You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by gp...@apache.org on 2011/03/09 19:43:53 UTC

svn commit: r1079925 - in /myfaces/extensions/cdi/trunk: core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/ core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/ core/impl/src/main/java/org/apache/myface...

Author: gpetracek
Date: Wed Mar  9 18:43:52 2011
New Revision: 1079925

URL: http://svn.apache.org/viewvc?rev=1079925&view=rev
Log:
EXTCDI-155 AccessDecisionVoterContext (first draft)

Added:
    myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java
    myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java
    myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/
    myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/
    myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java
Modified:
    myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java

Added: myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java?rev=1079925&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java (added)
+++ myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionState.java Wed Mar  9 18:43:52 2011
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.core.api.security;
+
+/**
+ * @author Gerhard Petracek
+ */
+public enum AccessDecisionState
+{
+    INITIAL, VOTE_IN_PROGRESS, VIOLATION_FOUND, NO_VIOLATION_FOUND
+}

Added: myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java?rev=1079925&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java (added)
+++ myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/AccessDecisionVoterContext.java Wed Mar  9 18:43:52 2011
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.core.api.security;
+
+import java.io.Serializable;
+import java.util.List;
+
+/**
+ * Optional context which allows to get the current state as well as the results of the security check.
+ * (Optional because it requires a useful scope which depends on the environment.)
+ *
+ * @author Gerhard Petracek
+ */
+public interface AccessDecisionVoterContext extends Serializable
+{
+    /**
+     * Exposes the current state
+     * @return current state
+     */
+    AccessDecisionState getState();
+
+    /**
+     * Exposes the found violations
+     * @return found violations
+     */
+    List<SecurityViolation> getViolations();
+}

Added: myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java?rev=1079925&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java (added)
+++ myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/security/spi/EditableAccessDecisionVoterContext.java Wed Mar  9 18:43:52 2011
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.core.impl.security.spi;
+
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionState;
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionVoterContext;
+import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolation;
+
+/**
+ * @author Gerhard Petracek
+ */
+public interface EditableAccessDecisionVoterContext extends AccessDecisionVoterContext
+{
+    /**
+     * Updates the state of the context
+     * @param accessDecisionVoterState current state
+     */
+    void setState(AccessDecisionState accessDecisionVoterState);
+
+    /**
+     * Adds a new {@link SecurityViolation} to the context
+     * @param securityViolation security-violation which should be added
+     */
+    void addViolation(SecurityViolation securityViolation);
+}

Modified: myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java?rev=1079925&r1=1079924&r2=1079925&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java (original)
+++ myfaces/extensions/cdi/trunk/core/impl/src/main/java/org/apache/myfaces/extensions/cdi/core/impl/util/SecurityUtils.java Wed Mar  9 18:43:52 2011
@@ -18,10 +18,13 @@
  */
 package org.apache.myfaces.extensions.cdi.core.impl.util;
 
-import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolation;
+import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
 import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionVoter;
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionVoterContext;
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionState;
 import org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException;
-import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
+import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolation;
+import org.apache.myfaces.extensions.cdi.core.impl.security.spi.EditableAccessDecisionVoterContext;
 
 import javax.interceptor.InvocationContext;
 import javax.enterprise.inject.spi.BeanManager;
@@ -50,18 +53,50 @@ public abstract class SecurityUtils
             return;
         }
 
-        Set<SecurityViolation> violations;
+        AccessDecisionVoterContext voterContext =
+                CodiUtils.getContextualReferenceByClass(beanManager, AccessDecisionVoterContext.class, true);
 
-        AccessDecisionVoter voter;
-        for(Class<? extends AccessDecisionVoter> voterClass : accessDecisionVoters)
+        AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
+        try
         {
-            voter = CodiUtils.getContextualReferenceByClass(beanManager, voterClass);
+            if(voterContext instanceof EditableAccessDecisionVoterContext)
+            {
+                ((EditableAccessDecisionVoterContext)voterContext).setState(voterState);
+            }
 
-            violations = voter.checkPermission(invocationContext);
+            Set<SecurityViolation> violations;
 
-            if(violations != null && violations.size() > 0)
+            AccessDecisionVoter voter;
+            for(Class<? extends AccessDecisionVoter> voterClass : accessDecisionVoters)
             {
-                throw new AccessDeniedException(violations, errorView);
+                voter = CodiUtils.getContextualReferenceByClass(beanManager, voterClass);
+
+                violations = voter.checkPermission(invocationContext);
+
+                if(violations != null && violations.size() > 0)
+                {
+                    if(voterContext instanceof EditableAccessDecisionVoterContext)
+                    {
+                        voterState = AccessDecisionState.VIOLATION_FOUND;
+                        for(SecurityViolation securityViolation : violations)
+                        {
+                            ((EditableAccessDecisionVoterContext) voterContext).addViolation(securityViolation);
+                        }
+                    }
+                    throw new AccessDeniedException(violations, errorView);
+                }
+            }
+        }
+        finally
+        {
+            if(voterContext instanceof EditableAccessDecisionVoterContext)
+            {
+                if(AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState))
+                {
+                    voterState = AccessDecisionState.NO_VIOLATION_FOUND;
+                }
+
+                ((EditableAccessDecisionVoterContext)voterContext).setState(voterState);
             }
         }
     }

Added: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java?rev=1079925&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java (added)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/DefaultAccessDecisionVoterStateContext.java Wed Mar  9 18:43:52 2011
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.jsf.impl.security;
+
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDecisionState;
+import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolation;
+import org.apache.myfaces.extensions.cdi.core.impl.security.spi.EditableAccessDecisionVoterContext;
+
+import javax.enterprise.context.RequestScoped;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @author Gerhard Petracek
+ */
+@RequestScoped
+public class DefaultAccessDecisionVoterStateContext implements EditableAccessDecisionVoterContext
+{
+    private static final long serialVersionUID = -6354543616450765352L;
+
+    private AccessDecisionState state = AccessDecisionState.INITIAL;
+
+    private List<SecurityViolation> securityViolations;
+
+    /**
+     * {@inheritDoc}
+     */
+    public AccessDecisionState getState()
+    {
+        return this.state;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public List<SecurityViolation> getViolations()
+    {
+        if(this.securityViolations == null)
+        {
+            return Collections.emptyList();
+        }
+        return Collections.unmodifiableList(this.securityViolations);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setState(AccessDecisionState accessDecisionVoterState)
+    {
+        if(AccessDecisionState.VOTE_IN_PROGRESS.equals(accessDecisionVoterState))
+        {
+            this.securityViolations = new ArrayList<SecurityViolation>(); //lazy init
+        }
+        this.state = accessDecisionVoterState;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void addViolation(SecurityViolation securityViolation)
+    {
+        if(this.securityViolations == null)
+        {
+            throw new IllegalStateException(
+                    AccessDecisionState.VOTE_IN_PROGRESS.name() + " is required for adding security-violations");
+        }
+        this.securityViolations.add(securityViolation);
+    }
+}