Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils: [426] trunk/openutils-hibernate-security
|
From: <fc...@us...> - 2007-08-31 17:03:28
|
Revision: 426
http://openutils.svn.sourceforge.net/openutils/?rev=426&view=rev
Author: fcarone
Date: 2007-08-31 10:03:23 -0700 (Fri, 31 Aug 2007)
Log Message:
-----------
Trying to inject security with an aop advice
Modified Paths:
--------------
trunk/openutils-hibernate-security/pom.xml
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/HibernateDAOSecurityInterceptor.java
trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/SecurityIntegrationTest.java
trunk/openutils-hibernate-security/src/test/resources/SecurityIntegrationTest-load.xml
trunk/openutils-hibernate-security/src/test/resources/database.properties
trunk/openutils-hibernate-security/src/test/resources/log4j.xml
trunk/openutils-hibernate-security/src/test/resources/spring-security.xml
Added Paths:
-----------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java
Modified: trunk/openutils-hibernate-security/pom.xml
===================================================================
--- trunk/openutils-hibernate-security/pom.xml 2007-08-31 12:29:23 UTC (rev 425)
+++ trunk/openutils-hibernate-security/pom.xml 2007-08-31 17:03:23 UTC (rev 426)
@@ -1,20 +1,20 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
+<?xml version="1.0"?>
+<project>
<parent>
+ <artifactId>openutils</artifactId>
<groupId>net.sourceforge.openutils</groupId>
- <artifactId>openutils</artifactId>
<version>3</version>
<relativePath>..</relativePath>
</parent>
+ <modelVersion>4.0.0</modelVersion>
<groupId>net.sourceforge.openutils</groupId>
<artifactId>openutils-hibernate-security</artifactId>
- <packaging>jar</packaging>
<name>openutils-hibernate-security</name>
<version>0.0.1-SNAPSHOT</version>
<description>Hibernate Security classes</description>
<properties>
<spring.version>2.0.6</spring.version>
+ <aspectj.version>1.5.3</aspectj.version>
</properties>
<dependencies>
<dependency>
@@ -38,6 +38,48 @@
<version>${spring.version}</version>
</dependency>
<dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-hibernate3</artifactId>
+ <version>${spring.version}</version>
+ <exclusions>
+ <exclusion>
+ <!-- already imported cglib-nodep by spring -->
+ <groupId>cglib</groupId>
+ <artifactId>cglib</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>aspectj</groupId>
+ <artifactId>aspectjrt</artifactId>
+ <version>${aspectj.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>aspectj</groupId>
+ <artifactId>aspectjweaver</artifactId>
+ <version>${aspectj.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>cglib</groupId>
+ <artifactId>cglib-nodep</artifactId>
+ <version>2.1_3</version>
+ </dependency>
+ <dependency>
+ <groupId>asm</groupId>
+ <artifactId>asm</artifactId>
+ <version>2.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>asm</groupId>
+ <artifactId>asm-attrs</artifactId>
+ <version>2.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>asm</groupId>
+ <artifactId>asm-commons</artifactId>
+ <version>2.2.3</version>
+ </dependency>
+ <dependency>
<groupId>net.sourceforge.openutils</groupId>
<artifactId>openutils-usermanagement</artifactId>
<version>1.1.1</version>
@@ -67,11 +109,25 @@
<groupId>org.hibernate</groupId>
<artifactId>hibernate</artifactId>
<version>3.2.3.ga</version>
+ <exclusions>
+ <exclusion>
+ <!-- already imported cglib-nodep by spring -->
+ <groupId>cglib</groupId>
+ <artifactId>cglib</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-annotations</artifactId>
<version>3.2.1.ga</version>
+ <exclusions>
+ <exclusion>
+ <!-- already imported cglib-nodep by spring -->
+ <groupId>cglib</groupId>
+ <artifactId>cglib</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
@@ -100,34 +156,28 @@
<version>1.0.3</version>
<exclusions>
<exclusion>
+ <artifactId>spring-remoting</artifactId>
<groupId>org.springframework</groupId>
- <artifactId>spring-remoting</artifactId>
</exclusion>
<exclusion>
+ <artifactId>spring-jdbc</artifactId>
<groupId>org.springframework</groupId>
- <artifactId>spring-jdbc</artifactId>
</exclusion>
<exclusion>
+ <artifactId>spring-support</artifactId>
<groupId>org.springframework</groupId>
- <artifactId>spring-support</artifactId>
</exclusion>
<exclusion>
+ <artifactId>logkit</artifactId>
<groupId>logkit</groupId>
- <artifactId>logkit</artifactId>
</exclusion>
<exclusion>
+ <artifactId>avalon-framework</artifactId>
<groupId>avalon-framework</groupId>
- <artifactId>avalon-framework</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
- <groupId>org.apache.derby</groupId>
- <artifactId>derby</artifactId>
- <version>10.2.2.0</version>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<version>1.8.0.7</version>
Added: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java (rev 0)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java 2007-08-31 17:03:23 UTC (rev 426)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) Openmind. All rights reserved. http://www.openmindonline.it
+ */
+package it.openutils.hibernate.security.aop;
+
+import java.util.List;
+
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.hibernate.criterion.Criterion;
+import org.hibernate.criterion.Restrictions;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+@Aspect
+public class AOPSecurity
+{
+
+ /**
+ * Logger.
+ */
+ private Logger log = LoggerFactory.getLogger(AOPSecurity.class);
+
+ /**
+ * @param pjp The proceeding joinpoint
+ * @param filter The entity we are going to filter
+ * @param additionalCriteria The additional criteria list
+ * @return The execution invocation result
+ * @throws Throwable Any exception occurring in the invoked method
+ */
+// @Around("execution(* findFiltered(Object, .., java.util.List<org.hibernate.criterion.Criterion>)) && " + //
+// " args(filter, .., additionalCriteria)")
+ @Around("execution(* it.openutils.dao.hibernate.*.*(Object, .., java.util.List<org.hibernate.criterion.Criterion>)) && " + //
+ " args(filter, .., additionalCriteria)")
+ public Object applySecurityRules(ProceedingJoinPoint pjp, Object filter, List<Criterion> additionalCriteria)
+ throws Throwable
+ {
+ log.debug("applying rules for {} with criteria {}", filter.toString(), additionalCriteria);
+ additionalCriteria.add(Restrictions.sqlRestriction("INTVALUE = 1"));
+ Object result = pjp.proceed();
+ return result;
+ }
+}
Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/HibernateDAOSecurityInterceptor.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/HibernateDAOSecurityInterceptor.java 2007-08-31 12:29:23 UTC (rev 425)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/HibernateDAOSecurityInterceptor.java 2007-08-31 17:03:23 UTC (rev 426)
@@ -45,6 +45,7 @@
@SuppressWarnings("unchecked")
public Object invoke(MethodInvocation invocation) throws Throwable
{
+ log.debug("Applying security rules");
Object[] arguments = invocation.getArguments();
Object checkArgument = arguments[arguments.length - 1];
if (!StringUtils.equals(invocation.getMethod().getName(), "findFiltered"))
@@ -93,7 +94,12 @@
{
grantedRoles += authorities[i].getAuthority() + " ";
}
- log.error("Access is denied for entity {}, and roles {}", entity, grantedRoles);
+ log.warn("Access is denied on " + entity + ", for user {} with roles {}", SecurityContextHolder
+ .getContext()
+ .getAuthentication()
+ .getPrincipal()
+ .toString(), grantedRoles);
+
throw new SecurityException("Access denied");
}
@@ -130,5 +136,4 @@
this.sessionFactory = sessionFactory;
}
-
}
Modified: trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/SecurityIntegrationTest.java
===================================================================
--- trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/SecurityIntegrationTest.java 2007-08-31 12:29:23 UTC (rev 425)
+++ trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/SecurityIntegrationTest.java 2007-08-31 17:03:23 UTC (rev 426)
@@ -50,21 +50,24 @@
return connection;
}
+ private void authenticate(String username, String password)
+ {
+ AuthenticationProvider authenticationProvider = (AuthenticationProvider) ctx.getBean("authenticationProvider");
+ Authentication authentication = new UsernamePasswordAuthenticationToken(username, password);
+ authentication = authenticationProvider.authenticate(authentication);
+ SecurityContextImpl sci = new SecurityContextImpl();
+ sci.setAuthentication(authentication);
+ SecurityContextHolder.setContext(sci);
+ }
-
/**
* @throws Exception Any exception
*/
@Test
- public void testRulesApplication() throws Exception
+ public void testFindFiltered() throws Exception
{
// emulate authentication
- AuthenticationProvider authenticationProvider = (AuthenticationProvider) ctx.getBean("authenticationProvider");
- Authentication authentication = new UsernamePasswordAuthenticationToken("UserUno", "password");
- authentication = authenticationProvider.authenticate(authentication);
- SecurityContextImpl sci = new SecurityContextImpl();
- sci.setAuthentication(authentication);
- SecurityContextHolder.setContext(sci);
+ authenticate("UserUno", "password");
// test
securedObject = (DummyDAO) ctx.getBean("dummyDAO");
@@ -77,6 +80,12 @@
0,
new ArrayList<Criterion>());
Assert.assertNotNull(dummyObjects);
+ Assert.assertEquals(1, dummyObjects.size());
+
+ dummyObjects = securedObject.findFiltered(filter);
+ Assert.assertNotNull(dummyObjects);
+ Assert.assertEquals(1, dummyObjects.size());
+
}
}
Modified: trunk/openutils-hibernate-security/src/test/resources/SecurityIntegrationTest-load.xml
===================================================================
--- trunk/openutils-hibernate-security/src/test/resources/SecurityIntegrationTest-load.xml 2007-08-31 12:29:23 UTC (rev 425)
+++ trunk/openutils-hibernate-security/src/test/resources/SecurityIntegrationTest-load.xml 2007-08-31 17:03:23 UTC (rev 426)
@@ -9,6 +9,7 @@
<column>EMAIL</column>
<row>
<value>UserUno</value>
+ <!-- sha1 for 'password' -->
<value>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</value>
<value>1</value>
<value>Gino</value>
@@ -17,7 +18,8 @@
</row>
<row>
<value>UserDue</value>
- <value>password</value>
+ <!-- sha1 for 'password' -->
+ <value>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</value>
<value>1</value>
<value>Mario</value>
<value>Verdi</value>
Modified: trunk/openutils-hibernate-security/src/test/resources/database.properties
===================================================================
--- trunk/openutils-hibernate-security/src/test/resources/database.properties 2007-08-31 12:29:23 UTC (rev 425)
+++ trunk/openutils-hibernate-security/src/test/resources/database.properties 2007-08-31 17:03:23 UTC (rev 426)
@@ -10,3 +10,4 @@
hibernate.connection.password=
hibernate.connection.url=jdbc:hsqldb:mem:hibernate-security
hibernate.hbm2ddl.auto=create-drop
+hibernate.show_sql=true
Modified: trunk/openutils-hibernate-security/src/test/resources/log4j.xml
===================================================================
--- trunk/openutils-hibernate-security/src/test/resources/log4j.xml 2007-08-31 12:29:23 UTC (rev 425)
+++ trunk/openutils-hibernate-security/src/test/resources/log4j.xml 2007-08-31 17:03:23 UTC (rev 426)
@@ -37,6 +37,9 @@
</category>
<category name="it.openutils.dbupdate.DbSetupManagerImpl">
<priority value="INFO" />
+ </category>
+ <category name="it.openutils.hibernate.security.aop">
+ <priority value="DEBUG" />
</category>
<root>
<priority value="debug" />
Modified: trunk/openutils-hibernate-security/src/test/resources/spring-security.xml
===================================================================
--- trunk/openutils-hibernate-security/src/test/resources/spring-security.xml 2007-08-31 12:29:23 UTC (rev 425)
+++ trunk/openutils-hibernate-security/src/test/resources/spring-security.xml 2007-08-31 17:03:23 UTC (rev 426)
@@ -1,25 +1,33 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
-"http://www.springframework.org/dtd/spring-beans.dtd">
-<beans>
- <bean id="securityInterceptor" class="it.openutils.hibernate.security.aop.HibernateDAOSecurityInterceptor">
- <property name="securityRuleManager" ref="securityRuleManager" />
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
- <bean class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
- <property name="beanNames">
- <list>
- <idref bean="dummyDAO" />
- </list>
- </property>
- <property name="interceptorNames">
- <list>
- <value>securityInterceptor</value>
- </list>
- </property>
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
+
+ <aop:aspectj-autoproxy/>
+
+ <bean id="securityAspect" class="it.openutils.hibernate.security.aop.AOPSecurity" />
+
+ <bean id="securityInterceptor" class="it.openutils.hibernate.security.aop.HibernateDAOSecurityInterceptor">
+ <property name="securityRuleManager" ref="securityRuleManager" />
+ <property name="sessionFactory" ref="sessionFactory" />
</bean>
-
- <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder" />
+
+<!--
+ <bean class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
+ <property name="beanNames">
+ <list>
+ <idref bean="dummyDAO" />
+ </list>
+ </property>
+ <property name="interceptorNames">
+ <list>
+ <value>securityInterceptor</value>
+ </list>
+ </property>
+ </bean>
+ -->
+
+ <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder" />
<bean id="userDetailsService" class="it.openutils.usermanagement.acegi.HibernateUserDetailsServiceImpl"
autowire="byType">
<property name="userDao" ref="userDAO" />
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
