You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by gn...@apache.org on 2006/12/06 01:25:33 UTC
svn commit: r482842 - in
/incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security:
SecuredBroker.java acl/AuthorizationMap.java
acl/impl/AuthorizationEntry.java acl/impl/DefaultAuthorizationMap.java
Author: gnodet
Date: Tue Dec 5 16:25:31 2006
New Revision: 482842
URL: http://svn.apache.org/viewvc?view=rev&rev=482842
Log:
SM-769: Authorization entries should be defined per operation
Modified:
incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java
incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java
incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java
incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java
Modified: incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java?view=diff&rev=482842&r1=482841&r2=482842
==============================================================================
--- incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java (original)
+++ incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java Tue Dec 5 16:25:31 2006
@@ -64,7 +64,7 @@
resolveAddress(exchange);
ServiceEndpoint se = exchange.getEndpoint();
if (se != null) {
- Set acls = authorizationMap.getAcls(se);
+ Set acls = authorizationMap.getAcls(se, me.getOperation());
if (!acls.contains(GroupPrincipal.ANY)) {
Subject subject = exchange.getMessage("in").getSecuritySubject();
if (subject == null) {
Modified: incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java?view=diff&rev=482842&r1=482841&r2=482842
==============================================================================
--- incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java (original)
+++ incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java Tue Dec 5 16:25:31 2006
@@ -19,9 +19,10 @@
import java.util.Set;
import javax.jbi.servicedesc.ServiceEndpoint;
+import javax.xml.namespace.QName;
public interface AuthorizationMap {
- Set getAcls(ServiceEndpoint endpoint);
+ Set getAcls(ServiceEndpoint endpoint, QName operation);
}
Modified: incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java?view=diff&rev=482842&r1=482841&r2=482842
==============================================================================
--- incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java (original)
+++ incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java Tue Dec 5 16:25:31 2006
@@ -49,20 +49,23 @@
private Set acls;
private QName service;
private String endpoint;
+ private QName operation;
private String type = TYPE_ADD;
public AuthorizationEntry() {
}
- public AuthorizationEntry(QName service, String endpoint, String roles) {
+ public AuthorizationEntry(QName service, String endpoint, QName operation, String roles) {
this.service = service;
this.endpoint = endpoint;
+ this.operation = operation;
setRoles(roles);
}
- public AuthorizationEntry(QName service, String endpoint, String roles, String type) {
+ public AuthorizationEntry(QName service, String endpoint, QName operation, String roles, String type) {
this.service = service;
this.endpoint = endpoint;
+ this.operation = operation;
setRoles(roles);
this.type = type;
}
@@ -113,6 +116,20 @@
service = new QName(service.getPrefix(), service.getLocalPart());
}
this.service = service;
+ }
+
+ /**
+ * @return the operation
+ */
+ public QName getOperation() {
+ return operation;
+ }
+
+ /**
+ * @param operation the operation to set
+ */
+ public void setOperation(QName operation) {
+ this.operation = operation;
}
/**
Modified: incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java?view=diff&rev=482842&r1=482841&r2=482842
==============================================================================
--- incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java (original)
+++ incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java Tue Dec 5 16:25:31 2006
@@ -74,14 +74,14 @@
this.defaultEntry = defaultEntry;
}
- public Set getAcls(ServiceEndpoint endpoint) {
+ public Set getAcls(ServiceEndpoint endpoint, QName operation) {
Set acls = new HashSet();
if (defaultEntry != null) {
acls.add(defaultEntry);
}
for (Iterator iter = authorizationEntries.iterator(); iter.hasNext();) {
AuthorizationEntry entry = (AuthorizationEntry) iter.next();
- if (match(entry, endpoint)) {
+ if (match(entry, endpoint, operation)) {
if (AuthorizationEntry.TYPE_ADD.equalsIgnoreCase(entry.getType())) {
acls.addAll(entry.getAcls());
} else if (AuthorizationEntry.TYPE_SET.equalsIgnoreCase(entry.getType())) {
@@ -95,9 +95,10 @@
return acls;
}
- protected boolean match(AuthorizationEntry entry, ServiceEndpoint endpoint) {
+ protected boolean match(AuthorizationEntry entry, ServiceEndpoint endpoint, QName operation) {
return match(entry.getService(), endpoint.getServiceName()) &&
- match(entry.getEndpoint(), endpoint.getEndpointName());
+ match(entry.getEndpoint(), endpoint.getEndpointName()) &&
+ (entry.getOperation() == null || operation == null || match(entry.getOperation(), operation));
}
private boolean match(QName acl, QName target) {