Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils: [670] tags
|
From: <fc...@us...> - 2008-02-20 16:56:27
|
Revision: 670
http://openutils.svn.sourceforge.net/openutils/?rev=670&view=rev
Author: fcarone
Date: 2008-02-20 08:56:29 -0800 (Wed, 20 Feb 2008)
Log Message:
-----------
[maven-release-plugin] copy for tag openutils-hibernate-security-0.0.3
Added Paths:
-----------
tags/openutils-hibernate-security-0.0.3/
tags/openutils-hibernate-security-0.0.3/pom.xml
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleBaseHandler.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRulePredicate.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/utils/
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/services/SecurityRuleManager.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/services/impl/SecurityRuleManagerImpl.java
tags/openutils-hibernate-security-0.0.3/src/test/java/it/openutils/hibernate/security/
tags/openutils-hibernate-security-0.0.3/src/test/resources/SecurityIntegrationTest-load.xml
tags/openutils-hibernate-security-0.0.3/src/test/resources/spring-dao.xml
tags/openutils-hibernate-security-0.0.3/src/test/resources/spring-managers.xml
tags/openutils-hibernate-security-0.0.3/src/test/resources/spring-security.xml
Removed Paths:
-------------
tags/openutils-hibernate-security-0.0.3/pom.xml
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/services/SecurityRuleManager.java
tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/services/impl/SecurityRuleManagerImpl.java
tags/openutils-hibernate-security-0.0.3/src/test/java/it/openutils/hibernate/security/
tags/openutils-hibernate-security-0.0.3/src/test/resources/SecurityIntegrationTest-load.xml
tags/openutils-hibernate-security-0.0.3/src/test/resources/spring-dao.xml
tags/openutils-hibernate-security-0.0.3/src/test/resources/spring-managers.xml
tags/openutils-hibernate-security-0.0.3/src/test/resources/spring-security.xml
Copied: tags/openutils-hibernate-security-0.0.3 (from rev 645, trunk/openutils-hibernate-security)
Deleted: tags/openutils-hibernate-security-0.0.3/pom.xml
===================================================================
--- trunk/openutils-hibernate-security/pom.xml 2008-02-19 18:28:34 UTC (rev 645)
+++ tags/openutils-hibernate-security-0.0.3/pom.xml 2008-02-20 16:56:29 UTC (rev 670)
@@ -1,225 +0,0 @@
-<?xml version="1.0"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <artifactId>openutils</artifactId>
- <groupId>net.sourceforge.openutils</groupId>
- <version>7</version>
- <relativePath>..</relativePath>
- </parent>
- <modelVersion>4.0.0</modelVersion>
- <groupId>net.sourceforge.openutils</groupId>
- <artifactId>openutils-hibernate-security</artifactId>
- <name>openutils hibernate security</name>
- <version>0.0.3-SNAPSHOT</version>
- <description>Hibernate Security classes</description>
- <properties>
- <spring.version>2.5.1</spring.version>
- <aspectj.version>1.5.3</aspectj.version>
- </properties>
- <dependencies>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-core</artifactId>
- <version>${spring.version}</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-context</artifactId>
- <version>${spring.version}</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-aop</artifactId>
- <version>${spring.version}</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-orm</artifactId>
- <version>${spring.version}</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <!-- already imported cglib-nodep by spring -->
- <groupId>cglib</groupId>
- <artifactId>cglib</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>aspectj</groupId>
- <artifactId>aspectjrt</artifactId>
- <version>${aspectj.version}</version>
- </dependency>
- <dependency>
- <groupId>aspectj</groupId>
- <artifactId>aspectjweaver</artifactId>
- <version>${aspectj.version}</version>
- </dependency>
- <dependency>
- <groupId>cglib</groupId>
- <artifactId>cglib-nodep</artifactId>
- <version>2.1_3</version>
- </dependency>
- <dependency>
- <groupId>asm</groupId>
- <artifactId>asm</artifactId>
- <version>2.2.3</version>
- </dependency>
- <dependency>
- <groupId>asm</groupId>
- <artifactId>asm-attrs</artifactId>
- <version>2.2.3</version>
- </dependency>
- <dependency>
- <groupId>asm</groupId>
- <artifactId>asm-commons</artifactId>
- <version>2.2.3</version>
- </dependency>
- <dependency>
- <groupId>net.sourceforge.openutils</groupId>
- <artifactId>openutils-usermanagement</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>net.sourceforge.openutils</groupId>
- <artifactId>openutils-usermanagement-dataobjects</artifactId>
- <version>2.0</version>
- </dependency>
- <dependency>
- <groupId>net.sourceforge.openutils</groupId>
- <artifactId>openutils-bshd5</artifactId>
- <version>2.0.1</version>
- </dependency>
- <dependency>
- <groupId>net.sourceforge.openutils</groupId>
- <artifactId>openutils-testing-junit</artifactId>
- <version>2.0.2</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>net.sourceforge.openutils</groupId>
- <artifactId>openutils-testing</artifactId>
- <version>2.0.3</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>1.4.1</version>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate</artifactId>
- <version>3.2.5.ga</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>cglib</groupId>
- <artifactId>cglib</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-annotations</artifactId>
- <version>3.2.1.ga</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>cglib</groupId>
- <artifactId>cglib</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>commons-dbcp</groupId>
- <artifactId>commons-dbcp</artifactId>
- <version>1.2.1</version>
- <scope>test</scope>
- <exclusions>
- <exclusion>
- <artifactId>xerces</artifactId>
- <groupId>xerces</groupId>
- </exclusion>
- <exclusion>
- <artifactId>xml-apis</artifactId>
- <groupId>xml-apis</groupId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>commons-lang</groupId>
- <artifactId>commons-lang</artifactId>
- <version>2.2</version>
- </dependency>
- <dependency>
- <groupId>org.acegisecurity</groupId>
- <artifactId>acegi-security</artifactId>
- <version>1.0.6</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <artifactId>spring-remoting</artifactId>
- <groupId>org.springframework</groupId>
- </exclusion>
- <exclusion>
- <artifactId>spring-jdbc</artifactId>
- <groupId>org.springframework</groupId>
- </exclusion>
- <exclusion>
- <artifactId>spring-support</artifactId>
- <groupId>org.springframework</groupId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>hsqldb</groupId>
- <artifactId>hsqldb</artifactId>
- <version>1.8.0.7</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>4.4</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>dbunit</groupId>
- <artifactId>dbunit</artifactId>
- <version>2.1</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
Copied: tags/openutils-hibernate-security-0.0.3/pom.xml (from rev 669, trunk/openutils-hibernate-security/pom.xml)
===================================================================
--- tags/openutils-hibernate-security-0.0.3/pom.xml (rev 0)
+++ tags/openutils-hibernate-security-0.0.3/pom.xml 2008-02-20 16:56:29 UTC (rev 670)
@@ -0,0 +1,229 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>openutils</artifactId>
+ <groupId>net.sourceforge.openutils</groupId>
+ <version>7</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>net.sourceforge.openutils</groupId>
+ <artifactId>openutils-hibernate-security</artifactId>
+ <name>openutils hibernate security</name>
+ <version>0.0.3</version>
+ <description>Hibernate Security classes</description>
+ <properties>
+ <spring.version>2.5.1</spring.version>
+ <aspectj.version>1.5.3</aspectj.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-core</artifactId>
+ <version>${spring.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-context</artifactId>
+ <version>${spring.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-aop</artifactId>
+ <version>${spring.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-orm</artifactId>
+ <version>${spring.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ <exclusion>
+ <!-- already imported cglib-nodep by spring -->
+ <groupId>cglib</groupId>
+ <artifactId>cglib</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>aspectj</groupId>
+ <artifactId>aspectjrt</artifactId>
+ <version>${aspectj.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>aspectj</groupId>
+ <artifactId>aspectjweaver</artifactId>
+ <version>${aspectj.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>cglib</groupId>
+ <artifactId>cglib-nodep</artifactId>
+ <version>2.1_3</version>
+ </dependency>
+ <dependency>
+ <groupId>asm</groupId>
+ <artifactId>asm</artifactId>
+ <version>2.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>asm</groupId>
+ <artifactId>asm-attrs</artifactId>
+ <version>2.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>asm</groupId>
+ <artifactId>asm-commons</artifactId>
+ <version>2.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>net.sourceforge.openutils</groupId>
+ <artifactId>openutils-usermanagement</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>net.sourceforge.openutils</groupId>
+ <artifactId>openutils-usermanagement-dataobjects</artifactId>
+ <version>2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>net.sourceforge.openutils</groupId>
+ <artifactId>openutils-bshd5</artifactId>
+ <version>2.0.1</version>
+ </dependency>
+ <dependency>
+ <groupId>net.sourceforge.openutils</groupId>
+ <artifactId>openutils-testing-junit</artifactId>
+ <version>2.0.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>net.sourceforge.openutils</groupId>
+ <artifactId>openutils-testing</artifactId>
+ <version>2.0.3</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>1.4.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate</artifactId>
+ <version>3.2.5.ga</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>cglib</groupId>
+ <artifactId>cglib</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-annotations</artifactId>
+ <version>3.2.1.ga</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>cglib</groupId>
+ <artifactId>cglib</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>commons-dbcp</groupId>
+ <artifactId>commons-dbcp</artifactId>
+ <version>1.2.1</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <artifactId>xerces</artifactId>
+ <groupId>xerces</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>xml-apis</artifactId>
+ <groupId>xml-apis</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ <version>2.2</version>
+ </dependency>
+ <dependency>
+ <groupId>org.acegisecurity</groupId>
+ <artifactId>acegi-security</artifactId>
+ <version>1.0.6</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ <exclusion>
+ <artifactId>spring-remoting</artifactId>
+ <groupId>org.springframework</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>spring-jdbc</artifactId>
+ <groupId>org.springframework</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>spring-support</artifactId>
+ <groupId>org.springframework</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <version>1.8.0.7</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.4</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>dbunit</groupId>
+ <artifactId>dbunit</artifactId>
+ <version>2.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <scm>
+ <connection>scm:svn:https://openutils.svn.sourceforge.net/svnroot/openutils/tags/openutils-hibernate-security-0.0.3</connection>
+ <developerConnection>scm:svn:https://openutils.svn.sourceforge.net/svnroot/openutils/tags/openutils-hibernate-security-0.0.3</developerConnection>
+ <url>http://openutils.svn.sourceforge.net/viewcvs.cgi/openutils/tags/openutils-hibernate-security-0.0.3</url>
+ </scm>
+</project>
\ No newline at end of file
Deleted: tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java 2008-02-19 18:28:34 UTC (rev 645)
+++ tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java 2008-02-20 16:56:29 UTC (rev 670)
@@ -1,155 +0,0 @@
-/*
- * Copyright Openmind http://www.openmindonline.it
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package it.openutils.hibernate.security.aop;
-
-import it.openutils.hibernate.security.dataobject.SecurityRule;
-import it.openutils.hibernate.security.services.SecurityRuleManager;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.acegisecurity.Authentication;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.apache.commons.lang.StringUtils;
-import org.aspectj.lang.ProceedingJoinPoint;
-import org.aspectj.lang.annotation.Around;
-import org.aspectj.lang.annotation.Aspect;
-import org.hibernate.Filter;
-import org.hibernate.criterion.Criterion;
-import org.hibernate.criterion.Restrictions;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-/**
- * @author fcarone
- * @version $Id: $
- */
-@Aspect
-public class AOPSecurity
-{
-
- /**
- * Logger.
- */
- private Logger log = LoggerFactory.getLogger(AOPSecurity.class);
-
- private SecurityRuleManager securityRuleManager;
-
- private List<String> securedDAOs;
-
- private boolean enabled;
-
- /**
- * @param pjp The proceeding joinpoint
- * @param filter The entity we are going to filter
- * @param additionalCriteria The additional criteria list, cannot be null
- * @return The execution invocation result
- * @throws Throwable Any exception occurring in the invoked method
- */
- @Around("execution(* it.openutils.dao.hibernate.*.*(Object, .., java.util.List<org.hibernate.criterion.Criterion>)) && "
- + //
- " args(filter, .., additionalCriteria)")
- public Object applySecurityRules(ProceedingJoinPoint pjp, Object filter, List<Criterion> additionalCriteria)
- throws Throwable
- {
- if (!enabled)
- {
- log.debug("DAO security disabled, proceeding.");
- return pjp.proceed();
- }
-
- if (!securedDAOs.contains(pjp.getTarget().getClass().getCanonicalName()))
- {
- log.debug("The intercepted DAO {} is not secured, proceeding.", pjp.getTarget().toString());
- return pjp.proceed();
- }
-
- log.debug("applying security rules for {} with criteria {}", filter.toString(), additionalCriteria);
- Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
- if (authentication == null)
- {
- throw new SecurityException("Authentication is not valid");
- }
- GrantedAuthority[] authorities = authentication.getAuthorities();
- List<String> roles = new ArrayList<String>();
- for (int i = 0; i < authorities.length; i++)
- {
- roles.add(authorities[i].getAuthority());
- }
-
- String entity = filter.getClass().getCanonicalName();
- List<SecurityRule> rules = securityRuleManager.getRulesForRoles(entity, roles);
-
- if (rules.isEmpty())
- {
- if (log.isWarnEnabled())
- {
- String grantedRoles = StringUtils.EMPTY;
- for (int i = 0; i < authorities.length; i++)
- {
- grantedRoles += authorities[i].getAuthority() + " ";
- }
- log.warn("Access is denied on " + entity + ", for user {} with roles {}", SecurityContextHolder
- .getContext()
- .getAuthentication()
- .getPrincipal()
- .toString(), grantedRoles);
- }
- throw new SecurityException("Access denied");
- }
-
- Filter hibernateFilter = securityRuleManager.getEntityFilterFromRules(entity, rules);
-
- Criterion sqlCriterion = Restrictions.sqlRestriction(hibernateFilter
- .getFilterDefinition()
- .getDefaultFilterCondition());
-
- log.debug("Adding sql restriction: {}", sqlCriterion.toString());
- additionalCriteria.add(sqlCriterion);
-
- Object result = pjp.proceed();
- return result;
- }
-
- /**
- * Sets the securityRuleManager.
- * @param securityRuleManager the securityRuleManager to set
- */
- public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
- {
- this.securityRuleManager = securityRuleManager;
- }
-
- /**
- * Sets the securedDAOs.
- * @param securedDAOs the securedDAOs to set
- */
- public void setSecuredDAOs(List<String> securedDAOs)
- {
- this.securedDAOs = securedDAOs;
- }
-
- /**
- * Sets the enabled.
- * @param enabled the enabled to set
- */
- public void setEnabled(boolean enabled)
- {
- this.enabled = enabled;
- }
-}
Copied: tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java (from rev 656, trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java)
===================================================================
--- tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java (rev 0)
+++ tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java 2008-02-20 16:56:29 UTC (rev 670)
@@ -0,0 +1,154 @@
+/*
+ * Copyright Openmind http://www.openmindonline.it
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.openutils.hibernate.security.aop;
+
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.context.SecurityContextHolder;
+import org.apache.commons.lang.StringUtils;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.hibernate.Filter;
+import org.hibernate.criterion.Criterion;
+import org.hibernate.criterion.Restrictions;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+@Aspect
+public class AOPSecurity
+{
+
+ /**
+ * Logger.
+ */
+ private Logger log = LoggerFactory.getLogger(AOPSecurity.class);
+
+ private SecurityRuleManager securityRuleManager;
+
+ private List<String> securedDAOs;
+
+ private boolean enabled;
+
+ /**
+ * @param pjp The proceeding joinpoint
+ * @param filter The entity we are going to filter
+ * @param additionalCriteria The additional criteria list, cannot be null
+ * @return The execution invocation result
+ * @throws Throwable Any exception occurring in the invoked method
+ */
+ @Around("execution(* it.openutils.dao.hibernate.*.*(Object, .., java.util.List<org.hibernate.criterion.Criterion>)) && "
+ + //
+ " args(filter, .., additionalCriteria)")
+ public Object applySecurityRules(ProceedingJoinPoint pjp, Object filter, List<Criterion> additionalCriteria)
+ throws Throwable
+ {
+ if (!enabled)
+ {
+ log.debug("DAO security disabled, proceeding.");
+ return pjp.proceed();
+ }
+
+ if (!securedDAOs.contains(pjp.getTarget().getClass().getCanonicalName()))
+ {
+ log.debug("The intercepted DAO {} is not secured, proceeding.", pjp.getTarget().toString());
+ return pjp.proceed();
+ }
+
+ log.debug("applying security rules for {} with criteria {}", filter.toString(), additionalCriteria);
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ if (authentication == null)
+ {
+ throw new SecurityException("Authentication is not valid");
+ }
+ GrantedAuthority[] authorities = authentication.getAuthorities();
+ List<String> roles = new ArrayList<String>();
+ for (int i = 0; i < authorities.length; i++)
+ {
+ roles.add(authorities[i].getAuthority());
+ }
+
+ String entity = filter.getClass().getCanonicalName();
+ List<SecurityRule> rules = securityRuleManager.getRulesForRoles(entity, roles);
+
+ if (rules.isEmpty())
+ {
+ if (log.isWarnEnabled())
+ {
+ String grantedRoles = StringUtils.EMPTY;
+ for (int i = 0; i < authorities.length; i++)
+ {
+ grantedRoles += authorities[i].getAuthority() + " ";
+ }
+ log.warn(
+ "No rules found. Access is denied on " + entity + ", for user {} with roles {}",
+ SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString(),
+ grantedRoles);
+ }
+ throw new SecurityException("Access denied");
+ }
+
+ Filter hibernateFilter = securityRuleManager.getEntityFilterFromRules(entity, rules);
+
+ Criterion sqlCriterion = Restrictions.sqlRestriction(hibernateFilter
+ .getFilterDefinition()
+ .getDefaultFilterCondition());
+
+ log.debug("Adding sql restriction: {}", sqlCriterion.toString());
+ additionalCriteria.add(sqlCriterion);
+
+ Object result = pjp.proceed();
+ return result;
+ }
+
+ /**
+ * Sets the securityRuleManager.
+ * @param securityRuleManager the securityRuleManager to set
+ */
+ public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
+ {
+ this.securityRuleManager = securityRuleManager;
+ }
+
+ /**
+ * Sets the securedDAOs.
+ * @param securedDAOs the securedDAOs to set
+ */
+ public void setSecuredDAOs(List<String> securedDAOs)
+ {
+ this.securedDAOs = securedDAOs;
+ }
+
+ /**
+ * Sets the enabled.
+ * @param enabled the enabled to set
+ */
+ public void setEnabled(boolean enabled)
+ {
+ this.enabled = enabled;
+ }
+}
Deleted: tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java 2008-02-19 18:28:34 UTC (rev 645)
+++ tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java 2008-02-20 16:56:29 UTC (rev 670)
@@ -1,215 +0,0 @@
-/*
- * Copyright Openmind http://www.openmindonline.it
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package it.openutils.hibernate.security.filter;
-
-import it.openutils.hibernate.security.dataobject.SecurityRule;
-
-import java.lang.reflect.Field;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.Table;
-
-import org.apache.commons.lang.StringUtils;
-import org.hibernate.Filter;
-import org.hibernate.HibernateException;
-import org.hibernate.engine.FilterDefinition;
-
-
-/**
- * @author fcarone
- * @version $Id: $
- */
-public class JavaBeanFilter implements Filter
-{
-
- private FilterDefinition filterDefinition;
-
- /**
- * @param bean The bean to set rules for
- * @param securityRules The list of {@link SecurityRule}s to apply.
- * @throws ClassNotFoundException If the bean class has not been found
- * @throws InstantiationException If the bean doesn't contain the no-arg constructor
- * @throws IllegalAccessException If the bean properties cannot be accessed
- * @throws SecurityException If the bean class cannot be accessed
- * @throws NoSuchFieldException If the property contained in the security rule refers to a bean non-existent field
- */
- @SuppressWarnings("unchecked")
- public JavaBeanFilter(String bean, List<SecurityRule> securityRules)
- throws ClassNotFoundException,
- InstantiationException,
- IllegalAccessException,
- SecurityException,
- NoSuchFieldException
- {
- Class< ? extends Object> beanClass = Class.forName(bean, true, this.getClass().getClassLoader());
-
- if (!beanClass.isAnnotationPresent(Entity.class))
- {
- throw new IllegalArgumentException("Class " + bean + " must contain the @Entity annotation.");
- }
- if (!(beanClass.isAnnotationPresent(Table.class) || beanClass
- .isAnnotationPresent(org.hibernate.annotations.Table.class)))
- {
- throw new IllegalArgumentException("Class " + bean + " must contain the @Table annotation.");
- }
-
- Map<String, String> propertyColumnMap = new HashMap<String, String>();
-
- StringBuffer filterDefCondition = new StringBuffer();
- String filterName = StringUtils.EMPTY;
-
- Map<String, List<SecurityRule>> roleRuleMap = new LinkedHashMap<String, List<SecurityRule>>();
- for (SecurityRule securityRule : securityRules)
- {
- if (!roleRuleMap.containsKey(securityRule.getRole()))
- {
- roleRuleMap.put(securityRule.getRole(), new ArrayList<SecurityRule>());
- }
- roleRuleMap.get(securityRule.getRole()).add(securityRule);
- }
-
- for (Map.Entry<String, List<SecurityRule>> entry : roleRuleMap.entrySet())
- {
- filterName += entry.getKey();
-
- List<SecurityRule> rules = entry.getValue();
- if (!StringUtils.isEmpty(filterDefCondition.toString()))
- {
- filterDefCondition.append(" OR ");
- }
- filterDefCondition.append("(");
- StringBuffer subFilterCond = new StringBuffer();
- for (SecurityRule securityRule : rules)
- {
- String property = securityRule.getProperty();
- filterName += property;
-
- Field field = beanClass.getDeclaredField(property);
-
- // @todo: annotations may also be defined on getters/setters...
- propertyColumnMap.put(property, field.getAnnotation(Column.class).name());
- if (!StringUtils.isEmpty(subFilterCond.toString()))
- {
- subFilterCond.append(" AND ");
- }
- String modifier = null;
- String startQuote = null;
- String endQuote = null;
-
- if (field.getType().isAssignableFrom(String.class))
- {
- startQuote = "\'";
- endQuote = startQuote;
- }
- else if (field.getType().getSuperclass().isAssignableFrom(Number.class))
- {
- startQuote = StringUtils.EMPTY;
- endQuote = StringUtils.EMPTY;
- }
-
- switch (securityRule.getModifier())
- {
- case EQUALS :
- modifier = " = ";
- break;
-
- case NOT :
- modifier = " != ";
- break;
-
- default :
- throw new IllegalArgumentException("Modifier " + securityRule.getModifier() + "not recognized.");
- }
- subFilterCond.append(field.getAnnotation(Column.class).name());
- subFilterCond.append(modifier);
- if (StringUtils.isNotEmpty(startQuote))
- {
- subFilterCond.append(startQuote);
- }
- subFilterCond.append(securityRule.getValue());
- if (StringUtils.isNotEmpty(endQuote))
- {
- subFilterCond.append(endQuote);
- }
-
- filterName += securityRule.getValue();
- }
- filterDefCondition.append(subFilterCond);
- filterDefCondition.append(")");
- }
-
- // filtername is unique, but untraceable
- this.filterDefinition = new FilterDefinition(Integer.toString(filterName.hashCode()), filterDefCondition
- .toString(), new HashMap());
- }
-
- /**
- * {@inheritDoc}
- */
- public FilterDefinition getFilterDefinition()
- {
- return this.filterDefinition;
- }
-
- /**
- * {@inheritDoc}
- */
- public String getName()
- {
- return this.filterDefinition.getFilterName();
- }
-
- /**
- * {@inheritDoc}
- */
- public Filter setParameter(String name, Object value)
- {
- return this;
- }
-
- /**
- * {@inheritDoc}
- */
- @SuppressWarnings("unchecked")
- public Filter setParameterList(String name, Collection values)
- {
- return this;
- }
-
- /**
- * {@inheritDoc}
- */
- public Filter setParameterList(String name, Object[] values)
- {
- return this;
- }
-
- /**
- * {@inheritDoc}
- */
- public void validate() throws HibernateException
- {
- //
- }
-
-}
Copied: tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java (from rev 659, trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java)
===================================================================
--- tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java (rev 0)
+++ tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/JavaBeanFilter.java 2008-02-20 16:56:29 UTC (rev 670)
@@ -0,0 +1,258 @@
+/*
+ * Copyright Openmind http://www.openmindonline.it
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.dataobject.PermissionEnum;
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Table;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
+import org.hibernate.Filter;
+import org.hibernate.HibernateException;
+import org.hibernate.engine.FilterDefinition;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class JavaBeanFilter implements Filter
+{
+
+ private FilterDefinition filterDefinition;
+
+ /**
+ * Logger.
+ */
+ private Logger log = LoggerFactory.getLogger(JavaBeanFilter.class);
+
+
+ /**
+ * @param bean The bean to set rules for
+ * @param securityRules The list of {@link SecurityRule}s to apply.
+ * @throws ClassNotFoundException If the bean class has not been found
+ * @throws InstantiationException If the bean doesn't contain the no-arg constructor
+ * @throws IllegalAccessException If the bean properties cannot be accessed
+ * @throws SecurityException If the bean class cannot be accessed
+ * @throws NoSuchFieldException If the property contained in the security rule refers to a bean non-existent field
+ */
+ @SuppressWarnings("unchecked")
+ public JavaBeanFilter(String bean, List<SecurityRule> securityRules)
+ throws ClassNotFoundException,
+ InstantiationException,
+ IllegalAccessException,
+ SecurityException,
+ NoSuchFieldException
+ {
+ Class< ? extends Object> beanClass = Class.forName(bean, true, this.getClass().getClassLoader());
+
+ if (!beanClass.isAnnotationPresent(Entity.class))
+ {
+ throw new IllegalArgumentException("Class " + bean + " must contain the @Entity annotation.");
+ }
+ if (!(beanClass.isAnnotationPresent(Table.class) || beanClass
+ .isAnnotationPresent(org.hibernate.annotations.Table.class)))
+ {
+ throw new IllegalArgumentException("Class " + bean + " must contain the @Table annotation.");
+ }
+
+ Map<String, String> propertyColumnMap = new HashMap<String, String>();
+
+ StringBuffer filterDefCondition = new StringBuffer();
+ String filterName = StringUtils.EMPTY;
+
+ Map<String, List<SecurityRule>> roleRuleMap = new LinkedHashMap<String, List<SecurityRule>>();
+ for (SecurityRule securityRule : securityRules)
+ {
+ if (!roleRuleMap.containsKey(securityRule.getRole()))
+ {
+ roleRuleMap.put(securityRule.getRole(), new ArrayList<SecurityRule>());
+ }
+ roleRuleMap.get(securityRule.getRole()).add(securityRule);
+ }
+
+ for (Map.Entry<String, List<SecurityRule>> entry : roleRuleMap.entrySet())
+ {
+ filterName += entry.getKey();
+
+ List<SecurityRule> rules = entry.getValue();
+ if (rules == null || rules.isEmpty())
+ {
+ log.debug("No rules defined for role {}", entry.getKey());
+ continue;
+ }
+
+ if (!rulesContainLoad(rules))
+ {
+ log.debug("No LOAD rules defined for role {}", entry.getKey());
+ continue;
+ }
+
+ if (!StringUtils.isEmpty(filterDefCondition.toString()))
+ {
+ filterDefCondition.append(" OR ");
+ }
+ filterDefCondition.append("(");
+ StringBuffer subFilterCond = new StringBuffer();
+ for (SecurityRule securityRule : rules)
+ {
+ if (!securityRule.getPermissions().contains(PermissionEnum.LOAD))
+ {
+ log.debug("Skipping rule {} since it is not related to LOAD.", securityRule);
+ continue;
+ }
+ String property = securityRule.getProperty();
+ filterName += property;
+
+ Field field = beanClass.getDeclaredField(property);
+
+ // @todo: annotations may also be defined on getters/setters...
+ propertyColumnMap.put(property, field.getAnnotation(Column.class).name());
+ if (!StringUtils.isEmpty(subFilterCond.toString()))
+ {
+ subFilterCond.append(" AND ");
+ }
+ String modifier = null;
+ String startQuote = null;
+ String endQuote = null;
+
+ if (String.class.isAssignableFrom(field.getType()))
+ {
+ startQuote = "\'";
+ endQuote = startQuote;
+ }
+ else if (Number.class.isAssignableFrom(field.getType()))
+ {
+ startQuote = StringUtils.EMPTY;
+ endQuote = StringUtils.EMPTY;
+ }
+
+ switch (securityRule.getModifier())
+ {
+ case EQUALS :
+ modifier = " = ";
+ break;
+
+ case NOT :
+ modifier = " != ";
+ break;
+
+ default :
+ throw new IllegalArgumentException("Modifier " + securityRule.getModifier() + "not recognized.");
+ }
+ subFilterCond.append(field.getAnnotation(Column.class).name());
+ subFilterCond.append(modifier);
+ if (StringUtils.isNotEmpty(startQuote))
+ {
+ subFilterCond.append(startQuote);
+ }
+ subFilterCond.append(StringEscapeUtils.escapeSql(securityRule.getValue()));
+ if (StringUtils.isNotEmpty(endQuote))
+ {
+ subFilterCond.append(endQuote);
+ }
+
+ filterName += securityRule.getValue();
+ }
+ filterDefCondition.append(subFilterCond);
+ filterDefCondition.append(")");
+ }
+
+ // filtername is unique, but untraceable
+ this.filterDefinition = new FilterDefinition(Integer.toString(filterName.hashCode()), filterDefCondition
+ .toString(), new HashMap());
+ }
+
+ /**
+ * @param rules
+ * @return
+ */
+ private boolean rulesContainLoad(List<SecurityRule> rules)
+ {
+ for (SecurityRule rule : rules)
+ {
+ if (rule.getPermissions().contains(PermissionEnum.LOAD))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public FilterDefinition getFilterDefinition()
+ {
+ return this.filterDefinition;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getName()
+ {
+ return this.filterDefinition.getFilterName();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public Filter setParameter(String name, Object value)
+ {
+ return this;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @SuppressWarnings("unchecked")
+ public Filter setParameterList(String name, Collection values)
+ {
+ return this;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public Filter setParameterList(String name, Object[] values)
+ {
+ return this;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void validate() throws HibernateException
+ {
+ //
+ }
+
+}
Deleted: tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-19 18:28:34 UTC (rev 645)
+++ tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-20 16:56:29 UTC (rev 670)
@@ -1,222 +0,0 @@
-/*
- * Copyright Openmind http://www.openmindonline.it
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package it.openutils.hibernate.security.filter;
-
-import it.openutils.hibernate.security.dataobject.ModifierEnum;
-import it.openutils.hibernate.security.dataobject.PermissionEnum;
-import it.openutils.hibernate.security.dataobject.SecurityRule;
-import it.openutils.hibernate.security.services.SecurityRuleManager;
-
-import java.lang.reflect.InvocationTargetException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-import org.acegisecurity.Authentication;
-import org.acegisecurity.ConfigAttribute;
-import org.acegisecurity.ConfigAttributeDefinition;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.vote.AccessDecisionVoter;
-import org.apache.commons.beanutils.BeanUtils;
-import org.apache.commons.lang.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.aop.framework.ReflectiveMethodInvocation;
-
-
-/**
- * @author fcarone
- * @version $Id: $
- */
-public class SecurityRuleAccessDecisionVoter implements AccessDecisionVoter
-{
-
- /**
- * Logger.
- */
- private static Logger log = LoggerFactory.getLogger(SecurityRuleAccessDecisionVoter.class);
-
- private SecurityRuleManager securityRuleManager;
-
- /**
- * {@inheritDoc}
- */
- public boolean supports(ConfigAttribute attribute)
- {
- log.debug("Evaluating attribute {}", attribute.getAttribute());
-
- if (attribute.getAttribute() != null)
- {
- for (PermissionEnum permission : PermissionEnum.values())
- {
- if (StringUtils.equals(permission.getValue(), attribute.getAttribute()))
- {
- log.debug("Support ok.");
- return true;
- }
- }
- }
- log.debug("Not supporting attribute.");
- return false;
- }
-
- /**
- * {@inheritDoc}
- */
- @SuppressWarnings("unchecked")
- public boolean supports(Class clazz)
- {
- return true;
- }
-
- /**
- * {@inheritDoc}
- */
- public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config)
- {
- List<String> roles = new ArrayList<String>();
- roles.addAll(getRolesFromAuthentication(authentication));
-
- if (object instanceof ReflectiveMethodInvocation)
- {
- ReflectiveMethodInvocation methodInvocation = ((ReflectiveMethodInvocation) object);
- for (Object argument : methodInvocation.getArguments())
- {
- log.debug("Evaluating argument {}", argument);
- List<SecurityRule> rules = securityRuleManager.getRulesForRoles(argument.getClass().getName(), roles);
- boolean permissionMatches = checkPermissions(rules, config);
- if (!permissionMatches)
- {
- return ACCESS_DENIED;
- }
-
- boolean areRulesMatching = checkRules(rules, argument);
- if (!areRulesMatching)
- {
- return ACCESS_DENIED;
- }
- }
- }
-
- return ACCESS_GRANTED;
- }
-
- /**
- * @param authentication
- * @return
- */
- private Collection< ? extends String> getRolesFromAuthentication(Authentication authentication)
- {
- List<String> roles = new ArrayList<String>();
- for (GrantedAuthority authority : authentication.getAuthorities())
- {
- log.debug("Granted authority for user {}: {}", authentication.getName(), authority.getAuthority());
- roles.add(authority.getAuthority());
- }
- return roles;
- }
-
- /**
- * @param rules
- * @param argument
- * @return
- */
- private boolean checkRules(List<SecurityRule> rules, Object argument)
- {
- log.debug("Evaluating rules.");
- try
- {
- for (SecurityRule rule : rules)
- {
- String objProperty = BeanUtils.getSimpleProperty(argument, rule.getProperty());
- if (rule.getModifier() == ModifierEnum.EQUALS)
- {
- if (StringUtils.equals(objProperty, rule.getValue()))
- {
- log.debug("Matching rule found: {}", rule);
- return true;
- }
- }
- else if (rule.getModifier() == ModifierEnum.NOT)
- {
- if (!StringUtils.equals(objProperty, rule.getValue()))
- {
- log.debug("Matching rule found: {}", rule);
- return true;
- }
- }
- else
- {
- throw new RuntimeException("Modifier " + rule.getModifier() + " is not recognized");
- }
- }
- }
- catch (NoSuchMethodException e)
- {
- log.error("{}", e);
- }
- catch (IllegalAccessException e)
- {
- log.error("{}", e);
- }
- catch (InvocationTargetException e)
- {
- log.error("{}", e);
- }
- log.debug("No matching rules found.");
- return false;
- }
-
- /**
- * @param rules
- * @param config
- * @return
- */
- @SuppressWarnings("unchecked")
- private boolean checkPermissions(List<SecurityRule> rules, ConfigAttributeDefinition config)
- {
- log.debug("Evaluation permissions");
- Iterator iterator = config.getConfigAttributes();
- while (iterator.hasNext())
- {
- String attribute = ((ConfigAttribute) iterator.next()).getAttribute();
- for (SecurityRule rule : rules)
- {
- for (PermissionEnum permission : rule.getPermissions())
- {
- if (StringUtils.equals(permission.getValue(), attribute))
- {
- log.debug("Matching permission: {}", permission.getValue());
- return true;
- }
- }
- }
- }
- log.debug("No matching permissions found.");
- return false;
- }
-
- /**
- * Sets the securityRuleManager.
- * @param securityRuleManager the securityRuleManager to set
- */
- public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
- {
- this.securityRuleManager = securityRuleManager;
- }
-
-}
Copied: tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java (from rev 668, trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java)
===================================================================
--- tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java (rev 0)
+++ tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-20 16:56:29 UTC (rev 670)
@@ -0,0 +1,87 @@
+/*
+ * Copyright Openmind http://www.openmindonline.it
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+import it.openutils.hibernate.security.filter.utils.SecurityRuleUtils;
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.util.List;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.acegisecurity.vote.AccessDecisionVoter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.aop.framework.ReflectiveMethodInvocation;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class SecurityRuleAccessDecisionVoter extends SecurityRuleBaseHandler implements AccessDecisionVoter
+{
+
+ /**
+ * Logger.
+ */
+ private static Logger log = LoggerFactory.getLogger(SecurityRuleAccessDecisionVoter.class);
+
+ private SecurityRuleManager securityRuleManager;
+
+ private SecurityRuleUtils ruleUtils = new SecurityRuleUtils();
+
+ /**
+ * {@inheritDoc}
+ */
+ public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config)
+ {
+ List<String> roles = ruleUtils.getRolesFromAuthentication(authentication);
+
+ if (object instanceof ReflectiveMethodInvocation)
+ {
+ ReflectiveMethodInvocation methodInvocation = ((ReflectiveMethodInvocation) object);
+ for (Object argument : methodInvocation.getArguments())
+ {
+ log.debug("Evaluating argument {}", argument);
+ List<SecurityRule> rules = securityRuleManager.getRulesForRoles(ruleUtils.getClassName(argument), roles);
+ boolean permissionMatches = ruleUtils.checkPermissions(rules, config);
+ if (!permissionMatches)
+ {
+ return ACCESS_DENIED;
+ }
+
+ boolean areRulesMatching = ruleUtils.checkRules(rules, argument);
+ if (!areRulesMatching)
+ {
+ return ACCESS_DENIED;
+ }
+ }
+ }
+
+ return ACCESS_GRANTED;
+ }
+
+ /**
+ * Sets the securityRuleManager.
+ * @param securityRuleManager the securityRuleManager to set
+ */
+ public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
+ {
+ this.securityRuleManager = securityRuleManager;
+ }
+}
Copied: tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java (from rev 667, trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java)
===================================================================
--- tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java (rev 0)
+++ tags/openutils-hibernate-security-0.0.3/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java 2008-02-20 16:56:29 UTC (rev 670)
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) Openmind. All rights reserved. http://www.openmindonline.it
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
+import org.acegisecurity.AccessDeniedException;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.acegisecurity.afterinvocation.AfterInvocationProvider;
+import org.apache.commons.collections.CollectionUtils;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class SecurityRuleAfterInvocationHandler extends SecurityRuleBaseHandler implements AfterInvocationProvider
+{
+
+ private SecurityRuleManager securityRuleManager;
+
+ /**
+ * {@inheritDoc}
+ */
+ @SuppressWarnings("unchecked")
+ public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+ Object returnedObject) throws AccessDeniedException
+ {
...
[truncated message content] |
