Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils: [429] trunk/openutils-hibernate-security
|
From: <fc...@us...> - 2007-09-03 09:00:57
|
Revision: 429
http://openutils.svn.sourceforge.net/openutils/?rev=429&view=rev
Author: fcarone
Date: 2007-09-03 01:31:00 -0700 (Mon, 03 Sep 2007)
Log Message:
-----------
AOP security sample application works
Modified Paths:
--------------
trunk/openutils-hibernate-security/pom.xml
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java
trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/HsqlDatatypeFactory.java
trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/apptest/DummyDaoImpl.java
trunk/openutils-hibernate-security/src/test/resources/spring-database.xml
trunk/openutils-hibernate-security/src/test/resources/spring-hibernate.xml
trunk/openutils-hibernate-security/src/test/resources/spring-security.xml
Removed Paths:
-------------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/HibernateDAOSecurityInterceptor.java
Modified: trunk/openutils-hibernate-security/pom.xml
===================================================================
--- trunk/openutils-hibernate-security/pom.xml 2007-09-03 08:24:39 UTC (rev 428)
+++ trunk/openutils-hibernate-security/pom.xml 2007-09-03 08:31:00 UTC (rev 429)
@@ -92,7 +92,7 @@
<dependency>
<groupId>net.sourceforge.openutils</groupId>
<artifactId>openutils-bshd5</artifactId>
- <version>1.0.7</version>
+ <version>1.0.8-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>net.sourceforge.openutils</groupId>
Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java 2007-09-03 08:24:39 UTC (rev 428)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/AOPSecurity.java 2007-09-03 08:31:00 UTC (rev 429)
@@ -3,11 +3,20 @@
*/
package it.openutils.hibernate.security.aop;
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.util.ArrayList;
import java.util.List;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.context.SecurityContextHolder;
+import org.apache.commons.lang.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
+import org.hibernate.Filter;
import org.hibernate.criterion.Criterion;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
@@ -27,23 +36,107 @@
*/
private Logger log = LoggerFactory.getLogger(AOPSecurity.class);
+ private SecurityRuleManager securityRuleManager;
+
+ private List<String> securedDAOs;
+
+ private boolean enabled;
+
/**
* @param pjp The proceeding joinpoint
* @param filter The entity we are going to filter
- * @param additionalCriteria The additional criteria list
+ * @param additionalCriteria The additional criteria list, cannot be null
* @return The execution invocation result
* @throws Throwable Any exception occurring in the invoked method
*/
-// @Around("execution(* findFiltered(Object, .., java.util.List<org.hibernate.criterion.Criterion>)) && " + //
-// " args(filter, .., additionalCriteria)")
- @Around("execution(* it.openutils.dao.hibernate.*.*(Object, .., java.util.List<org.hibernate.criterion.Criterion>)) && " + //
- " args(filter, .., additionalCriteria)")
- public Object applySecurityRules(ProceedingJoinPoint pjp, Object filter, List<Criterion> additionalCriteria)
+ @Around("execution(* it.openutils.dao.hibernate.*.*(Object, .., java.util.List<org.hibernate.criterion.Criterion>)) && "
+ + //
+ " args(filter, .., additionalCriteria)")
+ public Object applySecurityRules(ProceedingJoinPoint pjp, Object filter, List<Criterion> additionalCriteria)
throws Throwable
{
- log.debug("applying rules for {} with criteria {}", filter.toString(), additionalCriteria);
- additionalCriteria.add(Restrictions.sqlRestriction("INTVALUE = 1"));
+ if (!enabled)
+ {
+ log.debug("DAO security disabled, proceeding.");
+ return pjp.proceed();
+ }
+
+ if (!securedDAOs.contains(pjp.getTarget().getClass().getCanonicalName()))
+ {
+ log.debug("The intercepted DAO {} is not secured, proceeding.", pjp.getTarget().toString());
+ return pjp.proceed();
+ }
+
+ log.debug("applying security rules for {} with criteria {}", filter.toString(), additionalCriteria);
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+ if (authentication == null)
+ {
+ throw new SecurityException("Authentication is not valid");
+ }
+ GrantedAuthority[] authorities = authentication.getAuthorities();
+ List<String> roles = new ArrayList<String>();
+ for (int i = 0; i < authorities.length; i++)
+ {
+ roles.add(authorities[i].getAuthority());
+ }
+
+ String entity = filter.getClass().getCanonicalName();
+ List<SecurityRule> rules = securityRuleManager.getRulesForRoles(entity, roles);
+
+ if (rules.isEmpty())
+ {
+ String grantedRoles = StringUtils.EMPTY;
+ for (int i = 0; i < authorities.length; i++)
+ {
+ grantedRoles += authorities[i].getAuthority() + " ";
+ }
+ log.warn("Access is denied on " + entity + ", for user {} with roles {}", SecurityContextHolder
+ .getContext()
+ .getAuthentication()
+ .getPrincipal()
+ .toString(), grantedRoles);
+
+ throw new SecurityException("Access denied");
+ }
+
+ Filter hibernateFilter = securityRuleManager.getEntityFilterFromRules(entity, rules);
+
+ Criterion sqlCriterion = Restrictions.sqlRestriction(hibernateFilter
+ .getFilterDefinition()
+ .getDefaultFilterCondition());
+
+ log.debug("Adding sql restriction: {}", sqlCriterion.toString());
+ additionalCriteria.add(sqlCriterion);
+
Object result = pjp.proceed();
return result;
}
+
+ /**
+ * Sets the securityRuleManager.
+ * @param securityRuleManager the securityRuleManager to set
+ */
+ public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
+ {
+ this.securityRuleManager = securityRuleManager;
+ }
+
+ /**
+ * Sets the securedDAOs.
+ * @param securedDAOs the securedDAOs to set
+ */
+ public void setSecuredDAOs(List securedDAOs)
+ {
+ this.securedDAOs = securedDAOs;
+ }
+
+
+ /**
+ * Sets the enabled.
+ * @param enabled the enabled to set
+ */
+ public void setEnabled(boolean enabled)
+ {
+ this.enabled = enabled;
+ }
}
Deleted: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/HibernateDAOSecurityInterceptor.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/HibernateDAOSecurityInterceptor.java 2007-09-03 08:24:39 UTC (rev 428)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/aop/HibernateDAOSecurityInterceptor.java 2007-09-03 08:31:00 UTC (rev 429)
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) Openmind. All rights reserved. http://www.openmindonline.it
- */
-package it.openutils.hibernate.security.aop;
-
-import it.openutils.hibernate.security.dataobject.SecurityRule;
-import it.openutils.hibernate.security.services.SecurityRuleManager;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.context.SecurityContextHolder;
-import org.aopalliance.intercept.MethodInterceptor;
-import org.aopalliance.intercept.MethodInvocation;
-import org.apache.commons.lang.StringUtils;
-import org.hibernate.Filter;
-import org.hibernate.SessionFactory;
-import org.hibernate.criterion.Criterion;
-import org.hibernate.criterion.Restrictions;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-/**
- * This is a Hibernate Read-Update-Delete security interceptor. This enforces a DENY_ALL default policy.
- * @author fcarone
- * @version $Id: $
- */
-public class HibernateDAOSecurityInterceptor implements MethodInterceptor
-{
-
- /**
- * Logger.
- */
- private Logger log = LoggerFactory.getLogger(HibernateDAOSecurityInterceptor.class);
-
- private SecurityRuleManager securityRuleManager;
-
- private SessionFactory sessionFactory;
-
- /**
- * {@inheritDoc}
- */
- @SuppressWarnings("unchecked")
- public Object invoke(MethodInvocation invocation) throws Throwable
- {
- log.debug("Applying security rules");
- Object[] arguments = invocation.getArguments();
- Object checkArgument = arguments[arguments.length - 1];
- if (!StringUtils.equals(invocation.getMethod().getName(), "findFiltered"))
- {
- return invocation.proceed();
- }
- if (!(checkArgument instanceof List))
- {
- return invocation.proceed();
- }
-
- String entity = StringUtils.EMPTY;
- for (int i = 0; i < arguments.length; i++)
- {
- Object argument = arguments[i];
- if (sessionFactory.getClassMetadata(argument.getClass()) != null)
- {
- entity = argument.getClass().getCanonicalName();
- break;
- }
- }
-
- // the current invocation is not about any session managed entity
- if (StringUtils.isEmpty(entity))
- {
- return invocation.proceed();
- }
-
- if (SecurityContextHolder.getContext().getAuthentication() == null)
- {
- throw new SecurityException("Authentication is not valid");
- }
-
- GrantedAuthority[] authorities = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
- List<String> roles = new ArrayList<String>();
- for (int i = 0; i < authorities.length; i++)
- {
- roles.add(authorities[i].getAuthority());
- }
- List<SecurityRule> rules = securityRuleManager.getRulesForRoles(entity, roles);
-
- if (rules.isEmpty())
- {
- String grantedRoles = StringUtils.EMPTY;
- for (int i = 0; i < authorities.length; i++)
- {
- grantedRoles += authorities[i].getAuthority() + " ";
- }
- log.warn("Access is denied on " + entity + ", for user {} with roles {}", SecurityContextHolder
- .getContext()
- .getAuthentication()
- .getPrincipal()
- .toString(), grantedRoles);
-
- throw new SecurityException("Access denied");
- }
-
- Filter filter = securityRuleManager.getEntityFilterFromRules(entity, rules);
-
- Criterion sqlCriterion = Restrictions.sqlRestriction(filter.getFilterDefinition().getDefaultFilterCondition());
-
- if (StringUtils.equals(invocation.getMethod().getName(), "findFiltered"))
- {
- Object argument = arguments[arguments.length - 1];
- ((List) argument).add(sqlCriterion);
- }
-
- Object result = invocation.proceed();
-
- return result;
- }
-
- /**
- * Sets the securityRuleManager.
- * @param securityRuleManager the securityRuleManager to set
- */
- public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
- {
- this.securityRuleManager = securityRuleManager;
- }
-
- /**
- * Sets the sessionFactory.
- * @param sessionFactory the sessionFactory to set
- */
- public void setSessionFactory(SessionFactory sessionFactory)
- {
- this.sessionFactory = sessionFactory;
- }
-
-}
Modified: trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/HsqlDatatypeFactory.java
===================================================================
--- trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/HsqlDatatypeFactory.java 2007-09-03 08:24:39 UTC (rev 428)
+++ trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/HsqlDatatypeFactory.java 2007-09-03 08:31:00 UTC (rev 429)
@@ -19,6 +19,7 @@
/**
* {@inheritDoc}
+ * Needed to fix Boolean type recognition for HSQLDB
*/
@Override
public DataType createDataType(int sqlType, String sqlTypeName) throws DataTypeException
Modified: trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/apptest/DummyDaoImpl.java
===================================================================
--- trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/apptest/DummyDaoImpl.java 2007-09-03 08:24:39 UTC (rev 428)
+++ trunk/openutils-hibernate-security/src/test/java/it/openutils/hibernate/security/apptest/DummyDaoImpl.java 2007-09-03 08:31:00 UTC (rev 429)
@@ -20,6 +20,6 @@
protected Class<DummyDataobject> getReferenceClass()
{
return DummyDataobject.class;
+
}
-
}
Modified: trunk/openutils-hibernate-security/src/test/resources/spring-database.xml
===================================================================
--- trunk/openutils-hibernate-security/src/test/resources/spring-database.xml 2007-09-03 08:24:39 UTC (rev 428)
+++ trunk/openutils-hibernate-security/src/test/resources/spring-database.xml 2007-09-03 08:31:00 UTC (rev 429)
@@ -1,10 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
- # ATTENZIONE: queste proprietà sono utilizzate solo per gli unit tests
- # i file per la configurazione del db utilizzati dall'applicazione web sono in
- # src/main/web-app/WEB-INF
--->
+
<beans>
<bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location">
Modified: trunk/openutils-hibernate-security/src/test/resources/spring-hibernate.xml
===================================================================
--- trunk/openutils-hibernate-security/src/test/resources/spring-hibernate.xml 2007-09-03 08:24:39 UTC (rev 428)
+++ trunk/openutils-hibernate-security/src/test/resources/spring-hibernate.xml 2007-09-03 08:31:00 UTC (rev 429)
@@ -42,6 +42,7 @@
<prop key="clean*">PROPAGATION_REQUIRED</prop>
<prop key="*">PROPAGATION_REQUIRED,readOnly</prop>
</props>
- </property>
+ </property>
+ <property name="exposeProxy" value="true" />
</bean>
</beans>
\ No newline at end of file
Modified: trunk/openutils-hibernate-security/src/test/resources/spring-security.xml
===================================================================
--- trunk/openutils-hibernate-security/src/test/resources/spring-security.xml 2007-09-03 08:24:39 UTC (rev 428)
+++ trunk/openutils-hibernate-security/src/test/resources/spring-security.xml 2007-09-03 08:31:00 UTC (rev 429)
@@ -2,31 +2,16 @@
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
-
- <aop:aspectj-autoproxy/>
-
- <bean id="securityAspect" class="it.openutils.hibernate.security.aop.AOPSecurity" />
-
- <bean id="securityInterceptor" class="it.openutils.hibernate.security.aop.HibernateDAOSecurityInterceptor">
+ <aop:aspectj-autoproxy />
+ <bean id="securityAspect" class="it.openutils.hibernate.security.aop.AOPSecurity">
<property name="securityRuleManager" ref="securityRuleManager" />
- <property name="sessionFactory" ref="sessionFactory" />
- </bean>
-
-<!--
- <bean class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
- <property name="beanNames">
+ <property name="enabled" value="true" />
+ <property name="securedDAOs">
<list>
- <idref bean="dummyDAO" />
+ <value>it.openutils.hibernate.security.apptest.DummyDaoImpl</value>
</list>
</property>
- <property name="interceptorNames">
- <list>
- <value>securityInterceptor</value>
- </list>
- </property>
</bean>
- -->
-
<bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder" />
<bean id="userDetailsService" class="it.openutils.usermanagement.acegi.HibernateUserDetailsServiceImpl"
autowire="byType">
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
