You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2020/06/23 05:50:01 UTC
[isis] branch master updated: ISIS-2379: some post merge
refactoring ...
This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new 564e28c ISIS-2379: some post merge refactoring ...
564e28c is described below
commit 564e28ccf1e9855b6527b52bfe6d85982abb673d
Author: Andi Huber <ah...@apache.org>
AuthorDate: Tue Jun 23 07:49:41 2020 +0200
ISIS-2379: some post merge refactoring ...
- pass over the user entity to the UserCreatedEvent
- align package names
- move config option 'autoEnableIfDelegatedAndAuthenticated'
-- from IsisConfiguration
-- to SecurityModuleConfig
---
.../apache/isis/core/config/IsisConfiguration.java | 9 +--
.../secman/api/SecurityModuleConfig.java | 12 ++++
.../secman/api/events/UserCreatedEvent.java | 64 ++++++++++++++++++++++
.../extensions/secman/api/user/AccountType.java | 8 +++
.../extensions/secman/events/UserCreatedEvent.java | 16 ------
.../extensions/secman/events/package-info.java | 1 -
.../jdo/dom/user/ApplicationUserRepository.java | 23 +++-----
.../shiro/IsisModuleExtSecmanShiroRealm.java | 6 +-
8 files changed, 97 insertions(+), 42 deletions(-)
diff --git a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
index 3c5497a..73d2dc6 100644
--- a/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
+++ b/core/config/src/main/java/org/apache/isis/core/config/IsisConfiguration.java
@@ -126,14 +126,7 @@ public class IsisConfiguration {
* </p>
*/
private boolean autoLogoutIfAlreadyAuthenticated = false;
- /**
- * Delegated users, on first successful logon, are auto-created but disabled (by default).
- * <p>
- * This option allows to override this behavior, such that authenticated
- * users are also auto-enabled.
- *
- */
- private boolean autoEnableIfDelegatedAndAuthenticated = false;
+
}
}
diff --git a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/SecurityModuleConfig.java b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/SecurityModuleConfig.java
index fc316d4..dd9d233 100644
--- a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/SecurityModuleConfig.java
+++ b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/SecurityModuleConfig.java
@@ -62,6 +62,18 @@ public class SecurityModuleConfig {
@Getter @Singular
final Set<String> adminAdditionalPackagePermissions;
+
+ /**
+ * Delegated users, on first successful logon, are auto-created but disabled (by default).
+ * <p>
+ * This option allows to override this behavior, such that authenticated
+ * users are also auto-enabled.
+ * <p>
+ * default: false
+ *
+ */
+ @Getter @Builder.Default
+ final boolean autoEnableIfDelegatedAndAuthenticated = false;
// -- UTILITIES
diff --git a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/events/UserCreatedEvent.java b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/events/UserCreatedEvent.java
new file mode 100644
index 0000000..bea7172
--- /dev/null
+++ b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/events/UserCreatedEvent.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.isis.extensions.secman.api.events;
+
+import org.apache.isis.extensions.secman.api.user.AccountType;
+import org.apache.isis.extensions.secman.api.user.ApplicationUser;
+
+import lombok.NonNull;
+import lombok.Value;
+
+/**
+ * SecMan fires this event when a new user entity just got persisted.
+ * <p>
+ * Users may subscribe to this event in order to apply business
+ * logic to the newly created user. eg. add default roles
+ * <p>
+ * <pre>
+ * @Component
+ * public class Listener {
+ * @EventListener(UserCreatedEvent.class)
+ * public void listenOn(UserCreatedEvent<String> event) {
+ * // business logic ...
+ * }
+ * }
+ *
+ * </pre>
+ * @since Jun 23, 2020
+ */
+@Value(staticConstructor="of")
+public class UserCreatedEvent {
+
+ @NonNull private ApplicationUser user;
+
+ // -- SHORTCUTS
+
+ public AccountType getAccountType() {
+ return user.getAccountType();
+ }
+
+ public String getUserName() {
+ return user.getUsername();
+ }
+
+ public boolean isDelegated() {
+ return getAccountType()!=null && getAccountType().isDelegated();
+ }
+
+}
diff --git a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/user/AccountType.java b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/user/AccountType.java
index 1081011..eeaea49 100644
--- a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/user/AccountType.java
+++ b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/user/AccountType.java
@@ -28,6 +28,14 @@ public enum AccountType {
LOCAL,
DELEGATED;
+ public boolean isLocal() {
+ return this==LOCAL;
+ }
+
+ public boolean isDelegated() {
+ return this==DELEGATED;
+ }
+
@Override
public String toString() {
return StringExtensions.capitalize(name());
diff --git a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/events/UserCreatedEvent.java b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/events/UserCreatedEvent.java
deleted file mode 100644
index 7b278d3..0000000
--- a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/events/UserCreatedEvent.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.apache.isis.extensions.secman.events;
-
-
-import lombok.Getter;
-import lombok.Value;
-
-@Value(staticConstructor="of")
-public class UserCreatedEvent {
- public static enum EventType {
- localUser,
- delegateUser
- }
- @Getter UserCreatedEvent.EventType eventType;
- @Getter String userName;
-
-}
diff --git a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/events/package-info.java b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/events/package-info.java
deleted file mode 100644
index 4f3b36a..0000000
--- a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/events/package-info.java
+++ /dev/null
@@ -1 +0,0 @@
-package org.apache.isis.extensions.secman.events;
\ No newline at end of file
diff --git a/extensions/security/secman/persistence-jdo/src/main/java/org/apache/isis/extensions/secman/jdo/dom/user/ApplicationUserRepository.java b/extensions/security/secman/persistence-jdo/src/main/java/org/apache/isis/extensions/secman/jdo/dom/user/ApplicationUserRepository.java
index b22d40a9..631cef6 100644
--- a/extensions/security/secman/persistence-jdo/src/main/java/org/apache/isis/extensions/secman/jdo/dom/user/ApplicationUserRepository.java
+++ b/extensions/security/secman/persistence-jdo/src/main/java/org/apache/isis/extensions/secman/jdo/dom/user/ApplicationUserRepository.java
@@ -23,9 +23,12 @@ import java.util.Collections;
import java.util.Optional;
import java.util.function.Consumer;
+import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
+import org.springframework.stereotype.Repository;
+
import org.apache.isis.applib.query.QueryDefault;
import org.apache.isis.applib.services.eventbus.EventBusService;
import org.apache.isis.applib.services.factory.FactoryService;
@@ -38,13 +41,12 @@ import org.apache.isis.core.commons.internal.exceptions._Exceptions;
import org.apache.isis.core.config.IsisConfiguration;
import org.apache.isis.extensions.secman.api.SecurityModuleConfig;
import org.apache.isis.extensions.secman.api.encryption.PasswordEncryptionService;
+import org.apache.isis.extensions.secman.api.events.UserCreatedEvent;
import org.apache.isis.extensions.secman.api.user.AccountType;
import org.apache.isis.extensions.secman.api.user.ApplicationUserStatus;
-import org.apache.isis.extensions.secman.events.UserCreatedEvent;
import org.apache.isis.extensions.secman.jdo.dom.role.ApplicationRole;
import org.apache.isis.extensions.secman.model.dom.user.ApplicationUser_lock;
import org.apache.isis.extensions.secman.model.dom.user.ApplicationUser_unlock;
-import org.springframework.stereotype.Repository;
import lombok.NonNull;
import lombok.val;
@@ -196,8 +198,8 @@ implements org.apache.isis.extensions.secman.api.user.ApplicationUserRepository<
@Override
public ApplicationUser newUser(
- String username,
- AccountType accountType,
+ @NonNull String username,
+ @Nullable AccountType accountType,
Consumer<ApplicationUser> beforePersist) {
val user = newApplicationUser();
@@ -205,21 +207,14 @@ implements org.apache.isis.extensions.secman.api.user.ApplicationUserRepository<
user.setAccountType(accountType);
beforePersist.accept(user);
if(user.getAccountType().equals(AccountType.LOCAL)) {
- // keep null that is set for status in accept() call above
+ // keep null when is set for status in accept() call above
} else {
- val shiroConf = isisConfiguration.getSecurity().getShiro();
- user.setStatus(shiroConf.isAutoEnableIfDelegatedAndAuthenticated()
+ user.setStatus(configBean.isAutoEnableIfDelegatedAndAuthenticated()
? ApplicationUserStatus.ENABLED
: ApplicationUserStatus.DISABLED);
}
repository.persistAndFlush(user);
- eventBusService.post(UserCreatedEvent.of(
- user.getAccountType().equals(AccountType.LOCAL) ?
- UserCreatedEvent.EventType.localUser :
- UserCreatedEvent.EventType.delegateUser, username)
- );
-
-
+ eventBusService.post(UserCreatedEvent.of(user));
return user;
}
diff --git a/extensions/security/secman/shiro-realm/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java b/extensions/security/secman/shiro-realm/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java
index 872bdb9..502cd64 100644
--- a/extensions/security/secman/shiro-realm/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java
+++ b/extensions/security/secman/shiro-realm/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java
@@ -43,6 +43,7 @@ import org.apache.isis.core.commons.internal.assertions._Assert;
import org.apache.isis.core.config.IsisConfiguration;
import org.apache.isis.core.runtime.iactn.IsisInteractionFactory;
import org.apache.isis.core.security.authorization.standard.Authorizor;
+import org.apache.isis.extensions.secman.api.SecurityModuleConfig;
import org.apache.isis.extensions.secman.api.SecurityRealm;
import org.apache.isis.extensions.secman.api.SecurityRealmCharacteristic;
import org.apache.isis.extensions.secman.api.encryption.PasswordEncryptionService;
@@ -61,6 +62,7 @@ public class IsisModuleExtSecmanShiroRealm extends AuthorizingRealm implements S
@Inject protected ServiceInjector serviceInjector;
@Inject protected IsisInteractionFactory isisInteractionFactory;
@Inject protected PlatformTransactionManager txMan;
+ @Inject private SecurityModuleConfig configBean;
@Inject protected IsisConfiguration isisConfiguration;
@Getter @Setter private AuthenticatingRealm delegateAuthenticationRealm;
@@ -116,9 +118,7 @@ public class IsisModuleExtSecmanShiroRealm extends AuthorizingRealm implements S
_Assert.assertNotNull(newPrincipal);
- val shiroConf = isisConfiguration.getSecurity().getShiro();
-
- if(shiroConf.isAutoEnableIfDelegatedAndAuthenticated()) {
+ if(configBean.isAutoEnableIfDelegatedAndAuthenticated()) {
principal = newPrincipal;
} else {
_Assert.assertTrue(newPrincipal.isDisabled(), "As configured in " + SECMAN_ENABLE_DELEGATED_USERS + ", Auto-created user accounts must be initially disabled!");