Menu
▾
▴
openutils-svn
Revision: 639
http://openutils.svn.sourceforge.net/openutils/?rev=639&view=rev
Author: fcarone
Date: 2008-02-19 07:34:28 -0800 (Tue, 19 Feb 2008)
Log Message:
-----------
SecurityRule based acegi voter added
Added Paths:
-----------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
Added: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java (rev 0)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-19 15:34:28 UTC (rev 639)
@@ -0,0 +1,197 @@
+/*
+ * Copyright Openmind http://www.openmindonline.it
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.dataobject.ModifierEnum;
+import it.openutils.hibernate.security.dataobject.PermissionEnum;
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.lang.reflect.InvocationTargetException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttribute;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.vote.AccessDecisionVoter;
+import org.apache.commons.beanutils.BeanUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang.enums.EnumUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.aop.framework.ReflectiveMethodInvocation;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class SecurityRuleAccessDecisionVoter implements AccessDecisionVoter
+{
+
+ /**
+ * Logger.
+ */
+ private static Logger log = LoggerFactory.getLogger(SecurityRuleAccessDecisionVoter.class);
+
+ private SecurityRuleManager securityRuleManager;
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean supports(ConfigAttribute attribute)
+ {
+ if (attribute.getAttribute() != null)
+ {
+ for (PermissionEnum permission : PermissionEnum.values())
+ {
+ if (StringUtils.equals(permission.getValue(), attribute.getAttribute()))
+ {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @SuppressWarnings("unchecked")
+ public boolean supports(Class clazz)
+ {
+ return true;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config)
+ {
+ List<String> roles = new ArrayList<String>();
+ for (GrantedAuthority authority : authentication.getAuthorities())
+ {
+ roles.add(authority.getAuthority());
+ }
+ if (object instanceof ReflectiveMethodInvocation)
+ {
+ ReflectiveMethodInvocation methodInvocation = ((ReflectiveMethodInvocation) object);
+ for (Object argument : methodInvocation.getArguments())
+ {
+ List<SecurityRule> rules = securityRuleManager.getRulesForRoles(argument.getClass().getName(), roles);
+ boolean permissionMatches = checkPermissions(rules, config);
+ if (!permissionMatches)
+ {
+ return ACCESS_DENIED;
+ }
+
+ boolean areRulesMatching = checkRules(rules, argument);
+ if (!areRulesMatching)
+ {
+ return ACCESS_DENIED;
+ }
+ }
+ }
+
+ return ACCESS_GRANTED;
+ }
+
+ /**
+ * @param rules
+ * @param argument
+ * @return
+ */
+ private boolean checkRules(List<SecurityRule> rules, Object argument)
+ {
+ try
+ {
+ for (SecurityRule rule : rules)
+ {
+ String objProperty = BeanUtils.getSimpleProperty(argument, rule.getProperty());
+ if (rule.getModifier() == ModifierEnum.EQUALS)
+ {
+ if (StringUtils.equals(objProperty, rule.getValue()))
+ {
+ return true;
+ }
+ }
+ else if (rule.getModifier() == ModifierEnum.NOT)
+ {
+ if (StringUtils.equals(objProperty, rule.getValue()))
+ {
+ return true;
+ }
+ }
+ else
+ {
+ throw new RuntimeException("Modifier " + rule.getModifier() + " is not recognized");
+ }
+ }
+ }
+ catch (NoSuchMethodException e)
+ {
+ log.error("{}", e);
+ }
+ catch (IllegalAccessException e)
+ {
+ log.error("{}", e);
+ }
+ catch (InvocationTargetException e)
+ {
+ log.error("{}", e);
+ }
+ return false;
+ }
+
+ /**
+ * @param rules
+ * @param config
+ * @return
+ */
+ @SuppressWarnings("unchecked")
+ private boolean checkPermissions(List<SecurityRule> rules, ConfigAttributeDefinition config)
+ {
+ Iterator iterator = config.getConfigAttributes();
+ while (iterator.hasNext())
+ {
+ String attribute = ((ConfigAttribute) iterator.next()).getAttribute();
+ for (SecurityRule rule : rules)
+ {
+ for (PermissionEnum permission : rule.getPermissions())
+ {
+ if (StringUtils.equals(permission.getValue(), attribute))
+ {
+ return true;
+ }
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Sets the securityRuleManager.
+ * @param securityRuleManager the securityRuleManager to set
+ */
+ public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
+ {
+ this.securityRuleManager = securityRuleManager;
+ }
+
+}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
Revision: 644
http://openutils.svn.sourceforge.net/openutils/?rev=644&view=rev
Author: fcarone
Date: 2008-02-19 09:44:08 -0800 (Tue, 19 Feb 2008)
Log Message:
-----------
more logging and some minor refactorings
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-19 17:43:17 UTC (rev 643)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-19 17:44:08 UTC (rev 644)
@@ -22,6 +22,7 @@
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Iterator;
import java.util.List;
@@ -56,16 +57,20 @@
*/
public boolean supports(ConfigAttribute attribute)
{
+ log.debug("Evaluating attribute {}", attribute.getAttribute());
+
if (attribute.getAttribute() != null)
{
for (PermissionEnum permission : PermissionEnum.values())
{
if (StringUtils.equals(permission.getValue(), attribute.getAttribute()))
{
+ log.debug("Support ok.");
return true;
}
}
}
+ log.debug("Not supporting attribute.");
return false;
}
@@ -84,15 +89,14 @@
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config)
{
List<String> roles = new ArrayList<String>();
- for (GrantedAuthority authority : authentication.getAuthorities())
- {
- roles.add(authority.getAuthority());
- }
+ roles.addAll(getRolesFromAuthentication(authentication));
+
if (object instanceof ReflectiveMethodInvocation)
{
ReflectiveMethodInvocation methodInvocation = ((ReflectiveMethodInvocation) object);
for (Object argument : methodInvocation.getArguments())
{
+ log.debug("Evaluating argument {}", argument);
List<SecurityRule> rules = securityRuleManager.getRulesForRoles(argument.getClass().getName(), roles);
boolean permissionMatches = checkPermissions(rules, config);
if (!permissionMatches)
@@ -112,12 +116,28 @@
}
/**
+ * @param authentication
+ * @return
+ */
+ private Collection< ? extends String> getRolesFromAuthentication(Authentication authentication)
+ {
+ List<String> roles = new ArrayList<String>();
+ for (GrantedAuthority authority : authentication.getAuthorities())
+ {
+ log.debug("Granted authority for user {}: {}", authentication.getName(), authority.getAuthority());
+ roles.add(authority.getAuthority());
+ }
+ return roles;
+ }
+
+ /**
* @param rules
* @param argument
* @return
*/
private boolean checkRules(List<SecurityRule> rules, Object argument)
{
+ log.debug("Evaluating rules.");
try
{
for (SecurityRule rule : rules)
@@ -127,13 +147,15 @@
{
if (StringUtils.equals(objProperty, rule.getValue()))
{
+ log.debug("Matching rule found: {}", rule);
return true;
}
}
else if (rule.getModifier() == ModifierEnum.NOT)
{
- if (StringUtils.equals(objProperty, rule.getValue()))
+ if (!StringUtils.equals(objProperty, rule.getValue()))
{
+ log.debug("Matching rule found: {}", rule);
return true;
}
}
@@ -155,6 +177,7 @@
{
log.error("{}", e);
}
+ log.debug("No matching rules found.");
return false;
}
@@ -166,6 +189,7 @@
@SuppressWarnings("unchecked")
private boolean checkPermissions(List<SecurityRule> rules, ConfigAttributeDefinition config)
{
+ log.debug("Evaluation permissions");
Iterator iterator = config.getConfigAttributes();
while (iterator.hasNext())
{
@@ -176,11 +200,13 @@
{
if (StringUtils.equals(permission.getValue(), attribute))
{
+ log.debug("Matching permission: {}", permission.getValue());
return true;
}
}
}
}
+ log.debug("No matching permissions found.");
return false;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
Revision: 657
http://openutils.svn.sourceforge.net/openutils/?rev=657&view=rev
Author: fcarone
Date: 2008-02-20 02:38:55 -0800 (Wed, 20 Feb 2008)
Log Message:
-----------
use equals for enum comparisons
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-20 10:38:11 UTC (rev 656)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-20 10:38:55 UTC (rev 657)
@@ -143,7 +143,7 @@
for (SecurityRule rule : rules)
{
String objProperty = BeanUtils.getSimpleProperty(argument, rule.getProperty());
- if (rule.getModifier() == ModifierEnum.EQUALS)
+ if (rule.getModifier().equals(ModifierEnum.EQUALS))
{
if (StringUtils.equals(objProperty, rule.getValue()))
{
@@ -151,7 +151,7 @@
return true;
}
}
- else if (rule.getModifier() == ModifierEnum.NOT)
+ else if (rule.getModifier().equals(ModifierEnum.NOT))
{
if (!StringUtils.equals(objProperty, rule.getValue()))
{
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
Revision: 662
http://openutils.svn.sourceforge.net/openutils/?rev=662&view=rev
Author: fcarone
Date: 2008-02-20 07:29:19 -0800 (Wed, 20 Feb 2008)
Log Message:
-----------
use getClassName to get the class name
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-20 15:28:47 UTC (rev 661)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-20 15:29:19 UTC (rev 662)
@@ -57,7 +57,7 @@
for (Object argument : methodInvocation.getArguments())
{
log.debug("Evaluating argument {}", argument);
- List<SecurityRule> rules = securityRuleManager.getRulesForRoles(argument.getClass().getName(), roles);
+ List<SecurityRule> rules = securityRuleManager.getRulesForRoles(ruleUtils.getClassName(argument), roles);
boolean permissionMatches = ruleUtils.checkPermissions(rules, config);
if (!permissionMatches)
{
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
Revision: 689
http://openutils.svn.sourceforge.net/openutils/?rev=689&view=rev
Author: fcarone
Date: 2008-02-25 01:19:55 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
ABSTAIN if no rules found
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-25 09:17:52 UTC (rev 688)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java 2008-02-25 09:19:55 UTC (rev 689)
@@ -32,6 +32,10 @@
/**
* @author fcarone
* @version $Id$
+ *
+ * This voter looks for rules based on the given object and votes ACCESS_ABSTAIN if no rules are found, ACCESS_DENIED
+ * if rules do not match, ACCESS_GRANTED otherwise.
+ *
*/
public class SecurityRuleAccessDecisionVoter extends SecurityRuleBaseHandler implements AccessDecisionVoter
{
@@ -59,21 +63,19 @@
{
log.debug("Evaluating argument {}", argument);
List<SecurityRule> rules = securityRuleManager.getRulesForRoles(ruleUtils.getClassName(argument), roles);
- boolean permissionMatches = ruleUtils.checkPermissions(rules, config);
- if (!permissionMatches)
+ if (rules == null || rules.isEmpty())
{
- return ACCESS_DENIED;
+ continue;
}
-
- boolean areRulesMatching = ruleUtils.checkRules(rules, argument);
- if (!areRulesMatching)
+ if (ruleUtils.checkPermissions(rules, config) && ruleUtils.checkRules(rules, argument))
{
- return ACCESS_DENIED;
+ return ACCESS_GRANTED;
}
+ return ACCESS_DENIED;
}
}
- return ACCESS_GRANTED;
+ return ACCESS_ABSTAIN;
}
/**
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X