You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ff...@apache.org on 2018/10/25 05:30:05 UTC
[cxf] branch master updated: [CXF-7815]Deal with java.security.acl
classes being removed in Java 12
This is an automated email from the ASF dual-hosted git repository.
ffang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new a35164d [CXF-7815]Deal with java.security.acl classes being removed in Java 12
a35164d is described below
commit a35164d48046223c276d562127bdf99c3d9cb050
Author: Freeman Fang <fr...@gmail.com>
AuthorDate: Thu Oct 25 13:29:23 2018 +0800
[CXF-7815]Deal with java.security.acl classes being removed in Java 12
---
.../apache/cxf/common/security/GroupPrincipal.java | 69 ++++++++++++++++++++++
.../apache/cxf/common/security/SimpleGroup.java | 3 +-
.../AbstractSecurityContextInInterceptor.java | 4 +-
.../security/DefaultSecurityContext.java | 12 ++--
.../cxf/common/security/SimpleGroupTest.java | 3 +-
.../security/DefaultSecurityContextTest.java | 8 +--
6 files changed, 83 insertions(+), 16 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/common/security/GroupPrincipal.java b/core/src/main/java/org/apache/cxf/common/security/GroupPrincipal.java
new file mode 100644
index 0000000..00a343c
--- /dev/null
+++ b/core/src/main/java/org/apache/cxf/common/security/GroupPrincipal.java
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.common.security;
+
+import java.security.Principal;
+import java.util.Enumeration;
+
+public interface GroupPrincipal extends Principal {
+
+ /**
+ * Adds the specified member to the group.
+ *
+ * @param user the principal to add to this group.
+ *
+ * @return true if the member was successfully added,
+ * false if the principal was already a member.
+ */
+ boolean addMember(Principal user);
+
+ /**
+ * Removes the specified member from the group.
+ *
+ * @param user the principal to remove from this group.
+ *
+ * @return true if the principal was removed, or
+ * false if the principal was not a member.
+ */
+ boolean removeMember(Principal user);
+
+ /**
+ * Returns true if the passed principal is a member of the group.
+ * This method does a recursive search, so if a principal belongs to a
+ * group which is a member of this group, true is returned.
+ *
+ * @param member the principal whose membership is to be checked.
+ *
+ * @return true if the principal is a member of this group,
+ * false otherwise.
+ */
+ boolean isMember(Principal member);
+
+
+ /**
+ * Returns an enumeration of the members in the group.
+ * The returned objects can be instances of either Principal
+ * or Group (which is a subclass of Principal).
+ *
+ * @return an enumeration of the group members.
+ */
+ Enumeration<? extends Principal> members();
+
+}
\ No newline at end of file
diff --git a/core/src/main/java/org/apache/cxf/common/security/SimpleGroup.java b/core/src/main/java/org/apache/cxf/common/security/SimpleGroup.java
index c6814e9..353f62c 100644
--- a/core/src/main/java/org/apache/cxf/common/security/SimpleGroup.java
+++ b/core/src/main/java/org/apache/cxf/common/security/SimpleGroup.java
@@ -19,7 +19,6 @@
package org.apache.cxf.common.security;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
@@ -29,7 +28,7 @@ import java.util.Set;
* Simple Group implementation
*
*/
-public class SimpleGroup extends SimplePrincipal implements Group {
+public class SimpleGroup extends SimplePrincipal implements GroupPrincipal {
private static final long serialVersionUID = 1L;
private Set<Principal> members = new HashSet<>();
diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java b/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
index e4626d4..00d6b25 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/security/AbstractSecurityContextInInterceptor.java
@@ -19,12 +19,12 @@
package org.apache.cxf.interceptor.security;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.security.GroupPrincipal;
import org.apache.cxf.common.security.SecurityToken;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
@@ -70,7 +70,7 @@ public abstract class AbstractSecurityContextInInterceptor extends AbstractPhase
protected Principal getPrincipal(Principal originalPrincipal, Subject subject) {
Principal[] ps = subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()]);
- if (ps != null && ps.length > 0 && !(ps[0] instanceof Group)) {
+ if (ps != null && ps.length > 0 && !(ps[0] instanceof GroupPrincipal)) {
return ps[0];
}
return originalPrincipal;
diff --git a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
index 055718b..8e67d8a 100644
--- a/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
+++ b/core/src/main/java/org/apache/cxf/interceptor/security/DefaultSecurityContext.java
@@ -19,13 +19,13 @@
package org.apache.cxf.interceptor.security;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
+import org.apache.cxf.common.security.GroupPrincipal;
import org.apache.cxf.security.LoginSecurityContext;
/**
@@ -62,7 +62,7 @@ public class DefaultSecurityContext implements LoginSecurityContext {
}
for (Principal principal : subject.getPrincipals()) {
- if (!(principal instanceof Group)
+ if (!(principal instanceof GroupPrincipal)
&& (principalName == null || principal.getName().equals(principalName))) {
return principal;
}
@@ -71,7 +71,7 @@ public class DefaultSecurityContext implements LoginSecurityContext {
// No match for the principalName. Just return first non-Group Principal
if (principalName != null) {
for (Principal principal : subject.getPrincipals()) {
- if (!(principal instanceof Group)) {
+ if (!(principal instanceof GroupPrincipal)) {
return principal;
}
}
@@ -87,7 +87,7 @@ public class DefaultSecurityContext implements LoginSecurityContext {
public boolean isUserInRole(String role) {
if (subject != null) {
for (Principal principal : subject.getPrincipals()) {
- if (principal instanceof Group && checkGroup((Group)principal, role)) {
+ if (principal instanceof GroupPrincipal && checkGroup((GroupPrincipal)principal, role)) {
return true;
} else if (p != principal
&& role.equals(principal.getName())) {
@@ -98,7 +98,7 @@ public class DefaultSecurityContext implements LoginSecurityContext {
return false;
}
- protected boolean checkGroup(Group group, String role) {
+ protected boolean checkGroup(GroupPrincipal group, String role) {
if (group.getName().equals(role)) {
return true;
}
@@ -107,7 +107,7 @@ public class DefaultSecurityContext implements LoginSecurityContext {
// this might be a plain role but could represent a group consisting of other groups/roles
Principal member = members.nextElement();
if (member.getName().equals(role)
- || member instanceof Group && checkGroup((Group)member, role)) {
+ || member instanceof GroupPrincipal && checkGroup((GroupPrincipal)member, role)) {
return true;
}
}
diff --git a/core/src/test/java/org/apache/cxf/common/security/SimpleGroupTest.java b/core/src/test/java/org/apache/cxf/common/security/SimpleGroupTest.java
index 13ab378..07cc26a 100644
--- a/core/src/test/java/org/apache/cxf/common/security/SimpleGroupTest.java
+++ b/core/src/test/java/org/apache/cxf/common/security/SimpleGroupTest.java
@@ -19,7 +19,6 @@
package org.apache.cxf.common.security;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.Enumeration;
import org.junit.Assert;
@@ -42,7 +41,7 @@ public class SimpleGroupTest extends Assert {
@Test
public void testAddRemoveMembers() {
- Group group = new SimpleGroup("group");
+ GroupPrincipal group = new SimpleGroup("group");
assertFalse(group.members().hasMoreElements());
group.addMember(new SimpleGroup("group", "friend"));
diff --git a/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java b/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
index ed9c54f..c91e35b 100644
--- a/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
+++ b/core/src/test/java/org/apache/cxf/interceptor/security/DefaultSecurityContextTest.java
@@ -19,12 +19,12 @@
package org.apache.cxf.interceptor.security;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
+import org.apache.cxf.common.security.GroupPrincipal;
import org.apache.cxf.common.security.SimpleGroup;
import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.security.LoginSecurityContext;
@@ -82,7 +82,7 @@ public class DefaultSecurityContextTest extends Assert {
Subject s = new Subject();
Principal p = new SimplePrincipal("Barry");
s.getPrincipals().add(p);
- Group group = new SimpleGroup("Roles", p);
+ GroupPrincipal group = new SimpleGroup("Roles", p);
group.addMember(new SimpleGroup("friend"));
s.getPrincipals().add(group);
assertTrue(new DefaultSecurityContext(p, s).isUserInRole("friend"));
@@ -93,8 +93,8 @@ public class DefaultSecurityContextTest extends Assert {
Subject s = new Subject();
Principal p = new SimplePrincipal("Barry");
s.getPrincipals().add(p);
- Group group = new SimpleGroup("Roles", p);
- Group subgroup = new SimpleGroup("subgroup");
+ GroupPrincipal group = new SimpleGroup("Roles", p);
+ GroupPrincipal subgroup = new SimpleGroup("subgroup");
subgroup.addMember(new SimpleGroup("friend"));
group.addMember(subgroup);
s.getPrincipals().add(group);