You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2013/01/06 20:36:56 UTC
git commit: ISIS-290: IsisPermission stuff, fixes for archetype
Updated Branches:
refs/heads/master b09d1d232 -> ed3acebb4
ISIS-290: IsisPermission stuff, fixes for archetype
* missing license files for archetype
- remove AboutPageFilter from archetype
Project: http://git-wip-us.apache.org/repos/asf/isis/repo
Commit: http://git-wip-us.apache.org/repos/asf/isis/commit/ed3acebb
Tree: http://git-wip-us.apache.org/repos/asf/isis/tree/ed3acebb
Diff: http://git-wip-us.apache.org/repos/asf/isis/diff/ed3acebb
Branch: refs/heads/master
Commit: ed3acebb47704dbb946c17ae0e9eff09f51e51ca
Parents: b09d1d2
Author: Dan Haywood <da...@apache.org>
Authored: Sun Jan 6 19:07:42 2013 +0000
Committer: Dan Haywood <da...@apache.org>
Committed: Sun Jan 6 19:07:42 2013 +0000
----------------------------------------------------------------------
component/security/shiro/pom.xml | 13 ++
.../appended-resources/supplemental-models.xml | 90 ---------
.../shiro/ShiroAuthenticatorOrAuthorizor.java | 17 +-
.../apache/isis/security/shiro/ShiroConstants.java | 3 -
.../ShiroAuthenticationManagerInstaller.java | 1 -
.../shiro/authorization/IsisPermission.java | 120 ++++++++++++
.../authorization/IsisPermissionResolver.java | 30 +++
.../ShiroAuthorizationManagerInstaller.java | 1 -
...hiroSecurityManagerThreadLocalBinderFilter.java | 44 -----
component/security/shiro/src/site/apt/index.apt | 44 -----
component/security/shiro/src/site/apt/jottings.apt | 24 ---
component/security/shiro/src/site/site.xml | 41 ----
.../shiro/IsisPermissionTest_setParts.java | 58 ++++++
.../shiro/IsisPermissionTest_typicalUsage.java | 146 +++++++++++++++
.../shiro/ShiroAuthenticatorOrAuthorizorTest.java | 123 ++++---------
.../security/shiro/WildcardPermissionTest.java | 124 ------------
.../security/shiro/src/test/resources/shiro.ini | 23 ++-
.../dom/log4j.properties | 17 ++
.../dom/src/main/java/META-INF/persistence.xml | 18 ++
.../dom/src/main/java/dom/audit/AuditEntry.java | 18 ++
.../src/main/java/dom/audit/AuditServiceDemo.java | 18 ++
.../dom/src/main/java/dom/todo/ToDoItem.java | 4 +-
.../dom/src/main/java/dom/todo/ToDoItems.java | 1 -
.../main/java/fixture/todo/ToDoItemsFixture.java | 1 -
.../fixture/todo/ToDoItemsFixturesService.java | 1 -
.../main/java/objstore/jdo/todo/ToDoItemsJdo.java | 1 -
.../src/main/java/app/AboutPageFilter.java | 35 ----
.../ComponentFactoryRegistrarForQuickStart.java | 18 ++
.../src/main/java/app/QuickStartApplication.java | 25 ++-
.../src/main/resources/app/welcome.html | 19 ++
.../src/main/webapp/WEB-INF/shiro.ini | 25 +--
.../viewer-webapp/src/main/webapp/WEB-INF/web.xml | 25 +--
.../viewer-webapp/src/main/webapp/about/index.html | 4 +-
33 files changed, 576 insertions(+), 556 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/pom.xml
----------------------------------------------------------------------
diff --git a/component/security/shiro/pom.xml b/component/security/shiro/pom.xml
index a949814..5e54936 100644
--- a/component/security/shiro/pom.xml
+++ b/component/security/shiro/pom.xml
@@ -122,6 +122,19 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ <version>1.7.2</version>
+ <scope>test</scope>
+ </dependency>
+
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/main/appended-resources/supplemental-models.xml
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/appended-resources/supplemental-models.xml b/component/security/shiro/src/main/appended-resources/supplemental-models.xml
index ecd3906..da304ec 100644
--- a/component/security/shiro/src/main/appended-resources/supplemental-models.xml
+++ b/component/security/shiro/src/main/appended-resources/supplemental-models.xml
@@ -12,95 +12,5 @@
<supplementalDataModels xmlns="http://maven.apache.org/supplemental-model/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/supplemental-model/1.0.0 http://maven.apache.org/xsd/supplemental-model-1.0.0.xsd">
-
- <supplement>
- <project>
- <groupId>aopalliance</groupId>
- <artifactId>aopalliance</artifactId>
- <version>1.0</version>
- <licenses>
- <license>
- <name>Public Domain</name>
- </license>
- </licenses>
- </project>
- </supplement>
-
- <supplement>
- <!-- not quite sure why licenses:download-license flags this, since license info seems to be in its POM -->
- <project>
- <groupId>org.datanucleus</groupId>
- <artifactId>datanucleus-jodatime</artifactId>
- <version>3.1.1</version>
- <licenses>
- <license>
- <name>The Apache Software License, Version 2.0</name>
- <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
- </license>
- </licenses>
- </project>
- </supplement>
-
- <supplement>
- <project>
- <groupId>org.scannotation</groupId>
- <artifactId>scannotation</artifactId>
- <version>1.0.3</version>
- <licenses>
- <license>
- <name>The Apache Software License, Version 2.0</name>
- <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
- <distribution>repo</distribution>
- </license>
- </licenses>
- </project>
- </supplement>
-
- <supplement>
- <project>
- <groupId>dom4j</groupId>
- <artifactId>dom4j</artifactId>
- <version>1.6.1</version>
- <licenses>
- <license>
- <name>BSD License</name>
- <url>http://dom4j.sourceforge.net/dom4j-1.6.1/license.html</url>
- <distribution>repo</distribution>
- </license>
- </licenses>
- </project>
- </supplement>
-
- <supplement>
- <project>
- <groupId>net.jcip</groupId>
- <artifactId>jcip-annotations</artifactId>
- <version>1.0</version>
- <licenses>
- <license>
- <name>Creative Commons Attribution 2.5 License</name>
- <url>http://creativecommons.org/licenses/by/2.5/</url>
- <distribution>repo</distribution>
- </license>
- </licenses>
- </project>
- </supplement>
-
-
- <supplement>
- <project>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>2.7.0</version>
- <licenses>
- <license>
- <name>The Apache Software License, Version 2.0</name>
- <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
- <distribution>repo</distribution>
- </license>
- </licenses>
- </project>
- </supplement>
-
</supplementalDataModels>
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java
index 5c79e11..26c47c4 100644
--- a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java
+++ b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java
@@ -16,16 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.isis.security.shiro;
import java.util.Collection;
-import java.util.Collections;
import java.util.List;
import org.apache.isis.applib.Identifier;
-import org.apache.isis.applib.Identifier.Depth;
-import org.apache.isis.applib.Identifier.Type;
import org.apache.isis.core.commons.authentication.AuthenticationSession;
import org.apache.isis.core.commons.config.IsisConfiguration;
import org.apache.isis.core.runtime.authentication.AuthenticationManagerInstaller;
@@ -35,6 +31,7 @@ import org.apache.isis.core.runtime.authentication.standard.Authenticator;
import org.apache.isis.core.runtime.authentication.standard.SimpleSession;
import org.apache.isis.core.runtime.authorization.AuthorizationManagerInstaller;
import org.apache.isis.core.runtime.authorization.standard.Authorizor;
+import org.apache.isis.security.shiro.authorization.IsisPermission;
import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.UnavailableSecurityManagerException;
@@ -47,16 +44,11 @@ import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.config.IniSecurityManagerFactory;
-import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.RealmSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
-import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.Factory;
-import com.google.common.base.Splitter;
import com.google.common.collect.Lists;
/**
@@ -236,7 +228,12 @@ public class ShiroAuthenticatorOrAuthorizor implements Authenticator, Authorizor
String permission = asPermissionsString(identifier) + ":" + qualifier;
Subject subject = SecurityUtils.getSubject();
- return subject.isPermitted(permission);
+
+ try {
+ return subject.isPermitted(permission);
+ } finally {
+ IsisPermission.resetVetoedPermissions();
+ }
}
private static String asPermissionsString(Identifier identifier) {
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroConstants.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroConstants.java b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroConstants.java
index d5d0d51..b3b61e5 100644
--- a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroConstants.java
+++ b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroConstants.java
@@ -21,14 +21,11 @@ package org.apache.isis.security.shiro;
import org.apache.isis.core.commons.config.ConfigurationConstants;
import org.apache.isis.core.runtime.authentication.AuthenticationManagerInstaller;
-import org.apache.isis.core.runtime.authorization.AuthorizationManagerInstaller;
import org.apache.isis.security.shiro.authentication.ShiroAuthenticationManagerInstaller;
-import org.apache.isis.security.shiro.authorization.ShiroAuthorizationManagerInstaller;
public final class ShiroConstants {
public static final String ROOT_AUTHENTICATION = ConfigurationConstants.ROOT + AuthenticationManagerInstaller.TYPE + "." + ShiroAuthenticationManagerInstaller.NAME + ".";
- private static final String ROOT_AUTHORIZATION = ConfigurationConstants.ROOT + AuthorizationManagerInstaller.TYPE + "." + ShiroAuthorizationManagerInstaller.NAME + ".";
private ShiroConstants() {
}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticationManagerInstaller.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticationManagerInstaller.java b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticationManagerInstaller.java
index 7702e40..117bc8f 100644
--- a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticationManagerInstaller.java
+++ b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticationManagerInstaller.java
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.isis.security.shiro.authentication;
import java.util.List;
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java
new file mode 100644
index 0000000..5a546ff
--- /dev/null
+++ b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.isis.security.shiro.authorization;
+
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.WildcardPermission;
+
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+
+public class IsisPermission extends WildcardPermission {
+
+ private static final long serialVersionUID = 1L;
+ private static final Pattern PATTERN = Pattern.compile("([!]?)([^/]+)[/](.+)");
+
+ private static ThreadLocal<Map<String,List<IsisPermission>>> VETOING_PERMISSIONS = new ThreadLocal<Map<String,List<IsisPermission>>>() {
+ protected java.util.Map<String,List<IsisPermission>> initialValue() { return Maps.newTreeMap(); }
+ };
+
+ public static void resetVetoedPermissions() {
+ IsisPermission.VETOING_PERMISSIONS.get().clear();
+ }
+
+ public static boolean isVetoed(String permissionGroup, Permission p) {
+ if(permissionGroup == null) {
+ return false;
+ }
+ List<IsisPermission> vetoingPermissions = VETOING_PERMISSIONS.get().get(permissionGroup);
+ if(vetoingPermissions == null || vetoingPermissions.isEmpty()) {
+ return false;
+ }
+ for(IsisPermission vetoingPermission: vetoingPermissions) {
+ if(vetoingPermission.impliesWithoutVeto(p)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public static void addVeto(IsisPermission vetoingPermission) {
+ String permissionGroup = vetoingPermission.getPermissionGroup();
+ List<IsisPermission> vetoingPermissions = IsisPermission.VETOING_PERMISSIONS.get().get(permissionGroup);
+ if(vetoingPermissions == null) {
+ vetoingPermissions = Lists.newArrayList();
+ IsisPermission.VETOING_PERMISSIONS.get().put(permissionGroup, vetoingPermissions);
+ }
+ vetoingPermissions.add(vetoingPermission);
+ }
+
+ private boolean veto;
+ private String permissionGroup;
+
+ public IsisPermission() {
+ }
+
+ public IsisPermission(String wildcardString, boolean caseSensitive) {
+ super(wildcardString, caseSensitive);
+ }
+
+ public IsisPermission(String wildcardString) {
+ super(wildcardString);
+ }
+
+ @Override
+ protected void setParts(String wildcardString, boolean caseSensitive) {
+ Matcher matcher = PATTERN.matcher(wildcardString);
+ if(matcher.matches()) {
+ veto = matcher.group(1).length() > 0;
+ permissionGroup = matcher.group(2);
+ super.setParts(matcher.group(3), caseSensitive);
+ } else {
+ super.setParts(wildcardString, caseSensitive);
+ }
+ }
+
+ @Override
+ public boolean implies(Permission p) {
+ if(veto) {
+ IsisPermission.addVeto(this);
+ return false;
+ } else {
+ return !IsisPermission.isVetoed(this.permissionGroup, p) && super.implies(p);
+ }
+ }
+
+ boolean impliesWithoutVeto(Permission p) {
+ return super.implies(p);
+ }
+
+ String getPermissionGroup() {
+ return permissionGroup;
+ }
+
+ @Override
+ public String toString() {
+ return (veto?"!":"") + (permissionGroup != null? permissionGroup + "/": "") + super.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java
new file mode 100644
index 0000000..46eed8c
--- /dev/null
+++ b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.isis.security.shiro.authorization;
+
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.PermissionResolver;
+
+public class IsisPermissionResolver implements PermissionResolver {
+
+ public Permission resolvePermission(String permissionString) {
+ return new IsisPermission(permissionString);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizationManagerInstaller.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizationManagerInstaller.java b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizationManagerInstaller.java
index 2858813..8dd09b2 100644
--- a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizationManagerInstaller.java
+++ b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizationManagerInstaller.java
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.isis.security.shiro.authorization;
import org.apache.isis.core.commons.config.IsisConfiguration;
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/main/java/org/apache/isis/security/shiro/web/IsisShiroSecurityManagerThreadLocalBinderFilter.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/web/IsisShiroSecurityManagerThreadLocalBinderFilter.java b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/web/IsisShiroSecurityManagerThreadLocalBinderFilter.java
deleted file mode 100644
index 2e47443..0000000
--- a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/web/IsisShiroSecurityManagerThreadLocalBinderFilter.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.apache.isis.security.shiro.web;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.util.ThreadContext;
-import org.apache.shiro.web.env.WebEnvironment;
-import org.apache.shiro.web.util.WebUtils;
-
-public class IsisShiroSecurityManagerThreadLocalBinderFilter implements Filter {
-
- private FilterConfig filterConfig;
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- this.filterConfig = filterConfig;
- }
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- ServletContext servletContext = filterConfig.getServletContext();
- WebEnvironment webEnvironment = WebUtils.getWebEnvironment(servletContext);
- SecurityManager securityManager = webEnvironment.getSecurityManager();
- ThreadContext.bind(securityManager);
- try {
- chain.doFilter(request, response);
- } finally {
- ThreadContext.unbindSecurityManager();
- }
- }
-
- @Override
- public void destroy() {
- }
-
-}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/site/apt/index.apt
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/site/apt/index.apt b/component/security/shiro/src/site/apt/index.apt
deleted file mode 100644
index 8978117..0000000
--- a/component/security/shiro/src/site/apt/index.apt
+++ /dev/null
@@ -1,44 +0,0 @@
-~~ Licensed to the Apache Software Foundation (ASF) under one
-~~ or more contributor license agreements. See the NOTICE file
-~~ distributed with this work for additional information
-~~ regarding copyright ownership. The ASF licenses this file
-~~ to you under the Apache License, Version 2.0 (the
-~~ "License"); you may not use this file except in compliance
-~~ with the License. You may obtain a copy of the License at
-~~
-~~ http://www.apache.org/licenses/LICENSE-2.0
-~~
-~~ Unless required by applicable law or agreed to in writing,
-~~ software distributed under the License is distributed on an
-~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-~~ KIND, either express or implied. See the License for the
-~~ specific language governing permissions and limitations
-~~ under the License.
-
-
-
-Security LDAP Implementation
-
- The <ldap security> module provides an implementation of Isis' authentication and
- authorization APIs where credentials are stored in a well-known LDAP server.
-
- This makes the LDAP security implementation suitable for deployment where an
- LDAP exists. Optionally it may be combined with other implementations (for example
- the authorization might be performed using the file-based implementation).
-
- See the security
- {{{../docbkx/html/guide/isis-security.html}HTML}} or
- {{{../docbkx/pdf/isis-security.pdf}PDF}} documentation for more detail.
-
-Alternatives
-
- Alternatives include:
-
- * the {{{../dflt/index.html}default}} (no-op) security implementation, for prototyping use only
-
- * the {{{../file/index.html}file-based}} security (reading from simple flat files)
-
- * the {{{../sql/index.html}SQL}} security (reading from simple SQL tables)
-
- []
-
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/site/apt/jottings.apt
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/site/apt/jottings.apt b/component/security/shiro/src/site/apt/jottings.apt
deleted file mode 100644
index c5d1200..0000000
--- a/component/security/shiro/src/site/apt/jottings.apt
+++ /dev/null
@@ -1,24 +0,0 @@
-~~ Licensed to the Apache Software Foundation (ASF) under one
-~~ or more contributor license agreements. See the NOTICE file
-~~ distributed with this work for additional information
-~~ regarding copyright ownership. The ASF licenses this file
-~~ to you under the Apache License, Version 2.0 (the
-~~ "License"); you may not use this file except in compliance
-~~ with the License. You may obtain a copy of the License at
-~~
-~~ http://www.apache.org/licenses/LICENSE-2.0
-~~
-~~ Unless required by applicable law or agreed to in writing,
-~~ software distributed under the License is distributed on an
-~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-~~ KIND, either express or implied. See the License for the
-~~ specific language governing permissions and limitations
-~~ under the License.
-
-
-
-Jottings
-
- This page is to capture any random jottings relating to this module prior
- to being moved into formal documentation.
-
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/site/site.xml
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/site/site.xml b/component/security/shiro/src/site/site.xml
deleted file mode 100644
index 1f465f4..0000000
--- a/component/security/shiro/src/site/site.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project>
-
- <body>
- <breadcrumbs>
- <item name="LDAP" href="index.html"/>
- </breadcrumbs>
-
- <menu name="LDAP Security">
- <item name="About" href="index.html" />
- <item name="Jottings" href="jottings.html" />
- </menu>
-
- <menu name="Security Modules">
- <item name="Default (No-op)" href="../dflt/index.html" />
- <item name="File" href="../file/index.html" />
- <item name="LDAP" href="../ldap/index.html" />
- <item name="SQL" href="../sql/index.html" />
- </menu>
-
- <menu name="Maven Reports" ref="reports" />
- </body>
-</project>
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java b/component/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java
new file mode 100644
index 0000000..5ad665c
--- /dev/null
+++ b/component/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.isis.security.shiro;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+
+import org.apache.isis.security.shiro.authorization.IsisPermission;
+import org.junit.Test;
+
+public class IsisPermissionTest_setParts {
+
+ @Test
+ public void noVeto() throws Exception {
+ IsisPermission ip = new IsisPermission("com.mycompany.myapp:Customer:changeAddress:r");
+ assertThat(ip.toString(), is("[com.mycompany.myapp]:[customer]:[changeaddress]:[r]"));
+ }
+
+ @Test
+ public void withVetoableDomain() throws Exception {
+ IsisPermission ip = new IsisPermission("foo/com.mycompany.myapp:Customer:changeAddress:r");
+ assertThat(ip.toString(), is("foo/[com.mycompany.myapp]:[customer]:[changeaddress]:[r]"));
+ }
+
+ @Test
+ public void withVetoAndVetoableDomain() throws Exception {
+ IsisPermission ip = new IsisPermission("!foo/com.mycompany.myapp:Customer:changeAddress:r");
+ assertThat(ip.toString(), is("!foo/[com.mycompany.myapp]:[customer]:[changeaddress]:[r]"));
+ }
+
+
+ @Test
+ public void xxx() throws Exception {
+ IsisPermission ip = new IsisPermission("schwartz/com.mycompany.myapp:Order:submit:*");
+ IsisPermission ip2 = new IsisPermission("com.mycompany.myapp:Customer:remove:r");
+
+ assertThat(ip2.implies(ip), is(false));
+ assertThat(ip.implies(ip2), is(false));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_typicalUsage.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_typicalUsage.java b/component/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_typicalUsage.java
new file mode 100644
index 0000000..f32ccd6
--- /dev/null
+++ b/component/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_typicalUsage.java
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.isis.security.shiro;
+
+import static org.hamcrest.CoreMatchers.not;
+import static org.junit.Assert.assertThat;
+
+import org.apache.isis.security.shiro.authorization.IsisPermission;
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.WildcardPermission;
+import org.hamcrest.Description;
+import org.hamcrest.Matcher;
+import org.hamcrest.TypeSafeMatcher;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+public class IsisPermissionTest_typicalUsage {
+
+
+ @Before
+ public void setUp() throws Exception {
+ IsisPermission.resetVetoedPermissions();
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ IsisPermission.resetVetoedPermissions();
+ }
+
+
+
+ @Test
+ public void typicalUsageWithinIsis() throws Exception {
+
+ // these are the permissions that Isis will check
+ WildcardPermission viewCustomerChangeAddress = new WildcardPermission("com.mycompany.myapp:Customer:changeAddress:r");
+ WildcardPermission useCustomerChangeAddress = new WildcardPermission("com.mycompany.myapp:Customer:changeAddress:w");
+
+ // and these are examples of permissions that will be associated with a user
+ assertThat(viewCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:changeAddress:r"));
+ assertThat(viewCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:changeAddress:*"));
+ assertThat(viewCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:*:r"));
+ assertThat(viewCustomerChangeAddress, permittedBy("com.mycompany.myapp:*:*:r"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:*:*:r"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:*:*:*"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:*:*"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:*"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:*:r"));
+
+ assertThat(useCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:changeAddress:w"));
+ assertThat(useCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:changeAddress:*"));
+
+ // and these are some counterexamples
+ assertThat(viewCustomerChangeAddress, not(permittedBy("com.mycompany.myapp:Customer:changeAddress:w")));
+ assertThat(useCustomerChangeAddress, not(permittedBy("com.mycompany.myapp:Customer:changeAddress:r")));
+
+ assertThat(viewCustomerChangeAddress, not(permittedBy("com.mycompany.myapp:Customer:changePhoneNumber:r")));
+ assertThat(viewCustomerChangeAddress, not(permittedBy("com.mycompany.myapp:Order:changeAddress:r")));
+ assertThat(viewCustomerChangeAddress, not(permittedBy("xxx.mycompany.myapp:Customer:changeAddress:r")));
+ assertThat(viewCustomerChangeAddress, not(permittedBy("*:*:xxx")));
+ assertThat(viewCustomerChangeAddress, not(permittedBy("*:xxx")));
+ assertThat(viewCustomerChangeAddress, not(permittedBy("xxx")));
+
+ assertThat(viewCustomerChangeAddress, not(permittedBy("!foo/com.mycompany.myapp:Customer:changeAddress:r")));
+ assertThat(useCustomerChangeAddress, not(permittedBy("!foo/com.mycompany.myapp:Customer:changeAddress:w")));
+
+ // and check that two wrongs don't make a right (ie the ! means veto, rather than "not")
+ assertThat(useCustomerChangeAddress, not(permittedBy("!foo/com.mycompany.myapp:Customer:changeAddress:r")));
+ }
+
+
+ @Test
+ public void vetoableDomains() throws Exception {
+
+ // these are the permissions that Isis will check
+ WildcardPermission viewCustomerChangeAddress = new WildcardPermission("com.mycompany.myapp:Customer:changeAddress:r");
+
+ // normally this would be permitted...
+ assertThat(viewCustomerChangeAddress, permittedBy("foo/com.mycompany.myapp:Customer:*"));
+
+ // but if there's a veto
+ assertThat(viewCustomerChangeAddress, not(permittedBy("!foo/com.mycompany.myapp:Customer:changeAddress:r")));
+ // then no longer permitted if in the same vetoable domain
+ assertThat(viewCustomerChangeAddress, not(permittedBy("foo/com.mycompany.myapp:Customer:*")));
+ // though the same permission in another vetoable domain will permit
+ assertThat(viewCustomerChangeAddress, permittedBy("bar/com.mycompany.myapp:Customer:*"));
+ }
+
+
+
+ @Test
+ public void defaultPackage() throws Exception {
+
+ // these are the permissions that Isis will check
+ WildcardPermission viewCustomerChangeAddress = new WildcardPermission(":Customer:changeAddress:r");
+
+ // and these are examples of permissions that will be associated with a user
+ assertThat(viewCustomerChangeAddress, permittedBy(":Customer:changeAddress:r"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:changeAddress:r"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:changeAddress:*"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:changeAddress"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:*"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:Customer"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*:*"));
+ assertThat(viewCustomerChangeAddress, permittedBy("*"));
+ }
+
+
+ private static Matcher<? super Permission> permittedBy(final String permissionString) {
+ return permittedBy(new IsisPermission(permissionString));
+ }
+
+ private static Matcher<? super Permission> permittedBy(final IsisPermission wp) {
+ return new TypeSafeMatcher<Permission>() {
+
+ @Override
+ public void describeTo(Description description) {
+ description.appendText("permitted by " + wp.toString());
+ }
+
+ @Override
+ protected boolean matchesSafely(Permission item) {
+ return wp.implies(item);
+ }
+ };
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest.java b/component/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest.java
index a68f75f..f49c0d2 100644
--- a/component/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest.java
+++ b/component/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest.java
@@ -16,10 +16,11 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.isis.security.shiro;
-import static org.hamcrest.CoreMatchers.*;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertThat;
import org.apache.isis.applib.Identifier;
@@ -31,17 +32,10 @@ import org.apache.isis.core.unittestsupport.jmock.auto.Mock;
import org.apache.isis.core.unittestsupport.jmocking.JUnitRuleMockery2;
import org.apache.isis.core.unittestsupport.jmocking.JUnitRuleMockery2.Mode;
import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.IncorrectCredentialsException;
-import org.apache.shiro.authc.LockedAccountException;
-import org.apache.shiro.authc.UnknownAccountException;
-import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
-import org.jmock.Expectations;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
@@ -65,6 +59,10 @@ public class ShiroAuthenticatorOrAuthorizorTest {
@After
public void tearDown() throws Exception {
+ Subject subject = SecurityUtils.getSubject();
+ if(subject != null) {
+ subject.logout();
+ }
SecurityUtils.setSecurityManager(null);
}
@@ -103,86 +101,37 @@ public class ShiroAuthenticatorOrAuthorizorTest {
Identifier cancelOrderIdentifier = Identifier.actionIdentifier("com.mycompany.myapp.Order", "cancel");
assertThat(authOrAuth.isVisibleInAnyRole(cancelOrderIdentifier), is(false));
+ }
+
+ @Test
+ public void vetoing() throws Exception {
+ Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
+ SecurityManager securityManager = factory.getInstance();
+ SecurityUtils.setSecurityManager(securityManager);
+
+ AuthenticationRequest ar = new AuthenticationRequestPassword("darkhelmet", "ludicrousspeed");
+ authOrAuth.authenticate(ar, null);
+
+ Identifier changeAddressIdentifier = Identifier.actionIdentifier("com.mycompany.myapp.Customer", "changeAddress", String.class, String.class);
+ assertThat(authOrAuth.isVisibleInAnyRole(changeAddressIdentifier), is(true));
+
+ Identifier removeCustomerIdentifier = Identifier.actionIdentifier("com.mycompany.myapp.Customer", "remove");
+ assertThat(authOrAuth.isVisibleInAnyRole(removeCustomerIdentifier), is(false));
+ }
- // // Use the shiro.ini file at the root of the classpath
- // // (file: and url: prefixes load from files and urls respectively):
- // Factory<SecurityManager> factory = new
- // IniSecurityManagerFactory("classpath:shiro.ini");
- // SecurityManager securityManager = factory.getInstance();
- //
- // // for this simple example quickstart, make the SecurityManager
- // // accessible as a JVM singleton. Most applications wouldn't do this
- // // and instead rely on their container configuration or web.xml for
- // // webapps. That is outside the scope of this simple quickstart, so
- // // we'll just do the bare minimum so you can continue to get a feel
- // // for things.
- // SecurityUtils.setSecurityManager(securityManager);
- //
- // // Now that a simple Shiro environment is set up, let's see what you
- // can do:
- //
- // // get the currently executing user:
- // Subject currentUser = SecurityUtils.getSubject();
- //
- // // Do some stuff with a Session (no need for a web or EJB
- // container!!!)
- // Session session = currentUser.getSession();
- // session.setAttribute("someKey", "aValue");
- // String value = (String) session.getAttribute("someKey");
- // if (value.equals("aValue")) {
- // System.out.println("Retrieved the correct value! [" + value + "]");
- // }
- //
- // // let's login the current user so we can check against roles and
- // permissions:
- // if (!currentUser.isAuthenticated()) {
- // UsernamePasswordToken token = new UsernamePasswordToken("lonestarr",
- // "vespa");
- // token.setRememberMe(true);
- // try {
- // currentUser.login(token);
- // } catch (UnknownAccountException uae) {
- // System.out.println("There is no user with username of " +
- // token.getPrincipal());
- // } catch (IncorrectCredentialsException ice) {
- // System.out.println("Password for account " + token.getPrincipal() +
- // " was incorrect!");
- // } catch (LockedAccountException lae) {
- // System.out.println("The account for username " + token.getPrincipal()
- // + " is locked. " +
- // "Please contact your administrator to unlock it.");
- // }
- // // ... catch more exceptions here (maybe custom ones specific to your
- // application?
- // catch (AuthenticationException ae) {
- // //unexpected condition? error?
- // }
- // }
- //
- // //say who they are:
- // //print their identifying principal (in this case, a username):
- // System.out.println("User [" + currentUser.getPrincipal() +
- // "] logged in successfully.");
- //
- // //test a role:
- // if (currentUser.hasRole("schwartz")) {
- // System.out.println("May the Schwartz be with you!");
- // } else {
- // System.out.println("Hello, mere mortal.");
- // }
- //
- // //test a typed permission (not instance-level)
- // if
- // (currentUser.isPermitted("com.mycompany.myapp:Customer:changeAddress:w"))
- // {
- // System.out.println("You may invoke the customer's changeAddress action.");
- // } else {
- // System.out.println("Sorry, changing address is only allowed for schwartz masters only.");
- // }
- //
- // //all done - log out!
- // currentUser.logout();
+
+ @Test
+ public void vetoingOverridden() throws Exception {
+ Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
+ SecurityManager securityManager = factory.getInstance();
+ SecurityUtils.setSecurityManager(securityManager);
+ AuthenticationRequest ar = new AuthenticationRequestPassword("lonestarr", "vespa");
+ authOrAuth.authenticate(ar, null);
+
+ Identifier removeCustomerIdentifier = Identifier.actionIdentifier("com.mycompany.myapp.Customer", "remove");
+ assertThat(authOrAuth.isVisibleInAnyRole(removeCustomerIdentifier), is(true));
}
+
}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/test/java/org/apache/isis/security/shiro/WildcardPermissionTest.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/test/java/org/apache/isis/security/shiro/WildcardPermissionTest.java b/component/security/shiro/src/test/java/org/apache/isis/security/shiro/WildcardPermissionTest.java
deleted file mode 100644
index 438ebeb..0000000
--- a/component/security/shiro/src/test/java/org/apache/isis/security/shiro/WildcardPermissionTest.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.isis.security.shiro;
-
-import static org.hamcrest.CoreMatchers.*;
-import static org.junit.Assert.assertThat;
-
-import org.apache.isis.core.commons.config.IsisConfiguration;
-import org.apache.isis.core.unittestsupport.jmock.auto.Mock;
-import org.apache.isis.core.unittestsupport.jmocking.JUnitRuleMockery2;
-import org.apache.isis.core.unittestsupport.jmocking.JUnitRuleMockery2.Mode;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.IncorrectCredentialsException;
-import org.apache.shiro.authc.LockedAccountException;
-import org.apache.shiro.authc.UnknownAccountException;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.authz.Permission;
-import org.apache.shiro.authz.permission.WildcardPermission;
-import org.apache.shiro.config.IniSecurityManagerFactory;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.session.Session;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.Factory;
-import org.hamcrest.Description;
-import org.hamcrest.Matcher;
-import org.hamcrest.TypeSafeMatcher;
-import org.jmock.Expectations;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-
-public class WildcardPermissionTest {
-
-
- @Test
- public void typicalUsageWithinIsis() throws Exception {
-
- // these are the permissions that Isis will check
- WildcardPermission viewCustomerChangeAddress = new WildcardPermission("com.mycompany.myapp:Customer:changeAddress:r");
- WildcardPermission useCustomerChangeAddress = new WildcardPermission("com.mycompany.myapp:Customer:changeAddress:w");
-
- // and these are examples of permissions that will be associated with a user
- assertThat(viewCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:changeAddress:r"));
- assertThat(viewCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:changeAddress:*"));
- assertThat(viewCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:*:r"));
- assertThat(viewCustomerChangeAddress, permittedBy("com.mycompany.myapp:*:*:r"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:*:*:r"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:*:*:*"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:*:*"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:*"));
- assertThat(viewCustomerChangeAddress, permittedBy("*"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:*:r"));
-
- assertThat(useCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:changeAddress:w"));
- assertThat(useCustomerChangeAddress, permittedBy("com.mycompany.myapp:Customer:changeAddress:*"));
-
- // and these are some counterexamples
- assertThat(viewCustomerChangeAddress, not(permittedBy("com.mycompany.myapp:Customer:changeAddress:w")));
- assertThat(useCustomerChangeAddress, not(permittedBy("com.mycompany.myapp:Customer:changeAddress:r")));
-
- assertThat(viewCustomerChangeAddress, not(permittedBy("com.mycompany.myapp:Customer:changePhoneNumber:r")));
- assertThat(viewCustomerChangeAddress, not(permittedBy("com.mycompany.myapp:Order:changeAddress:r")));
- assertThat(viewCustomerChangeAddress, not(permittedBy("xxx.mycompany.myapp:Customer:changeAddress:r")));
- assertThat(viewCustomerChangeAddress, not(permittedBy("*:*:xxx")));
- assertThat(viewCustomerChangeAddress, not(permittedBy("*:xxx")));
- assertThat(viewCustomerChangeAddress, not(permittedBy("xxx")));
- }
-
-
- @Test
- public void defaultPackage() throws Exception {
-
- // these are the permissions that Isis will check
- WildcardPermission viewCustomerChangeAddress = new WildcardPermission(":Customer:changeAddress:r");
-
- // and these are examples of permissions that will be associated with a user
- assertThat(viewCustomerChangeAddress, permittedBy(":Customer:changeAddress:r"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:changeAddress:r"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:changeAddress:*"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:changeAddress"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:Customer:*"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:Customer"));
- assertThat(viewCustomerChangeAddress, permittedBy("*:*"));
- assertThat(viewCustomerChangeAddress, permittedBy("*"));
- }
-
- private static Matcher<? super Permission> permittedBy(final String permissionString) {
- return implies(new WildcardPermission(permissionString));
- }
-
- private static Matcher<? super Permission> implies(final WildcardPermission wp) {
- return new TypeSafeMatcher<Permission>() {
-
- @Override
- public void describeTo(Description description) {
- description.appendText("implies " + wp.toString());
- }
-
- @Override
- protected boolean matchesSafely(Permission item) {
- return wp.implies(item);
- }
- };
- }
-
-}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/component/security/shiro/src/test/resources/shiro.ini
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/test/resources/shiro.ini b/component/security/shiro/src/test/resources/shiro.ini
index e865229..3b85b4d 100644
--- a/component/security/shiro/src/test/resources/shiro.ini
+++ b/component/security/shiro/src/test/resources/shiro.ini
@@ -18,6 +18,12 @@
#
+# use Isis components to enable Isis' syntax for permissions
+
+globalPermissionResolver = org.apache.isis.security.shiro.authorization.IsisPermissionResolver
+securityManager.authorizer.permissionResolver = $globalPermissionResolver
+
+
# -----------------------------------------------------------------------------
# Users and their assigned roles
#
@@ -34,6 +40,8 @@ presidentskroob = 12345 , president
darkhelmet = ludicrousspeed, darklord, schwartz
lonestarr = vespa , goodguy, schwartz
+joe = pass, user
+guest = guest, user, read-only
# -----------------------------------------------------------------------------
@@ -45,8 +53,17 @@ lonestarr = vespa , goodguy, schwartz
[roles]
# role = perm1, perm2, perm3, ...
+# perm = [[!]permGroup/]packageName:className:memberName:r,w
admin = *
-schwartz = com.mycompany.myapp:Customer:*,\
- com.mycompany.myapp:Order:submit:*
-goodguy = winnebago:drive:eagle5
+schwartz = !schwartz/com.mycompany.myapp:Customer:remove:*,\
+ schwartz/com.mycompany.myapp:Customer:*,\
+ schwartz/com.mycompany.myapp:Order:submit:*
+goodguy = goodguy/com.mycompany.myapp:Customer:remove:*
+
+
+
+user = todoPg/*:ToDoItemsJdo:*:*,\
+ todoPg/*:ToDoItem:*:*
+read-only = !todoPg/*:ToDoItemsJdo:newToDo:r,\
+ !todoPg/*:ToDoItem:*:w
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/dom/log4j.properties
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/dom/log4j.properties b/example/application/quickstart_wicket_restful_jdo/dom/log4j.properties
index 281bfb6..ca165ac 100644
--- a/example/application/quickstart_wicket_restful_jdo/dom/log4j.properties
+++ b/example/application/quickstart_wicket_restful_jdo/dom/log4j.properties
@@ -1,3 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
# LOG4J Configuration
# ===================
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/META-INF/persistence.xml
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/META-INF/persistence.xml b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/META-INF/persistence.xml
index 1cee366..9b38012 100644
--- a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/META-INF/persistence.xml
+++ b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/META-INF/persistence.xml
@@ -1,4 +1,22 @@
<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<persistence xmlns="http://java.sun.com/xml/ns/persistence"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0">
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditEntry.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditEntry.java b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditEntry.java
index 7f813ca..1252c36 100644
--- a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditEntry.java
+++ b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditEntry.java
@@ -1,3 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
package dom.audit;
import javax.jdo.annotations.IdGeneratorStrategy;
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditServiceDemo.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditServiceDemo.java b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditServiceDemo.java
index 653ffd4..9fcb203 100644
--- a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditServiceDemo.java
+++ b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditServiceDemo.java
@@ -1,3 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
package dom.audit;
import java.util.List;
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItem.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItem.java b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItem.java
index ebe8a6f..8d8dfb0 100644
--- a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItem.java
+++ b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItem.java
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package dom.todo;
import java.util.ArrayList;
@@ -42,7 +41,6 @@ import org.apache.isis.applib.annotation.Programmatic;
import org.apache.isis.applib.annotation.RegEx;
import org.apache.isis.applib.annotation.Resolve;
import org.apache.isis.applib.annotation.Resolve.Type;
-import org.apache.isis.applib.annotation.Title;
import org.apache.isis.applib.annotation.Where;
import org.apache.isis.applib.clock.Clock;
import org.apache.isis.applib.filter.Filter;
@@ -431,5 +429,5 @@ public class ToDoItem implements Comparable<ToDoItem> {
// }}
-
+
}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItems.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItems.java b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItems.java
index c363339..bbb1034 100644
--- a/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItems.java
+++ b/example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItems.java
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package dom.todo;
import java.util.Collections;
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixture.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixture.java b/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixture.java
index 4c4adf7..c00a441 100644
--- a/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixture.java
+++ b/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixture.java
@@ -21,7 +21,6 @@ package fixture.todo;
import java.util.List;
-import org.apache.isis.applib.annotation.Named;
import org.apache.isis.applib.clock.Clock;
import org.apache.isis.applib.fixtures.AbstractFixture;
import org.joda.time.LocalDate;
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixturesService.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixturesService.java b/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixturesService.java
index ab61a37..bc86f67 100644
--- a/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixturesService.java
+++ b/example/application/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixturesService.java
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package fixture.todo;
import java.util.List;
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/objstore-jdo/src/main/java/objstore/jdo/todo/ToDoItemsJdo.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/objstore-jdo/src/main/java/objstore/jdo/todo/ToDoItemsJdo.java b/example/application/quickstart_wicket_restful_jdo/objstore-jdo/src/main/java/objstore/jdo/todo/ToDoItemsJdo.java
index 1d4112a..5098bc2 100644
--- a/example/application/quickstart_wicket_restful_jdo/objstore-jdo/src/main/java/objstore/jdo/todo/ToDoItemsJdo.java
+++ b/example/application/quickstart_wicket_restful_jdo/objstore-jdo/src/main/java/objstore/jdo/todo/ToDoItemsJdo.java
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package objstore.jdo.todo;
import java.util.List;
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/AboutPageFilter.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/AboutPageFilter.java b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/AboutPageFilter.java
deleted file mode 100644
index 3edc7ee..0000000
--- a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/AboutPageFilter.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package app;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-public class AboutPageFilter implements Filter {
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- }
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest httpServletRequest = (HttpServletRequest) request;
- String acceptHeader = httpServletRequest.getHeader("Accept");
- String requestURI = httpServletRequest.getRequestURI();
- if(requestURI.equals("/") && acceptHeader.contains("text/html")) {
- request.getRequestDispatcher("/about/index.html").forward(request, response);
- } else {
- chain.doFilter(request, response);
- }
- }
-
- @Override
- public void destroy() {
- }
-
-}
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/ComponentFactoryRegistrarForQuickStart.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/ComponentFactoryRegistrarForQuickStart.java b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/ComponentFactoryRegistrarForQuickStart.java
index 1f25a6d..70370a8 100644
--- a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/ComponentFactoryRegistrarForQuickStart.java
+++ b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/ComponentFactoryRegistrarForQuickStart.java
@@ -1,3 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
package app;
import com.google.inject.Singleton;
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/QuickStartApplication.java
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/QuickStartApplication.java b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/QuickStartApplication.java
index c700d77..ef8e582 100644
--- a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/QuickStartApplication.java
+++ b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/QuickStartApplication.java
@@ -1,9 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
package app;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.List;
-import java.util.ResourceBundle;
+
+import org.apache.isis.viewer.wicket.ui.app.registry.ComponentFactoryRegistrar;
+import org.apache.isis.viewer.wicket.viewer.IsisWicketApplication;
import com.google.common.base.Joiner;
import com.google.common.io.Resources;
@@ -12,9 +32,6 @@ import com.google.inject.Module;
import com.google.inject.name.Names;
import com.google.inject.util.Modules;
-import org.apache.isis.viewer.wicket.ui.app.registry.ComponentFactoryRegistrar;
-import org.apache.isis.viewer.wicket.viewer.IsisWicketApplication;
-
/**
* As specified in <tt>web.xml</tt>.
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/resources/app/welcome.html
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/resources/app/welcome.html b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/resources/app/welcome.html
index 81ffeab..ca5f770 100644
--- a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/resources/app/welcome.html
+++ b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/resources/app/welcome.html
@@ -1,3 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<p class="intro">
This is a <a href="https://github.com/apache/isis/blob/master/example/application/quickstart%5Fwicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItem.java" target="_blank">single-class</a> domain application, configured to run with Isis' wicket viewer and the JDO/DataNucleus objectstore.
</p>
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini
index 4703d3e..38e709d 100644
--- a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini
+++ b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini
@@ -18,6 +18,7 @@
#
+
# -----------------------------------------------------------------------------
# Users and their assigned roles
#
@@ -29,10 +30,10 @@
# user = password, role1, role2, role3, ...
sven = pass, admin
-dick = pass, user
-bob = pass, user
-joe = pass, user
-guest = guest, guest
+dick = pass, user, self-install
+bob = pass, user, self-install
+joe = pass, user, self-install
+guest = guest, user
@@ -45,17 +46,9 @@ guest = guest, guest
[roles]
# role = perm1, perm2, perm3, ...
+# perm in format: packageName:className:memberName:r,w
+user = *:ToDoItemsJdo:*:*,\
+ *:ToDoItem:*:*
+self-install = *:ToDoItemsFixturesService:install:*
admin = *
-user = *:ToDoItemsJdo:*:*,\
- *:ToDoItem:*:*,\
- *:ToDoItemsFixturesService:install:*
-guest = *:ToDoItemsJdo:notYetComplete:*,\
- *:ToDoItemsJdo:complete:*,\
- *:ToDoItemsJdo:similarTo:*,\
- *:ToDoItemsJdo:newToDo:r,\
- *:ToDoItem:*:r,\
- *:ToDoItem:completed:*,\
- *:ToDoItem:notYetCompleted:r
-
-### packageName:className:memberName:r,w
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/web.xml b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/web.xml
index 0c98d1a..7e7f2ad 100644
--- a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/web.xml
@@ -23,7 +23,12 @@
<display-name>Quickstart Wicket/RestfulObjects app</display-name>
+ <welcome-file-list>
+ <welcome-file>about/index.html</welcome-file>
+ </welcome-file-list>
+
+ <!-- shiro security configuration -->
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
@@ -38,18 +43,6 @@
<url-pattern>/*</url-pattern>
</filter-mapping>
- <filter>
- <filter-name>IsisShiroFilter</filter-name>
- <filter-class>org.apache.isis.security.shiro.web.IsisShiroSecurityManagerThreadLocalBinderFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>IsisShiroFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
-
-
<!-- which configuration directory to read overloaded property files from -->
@@ -74,14 +67,6 @@
</context-param>
-->
- <filter>
- <filter-name>AboutPageFilter</filter-name>
- <filter-class>app.AboutPageFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>AboutPageFilter</filter-name>
- <url-pattern>/</url-pattern>
- </filter-mapping>
<!-- cache static resources for 1 day -->
http://git-wip-us.apache.org/repos/asf/isis/blob/ed3acebb/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/about/index.html
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/about/index.html b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/about/index.html
index 69e82b1..bdb56e4 100644
--- a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/about/index.html
+++ b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/about/index.html
@@ -153,8 +153,6 @@ th, td {
<ul>
<li>Enable <tt>shiro</tt> authentication and authorization (in <tt>isis.properties</tt>) and experiment with users, roles and permissions (in <tt>shiro.ini</tt>)
</li>
- <li>Remove the <tt>AboutPageFilter</tt> from <tt>web.xml</tt>; this filter redirects to this page, which you are unlikely to want to keep
- </li>
<li>Refactor the <tt>ToDoItem</tt>, <tt>ToDoItems</tt> and <tt>ToDoItemsJdo</tt> towards your own application's functionality; obviously you are likely to introduce many more classes and services
</li>
<li>Reconfigure <tt>persistor_datanucleus.properties</tt> to specify the JDBC URL to the database you wish to work with; if necessary also update the <tt>pom.xml</tt> in the <tt>viewer-webapp</tt> module to add the JDBC driver to the classpath
@@ -167,6 +165,8 @@ th, td {
</li>
<li>If you want the restful objects viewer but NOT the wicket viewer, then remove/comment out the <tt>WicketFilter</tt> filter and uncomment the <tt>IsisWebAppBootstrapper</tt> listener in <tt>web.xml</tt>
</li>
+ <li>Update this page (<tt>about/index.html</tt>) as required for your application, and/or remove the <tt>welcome-file-list</tt> from <tt>web.xml</tt>
+ </li>
</ul>
</div>
</body>