svn commit: r895454 - in /ofbiz/branches/executionconte
Locked
 
|
Author: adrianc
Date: Sun Jan 3 18:02:24 2010 New Revision: 895454 URL: http://svn.apache.org/viewvc?rev=895454&view=rev Log: Better OO design, added artifact path wildcard capability. Added: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java (with props) Modified: ofbiz/branches/executioncontext20091231/framework/api/config/api.properties ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/OFBizPermission.java ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml Modified: ofbiz/branches/executioncontext20091231/framework/api/config/api.properties URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/config/api.properties?rev=895454&r1=895453&r2=895454&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/config/api.properties (original) +++ ofbiz/branches/executioncontext20091231/framework/api/config/api.properties Sun Jan 3 18:02:24 2010 @@ -34,7 +34,7 @@ executionContext.verbose=false # Set to true to enable AuthorizationManager info messages. -authorizationManager.verbose=false +authorizationManager.verbose=true # Set to true to disable the AuthorizationManager. authorizationManager.disabled=false Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java?rev=895454&r1=895453&r2=895454&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java Sun Jan 3 18:02:24 2010 @@ -58,7 +58,7 @@ Debug.logInfo("Checking permission: " + ThreadContext.getExecutionPath() + "[" + permission + "]", module); } this.permission.reset(); - this.node.getPermissions(ThreadContext.getExecutionPath(), this.permission); + this.node.getPermissions(new ArtifactPath(ThreadContext.getExecutionPath()), this.permission); if (this.verbose) { Debug.logInfo("Found permission(s): " + ThreadContext.getUserLogin().getString("userLoginId") + "@" + ThreadContext.getExecutionPath() + "[" + this.permission + "]", module); Added: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java?rev=895454&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java (added) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java Sun Jan 3 18:02:24 2010 @@ -0,0 +1,49 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.context; + +import java.util.Arrays; +import java.util.Iterator; + +/** Artifact path class. */ +public class ArtifactPath { + + public static final String ELEMENT_SEPARATOR = "/"; + protected String currentPathElement = null; + protected Iterator<String> pathIterator; + + public ArtifactPath(String artifactPath) { + String[] strArray = artifactPath.split(ELEMENT_SEPARATOR); + this.currentPathElement = strArray[0]; + this.pathIterator = Arrays.asList(strArray).iterator(); + } + + public String getCurrentPathElement() { + return this.currentPathElement; + } + + public String getNextPathElement() { + this.currentPathElement = this.pathIterator.next(); + return this.currentPathElement; + } + + public boolean hasMoreElements() { + return this.pathIterator.hasNext(); + } +} Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java ------------------------------------------------------------------------------ svn:keywords = Date Rev Author URL Id Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java?rev=895454&r1=895453&r2=895454&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java Sun Jan 3 18:02:24 2010 @@ -21,14 +21,10 @@ import java.security.AccessControlException; import java.security.Permission; import java.util.List; -import java.util.Map; - -import javolution.util.FastMap; import org.ofbiz.api.authorization.AccessController; import org.ofbiz.api.authorization.BasicPermissions; import org.ofbiz.api.authorization.AuthorizationManager; -import org.ofbiz.api.authorization.NullAuthorizationManager; import org.ofbiz.entity.Delegator; import org.ofbiz.entity.GenericEntityException; import org.ofbiz.entity.GenericValue; @@ -40,7 +36,7 @@ import org.ofbiz.service.ThreadContext; /** - * An implementation of the AuthorizationManager interface that uses the OFBiz database + * An implementation of the AuthorizationManager interface that uses the Entity Engine * for authorization data storage. */ public class AuthorizationManagerImpl extends OFBizSecurity implements AuthorizationManager { @@ -48,10 +44,7 @@ // Right now this class implements permission checking only. public static final String module = AuthorizationManagerImpl.class.getName(); -// protected static final UtilCache<String, PathNode> userPermCache = UtilCache.createUtilCache("authorization.UserPermissions"); - protected static final Map<String, PathNode> userPermCache = FastMap.newInstance(); - protected static final AuthorizationManager nullAuthorizationManager = new NullAuthorizationManager(); - protected static boolean underConstruction = false; + protected static final UtilCache<String, AccessController> userPermCache = UtilCache.createUtilCache("authorization.UserPermissions"); public AuthorizationManagerImpl() { } @@ -134,31 +127,19 @@ public AccessController getAccessController() throws AccessControlException { String userLoginId = ThreadContext.getUserLogin().getString("userLoginId"); - PathNode node = getUserPermissionsNode(userLoginId); - if (node == null) { - // During object construction, artifacts will be used that will ultimately - // call this method. In order for object construction to succeed, we need - // to allow unrestricted access to all artifacts. - return nullAuthorizationManager.getAccessController(); - } - return new AccessControllerImpl(getUserPermissionsNode(userLoginId)); + return getAccessController(userLoginId); } - protected static PathNode getUserPermissionsNode(String userLoginId) throws AccessControlException { - if (underConstruction) { - return null; - } - PathNode node = userPermCache.get(userLoginId); - if (node != null) { - return node; + protected static AccessController getAccessController(String userLoginId) throws AccessControlException { + AccessController accessController = userPermCache.get(userLoginId); + if (accessController != null) { + return accessController; } synchronized (userPermCache) { - underConstruction = true; - node = new PathNode(); - // Set up the ExecutionContext for unrestricted access to security-aware artifacts - ThreadContext.runUnprotected(); - Delegator delegator = ThreadContext.getDelegator(); try { + ThreadContext.runUnprotected(); + Delegator delegator = ThreadContext.getDelegator(); + PathNode node = new PathNode(); // Process group membership permissions first List<GenericValue> groupMemberships = delegator.findList("UserToUserGroupRel", EntityCondition.makeCondition(UtilMisc.toMap("userLoginId", userLoginId)), null, null, null, false); for (GenericValue userGroup : groupMemberships) { @@ -167,15 +148,15 @@ // Process user permissions last List<GenericValue> permissionValues = delegator.findList("UserToArtifactPermRel", EntityCondition.makeCondition(UtilMisc.toMap("userLoginId", userLoginId)), null, null, null, false); setPermissions(userLoginId, node, permissionValues); - userPermCache.put(userLoginId, node); + accessController = new AccessControllerImpl(node); + userPermCache.put(userLoginId, accessController); } catch (GenericEntityException e) { throw new AccessControlException(e.getMessage()); } finally { ThreadContext.endRunUnprotected(); - underConstruction = false; } } - return node; + return accessController; } protected static void processGroupPermissions(String groupId, PathNode node, Delegator delegator) throws AccessControlException { @@ -199,9 +180,9 @@ OFBizPermission target = new OFBizPermission(id + "@" + artifactPath); String[] pair = value.getString("permissionValue").split("="); if ("filter".equalsIgnoreCase(pair[0])) { - target.filters.add(pair[1]); + target.addFilter(pair[1]); } else if ("service".equalsIgnoreCase(pair[0])) { - target.services.add(pair[1]); + target.addService(pair[1]); } else { Permission permission = BasicPermissions.ConversionMap.get(pair[0].toUpperCase()); if (permission != null) { @@ -214,7 +195,7 @@ throw new AccessControlException("Invalid permission: " + pair[0]); } } - node.setPermissions(artifactPath, target); + node.setPermissions(new ArtifactPath(artifactPath), target); } } Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/OFBizPermission.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/OFBizPermission.java?rev=895454&r1=895453&r2=895454&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/OFBizPermission.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/OFBizPermission.java Sun Jan 3 18:02:24 2010 @@ -31,6 +31,8 @@ * <p>This class enforces the security-aware artifact permission * checking rules:<br> * <ul> + * <li>If the permissions list contains the admin permission, + * then access is granted</li> * <li>If the permissions list contains the specified permission, * then access is granted</li> * <li>If services are specified, and all services return @@ -55,6 +57,14 @@ this.excludePermissions = new PermissionsUnion(name); } + public void addFilter(String filter) { + this.filters.add(filter); + } + + public void addService(String service) { + this.services.add(service); + } + @Override public boolean equals(Object obj) { if (obj == this) { Modified: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java?rev=895454&r1=895453&r2=895454&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java (original) +++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java Sun Jan 3 18:02:24 2010 @@ -28,9 +28,11 @@ */ public class PathNode { + public static final String PLACEHOLDER_CHARACTER = "?"; protected String nodeName = null; protected OFBizPermission permission = null; protected Map<String, PathNode> childNodes = null; + protected boolean handlePlaceholder = false; public PathNode() {} @@ -38,28 +40,60 @@ this.nodeName = nodeName; } - public void setPermissions(String artifactPath, OFBizPermission permission) { - int pos = artifactPath.indexOf("/"); - if (pos == -1) { + protected void buildNodeString(FastList<PathNode> currentPath, StringBuilder result) { + currentPath.add(this); + if (this.permission != null) { + for (PathNode pathNode: currentPath) { + result.append("/"); + result.append(pathNode.nodeName); + } + result.append("["); + result.append(this.permission); + result.append("]"); + result.append("\n"); + } + if (this.childNodes != null) { + Collection<PathNode> childNodes = this.childNodes.values(); + for (PathNode childNode : childNodes) { + childNode.buildNodeString(currentPath, result); + } + } + currentPath.removeLast(); + } + + public void getPermissions(ArtifactPath artifactPath, OFBizPermission permission) { + permission.accumulatePermissions(this.permission); + if (artifactPath.hasMoreElements() && this.childNodes != null) { + String nextNodeName = artifactPath.getNextPathElement(); + if (this.handlePlaceholder) { + if (!artifactPath.hasMoreElements()) { + return; + } + nextNodeName = artifactPath.getNextPathElement(); + } + PathNode node = this.childNodes.get(nextNodeName.toUpperCase()); + if (node != null) { + node.getPermissions(artifactPath, permission); + } + } + } + + public void setPermissions(ArtifactPath artifactPath, OFBizPermission permission) { + if (this.nodeName == null) { + this.nodeName = artifactPath.getCurrentPathElement(); + } + if (!artifactPath.hasMoreElements()) { if (this.permission == null) { this.permission = permission; } else { this.permission.accumulatePermissions(permission); } - if (this.nodeName == null) { - this.nodeName = artifactPath; - } return; } - String thisNodeName = artifactPath.substring(0, pos); - if (this.nodeName == null) { - this.nodeName = thisNodeName; - } - artifactPath = artifactPath.substring(pos + 1); - String nextNodeName = artifactPath; - pos = artifactPath.indexOf("/"); - if (pos != -1) { - nextNodeName = artifactPath.substring(0, pos); + String nextNodeName = artifactPath.getNextPathElement(); + if (PLACEHOLDER_CHARACTER.equals(nextNodeName)) { + this.handlePlaceholder = true; + nextNodeName = artifactPath.getNextPathElement(); } String key = nextNodeName.toUpperCase(); if (this.childNodes == null) { @@ -73,23 +107,6 @@ node.setPermissions(artifactPath, permission); } - public void getPermissions(String artifactPath, OFBizPermission permission) { - permission.accumulatePermissions(this.permission); - int pos = artifactPath.indexOf("/"); - if (pos != -1 && this.childNodes != null) { - artifactPath = artifactPath.substring(pos + 1); - String nextNodeName = artifactPath; - pos = artifactPath.indexOf("/"); - if (pos != -1) { - nextNodeName = artifactPath.substring(0, pos); - } - PathNode node = this.childNodes.get(nextNodeName.toUpperCase()); - if (node != null) { - node.getPermissions(artifactPath, permission); - } - } - } - @Override public String toString() { FastList<PathNode> currentPath = FastList.newInstance(); @@ -97,25 +114,4 @@ buildNodeString(currentPath, result); return result.toString(); } - - protected void buildNodeString(FastList<PathNode> currentPath, StringBuilder result) { - currentPath.add(this); - if (this.permission != null) { - for (PathNode pathNode: currentPath) { - result.append("/"); - result.append(pathNode.nodeName); - } - result.append("["); - result.append(this.permission); - result.append("]"); - result.append("\n"); - } - if (this.childNodes != null) { - Collection<PathNode> childNodes = this.childNodes.values(); - for (PathNode childNode : childNodes) { - childNode.buildNodeString(currentPath, result); - } - } - currentPath.removeLast(); - } } Modified: ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml?rev=895454&r1=895453&r2=895454&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml Sun Jan 3 18:02:24 2010 @@ -35,15 +35,6 @@ <ArtifactPath artifactPath="ofbiz/example" description="Example Application"/> <ArtifactPath artifactPath="ofbiz/exampleext" description="Extended Example Application"/> - <!-- Data needed to get users logged in --> - <ArtifactPath artifactPath="ofbiz/example/getUserPreferenceGroup" description="Example Application - getUserPreferenceGroup service"/> - <ArtifactPath artifactPath="ofbiz/example/login" description="Example Application - Login screen"/> - <ArtifactPath artifactPath="ofbiz/example/ServerHit" description="Example Application - Server hit"/> - <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/getUserPreferenceGroup" permissionValue="access=true"/> - <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/login" permissionValue="access=true"/> - <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/login" permissionValue="view=true"/> - <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/ServerHit" permissionValue="create=true"/> - <!-- Data needed for the transition to security-aware artifacts. As each webapp is converted over to the new security design, the corresponding admin permission should be removed. --> Modified: ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml?rev=895454&r1=895453&r2=895454&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml Sun Jan 3 18:02:24 2010 @@ -62,7 +62,12 @@ <UserLogin userLoginId="NOT_LOGGED_IN" enabled="N" isSystem="N"/> <UserGroup groupId="OFBIZ_USERS" description="All OFBiz users"/> + <ArtifactPath artifactPath="ofbiz" description="The artifact path root"/> + <ArtifactPath artifactPath="ofbiz/?/getUserPreferenceGroup" description="All Applications - getUserPreferenceGroup service"/> + <ArtifactPath artifactPath="ofbiz/?/login" description="All Applications - Login screen"/> + <ArtifactPath artifactPath="ofbiz/?/ServerHit" description="All Applications - Server hit"/> + <ArtifactPermission permissionValue="access=true" description="Access granted"/> <ArtifactPermission permissionValue="admin=true" description="Admin access granted"/> <ArtifactPermission permissionValue="create=true" description="Create access granted"/> @@ -73,6 +78,11 @@ <ArtifactPermission permissionValue="update=false" description="Update access denied"/> <ArtifactPermission permissionValue="view=true" description="View access granted"/> <ArtifactPermission permissionValue="view=false" description="View access denied"/> + <UserToArtifactPermRel userLoginId="system" artifactPath="ofbiz" permissionValue="admin=true"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/?/getUserPreferenceGroup" permissionValue="access=true"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/?/login" permissionValue="access=true"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/?/login" permissionValue="view=true"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/?/ServerHit" permissionValue="create=true"/> </entity-engine-xml> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |