You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by gp...@apache.org on 2011/03/09 19:43:53 UTC
svn commit: r1079925 - in /myfaces/extensions/cdi/trunk:
core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/
core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/
core/impl/src/main/java/org/apache/myface...
Author: gpetracek
Date: Wed Mar 9 18:43:52 2011
New Revision: 1079925
URL: http://svn.apache.org/viewvc?rev=1079925&view=rev
Log:
EXTCDI-155 AccessDecisionVoterContext (first draft)
Added:
myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java
myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java
myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/
myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/
myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java
Modified:
myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java
Added: myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java?rev=1079925&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java (added)
+++ myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java Wed Mar 9 18:43:52 2011
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.core.api.security;
+
+/**
+ * @author Gerhard Petracek
+ */
+public enum AccessDecisionState
+{
+ INITIAL, VOTE_IN_PROGRESS, VIOLATION_FOUND, NO_VIOLATION_FOUND
+}
Added: myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java?rev=1079925&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java (added)
+++ myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java Wed Mar 9 18:43:52 2011
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.core.api.security;
+
+import java.io.Serializable;
+import java.util.List;
+
+/**
+ * Optional context which allows to get the current state as well as the results of the security check.
+ * (Optional because it requires a useful scope which depends on the environment.)
+ *
+ * @author Gerhard Petracek
+ */
+public interface AccessDecisionVoterContext extends Serializable
+{
+ /**
+ * Exposes the current state
+ * @return current state
+ */
+ AccessDecisionState getState();
+
+ /**
+ * Exposes the found violations
+ * @return found violations
+ */
+ List<SecurityViolation> getViolations();
+}
Added: myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java?rev=1079925&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java (added)
+++ myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java Wed Mar 9 18:43:52 2011
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.core.impl.security.spi;
+
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionState;
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionVoterContext;
+import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolation;
+
+/**
+ * @author Gerhard Petracek
+ */
+public interface EditableAccessDecisionVoterContext extends AccessDecisionVoterContext
+{
+ /**
+ * Updates the state of the context
+ * @param accessDecisionVoterState current state
+ */
+ void setState(AccessDecisionState accessDecisionVoterState);
+
+ /**
+ * Adds a new {@link SecurityViolation} to the context
+ * @param securityViolation security-violation which should be added
+ */
+ void addViolation(SecurityViolation securityViolation);
+}
Modified: myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java?rev=1079925&r1=1079924&r2=1079925&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java (original)
+++ myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java Wed Mar 9 18:43:52 2011
@@ -18,10 +18,13 @@
*/
package org.apache.myfaces.extensions.cdi.core.impl.util;
-import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolation;
+import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionVoter;
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionVoterContext;
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionState;
import org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException;
-import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
+import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolation;
+import org.apache.myfaces.extensions.cdi.core.impl.security.spi.EditableAccessDecisionVoterContext;
import javax.interceptor.InvocationContext;
import javax.enterprise.inject.spi.BeanManager;
@@ -50,18 +53,50 @@ public abstract class SecurityUtils
return;
}
- Set<SecurityViolation> violations;
+ AccessDecisionVoterContext voterContext =
+ CodiUtils.getContextualReferenceByClass(beanManager, AccessDecisionVoterContext.class, true);
- AccessDecisionVoter voter;
- for(Class<? extends AccessDecisionVoter> voterClass : accessDecisionVoters)
+ AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
+ try
{
- voter = CodiUtils.getContextualReferenceByClass(beanManager, voterClass);
+ if(voterContext instanceof EditableAccessDecisionVoterContext)
+ {
+ ((EditableAccessDecisionVoterContext)voterContext).setState(voterState);
+ }
- violations = voter.checkPermission(invocationContext);
+ Set<SecurityViolation> violations;
- if(violations != null && violations.size() > 0)
+ AccessDecisionVoter voter;
+ for(Class<? extends AccessDecisionVoter> voterClass : accessDecisionVoters)
{
- throw new AccessDeniedException(violations, errorView);
+ voter = CodiUtils.getContextualReferenceByClass(beanManager, voterClass);
+
+ violations = voter.checkPermission(invocationContext);
+
+ if(violations != null && violations.size() > 0)
+ {
+ if(voterContext instanceof EditableAccessDecisionVoterContext)
+ {
+ voterState = AccessDecisionState.VIOLATION_FOUND;
+ for(SecurityViolation securityViolation : violations)
+ {
+ ((EditableAccessDecisionVoterContext) voterContext).addViolation(securityViolation);
+ }
+ }
+ throw new AccessDeniedException(violations, errorView);
+ }
+ }
+ }
+ finally
+ {
+ if(voterContext instanceof EditableAccessDecisionVoterContext)
+ {
+ if(AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState))
+ {
+ voterState = AccessDecisionState.NO_VIOLATION_FOUND;
+ }
+
+ ((EditableAccessDecisionVoterContext)voterContext).setState(voterState);
}
}
}
Added: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java?rev=1079925&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java (added)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java Wed Mar 9 18:43:52 2011
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.jsf.impl.security;
+
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionState;
+import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolation;
+import org.apache.myfaces.extensions.cdi.core.impl.security.spi.EditableAccessDecisionVoterContext;
+
+import javax.enterprise.context.RequestScoped;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @author Gerhard Petracek
+ */
+@RequestScoped
+public class DefaultAccessDecisionVoterStateContext implements EditableAccessDecisionVoterContext
+{
+ private static final long serialVersionUID = -6354543616450765352L;
+
+ private AccessDecisionState state = AccessDecisionState.INITIAL;
+
+ private List<SecurityViolation> securityViolations;
+
+ /**
+ * {@inheritDoc}
+ */
+ public AccessDecisionState getState()
+ {
+ return this.state;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public List<SecurityViolation> getViolations()
+ {
+ if(this.securityViolations == null)
+ {
+ return Collections.emptyList();
+ }
+ return Collections.unmodifiableList(this.securityViolations);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setState(AccessDecisionState accessDecisionVoterState)
+ {
+ if(AccessDecisionState.VOTE_IN_PROGRESS.equals(accessDecisionVoterState))
+ {
+ this.securityViolations = new ArrayList<SecurityViolation>(); //lazy init
+ }
+ this.state = accessDecisionVoterState;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void addViolation(SecurityViolation securityViolation)
+ {
+ if(this.securityViolations == null)
+ {
+ throw new IllegalStateException(
+ AccessDecisionState.VOTE_IN_PROGRESS.name() + " is required for adding security-violations");
+ }
+ this.securityViolations.add(securityViolation);
+ }
+}