }
- }
- }
- catch (NoSuchMethodException e)
- {
- log.error("{}", e);
- }
- catch (IllegalAccessException e)
- {
- log.error("{}", e);
- }
- catch (InvocationTargetException e)
- {
- log.error("{}", e);
- }
- log.debug("No matching rules found.");
- return false;
- }
-
- /**
- * @param rules
- * @param config
- * @return
- */
- @SuppressWarnings("unchecked")
- private boolean checkPermissions(List<SecurityRule> rules, ConfigAttributeDefinition config)
- {
- log.debug("Evaluation permissions");
- Iterator iterator = config.getConfigAttributes();
- while (iterator.hasNext())
- {
- String attribute = ((ConfigAttribute) iterator.next()).getAttribute();
- for (SecurityRule rule : rules)
- {
- for (PermissionEnum permission : rule.getPermissions())
- {
- if (StringUtils.equals(permission.getValue(), attribute))
- {
- log.debug("Matching permission: {}", permission.getValue());
- return true;
- }
- }
- }
- }
- log.debug("No matching permissions found.");
- return false;
- }
-
- /**
* Sets the securityRuleManager.
* @param securityRuleManager the securityRuleManager to set
*/
@@ -218,5 +83,4 @@
{
this.securityRuleManager = securityRuleManager;
}
-
}
Added: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleBaseHandler.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleBaseHandler.java (rev 0)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleBaseHandler.java 2008-02-20 14:09:10 UTC (rev 658)
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) Openmind. All rights reserved. http://www.openmindonline.it
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.dataobject.ModifierEnum;
+import it.openutils.hibernate.security.dataobject.PermissionEnum;
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+
+import java.lang.reflect.InvocationTargetException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttribute;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.acegisecurity.GrantedAuthority;
+import org.apache.commons.beanutils.BeanUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public abstract class SecurityRuleBaseHandler
+{
+
+ /**
+ * Logger.
+ */
+ private Logger log = LoggerFactory.getLogger(SecurityRuleBaseHandler.class);
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean supports(ConfigAttribute attribute)
+ {
+ log.debug("Evaluating attribute {}", attribute.getAttribute());
+
+ if (attribute.getAttribute() != null)
+ {
+ for (PermissionEnum permission : PermissionEnum.values())
+ {
+ if (StringUtils.equals(permission.getValue(), attribute.getAttribute()))
+ {
+ log.debug("Support ok.");
+ return true;
+ }
+ }
+ }
+ log.debug("Not supporting attribute.");
+ return false;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @SuppressWarnings("unchecked")
+ public boolean supports(Class clazz)
+ {
+ return true;
+ }
+
+}
Added: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleUtils.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleUtils.java (rev 0)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleUtils.java 2008-02-20 14:09:10 UTC (rev 658)
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) Openmind. All rights reserved. http://www.openmindonline.it
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.dataobject.ModifierEnum;
+import it.openutils.hibernate.security.dataobject.PermissionEnum;
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+
+import java.lang.reflect.InvocationTargetException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttribute;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.acegisecurity.GrantedAuthority;
+import org.apache.commons.beanutils.BeanUtils;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class SecurityRuleUtils
+{
+ /**
+ * Logger.
+ */
+ private Logger log = LoggerFactory.getLogger(SecurityRuleUtils.class);
+
+ /**
+ * @param rules The list of rules to check
+ * @param config The config attribute to check the rules against
+ * @return True if any of the rules matches the given config attribute, false otherwise.
+ */
+ @SuppressWarnings("unchecked")
+ protected boolean checkPermissions(List<SecurityRule> rules, ConfigAttributeDefinition config)
+ {
+ log.debug("Evaluation permissions");
+ Iterator iterator = config.getConfigAttributes();
+ while (iterator.hasNext())
+ {
+ String attribute = ((ConfigAttribute) iterator.next()).getAttribute();
+ for (SecurityRule rule : rules)
+ {
+ for (PermissionEnum permission : rule.getPermissions())
+ {
+ if (StringUtils.equals(permission.getValue(), attribute))
+ {
+ log.debug("Matching permission: {}", permission.getValue());
+ return true;
+ }
+ }
+ }
+ }
+ log.debug("No matching permissions found.");
+ return false;
+ }
+
+ /**
+ * @param rules The list of rules to check
+ * @param argument The object to check the rules against
+ * @return True if any of the rules matches the given object, false otherwise.
+ */
+ protected boolean checkRules(List<SecurityRule> rules, Object argument)
+ {
+ log.debug("Evaluating rules.");
+ try
+ {
+ for (SecurityRule rule : rules)
+ {
+ String objProperty = BeanUtils.getSimpleProperty(argument, rule.getProperty());
+ if (rule.getModifier().equals(ModifierEnum.EQUALS))
+ {
+ if (StringUtils.equals(objProperty, rule.getValue()))
+ {
+ log.debug("Matching rule found: {}", rule);
+ return true;
+ }
+ }
+ else if (rule.getModifier().equals(ModifierEnum.NOT))
+ {
+ if (!StringUtils.equals(objProperty, rule.getValue()))
+ {
+ log.debug("Matching rule found: {}", rule);
+ return true;
+ }
+ }
+ else
+ {
+ throw new RuntimeException("Modifier " + rule.getModifier() + " is not recognized");
+ }
+ }
+ }
+ catch (NoSuchMethodException e)
+ {
+ log.error("{}", e);
+ }
+ catch (IllegalAccessException e)
+ {
+ log.error("{}", e);
+ }
+ catch (InvocationTargetException e)
+ {
+ log.error("{}", e);
+ }
+ log.debug("No matching rules found.");
+ return false;
+ }
+
+
+ /**
+ * @param authentication The authentication method
+ * @return The collection of roles contained in the authentication
+ */
+ protected List<String> getRolesFromAuthentication(Authentication authentication)
+ {
+ List<String> roles = new ArrayList<String>();
+ for (GrantedAuthority authority : authentication.getAuthorities())
+ {
+ log.debug("Granted authority for user {}: {}", authentication.getName(), authority.getAuthority());
+ roles.add(authority.getAuthority());
+ }
+ return roles;
+ }
+}
Modified: trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/SecurityIntegrationTest.java
===================================================================
--- trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/SecurityIntegrationTest.java 2008-02-20 10:38:55 UTC (rev 657)
+++ trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/SecurityIntegrationTest.java 2008-02-20 14:09:10 UTC (rev 658)
@@ -67,6 +67,9 @@
SecurityContextHolder.setContext(sci);
}
+ /**
+ * Init this test class with the dummyDAO DAO (with AOP enabled)
+ */
@Before
public void initDummyDAO()
{
@@ -245,7 +248,7 @@
DummyDataobject filter = new DummyDataobject();
List<DummyDataobject> dummyObjects = securedObject.findFiltered(filter);
Assert.assertNotNull(dummyObjects);
- Assert.assertEquals(2, dummyObjects.size());
+ Assert.assertEquals(3, dummyObjects.size());
}
/**
@@ -259,10 +262,13 @@
DummyDataobject filter = new DummyDataobject();
List<DummyDataobject> dummyObjects = securedObject.findFiltered(filter);
Assert.assertNotNull(dummyObjects);
- Assert.assertEquals(2, dummyObjects.size());
+ Assert.assertEquals(3, dummyObjects.size());
+
+ ((AOPSecurity) applicationContext.getBean("securityAspect")).setEnabled(true);
}
+
/**
* Sets the securedObject.
* @param securedObject the securedObject to set
Modified: trunk/openutils-hibernate-security/src/test/resources/SecurityIntegrationTest-load.xml
===================================================================
--- trunk/openutils-hibernate-security/src/test/resources/SecurityIntegrationTest-load.xml 2008-02-20 10:38:55 UTC (rev 657)
+++ trunk/openutils-hibernate-security/src/test/resources/SecurityIntegrationTest-load.xml 2008-02-20 14:09:10 UTC (rev 658)
@@ -25,6 +25,7 @@
<value>Verdi</value>
<value>ve...@ex...</value>
</row>
+ <!-- UserTre has no access to any data -->
<row>
<value>UserTre</value>
<!-- sha1 for 'password' -->
@@ -181,6 +182,11 @@
<value>1</value>
<value>DEF</value>
</row>
+ <row>
+ <value>2</value>
+ <value>3</value>
+ <value>GHI</value>
+ </row>
</table>
</dataset>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
