You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ja...@apache.org on 2009/04/29 23:02:59 UTC
svn commit: r769929 - in /ofbiz/trunk/applications/securityext: ./
servicedef/ src/org/ofbiz/securityext/da/ src/org/ofbiz/securityext/test/
testdef/ testdef/da/ testdef/data/
Author: jaz
Date: Wed Apr 29 21:02:58 2009
New Revision: 769929
URL: http://svn.apache.org/viewvc?rev=769929&view=rev
Log:
Implementation of new Authz dynamic access handler using the service engine; placed in securityext to prevent cross dependencies. Implemented test cases for authz.
Added:
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java
ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy
ofbiz/trunk/applications/securityext/testdef/
ofbiz/trunk/applications/securityext/testdef/da/
ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy
ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml
ofbiz/trunk/applications/securityext/testdef/data/
ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml
ofbiz/trunk/applications/securityext/testdef/securitytests.xml
Modified:
ofbiz/trunk/applications/securityext/build.xml
ofbiz/trunk/applications/securityext/ofbiz-component.xml
ofbiz/trunk/applications/securityext/servicedef/services.xml
Modified: ofbiz/trunk/applications/securityext/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/build.xml?rev=769929&r1=769928&r2=769929&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/build.xml (original)
+++ ofbiz/trunk/applications/securityext/build.xml Wed Apr 29 21:02:58 2009
@@ -42,6 +42,7 @@
<fileset dir="../../framework/webapp/lib" includes="*.jar"/>
<fileset dir="../../framework/webapp/build/lib" includes="*.jar"/>
<fileset dir="../../framework/common/build/lib" includes="*.jar"/>
+ <fileset dir="../../framework/testtools/build/lib" includes="*.jar"/>
<fileset dir="../party/build/lib" includes="*.jar"/>
<fileset dir="../product/build/lib" includes="*.jar"/>
<fileset dir="../order/build/lib" includes="*.jar"/>
Modified: ofbiz/trunk/applications/securityext/ofbiz-component.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/ofbiz-component.xml?rev=769929&r1=769928&r2=769929&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/ofbiz-component.xml (original)
+++ ofbiz/trunk/applications/securityext/ofbiz-component.xml Wed Apr 29 21:02:58 2009
@@ -29,4 +29,5 @@
<!-- NOTE: comment this line out to ensure no resetting of passwords -->
<entity-resource type="data" reader-name="demo" loader="main" location="data/PasswordSecurityData.xml"/>
<service-resource type="model" loader="main" location="servicedef/services.xml"/>
+ <test-suite loader="main" location="testdef/securitytests.xml"/>
</ofbiz-component>
Modified: ofbiz/trunk/applications/securityext/servicedef/services.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/servicedef/services.xml?rev=769929&r1=769928&r2=769929&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/securityext/servicedef/services.xml Wed Apr 29 21:02:58 2009
@@ -122,4 +122,20 @@
<implements service="permissionInterface"/>
<attribute name="primaryPermission" type="String" mode="IN" optional="true" default-value="SECURITY"/>
</service>
+
+ <!-- authorization dynamic access implementation API -->
+ <service name="dynamicAccessInterface" engine="interface">
+ <description>Service interface for implementing Dynamic Access as a service</description>
+ <attribute name="userId" type="String" mode="IN" optional="false"/>
+ <attribute name="permission" type="String" mode="IN" optional="false"/>
+ <attribute name="accessString" type="String" mode="IN" optional="false"/>
+ <attribute name="permissionContext" type="Map" mode="IN" optional="true"/>
+ <attribute name="permissionGranted" type="Boolean" mode="OUT" optional="false"/>
+ </service>
+
+ <!-- dynamic access test service -->
+ <service name="dynamicAccessTestService" engine="simple" auth="false"
+ location="component://securityext/testdef/da/DynamicAccessTest.xml" invoke="testDa">
+ <implements service="dynamicAccessInterface"/>
+ </service>
</services>
Added: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java (added)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java Wed Apr 29 21:02:58 2009
@@ -0,0 +1,56 @@
+package org.ofbiz.securityext.da;
+
+import java.util.Map;
+
+import javolution.util.FastMap;
+
+import org.ofbiz.base.util.Debug;
+import org.ofbiz.entity.GenericDelegator;
+import org.ofbiz.security.authz.da.DynamicAccessHandler;
+import org.ofbiz.service.GenericDispatcher;
+import org.ofbiz.service.GenericServiceException;
+import org.ofbiz.service.LocalDispatcher;
+import org.ofbiz.service.ServiceUtil;
+
+public class ServiceDaHandler implements DynamicAccessHandler {
+
+ private static final String module = ServiceDaHandler.class.getName();
+ protected LocalDispatcher dispatcher;
+ protected GenericDelegator delegator;
+
+ public String getPattern() {
+ return "^service:(.*)$";
+ }
+
+ public boolean handleDynamicAccess(String accessString, String userId, String permission, Map<String, ? extends Object> context) {
+ Map<String,Object> serviceContext = FastMap.newInstance();
+ serviceContext.put("userId", userId);
+ serviceContext.put("permission", permission);
+ serviceContext.put("accessString", accessString);
+ serviceContext.put("permissionContext", context);
+
+ String serviceName = accessString.substring(8);
+ Map<String, Object> result;
+ try {
+ result = dispatcher.runSync(serviceName, serviceContext, 60, true);
+ } catch (GenericServiceException e) {
+ Debug.logError(e, module);
+ return false;
+ }
+
+ if (result != null && !ServiceUtil.isError(result)) {
+ Boolean reply = (Boolean) result.get("permissionGranted");
+ if (reply == null) {
+ reply = Boolean.FALSE;
+ }
+ return reply;
+ } else {
+ return false;
+ }
+ }
+
+ public void setDelegator(GenericDelegator delegator) {
+ this.delegator = delegator;
+ this.dispatcher = GenericDispatcher.getLocalDispatcher("SecurityDA", delegator);
+ }
+}
Added: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java (added)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java Wed Apr 29 21:02:58 2009
@@ -0,0 +1,63 @@
+package org.ofbiz.securityext.test;
+
+import org.ofbiz.base.util.Debug;
+import org.ofbiz.entity.GenericDelegator;
+import org.ofbiz.security.authz.Authorization;
+import org.ofbiz.security.authz.AuthorizationFactory;
+import org.ofbiz.service.testtools.OFBizTestCase;
+
+public class AuthorizationTests extends OFBizTestCase {
+
+ private static final String module = AuthorizationTests.class.getName();
+ protected GenericDelegator delegator;
+ protected Authorization security;
+
+ public AuthorizationTests(String name) {
+ super(name);
+ delegator = GenericDelegator.getGenericDelegator("default");
+ security = AuthorizationFactory.getInstance(delegator);
+ }
+
+ public void testBasicAdminPermission() throws Exception {
+ Debug.logInfo("Running testBasicAdminPermission()", module);
+ assertTrue("User was not granted permission as expected", security.hasPermission("system", "access:foo:bar", null, true));
+ }
+
+ public void testBasePermissionFailure() throws Exception {
+ Debug.logInfo("Running testBasePermissionFailure()", module);
+ assertFalse("Permission did not fail as expected", security.hasPermission("system", "no:permission", null, true));
+ }
+
+ public void testDynamicAccessFromClasspath() throws Exception {
+ Debug.logInfo("Running testDynamicAccessFromClasspath()", module);
+ assertTrue("User was not granted dynamic access as expected", security.hasPermission("system", "test:groovy2:2000", null, true));
+ }
+
+ public void testDynamicAccessService() throws Exception {
+ Debug.logInfo("Running testDynamicAccessService()", module);
+ assertTrue("User was not granted dynamic access as expected", security.hasPermission("system", "test:service:2000", null, true));
+ }
+
+ public void testDynamicAccessFailure() throws Exception {
+ Debug.logInfo("Running testDynamicAccessFailure()", module);
+ assertFalse("Dynamic access did not fail as expected", security.hasPermission("system", "test:groovy1:2000", null, true));
+ }
+
+ public void testAutoGrantPermissions() throws Exception {
+ Debug.logInfo("Running testDynamicAccessFailure()", module);
+
+ // first verify the user does not have the initial permission
+ assertFalse("User already has the auto-granted permission", security.hasPermission("system", "test:autogranted", null, true));
+
+ // next run security check to setup the auto-grant
+ assertTrue("User was not granted dynamic access as expected", security.hasPermission("system", "test:groovy1:1000", null, true));
+
+ // as long as this runs in the same thread (and it should) access should now be granted
+ assertTrue("User was not auto-granted expected permission", security.hasPermission("system", "test:autogranted", null, true));
+ }
+
+ public void testAutoGrantCleanup() throws Exception {
+ Debug.logInfo("Running testAutoGrantCleanup()", module);
+ assertFalse("User was auto-granted an unexpected permission", security.hasPermission("user", "test:autogranted", null, true));
+ }
+}
Added: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy (added)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy Wed Apr 29 21:02:58 2009
@@ -0,0 +1,12 @@
+package org.ofbiz.securityext.test;
+
+import org.ofbiz.base.util.Debug;
+
+String recordNumber = permission.substring(permission.lastIndexOf(":") + 1)
+if ("system".equals(userId) && "2000".equals(recordNumber)) {
+ Debug.log("Matched approval requirements {system} - {2000}; returning true");
+ return true;
+}
+
+Debug.logInfo("Did not match expected requirements; returning false", "groovy");
+return false;
\ No newline at end of file
Added: ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy (added)
+++ ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy Wed Apr 29 21:02:58 2009
@@ -0,0 +1,10 @@
+import org.ofbiz.base.util.Debug;
+
+String recordNumber = permission.substring(permission.lastIndexOf(":") + 1)
+if ("system".equals(userId) && "1000".equals(recordNumber)) {
+ Debug.log("Matched approval requirements {system} - {1000}; returning true");
+ return true;
+}
+
+Debug.logInfo("Did not match expected requirements; returning false", "groovy");
+return false;
\ No newline at end of file
Added: ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml (added)
+++ ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml Wed Apr 29 21:02:58 2009
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd">
+
+ <simple-method method-name="testDa" short-description="Dynamic Access Test Impl" login-required="false">
+ <if-compare operator="equals" value="system" field="parameters.userId">
+ <set field="permissionGranted" value="true" type="Boolean"/>
+ <log level="info" message="Permission granted (testDa service)"/>
+ <else>
+ <set field="permissionGranted" value="false" type="Boolean"/>
+ <log level="info" message="Permission NOT granted (testDa service)"/>
+ </else>
+ </if-compare>
+ <field-to-result field="permissionGranted"/>
+ </simple-method>
+</simple-methods>
\ No newline at end of file
Added: ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml (added)
+++ ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml Wed Apr 29 21:02:58 2009
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<entity-engine-xml>
+ <SecurityPermission permissionId="test:groovy1" dynamicAccess="component://securityext/testdef/da/DaTest1.groovy"/>
+ <SecurityPermission permissionId="test:groovy2" dynamicAccess="org.ofbiz.securityext.test.DaTest2.groovy"/>
+ <SecurityPermission permissionId="test:service" dynamicAccess="service:dynamicAccessTestService"/>
+ <SecurityPermission permissionId="test:autogranted" dynamicAccess=""/>
+ <SecurityPermissionAutoGrant permissionId="test:groovy1" grantPermission="test:autogranted"/>
+</entity-engine-xml>
\ No newline at end of file
Added: ofbiz/trunk/applications/securityext/testdef/securitytests.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/testdef/securitytests.xml?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/testdef/securitytests.xml (added)
+++ ofbiz/trunk/applications/securityext/testdef/securitytests.xml Wed Apr 29 21:02:58 2009
@@ -0,0 +1,29 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ -->
+
+<test-suite suite-name="securitytests"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/test-suite.xsd">
+ <test-case case-name="load-security-test-data">
+ <entity-xml action="load" entity-xml-url="component://securityext/testdef/data/SecurityTestData.xml"/>
+ </test-case>
+ <test-case case-name="security-tests">
+ <junit-test-suite class-name="org.ofbiz.securityext.test.AuthorizationTests"/>
+ </test-case>
+</test-suite>
\ No newline at end of file