You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@turbine.apache.org by gk...@apache.org on 2021/08/03 10:04:22 UTC
svn commit: r1891978 - in /turbine/fulcrum/trunk/security: ./
api/src/java/org/apache/fulcrum/security/model/turbine/
api/src/test/org/apache/fulcrum/security/model/
torque/src/java/org/apache/fulcrum/security/torque/om/
torque/src/java/org/apache/fulc...
Author: gk
Date: Tue Aug 3 10:04:22 2021
New Revision: 1891978
URL: http://svn.apache.org/viewvc?rev=1891978&view=rev
Log:
- Torque module: use by default Turbinegroup not TurbineRole from generated doSelectJoinTurbine.. method, as this will be used as key in lookup in acl roleSets.
- add groupSet to interface
- add transient avalon logger to TurbineAccessControlList and use it to check group in constructor
- use model manager to fetch global group (model manager should be set always)
Modified:
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlList.java
turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java
turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java
turbine/fulcrum/trunk/security/pom.xml
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/om/TorqueTurbineUserGroupRolePeerImpl.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/TorqueTurbineUserGroupRolePeer.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/managers/PeerGroupManager.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/FulcrumAbstractTurbineUser.java
turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineUserManagerImpl.java
Modified: turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java (original)
+++ turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineACLFactory.java Tue Aug 3 10:04:22 2021
@@ -151,7 +151,7 @@ public class TurbineACLFactory extends A
{
accessControlList =
new TurbineAccessControlListImpl(turbineUserGroupRoleSet,
- groupManager, roleManager, modelManager);
+ groupManager, roleManager, modelManager, getLogger());
}
catch (FulcrumSecurityException e)
{
Modified: turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlList.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlList.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlList.java (original)
+++ turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlList.java Tue Aug 3 10:04:22 2021
@@ -57,7 +57,7 @@ public interface TurbineAccessControlLis
/**
* Retrieves a set of Roles an user is assigned in the global Group.
*
- * @return the set of Roles this user has within the global Group.
+ * @return the set of Roles this user has within the global Group or null.
*/
RoleSet getRoles();
@@ -208,4 +208,11 @@ public interface TurbineAccessControlLis
* from within WebMacro/Velocity template
*/
Group[] getAllGroups();
+
+ /**
+ * Retrieves a set of Groups an user is assigned to.
+ *
+ * @return the set of Groups this user is assigned to.
+ */
+ GroupSet getGroupSet();
}
Modified: turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java (original)
+++ turbine/fulcrum/trunk/security/api/src/java/org/apache/fulcrum/security/model/turbine/TurbineAccessControlListImpl.java Tue Aug 3 10:04:22 2021
@@ -23,6 +23,7 @@ import java.util.HashMap;
import java.util.Map;
import java.util.Set;
+import org.apache.avalon.framework.logger.Logger;
import org.apache.fulcrum.security.GroupManager;
import org.apache.fulcrum.security.RoleManager;
import org.apache.fulcrum.security.entity.Group;
@@ -75,6 +76,9 @@ public class TurbineAccessControlListImp
/** the distinct list of permissions that this user has */
private PermissionSet permissionSet = new PermissionSet();
+
+ /** the Avalon logger */
+ private transient Logger logger;
/**
* Constructs a new AccessControlList.
@@ -90,21 +94,30 @@ public class TurbineAccessControlListImp
* The set of user/group/role relations that this acl is built from
* @param groupManager the Group manager
* @param roleManager the Role manager
- * @param modelManager he model Manager
+ * @param modelManager the model Manager
+ * @param logger
*
* @throws FulcrumSecurityException if the global group cannot be retrieved
*/
public TurbineAccessControlListImpl(
Set<? extends TurbineUserGroupRole> turbineUserGroupRoleSet,
- GroupManager groupManager, RoleManager roleManager, TurbineModelManager modelManager) throws FulcrumSecurityException
+ GroupManager groupManager, RoleManager roleManager, TurbineModelManager modelManager, Logger logger) throws FulcrumSecurityException
{
this.roleSets = new HashMap<Group, RoleSet>();
this.permissionSets = new HashMap<Group, PermissionSet>();
this.groupManager = groupManager;
+
+ this.logger = logger;
for (TurbineUserGroupRole ugr : turbineUserGroupRoleSet)
{
Group group = ugr.getGroup();
+ // check if group matches
+ if (this.logger != null && this.groupManager != null && group.getClass() != this.groupManager.getGroupInstance().getClass()) {
+ this.logger.warn( "Turbine group classes do not match, some lookup might fail, check in componentConfiguration.xml. Expected class: " +
+ this.groupManager.getGroupInstance().getClass() + ", actual class: " +group.getClass()
+ );
+ }
groupSet.add(group);
Role role = ugr.getRole();
@@ -147,13 +160,9 @@ public class TurbineAccessControlListImp
}
}
// this check might be not needed any more, required for custom group
- if (groupManager != null)
- {
- this.globalGroup = groupManager.getGroupByName(modelManager.getGlobalGroupName());
- }
- else
+ if (modelManager != null)
{
- this.globalGroup = groupSet.getByName(TurbineModelManager.GLOBAL_GROUP_NAME);
+ this.globalGroup = modelManager.getGlobalGroup();
}
}
@@ -176,7 +185,7 @@ public class TurbineAccessControlListImp
/**
* Retrieves a set of Roles an user is assigned in the global Group.
*
- * @return the set of Roles this user has within the global Group.
+ * @return the set of Roles this user has within the global Group or null.
*/
@Override
public RoleSet getRoles()
@@ -502,11 +511,18 @@ public class TurbineAccessControlListImp
{
try
{
- return groupManager.getAllGroups().toArray(new Group[0]);
+ return (groupManager != null)? groupManager.getAllGroups().toArray(new Group[0])
+ : new Group[0];
}
catch (FulcrumSecurityException e)
{
return new Group[0];
}
}
+
+ @Override
+ public GroupSet getGroupSet()
+ {
+ return groupSet;
+ }
}
Modified: turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java (original)
+++ turbine/fulcrum/trunk/security/api/src/test/org/apache/fulcrum/security/model/ACLFactoryTest.java Tue Aug 3 10:04:22 2021
@@ -46,8 +46,12 @@ import org.apache.fulcrum.security.model
import org.apache.fulcrum.security.model.turbine.entity.impl.TurbinePermissionImpl;
import org.apache.fulcrum.security.model.turbine.entity.impl.TurbineRoleImpl;
import org.apache.fulcrum.security.model.turbine.entity.impl.TurbineUserImpl;
+import org.apache.fulcrum.security.util.RoleSet;
import org.apache.fulcrum.testcontainer.BaseUnit5Test;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import org.junit.jupiter.api.Test;
@@ -97,6 +101,15 @@ public class ACLFactoryTest extends Base
assertTrue(acl instanceof TurbineAccessControlList);
TurbineAccessControlList tacl = (TurbineAccessControlList) acl;
assertTrue(tacl.hasPermission(permission, group));
+
+ RoleSet roleSet = tacl.getRoles( group );
+ assertTrue(roleSet.contains( role ), "expect group "+ group + " has role "+ role);
+
+ assertNull( tacl.getRoles(), "expect no role in global group");
+// assertTrue(tacl.getAllGroups().length > 0,
+// "expect length for all group set:" + tacl.getAllGroups());
+ assertTrue(tacl.getGroupSet().size() > 0,
+ "expect length for all group set:" + tacl.getAllGroups());
}
@Test
Modified: turbine/fulcrum/trunk/security/pom.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/pom.xml?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/pom.xml (original)
+++ turbine/fulcrum/trunk/security/pom.xml Tue Aug 3 10:04:22 2021
@@ -131,6 +131,12 @@
<version>${turbine.log4j2.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.avalon.framework</groupId>
+ <artifactId>avalon-framework-api</artifactId>
+ <version>4.3.1</version>
+ <scope>provided</scope>
+ </dependency>
</dependencies>
</dependencyManagement>
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/om/TorqueTurbineUserGroupRolePeerImpl.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/om/TorqueTurbineUserGroupRolePeerImpl.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/om/TorqueTurbineUserGroupRolePeerImpl.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/om/TorqueTurbineUserGroupRolePeerImpl.java Tue Aug 3 10:04:22 2021
@@ -23,11 +23,10 @@ public class TorqueTurbineUserGroupRoleP
/** Serial version */
private static final long serialVersionUID = 1608546448609L;
- @Override
- public List doSelectJoinTurbineRole(Criteria criteria, Connection con) throws TorqueException {
- return doSelectJoinTorqueTurbineRole(criteria, con);
- }
-
-
+ @Override
+ public List doSelectJoinTurbineGroup(Criteria criteria, Connection con) throws TorqueException
+ {
+ return doSelectJoinTorqueTurbineGroup(criteria, con);
+ }
}
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/TorqueTurbineUserGroupRolePeer.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/TorqueTurbineUserGroupRolePeer.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/TorqueTurbineUserGroupRolePeer.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/TorqueTurbineUserGroupRolePeer.java Tue Aug 3 10:04:22 2021
@@ -37,7 +37,7 @@ public interface TorqueTurbineUserGroupR
extends Peer
{
- List<T> doSelectJoinTurbineRole( Criteria criteria, Connection con ) throws TorqueException;
+ List<T> doSelectJoinTurbineGroup( Criteria criteria, Connection con ) throws TorqueException;
TableMap getTableMap() throws TorqueException;
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/managers/PeerGroupManager.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/managers/PeerGroupManager.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/managers/PeerGroupManager.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/peer/managers/PeerGroupManager.java Tue Aug 3 10:04:22 2021
@@ -50,7 +50,6 @@ public abstract class PeerGroupManager e
{
super.configure( conf );
- // peerClassName = conf.getChild( PEER_CLASS_NAME_KEY).getValue( "org.apache.fulcrum.security.torque.om.TorqueTurbineGroupPeer" );
peerClassName = conf.getChild( PEER_CLASS_NAME_KEY).getValue( null );
if (peerClassName != null) {
setPeerClassName( peerClassName );
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/DefaultAbstractTurbineUser.java Tue Aug 3 10:04:22 2021
@@ -46,11 +46,11 @@ public abstract class DefaultAbstractTur
{
/** Serial version */
private static final long serialVersionUID = -7255623655281852566L;
-
+
/**
* Forward reference to module generated code
*
- * Get a list of association objects, pre-populated with their TurbineRole
+ * Get a list of association objects, pre-populated with their TurbineGroup
* objects.
*
* Does intentionally not initialize the cache collTurbineUserGroupRoles for referenced objects.
@@ -65,28 +65,29 @@ public abstract class DefaultAbstractTur
* @return a list of User/Group/Role relations
* @throws TorqueException if any database error occurs
*/
- protected <T extends TurbineUserGroupRoleModelPeerMapper> List<T> getTurbineUserGroupRolesJoinTurbineRole(Criteria criteria, Connection con)
+ protected <T extends TurbineUserGroupRoleModelPeerMapper> List<T> getTurbineUserGroupRolesJoinTurbineGroup(Criteria criteria, Connection con)
throws TorqueException, DataBackendException
{
criteria.and(TurbineUserGroupRolePeer.USER_ID, getEntityId() );
try {
- return (List<T>) TurbineUserGroupRolePeer.doSelectJoinTurbineRole(criteria, con);
+ return (List<T>) TurbineUserGroupRolePeer.doSelectJoinTurbineGroup(criteria, con);
} catch ( TorqueException e) {
throw new DataBackendException( e.getMessage(), e );
}
}
- /* (non-Javadoc)
+ /**
* @see org.apache.fulcrum.security.torque.security.turbine.TorqueAbstractTurbineTurbineSecurityEntityDefault#retrieveAttachedObjects(java.sql.Connection, java.lang.Boolean, java.util.List)
*/
@Override
public <T extends TurbineUserGroupRoleModelPeerMapper> void retrieveAttachedObjects( Connection con, Boolean lazy, List<T> ugrs ) throws DataBackendException, TorqueException
{
- if (!lazy ) { // !lazy
+ if (!lazy ) {
Set<TurbineUserGroupRole> userGroupRoleSet = new HashSet<TurbineUserGroupRole>();
if (ugrs == null) { // default
- ugrs = getTurbineUserGroupRolesJoinTurbineRole(new Criteria(), con);
+ // the groups are the keys in roleset, roles are not expected to be used as keys
+ ugrs = getTurbineUserGroupRolesJoinTurbineGroup(new Criteria(), con);
}
maptoModel( con, userGroupRoleSet, ugrs );
@@ -104,8 +105,9 @@ public abstract class DefaultAbstractTur
if (!lazy) {
Set<TurbineUserGroupRole> userGroupRoleSet = new HashSet<TurbineUserGroupRole>();
- List<TurbineUserGroupRoleModelPeerMapper> ugrs = getTurbineUserGroupRolesJoinTurbineRole(new Criteria(), con);
+ List<TurbineUserGroupRoleModelPeerMapper> ugrs = getTurbineUserGroupRolesJoinTurbineGroup(new Criteria(), con);
+ // TODO: Need to call this too to fetch right role object? getTurbineUserGroupRolesJoinTurbineRole
// org.apache.fulcrum.security.torque.om.TurbineUserGroupRole
maptoModel( con, userGroupRoleSet, ugrs );
@@ -168,11 +170,12 @@ public abstract class DefaultAbstractTur
/**
* @param con data connection
- * @param userGroupRoleSet U/G/R set
+ * @param userGroupRoleSet U/G/R to be set / target object
* @param ugrs list of all ugrs
* @throws TorqueException if data connection could not be found
*/
- private <T extends TurbineUserGroupRoleModelPeerMapper> void maptoModel( Connection con, Set<TurbineUserGroupRole> userGroupRoleSet,
+ private <T extends TurbineUserGroupRoleModelPeerMapper> void maptoModel( Connection con,
+ Set<TurbineUserGroupRole> userGroupRoleSet,
List<T> ugrs )
throws DataBackendException
{
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/FulcrumAbstractTurbineUser.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/FulcrumAbstractTurbineUser.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/FulcrumAbstractTurbineUser.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/FulcrumAbstractTurbineUser.java Tue Aug 3 10:04:22 2021
@@ -58,11 +58,11 @@ public abstract class FulcrumAbstractTur
*
* @return a list of User/Group/Role relations
*/
- protected List<TorqueTurbineUserGroupRole> getTorqueTurbineUserGroupRolesJoinTorqueTurbineRole(Criteria criteria, Connection con)
+ protected List<TorqueTurbineUserGroupRole> getTorqueTurbineUserGroupRolesJoinTorqueTurbineGroup(Criteria criteria, Connection con)
throws TorqueException
{
criteria.and(TorqueTurbineUserGroupRolePeer.USER_ID, getEntityId() );
- return TorqueTurbineUserGroupRolePeer.doSelectJoinTorqueTurbineRole(criteria, con);
+ return TorqueTurbineUserGroupRolePeer.doSelectJoinTorqueTurbineGroup(criteria, con);
}
/* (non-Javadoc)
@@ -84,7 +84,7 @@ public abstract class FulcrumAbstractTur
try {
if (!lazy) {
Set<TurbineUserGroupRole> userGroupRoleSet = new HashSet<TurbineUserGroupRole>();
- List<TorqueTurbineUserGroupRole> ugrs = getTorqueTurbineUserGroupRolesJoinTorqueTurbineRole(new Criteria(), con);
+ List<TorqueTurbineUserGroupRole> ugrs = getTorqueTurbineUserGroupRolesJoinTorqueTurbineGroup(new Criteria(), con);
for (TorqueTurbineUserGroupRole ttugr : ugrs)
{
Modified: turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineUserManagerImpl.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineUserManagerImpl.java?rev=1891978&r1=1891977&r2=1891978&view=diff
==============================================================================
--- turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineUserManagerImpl.java (original)
+++ turbine/fulcrum/trunk/security/torque/src/java/org/apache/fulcrum/security/torque/turbine/TorqueTurbineUserManagerImpl.java Tue Aug 3 10:04:22 2021
@@ -347,7 +347,7 @@ public class TorqueTurbineUserManagerImp
Criteria criteria = new Criteria();
// expecting the same name in any custom implementation
criteria.where(peerInstance.getTableMap().getColumn(getColumnName4UserGroupRole() ), ( (TorqueAbstractSecurityEntity) user ).getEntityId() );
- List<TurbineUserGroupRoleModelPeerMapper> ugrs = peerInstance.doSelectJoinTurbineRole( criteria, con );
+ List<TurbineUserGroupRoleModelPeerMapper> ugrs = peerInstance.doSelectJoinTurbineGroup( criteria, con );
if (user instanceof TorqueAbstractTurbineTurbineSecurityEntityDefault) {
((TorqueAbstractTurbineTurbineSecurityEntityDefault)user).retrieveAttachedObjects(con, false, ugrs);