Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils: [663] trunk/openutils-hibernate-security/src/main/ java/it/openutils/hibernate/security/filter
|
From: <fc...@us...> - 2008-02-20 15:30:19
|
Revision: 663
http://openutils.svn.sourceforge.net/openutils/?rev=663&view=rev
Author: fcarone
Date: 2008-02-20 07:30:24 -0800 (Wed, 20 Feb 2008)
Log Message:
-----------
After invocation handler based on security rules added
Added Paths:
-----------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRulePredicate.java
Added: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java (rev 0)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java 2008-02-20 15:30:24 UTC (rev 663)
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) Openmind. All rights reserved. http://www.openmindonline.it
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
+import org.acegisecurity.AccessDeniedException;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.acegisecurity.afterinvocation.AfterInvocationProvider;
+import org.apache.commons.collections.CollectionUtils;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class SecurityRuleAfterInvocationHandler extends SecurityRuleBaseHandler implements AfterInvocationProvider
+{
+
+ private SecurityRuleManager securityRuleManager;
+
+ /**
+ * {@inheritDoc}
+ */
+ @SuppressWarnings("unchecked")
+ public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ Object returnedObject) throws AccessDeniedException
+ {
+ if (returnedObject == null)
+ {
+ return null;
+ }
+ SecurityRulePredicate predicate = new SecurityRulePredicate(authentication, config, securityRuleManager);
+
+ if (returnedObject instanceof Collection)
+ {
+ CollectionUtils.filter((Collection) returnedObject, predicate);
+ }
+ else if (returnedObject.getClass().isArray())
+ {
+ Object[] objectArray = (Object[]) returnedObject;
+ List<Object> objectArrayList = Arrays.asList(objectArray);
+ CollectionUtils.filter(objectArrayList, predicate);
+ }
+ else
+ {
+ if (!predicate.evaluate(returnedObject))
+ {
+ throw new AccessDeniedException("Access denied");
+ }
+ }
+ return returnedObject;
+ }
+
+ /**
+ * Sets the securityRuleManager.
+ * @param securityRuleManager the securityRuleManager to set
+ */
+ public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
+ {
+ this.securityRuleManager = securityRuleManager;
+ }
+
+}
Added: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRulePredicate.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRulePredicate.java (rev 0)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRulePredicate.java 2008-02-20 15:30:24 UTC (rev 663)
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) Openmind. All rights reserved. http://www.openmindonline.it
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.util.List;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.apache.commons.collections.Predicate;
+import org.apache.commons.lang.StringUtils;
+import org.hibernate.proxy.HibernateProxy;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class SecurityRulePredicate implements Predicate
+{
+
+ private Authentication authentication;
+
+ private SecurityRuleManager securityRuleManager;
+
+ private ConfigAttributeDefinition configAttribute;
+
+ private SecurityRuleUtils ruleUtils = new SecurityRuleUtils();
+
+ /**
+ * @param authentication The current authentication
+ * @param configAttribute The config attribute of the current method invocation interceptor
+ * @param securityRuleManager The security rule manager to retrieve rules from
+ */
+ public SecurityRulePredicate(
+ Authentication authentication,
+ ConfigAttributeDefinition configAttribute,
+ SecurityRuleManager securityRuleManager)
+ {
+ this.authentication = authentication;
+ this.securityRuleManager = securityRuleManager;
+ this.configAttribute = configAttribute;
+ }
+
+ /**
+ * {@inheritDoc}
+ * If we return false here, the element will be removed from the original collection.
+ */
+ @SuppressWarnings("unchecked")
+ public boolean evaluate(Object object)
+ {
+ List<String> roles = ruleUtils.getRolesFromAuthentication(authentication);
+ List<SecurityRule> rules = securityRuleManager.getRulesForRoles(ruleUtils.getClassName(object), roles);
+
+ // @todo: this should be configurable
+ // denyAll by default
+ if (rules == null || rules.isEmpty())
+ {
+ return false;
+ }
+ return (ruleUtils.checkRules(rules, object) && ruleUtils.checkPermissions(rules, configAttribute));
+ }
+
+
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
