You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by gn...@apache.org on 2006/12/06 01:25:33 UTC
svn commit: r482842 - in /incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security: SecuredBroker.java acl/AuthorizationMap.java acl/impl/AuthorizationEntry.java acl/impl/DefaultAuthorizationMap.java

Author: gnodet
Date: Tue Dec  5 16:25:31 2006
New Revision: 482842

URL: http://svn.apache.org/viewvc?view=rev&rev=482842
Log:
SM-769: Authorization entries should be defined per operation

Modified:
    incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java
    incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java
    incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java
    incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java

Modified: incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java?view=diff&rev=482842&r1=482841&r2=482842
==============================================================================
--- incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java (original)
+++ incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/SecuredBroker.java Tue Dec  5 16:25:31 2006
@@ -64,7 +64,7 @@
             resolveAddress(exchange);
             ServiceEndpoint se = exchange.getEndpoint();
             if (se != null) {
-                Set acls = authorizationMap.getAcls(se);
+                Set acls = authorizationMap.getAcls(se, me.getOperation());
                 if (!acls.contains(GroupPrincipal.ANY)) { 
                     Subject subject = exchange.getMessage("in").getSecuritySubject();
                     if (subject == null) {

Modified: incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java?view=diff&rev=482842&r1=482841&r2=482842
==============================================================================
--- incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java (original)
+++ incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/AuthorizationMap.java Tue Dec  5 16:25:31 2006
@@ -19,9 +19,10 @@
 import java.util.Set;
 
 import javax.jbi.servicedesc.ServiceEndpoint;
+import javax.xml.namespace.QName;
 
 public interface AuthorizationMap {
 
-    Set getAcls(ServiceEndpoint endpoint);
+    Set getAcls(ServiceEndpoint endpoint, QName operation);
     
 }

Modified: incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java?view=diff&rev=482842&r1=482841&r2=482842
==============================================================================
--- incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java (original)
+++ incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/AuthorizationEntry.java Tue Dec  5 16:25:31 2006
@@ -49,20 +49,23 @@
     private Set acls;
     private QName service;
     private String endpoint;
+    private QName operation;
     private String type = TYPE_ADD;
 
     public AuthorizationEntry() {
     }
     
-    public AuthorizationEntry(QName service, String endpoint, String roles) {
+    public AuthorizationEntry(QName service, String endpoint, QName operation, String roles) {
         this.service = service;
         this.endpoint = endpoint;
+        this.operation = operation;
         setRoles(roles);
     }
     
-    public AuthorizationEntry(QName service, String endpoint, String roles, String type) {
+    public AuthorizationEntry(QName service, String endpoint, QName operation, String roles, String type) {
         this.service = service;
         this.endpoint = endpoint;
+        this.operation = operation;
         setRoles(roles);
         this.type = type;
     }
@@ -113,6 +116,20 @@
             service = new QName(service.getPrefix(), service.getLocalPart());
         }
         this.service = service;
+    }
+
+    /**
+     * @return the operation
+     */
+    public QName getOperation() {
+        return operation;
+    }
+
+    /**
+     * @param operation the operation to set
+     */
+    public void setOperation(QName operation) {
+        this.operation = operation;
     }
 
     /**

Modified: incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java?view=diff&rev=482842&r1=482841&r2=482842
==============================================================================
--- incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java (original)
+++ incubator/servicemix/trunk/core/servicemix-core/src/main/java/org/apache/servicemix/jbi/security/acl/impl/DefaultAuthorizationMap.java Tue Dec  5 16:25:31 2006
@@ -74,14 +74,14 @@
         this.defaultEntry = defaultEntry;
     }
 
-    public Set getAcls(ServiceEndpoint endpoint) {
+    public Set getAcls(ServiceEndpoint endpoint, QName operation) {
         Set acls = new HashSet();
         if (defaultEntry != null) {
             acls.add(defaultEntry);
         }
         for (Iterator iter = authorizationEntries.iterator(); iter.hasNext();) {
             AuthorizationEntry entry = (AuthorizationEntry) iter.next();
-            if (match(entry, endpoint)) {
+            if (match(entry, endpoint, operation)) {
                 if (AuthorizationEntry.TYPE_ADD.equalsIgnoreCase(entry.getType())) {
                     acls.addAll(entry.getAcls());
                 } else if (AuthorizationEntry.TYPE_SET.equalsIgnoreCase(entry.getType())) {
@@ -95,9 +95,10 @@
         return acls;
     }
 
-    protected boolean match(AuthorizationEntry entry, ServiceEndpoint endpoint) {
+    protected boolean match(AuthorizationEntry entry, ServiceEndpoint endpoint, QName operation) {
         return match(entry.getService(), endpoint.getServiceName()) &&
-               match(entry.getEndpoint(), endpoint.getEndpointName());
+               match(entry.getEndpoint(), endpoint.getEndpointName()) &&
+               (entry.getOperation() == null || operation == null || match(entry.getOperation(), operation));
     }
 
     private boolean match(QName acl, QName target) {