You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by st...@apache.org on 2017/11/27 13:03:57 UTC
deltaspike git commit: DELTASPIKE-1294 fix SecurityBinding extraction
Repository: deltaspike
Updated Branches:
refs/heads/master 1174922e4 -> b1903c2b3
DELTASPIKE-1294 fix SecurityBinding extraction
Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/b1903c2b
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/b1903c2b
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/b1903c2b
Branch: refs/heads/master
Commit: b1903c2b3463dfa368d0fe973c72f2055c838bf6
Parents: 1174922
Author: Mark Struberg <st...@apache.org>
Authored: Mon Nov 27 13:53:53 2017 +0100
Committer: Mark Struberg <st...@apache.org>
Committed: Mon Nov 27 13:53:53 2017 +0100
----------------------------------------------------------------------
.../SecuredAnnotationAuthorizer.java | 10 ++-
.../secured/SecuredAnnotationTest.java | 72 ++++++++++++--------
.../authorization/secured/SecuredBean1.java | 2 +-
.../authorization/secured/SecuredBean2.java | 2 +-
.../authorization/secured/SomeParentClass.java | 37 ++++++++++
.../securitybinding/SecuredBean1.java | 2 +-
.../securitybinding/SecurityBindingTest.java | 69 ++++++++-----------
.../securitybinding/SomeParentClass.java | 36 ++++++++++
8 files changed, 156 insertions(+), 74 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/b1903c2b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
index a718137..9b16736 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
@@ -84,7 +84,15 @@ public class SecuredAnnotationAuthorizer
Method method = invocationContext.getMethod();
- result.addAll(SecurityUtils.getAllAnnotations(method.getDeclaringClass().getAnnotations(),
+ // some very old EE6 containers have a bug in resolving the target
+ // so we fall back on the declaringClass of the method.
+ Class<?> targetClass =
+ invocationContext.getTarget() != null
+ ? invocationContext.getTarget().getClass()
+ : method.getDeclaringClass();
+
+
+ result.addAll(SecurityUtils.getAllAnnotations(targetClass.getAnnotations(),
new HashSet<Integer>()));
//later on method-level annotations need to overrule class-level annotations -> don't change the order
result.addAll(SecurityUtils.getAllAnnotations(method.getAnnotations(),
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/b1903c2b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java
index 37f7616..96ce109 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java
@@ -30,47 +30,59 @@ import org.junit.Test;
public abstract class SecuredAnnotationTest
{
@Test
- public void simpleInterceptorTest()
+ public void simpleInterceptorTestOk()
{
SecuredBean1 testBean = BeanProvider.getContextualReference(SecuredBean1.class, false);
-
Assert.assertEquals("result", testBean.getResult());
+ }
- try
- {
- testBean.getBlockedResult();
- Assert.fail("AccessDeniedException expect, but was not thrown");
- }
- catch (AccessDeniedException e)
- {
- //expected exception
- }
- catch (Exception e)
- {
- Assert.fail("Unexpected Exception: " + e);
- }
+ @Test
+ public void simpleInterceptorTestParentOk()
+ {
+ SecuredBean1 testBean = BeanProvider.getContextualReference(SecuredBean1.class, false);
+ Assert.assertEquals("allfine", testBean.someFineMethodFromParent());
+ }
+
+ @Test(expected = AccessDeniedException.class)
+ public void simpleInterceptorTestDenied()
+ {
+ SecuredBean1 testBean = BeanProvider.getContextualReference(SecuredBean1.class, false);
+ testBean.getBlockedResult();
+ }
+
+ @Test(expected = AccessDeniedException.class)
+ public void simpleInterceptorTestParentDenied()
+ {
+ SecuredBean1 testBean = BeanProvider.getContextualReference(SecuredBean1.class, false);
+ testBean.someBlockedMethodFromParent();
}
@Test
- public void interceptorTestWithStereotype()
+ public void interceptorTestWithStereotypeOk()
{
SecuredBean2 testBean = BeanProvider.getContextualReference(SecuredBean2.class, false);
-
Assert.assertEquals("result", testBean.getResult());
+ }
- try
- {
- testBean.getBlockedResult();
- Assert.fail("AccessDeniedException expect, but was not thrown");
- }
- catch (AccessDeniedException e)
- {
- //expected exception
- }
- catch (Exception e)
- {
- Assert.fail("Unexpected Exception: " + e);
- }
+ @Test
+ public void interceptorTestWithStereotypeParentOk()
+ {
+ SecuredBean2 testBean = BeanProvider.getContextualReference(SecuredBean2.class, false);
+ Assert.assertEquals("allfine", testBean.someFineMethodFromParent());
+ }
+
+ @Test(expected = AccessDeniedException.class)
+ public void interceptorTestWithStereotypeDenied()
+ {
+ SecuredBean2 testBean = BeanProvider.getContextualReference(SecuredBean2.class, false);
+ testBean.getBlockedResult();
+ }
+
+ @Test(expected = AccessDeniedException.class)
+ public void interceptorTestWithStereotypeParentDenied()
+ {
+ SecuredBean2 testBean = BeanProvider.getContextualReference(SecuredBean2.class, false);
+ testBean.someBlockedMethodFromParent();
}
@Test
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/b1903c2b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean1.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean1.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean1.java
index 47dffb0..0134cf1 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean1.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean1.java
@@ -24,7 +24,7 @@ import javax.enterprise.context.ApplicationScoped;
@ApplicationScoped
@Secured(TestAccessDecisionVoter.class)
-public class SecuredBean1
+public class SecuredBean1 extends SomeParentClass
{
public String getBlockedResult()
{
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/b1903c2b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean2.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean2.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean2.java
index 8ce749a..f50e825 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean2.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredBean2.java
@@ -22,7 +22,7 @@ import javax.enterprise.context.ApplicationScoped;
@ApplicationScoped
@SecuredBeanWithStereotype
-public class SecuredBean2
+public class SecuredBean2 extends SomeParentClass
{
public String getBlockedResult()
{
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/b1903c2b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SomeParentClass.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SomeParentClass.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SomeParentClass.java
new file mode 100644
index 0000000..014c10a
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SomeParentClass.java
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.test.security.impl.authorization.secured;
+
+/**
+ * To verify if the permission annotation also works on the methods
+ * of the parent class
+ */
+public class SomeParentClass
+{
+ public String someFineMethodFromParent()
+ {
+ return "allfine";
+ }
+
+ public String someBlockedMethodFromParent()
+ {
+ return "shouldgetblocked";
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/b1903c2b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecuredBean1.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecuredBean1.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecuredBean1.java
index b04c2a5..000fef6 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecuredBean1.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecuredBean1.java
@@ -22,7 +22,7 @@ import javax.enterprise.context.ApplicationScoped;
@CustomSecurityBinding
@ApplicationScoped
-public class SecuredBean1
+public class SecuredBean1 extends SomeParentClass
{
public String getBlockedResult()
{
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/b1903c2b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java
index b7cd499..7ffd3ad 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java
@@ -39,16 +39,6 @@ public class SecurityBindingTest
@Deployment
public static WebArchive deploy()
{
-// JavaArchive testJar = ShrinkWrap.create(JavaArchive.class, SecurityBindingTest.class.getSimpleName() + ".jar")
-// .addPackage(SecurityBindingTest.class.getPackage())
-// .addAsManifestResource(ArchiveUtils.getBeansXml(), "beans.xml");
-//
-// return ShrinkWrap.create(WebArchive.class, "security-binding-test.war")
-// .addAsLibraries(ArchiveUtils.getDeltaSpikeCoreAndSecurityArchive())
-// .addAsLibraries(testJar)
-// .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
-
-
return ShrinkWrap.create(WebArchive.class, "security-binding-test.war")
.addAsLibraries(ArchiveUtils.getDeltaSpikeCoreAndSecurityArchive())
.addPackage(SecurityBindingTest.class.getPackage())
@@ -56,46 +46,45 @@ public class SecurityBindingTest
}
@Test
- public void simpleInterceptorTest()
+ public void simpleInterceptorTestOk()
{
SecuredBean1 testBean = BeanProvider.getContextualReference(SecuredBean1.class, false);
-
Assert.assertEquals("result", testBean.getResult());
+ }
+
+ @Test
+ public void simpleInterceptorTestParentOk()
+ {
+ SecuredBean1 testBean = BeanProvider.getContextualReference(SecuredBean1.class, false);
+ Assert.assertEquals("allfine", testBean.someFineMethodFromParent());
+ }
+
+ @Test(expected = AccessDeniedException.class)
+ public void simpleInterceptorTestDenied()
+ {
+ SecuredBean1 testBean = BeanProvider.getContextualReference(SecuredBean1.class, false);
+ testBean.getBlockedResult();
+ }
- try
- {
- testBean.getBlockedResult();
- Assert.fail("AccessDeniedException expect, but was not thrown");
- }
- catch (AccessDeniedException e)
- {
- //expected exception
- }
- catch (Exception e)
- {
- Assert.fail("Unexpected Exception: " + e);
- }
+ @Test(expected = AccessDeniedException.class)
+ public void simpleInterceptorTestParentDenied()
+ {
+ SecuredBean1 testBean = BeanProvider.getContextualReference(SecuredBean1.class, false);
+ testBean.someBlockedMethodFromParent();
}
+
@Test
- public void simpleInterceptorTestOnMethods()
+ public void simpleInterceptorTestOnMethodsOk()
{
SecuredBean2 testBean = BeanProvider.getContextualReference(SecuredBean2.class, false);
-
Assert.assertEquals("result", testBean.getResult());
+ }
- try
- {
- testBean.getBlockedResult();
- Assert.fail("AccessDeniedException expect, but was not thrown");
- }
- catch (AccessDeniedException e)
- {
- //expected exception
- }
- catch (Exception e)
- {
- Assert.fail("Unexpected Exception: " + e);
- }
+ @Test(expected = AccessDeniedException.class)
+ public void simpleInterceptorTestOnMethodsDenied()
+ {
+ SecuredBean2 testBean = BeanProvider.getContextualReference(SecuredBean2.class, false);
+ testBean.getBlockedResult();
}
}
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/b1903c2b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SomeParentClass.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SomeParentClass.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SomeParentClass.java
new file mode 100644
index 0000000..d1e4bcf
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SomeParentClass.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.test.security.impl.authorization.securitybinding;
+
+/**
+ * To verify if the permission annotation also works on the methods
+ * of the parent class
+ */
+public class SomeParentClass
+{
+ public String someFineMethodFromParent()
+ {
+ return "allfine";
+ }
+
+ public String someBlockedMethodFromParent()
+ {
+ return "shouldgetblocked";
+ }
+}