Thread: [Openutils-svn] SF.net SVN: openutils: [663] trunk/openutils-hibernate-security/src/main/ java/it/

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 663
          http://openutils.svn.sourceforge.net/openutils/?rev=663&view=rev
Author:   fcarone
Date:     2008-02-20 07:30:24 -0800 (Wed, 20 Feb 2008)

Log Message:
-----------
After invocation handler based on security rules added

Added Paths:
-----------
    trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java
    trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRulePredicate.java

Added: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java
===================================================================

--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java	                        (rev 0)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAfterInvocationHandler.java	2008-02-20 15:30:24 UTC (rev 663)
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) Openmind.  All rights reserved. http://www.openmindonline.it
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
+import org.acegisecurity.AccessDeniedException;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.acegisecurity.afterinvocation.AfterInvocationProvider;
+import org.apache.commons.collections.CollectionUtils;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class SecurityRuleAfterInvocationHandler extends SecurityRuleBaseHandler implements AfterInvocationProvider
+{
+
+    private SecurityRuleManager securityRuleManager;
+
+    /**
+     * {@inheritDoc}
+     */
+    @SuppressWarnings("unchecked")
+    public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
+        Object returnedObject) throws AccessDeniedException
+    {
+        if (returnedObject == null)
+        {
+            return null;
+        }
+        SecurityRulePredicate predicate = new SecurityRulePredicate(authentication, config, securityRuleManager);
+
+        if (returnedObject instanceof Collection)
+        {
+            CollectionUtils.filter((Collection) returnedObject, predicate);
+        }
+        else if (returnedObject.getClass().isArray())
+        {
+            Object[] objectArray = (Object[]) returnedObject;
+            List<Object> objectArrayList = Arrays.asList(objectArray);
+            CollectionUtils.filter(objectArrayList, predicate);
+        }
+        else
+        {
+            if (!predicate.evaluate(returnedObject))
+            {
+                throw new AccessDeniedException("Access denied");
+            }
+        }
+        return returnedObject;
+    }
+
+    /**
+     * Sets the securityRuleManager.
+     * @param securityRuleManager the securityRuleManager to set
+     */
+    public void setSecurityRuleManager(SecurityRuleManager securityRuleManager)
+    {
+        this.securityRuleManager = securityRuleManager;
+    }
+
+}

Added: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRulePredicate.java
===================================================================
--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRulePredicate.java	                        (rev 0)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRulePredicate.java	2008-02-20 15:30:24 UTC (rev 663)
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) Openmind.  All rights reserved. http://www.openmindonline.it
+ */
+package it.openutils.hibernate.security.filter;
+
+import it.openutils.hibernate.security.dataobject.SecurityRule;
+import it.openutils.hibernate.security.services.SecurityRuleManager;
+
+import java.util.List;
+
+import org.acegisecurity.Authentication;
+import org.acegisecurity.ConfigAttributeDefinition;
+import org.apache.commons.collections.Predicate;
+import org.apache.commons.lang.StringUtils;
+import org.hibernate.proxy.HibernateProxy;
+
+
+/**
+ * @author fcarone
+ * @version $Id: $
+ */
+public class SecurityRulePredicate implements Predicate
+{
+
+    private Authentication authentication;
+
+    private SecurityRuleManager securityRuleManager;
+
+    private ConfigAttributeDefinition configAttribute;
+
+    private SecurityRuleUtils ruleUtils = new SecurityRuleUtils();
+
+    /**
+     * @param authentication The current authentication
+     * @param configAttribute The config attribute of the current method invocation interceptor
+     * @param securityRuleManager The security rule manager to retrieve rules from
+     */
+    public SecurityRulePredicate(
+        Authentication authentication,
+        ConfigAttributeDefinition configAttribute,
+        SecurityRuleManager securityRuleManager)
+    {
+        this.authentication = authentication;
+        this.securityRuleManager = securityRuleManager;
+        this.configAttribute = configAttribute;
+    }
+
+    /**
+     * {@inheritDoc}
+     * If we return false here, the element will be removed from the original collection.
+     */
+    @SuppressWarnings("unchecked")
+    public boolean evaluate(Object object)
+    {
+        List<String> roles = ruleUtils.getRolesFromAuthentication(authentication);
+        List<SecurityRule> rules = securityRuleManager.getRulesForRoles(ruleUtils.getClassName(object), roles);
+
+        // @todo: this should be configurable
+        // denyAll by default
+        if (rules == null || rules.isEmpty())
+        {
+            return false;
+        }
+        return (ruleUtils.checkRules(rules, object) && ruleUtils.checkPermissions(rules, configAttribute));
+    }
+
+
+}


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




Thread: [Openutils-svn] SF.net SVN: openutils: [663] trunk/openutils-hibernate-security/src/main/ java/it/

openutils-svn