You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2015/05/27 13:29:27 UTC

svn commit: r1681983 - in /myfaces/tobago/branches/tobago-3.0.x: ./ tobago-extension/tobago-security/src/main/java/org/apache/myfaces/tobago/security/AuthorizationUtils.java

Author: lofwyr
Date: Wed May 27 11:29:26 2015
New Revision: 1681983

URL: http://svn.apache.org/r1681983
Log:
Merged from trunk
TOBAGO-1468: NoSuchMethodException in security module, when using EL 2.0 paranthesis in actions [from revision 1681981]

Modified:
    myfaces/tobago/branches/tobago-3.0.x/   (props changed)
    myfaces/tobago/branches/tobago-3.0.x/tobago-extension/tobago-security/src/main/java/org/apache/myfaces/tobago/security/AuthorizationUtils.java

Propchange: myfaces/tobago/branches/tobago-3.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed May 27 11:29:26 2015
@@ -1,3 +1,3 @@
 /myfaces/tobago/branches/tobago-1.5.x:1356585,1357124
 /myfaces/tobago/branches/tobago-tree-table:1226794-1341423
-/myfaces/tobago/trunk:1571193,1571804,1571816,1571941,1571945,1571962,1571966,1576730,1589960,1591854,1600239,1600818,1601860,1602151,1602154,1602343,1604224,1606201,1607642,1609696-1609697,1609718,1610942,1610948,1610970,1610989,1611011,1611259,1611264,1611276,1611329,1611338-1611339,1611571,1613015,1613032,1614827,1614853,1615053,1615114,1615121,1617310,1619789,1621101,1621107,1621134,1621156,1621264,1621282,1621332,1622222,1622243,1622508,1623934,1624033,1625968,1625972,1626270,1628899,1628953,1636842,1636911,1640117,1640147,1640541,1640548,1640638,1640761,1640917,1641575,1641635,1641772,1641775,1641777,1656502,1657180,1657269,1657276,1657279,1658909,1658912,1659026,1659031,1660696,1660699,1660708,1660714,1665569,1666464,1668147,1668153,1668249,1675330,1675565,1675584,1675588-1675589,1675636,1679031,1680197
+/myfaces/tobago/trunk:1571193,1571804,1571816,1571941,1571945,1571962,1571966,1576730,1589960,1591854,1600239,1600818,1601860,1602151,1602154,1602343,1604224,1606201,1607642,1609696-1609697,1609718,1610942,1610948,1610970,1610989,1611011,1611259,1611264,1611276,1611329,1611338-1611339,1611571,1613015,1613032,1614827,1614853,1615053,1615114,1615121,1617310,1619789,1621101,1621107,1621134,1621156,1621264,1621282,1621332,1622222,1622243,1622508,1623934,1624033,1625968,1625972,1626270,1628899,1628953,1636842,1636911,1640117,1640147,1640541,1640548,1640638,1640761,1640917,1641575,1641635,1641772,1641775,1641777,1656502,1657180,1657269,1657276,1657279,1658909,1658912,1659026,1659031,1660696,1660699,1660708,1660714,1665569,1666464,1668147,1668153,1668249,1675330,1675565,1675584,1675588-1675589,1675636,1679031,1680197,1681981

Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-extension/tobago-security/src/main/java/org/apache/myfaces/tobago/security/AuthorizationUtils.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-extension/tobago-security/src/main/java/org/apache/myfaces/tobago/security/AuthorizationUtils.java?rev=1681983&r1=1681982&r2=1681983&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-extension/tobago-security/src/main/java/org/apache/myfaces/tobago/security/AuthorizationUtils.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-extension/tobago-security/src/main/java/org/apache/myfaces/tobago/security/AuthorizationUtils.java Wed May 27 11:29:26 2015
@@ -29,9 +29,13 @@ import javax.faces.context.FacesContext;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.AnnotatedElement;
 import java.lang.reflect.Method;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 public class AuthorizationUtils {
   private static final Logger LOG = LoggerFactory.getLogger(AuthorizationUtils.class);
@@ -102,25 +106,28 @@ public class AuthorizationUtils {
       return null;
     } else {
       Annotation securityAnnotation = null;
-      if (expression.startsWith("#{") && expression.endsWith("}")) {
-        expression = expression.substring(2, expression.length()-1);
-        final int index = expression.lastIndexOf('.');
-        if (index != -1) {
-          final String methodExpression = expression.substring(index+1, expression.length());
-          final String beanExpression = expression.substring(0, index);
-          // TODO find a better way
-          final Object bean =
-              facesContext.getApplication().getVariableResolver().resolveVariable(facesContext, beanExpression);
-          if (bean != null) {
-            try {
-              final Method method = bean.getClass().getMethod(methodExpression);
-              securityAnnotation = getSecurityAnnotations(method);
+      final Pattern pattern = Pattern.compile("#\\{(\\w+(?:\\.\\w+)*)\\.(\\w+)(?:\\(.*\\))?\\}");
+      final Matcher matcher = pattern.matcher(expression);
+      if (matcher.matches()) {
+        String beanString = matcher.group(1);
+        String methodString = matcher.group(2);
+        final Object bean =
+            facesContext.getELContext().getELResolver().getValue(facesContext.getELContext(), null, beanString);
+        if (bean != null) {
+          final List<Method> methods = findMethods(bean, methodString);
+          switch (methods.size()) {
+            case 0:
+              LOG.error("No Method '" + methodString + "' in class " + bean.getClass());
+              break;
+            case 1:
+              securityAnnotation = getSecurityAnnotations(methods.get(0));
               if (securityAnnotation == null) {
                 securityAnnotation = getSecurityAnnotations(bean.getClass());
               }
-            } catch (final NoSuchMethodException e) {
-              LOG.error("No Method " + methodExpression + " in class " + bean.getClass(), e);
-            }
+              break;
+            default:
+              LOG.warn("Method name ambiguous '" + methodString + "' in class " + bean.getClass()
+                  + ". Found " + methods.size() + " but only 1 is supported, yet.");
           }
         }
       }
@@ -132,5 +139,15 @@ public class AuthorizationUtils {
       return securityAnnotation;
     }
   }
-}
 
+  private static List<Method> findMethods(Object bean, String name) {
+    final Method[] methods = bean.getClass().getMethods();
+    final List<Method> result = new ArrayList<Method>();
+    for (Method method : methods) {
+      if (method.getName().equals(name)) {
+        result.add(method);
+      }
+    }
+    return result;
+  }
+}