You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ad...@apache.org on 2009/08/28 18:48:39 UTC
svn commit: r808951 [1/2] - in /ofbiz/branches/executioncontext20090812: ./
framework/api/config/ framework/api/src/org/ofbiz/api/authorization/
framework/api/src/org/ofbiz/api/context/
framework/common/src/org/ofbiz/common/ framework/context/src/org/o...
Author: adrianc
Date: Fri Aug 28 16:48:37 2009
New Revision: 808951
URL: http://svn.apache.org/viewvc?rev=808951&view=rev
Log:
Implemented permissions checking.
Added:
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java (with props)
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java (with props)
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java (with props)
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java (with props)
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java (with props)
Removed:
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsList.java
ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java
Modified:
ofbiz/branches/executioncontext20090812/BranchReadMe.txt
ofbiz/branches/executioncontext20090812/framework/api/config/api.properties
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java
ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java
ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java
ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java
ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java
ofbiz/branches/executioncontext20090812/framework/entityext/build.xml
ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java
ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml
ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java
ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml
ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml
ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServiceDispatcher.java
ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/job/JobManager.java
ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/job/PersistedServiceJob.java
ofbiz/branches/executioncontext20090812/framework/widget/src/org/ofbiz/widget/form/ModelFormAction.java
ofbiz/branches/executioncontext20090812/framework/widget/src/org/ofbiz/widget/screen/ModelScreenAction.java
ofbiz/branches/executioncontext20090812/framework/widget/src/org/ofbiz/widget/screen/ScreenRenderer.java
Modified: ofbiz/branches/executioncontext20090812/BranchReadMe.txt
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/BranchReadMe.txt?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/BranchReadMe.txt (original)
+++ ofbiz/branches/executioncontext20090812/BranchReadMe.txt Fri Aug 28 16:48:37 2009
@@ -43,6 +43,8 @@
action, change the settings in api.properties. You'll see info
messages in the console log.
+---------------------------------------------------------------------
+
2009-08-26: Added security-aware Freemarker transform. Template
sections can be controlled with:
@@ -50,3 +52,11 @@
If the user has permission to view the artifact, then "Some text"
will be rendered.
+
+---------------------------------------------------------------------
+
+2009-08-28: Permissions checking has been implemented. The code has
+a few bugs, and there are places where the ExecutionContext isn't being
+passed along, so OFBiz won't run with the AuthorizationManager enabled.
+Consequently, the AuthorizationManager is disabled by default. You can
+enable it with a property in api.properties.
Modified: ofbiz/branches/executioncontext20090812/framework/api/config/api.properties
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/config/api.properties?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/config/api.properties (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/config/api.properties Fri Aug 28 16:48:37 2009
@@ -21,18 +21,21 @@
# Apache OFBiz Framework API Settings
####
-# Set to true to enable ExecutionContext info messages. This property is for
-# development only, it will be removed when the ExecutionContext implementation
-# is complete.
-executionContext.verbose=false
-
# Class name of the ExecutionContext implementation
executionContext.class=org.ofbiz.context.ExecutionContextImpl
-# Set to true to enable AuthorizationManager info messages. This property is for
-# development only, it will be removed when the AuthorizationManager implementation
-# is complete.
-authorizationManager.verbose=false
-
# Class name of the AuthorizationManager implementation
authorizationManager.class=org.ofbiz.context.AuthorizationManagerImpl
+
+#-- The following properties are for development only, they will be removed
+#-- when the security-aware artifact implementation is complete.
+
+# Set to true to enable ExecutionContext info messages.
+executionContext.verbose=false
+
+# Set to true to enable AuthorizationManager info messages.
+authorizationManager.verbose=false
+
+# Set to true to disable the AuthorizationManager.
+authorizationManager.disabled=true
+
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AccessController.java Fri Aug 28 16:48:37 2009
@@ -23,13 +23,46 @@
import java.util.List;
import java.util.ListIterator;
-/**
- * AccessController interface.
+/** AccessController interface. This interface is intended to
+ * separate the permissions-checking logic from the artifacts
+ * that use it.
*/
public interface AccessController<E> {
- public void checkPermission(Permission permission) throws AccessControlException;
- public List<E> applyFilters(List<E> list);
+ /** Returns silently if the user has been granted <code>permission</code>
+ * access for the current artifact, throws <code>AccessControlException</code>
+ * otherwise.<p>Security-aware artifacts call this
+ * method with the desired permission. If access is granted the
+ * method returns, otherwise it throws an unchecked exception.
+ * Higher level code can catch the exception and handle it accordingly.</p>
+ *
+ * @param permission The permission to check
+ * @throws AccessControlException
+ */
+ public void checkPermission(Permission permission) throws AccessControlException;
+
+ /** Applies permission filters to a <code>List</code>. The
+ * returned <code>List</code> is security-aware, so methods
+ * that return an <code>Object</code> will return only the
+ * objects the user has permission to access.
+ *
+ * @param list The <code>List</code> to apply filters to
+ * @return A security-aware <code>List</code> if filters
+ * were specified for the current artifact, or the original
+ * <code>List</code> otherwise
+ */
+ public List<E> applyFilters(List<E> list);
+
+ /** Applies permission filters to a <code>ListIterator</code>. The
+ * returned <code>ListIterator</code> is security-aware, so methods
+ * that return an <code>Object</code> will return only the
+ * objects the user has permission to access.
+ *
+ * @param list The <code>ListIterator</code> to apply filters to
+ * @return A security-aware <code>ListIterator</code> if filters
+ * were specified for the current artifact, or the original
+ * <code>ListIterator</code> otherwise
+ */
public ListIterator<E> applyFilters(ListIterator<E> list);
}
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java Fri Aug 28 16:48:37 2009
@@ -21,13 +21,11 @@
import java.security.Permission;
/**
- * Admin permission class. Similar to java.security.BasicPermission.
+ * Admin permission class. Extends GenericPermission.
*/
@SuppressWarnings("serial")
-public class AdminPermission extends Permission {
+public class AdminPermission extends BasicPermission {
- protected final String permissionString = "admin=true";
-
public AdminPermission() {
super("admin=true");
}
@@ -38,7 +36,7 @@
return true;
}
try {
- BasicPermission that = (BasicPermission) obj;
+ AdminPermission that = (AdminPermission) obj;
return this.permissionString.equals(that.permissionString);
} catch (Exception e) {}
return false;
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java Fri Aug 28 16:48:37 2009
@@ -18,6 +18,8 @@
*******************************************************************************/
package org.ofbiz.api.authorization;
+import java.security.AccessControlException;
+
import org.ofbiz.api.context.ExecutionContext;
/**
@@ -26,6 +28,6 @@
public interface AuthorizationManager {
// Get the access controller for an artifact/user combination
- public AccessController getAccessController (ExecutionContext executionContext);
+ public AccessController getAccessController (ExecutionContext executionContext) throws AccessControlException;
}
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java Fri Aug 28 16:48:37 2009
@@ -21,7 +21,7 @@
import java.security.Permission;
/**
- * Basic permission class. Similar to java.security.BasicPermission.
+ * Generic permission class. Similar to java.security.BasicPermission.
*/
@SuppressWarnings("serial")
public class BasicPermission extends Permission {
@@ -39,7 +39,7 @@
return true;
}
try {
- BasicPermission that = (BasicPermission) obj;
+ BasicPermission that = (BasicPermission) obj;
return this.permissionString.equals(that.permissionString);
} catch (Exception e) {}
return false;
@@ -59,7 +59,7 @@
public boolean implies(Permission permission) {
try {
PermissionsUnion permissionsUnion = (PermissionsUnion) permission;
- for (Permission perm : permissionsUnion.permissionsList) {
+ for (Permission perm : permissionsUnion.getPermissionsSet()) {
if (this.implies(perm)) {
return true;
}
@@ -68,7 +68,7 @@
} catch (Exception e) {}
try {
PermissionsIntersection permissionsIntersection = (PermissionsIntersection) permission;
- for (Permission perm : permissionsIntersection.permissionsList) {
+ for (Permission perm : permissionsIntersection.getPermissionsSet()) {
if (!this.implies(perm)) {
return false;
}
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java Fri Aug 28 16:48:37 2009
@@ -22,10 +22,14 @@
import java.util.List;
/**
- * A <code>List</code> of permissions that represent an intersection.
+ * A <code>Set</code> of permissions that represents an intersection.
*/
@SuppressWarnings("serial")
-public class PermissionsIntersection extends PermissionsList {
+public class PermissionsIntersection extends PermissionsSet {
+
+ public PermissionsIntersection(String listName) {
+ super(listName);
+ }
public PermissionsIntersection(String listName, List<Permission> permissionsList) {
super(listName, permissionsList);
@@ -38,7 +42,7 @@
public boolean implies(Permission permission) {
try {
PermissionsUnion permissionsUnion = (PermissionsUnion) permission;
- for (Permission perm : permissionsUnion.permissionsList) {
+ for (Permission perm : permissionsUnion.getPermissionsSet()) {
if (this.implies(perm)) {
return true;
}
@@ -47,14 +51,14 @@
} catch (Exception e) {}
try {
PermissionsIntersection permissionsIntersection = (PermissionsIntersection) permission;
- for (Permission perm : permissionsIntersection.permissionsList) {
+ for (Permission perm : permissionsIntersection.getPermissionsSet()) {
if (!this.implies(perm)) {
return false;
}
}
return true;
} catch (Exception e) {}
- for (Permission perm : this.permissionsList) {
+ for (Permission perm : this.permissionsSet) {
if (!perm.implies(permission)) {
return false;
}
Added: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java?rev=808951&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java (added)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java Fri Aug 28 16:48:37 2009
@@ -0,0 +1,79 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.api.authorization;
+
+import java.security.Permission;
+import java.util.List;
+import java.util.Set;
+
+import javolution.util.FastSet;
+
+/**
+ * A <code>Set</code> of permissions.
+ */
+@SuppressWarnings("serial")
+public abstract class PermissionsSet extends BasicPermission {
+
+ protected final Set<Permission> permissionsSet = FastSet.newInstance();
+
+ public PermissionsSet(String setName) {
+ super(setName);
+ }
+
+ public PermissionsSet(String setName, List<Permission> permissionsList) {
+ super(setName);
+ this.permissionsSet.addAll(permissionsList);
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ try {
+ PermissionsSet that = (PermissionsSet) obj;
+ return this.permissionsSet.equals(that.permissionsSet);
+ } catch (Exception e) {}
+ return false;
+ }
+
+ @Override
+ public String getActions() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ return permissionsSet.hashCode();
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder();
+ for (Permission perm : this.permissionsSet) {
+ sb.append(perm);
+ sb.append(" ");
+ }
+ return sb.toString().trim();
+ }
+
+ public Set<Permission> getPermissionsSet() {
+ return this.permissionsSet;
+ }
+}
Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java
------------------------------------------------------------------------------
svn:keywords = "Date Rev Author URL Id"
Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java Fri Aug 28 16:48:37 2009
@@ -22,37 +22,17 @@
import java.util.List;
/**
- * A <code>List</code> of permissions that represent a union.
+ * A <code>Set</code> of permissions that represent a union.
*/
@SuppressWarnings("serial")
-public class PermissionsUnion extends Permission {
- protected final List<Permission> permissionsList;
+public class PermissionsUnion extends PermissionsSet {
- public PermissionsUnion(String listName, List<Permission> permissionsList) {
- super(listName);
- this.permissionsList = permissionsList;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (obj == this) {
- return true;
- }
- try {
- PermissionsUnion that = (PermissionsUnion) obj;
- return this.permissionsList.equals(that.permissionsList);
- } catch (Exception e) {}
- return false;
+ public PermissionsUnion(String listName) {
+ super(listName);
}
- @Override
- public String getActions() {
- return null;
- }
-
- @Override
- public int hashCode() {
- return permissionsList.hashCode();
+ public PermissionsUnion(String listName, List<Permission> permissionsList) {
+ super(listName, permissionsList);
}
/** Returns <code>true</code> if any of the contained permissions
@@ -62,7 +42,7 @@
public boolean implies(Permission permission) {
try {
PermissionsUnion permissionsUnion = (PermissionsUnion) permission;
- for (Permission perm : permissionsUnion.permissionsList) {
+ for (Permission perm : permissionsUnion.getPermissionsSet()) {
if (this.implies(perm)) {
return true;
}
@@ -71,28 +51,18 @@
} catch (Exception e) {}
try {
PermissionsIntersection permissionsIntersection = (PermissionsIntersection) permission;
- for (Permission perm : permissionsIntersection.permissionsList) {
+ for (Permission perm : permissionsIntersection.getPermissionsSet()) {
if (!this.implies(perm)) {
return false;
}
}
return true;
} catch (Exception e) {}
- for (Permission perm : this.permissionsList) {
+ for (Permission perm : this.permissionsSet) {
if (perm.implies(permission)) {
return true;
}
}
return false;
}
-
- @Override
- public String toString() {
- StringBuilder sb = new StringBuilder();
- for (Permission perm : this.permissionsList) {
- sb.append(perm);
- sb.append(" ");
- }
- return sb.toString().trim();
- }
}
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java Fri Aug 28 16:48:37 2009
@@ -18,8 +18,12 @@
*******************************************************************************/
package org.ofbiz.api.context;
-/** ExecutionArtifact interface. */
+/** ExecutionArtifact interface. Artifacts in the program's execution
+ * path (services, screen widgets, form widgets, entities) should implement
+ * this interface.
+ */
public interface ExecutionArtifact {
+
/**
* Returns the location of this artifact.
*
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java Fri Aug 28 16:48:37 2009
@@ -24,7 +24,23 @@
import org.ofbiz.api.authorization.AccessController;
-/** ExecutionContext interface. */
+/** ExecutionContext interface. The <code>ExecutionContext</code> is a container
+ * for frequently used objects, plus it keeps track of the program's
+ * execution path. <p>As an object container, the <code>ExecutionContext</code>
+ * simplifies framework code - since only one oject needs to be
+ * passed around instead of five or six.</p><p>The <code>ExecutionContext</code>
+ * depends on the artifacts in the program's execution path to implement
+ * the <code>ExecutionArtifact</code> interface, or if that is not possible,
+ * to use a <code>GenericExecutionArtifact</code> instance. At the start of
+ * each method, the artifact calls <code>pushExecutionArtifact</code>, and
+ * as each method exits the artifact calls <code>popExecutionArtifact</code>.
+ * Implementations of this interface will pass the current execution path
+ * to the Authorization Manager so the proper user permissions can be
+ * retrieved for the current artifact.</p>
+ *
+ * @see org.ofbiz.api.context.ExecutionArtifact
+ * @see org.ofbiz.api.context.GenericExecutionArtifact
+ */
public interface ExecutionContext {
/** Returns an <code>AccessController</code> instance for this
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java Fri Aug 28 16:48:37 2009
@@ -25,13 +25,14 @@
import javolution.util.FastList;
import javolution.util.FastMap;
+import org.ofbiz.api.authorization.AccessController;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilProperties;
/** Implementation of the ExecutionContext interface. */
public abstract class ExecutionContextImpl implements ExecutionContext {
- public static final String module = ExecutionContextImpl.class.getName();
+ public static final String module = ExecutionContextImpl.class.getName();
protected final FastList<ExecutionArtifact> artifactStack = FastList.newInstance();
protected String currencyUom = null;
@@ -51,6 +52,16 @@
this.verbose = "true".equals(UtilProperties.getPropertyValue("api.properties", "executionContext.verbose"));
}
+ @Override
+ protected void finalize() throws Throwable {
+ if (this.artifactStack.size() > 0) {
+ // This check is temporary - it will be removed when implementation is complete
+ Debug.logError(new Exception("finalize() called with a stack that is not empty"), module);
+ return;
+ }
+ super.finalize();
+ }
+
public String getCurrencyUom() {
return this.currencyUom;
}
@@ -63,7 +74,7 @@
StringBuilder sb = new StringBuilder("ofbiz");
for (ExecutionArtifact artifact : this.artifactStack) {
sb.append("/");
- sb.append(artifact.getName());
+ sb.append(artifact.getName() == null ? "null" : artifact.getName());
}
return sb.toString();
}
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java Fri Aug 28 16:48:37 2009
@@ -18,7 +18,7 @@
*******************************************************************************/
package org.ofbiz.api.context;
-/** A basic implementation of the ExecutionArtifact interface. */
+/** A basic implementation of the <code>ExecutionArtifact</code> interface. */
public class GenericExecutionArtifact implements ExecutionArtifact {
protected final String location;
Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java Fri Aug 28 16:48:37 2009
@@ -20,7 +20,22 @@
import java.util.Map;
-/** ParametersArtifact interface. */
+/** ParametersArtifact interface. This interface extends
+ * <code>ExecutionArtifact</code> and adds the ability to
+ * contain a parameter <code>Map</code>.<p>The purpose of this
+ * class is to provide a way for the <code>ExecutionContext</code>
+ * to keep track of what parameters are the most recent. For
+ * example: Service A calls Service B. Service A has one set of
+ * parameters, and Service B has another set of parameters. During
+ * program execution, Service A creates a <code>ParametersArtifact</code>
+ * instance that contains the service's parameters, then pushes that
+ * instance on the <code>ExecutionContext</code> stack. When Service B
+ * is called, it does the same thing. When framework code needs to
+ * access the current parameters, it calls
+ * <code>ExecutionContext.getParameters()</code>. The <code>ExecutionContext</code>
+ * will search its stack for the first <code>ParametersArtifact</code> instance -
+ * starting at the top of the stack, and return that instance.</p>
+ */
public interface ParametersArtifact extends ExecutionArtifact {
/**
Modified: ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/common/src/org/ofbiz/common/FindServices.java Fri Aug 28 16:48:37 2009
@@ -427,7 +427,11 @@
Map<String, Object> prepareResult = null;
try {
- prepareResult = dispatcher.runSync("prepareFind", UtilMisc.toMap("entityName", entityName, "orderBy", orderBy, "inputFields", inputFields, "filterByDate", filterByDate,"filterByDateValue", filterByDateValue, "userLogin", userLogin, "locale", context.get("locale"), "timeZone", context.get("timeZone")));
+ prepareResult = dispatcher.runSync("prepareFind", UtilMisc.toMap("entityName", entityName,
+ "orderBy", orderBy, "inputFields", inputFields, "filterByDate", filterByDate,
+ "filterByDateValue", filterByDateValue, "userLogin", userLogin,
+ "locale", context.get("locale"), "timeZone", context.get("timeZone"),
+ "executionContext", context.get("executionContext")));
} catch (GenericServiceException gse) {
return ServiceUtil.returnError("Error preparing conditions: " + gse.getMessage());
}
@@ -436,7 +440,8 @@
Map<String, Object> executeResult = null;
try {
- executeResult = dispatcher.runSync("executeFind", UtilMisc.toMap("entityName", entityName, "orderByList", orderByList, "fieldList", fieldList, "entityConditionList", exprList, "noConditionFind", noConditionFind, "distinct", distinct, "locale", context.get("locale"), "timeZone", context.get("timeZone")));
+ executeResult = dispatcher.runSync("executeFind", UtilMisc.toMap("entityName", entityName, "orderByList", orderByList, "fieldList", fieldList, "entityConditionList", exprList, "noConditionFind", noConditionFind, "distinct", distinct, "locale", context.get("locale"), "timeZone", context.get("timeZone"),
+ "executionContext", context.get("executionContext")));
} catch (GenericServiceException gse) {
return ServiceUtil.returnError("Error finding iterator: " + gse.getMessage());
}
Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AccessControllerImpl.java Fri Aug 28 16:48:37 2009
@@ -18,80 +18,117 @@
*******************************************************************************/
package org.ofbiz.context;
-import static org.ofbiz.api.authorization.BasicPermissions.Admin;
-
import java.security.AccessControlException;
import java.security.Permission;
import java.util.List;
import java.util.ListIterator;
+import java.util.Map;
+
+import javolution.util.FastMap;
import org.ofbiz.entity.AccessController;
import org.ofbiz.base.util.Debug;
-import org.ofbiz.base.util.UtilMisc;
import org.ofbiz.base.util.UtilProperties;
-import org.ofbiz.base.util.cache.UtilCache;
import org.ofbiz.entity.util.EntityListIterator;
+import org.ofbiz.service.DispatchContext;
import org.ofbiz.service.ExecutionContext;
+import org.ofbiz.service.LocalDispatcher;
+import org.ofbiz.service.ModelService;
public class AccessControllerImpl<E> implements AccessController<E> {
public static final String module = AccessControllerImpl.class.getName();
- protected static UtilCache<String, Permission> userGroupPermCache = new UtilCache<String, Permission>("authorization.UserGroupPermissions");
- protected static UtilCache<String, Permission> userPermCache = new UtilCache<String, Permission>("authorization.UserPermissions");
+
protected final ExecutionContext executionContext;
- protected final String executionPath;
- protected final Permission permission;
+ protected final OFBizPermission permission;
+ protected final PathNode node;
// Temporary - will be removed later
protected boolean verbose = false;
- protected List<String> serviceNameList = UtilMisc.toList("securityRedesignTest");
+ protected boolean disabled = false;
- protected AccessControllerImpl(ExecutionContext executionContext, Permission permission) {
+ protected AccessControllerImpl(ExecutionContext executionContext, PathNode node) {
this.executionContext = executionContext;
- this.executionPath = executionContext.getExecutionPath();
- this.permission = permission;
+ this.node = node;
+ this.permission = new OFBizPermission(executionContext.getUserLogin().getString("userLoginId"));
this.verbose = "true".equals(UtilProperties.getPropertyValue("api.properties", "authorizationManager.verbose"));
+ this.disabled = "true".equals(UtilProperties.getPropertyValue("api.properties", "authorizationManager.disabled"));
}
public void checkPermission(Permission permission) throws AccessControlException {
if (this.verbose) {
- Debug.logInfo("Checking permission: " + this.executionPath + "[" + permission + "]", module);
+ Debug.logInfo("Checking permission: " + this.executionContext.getExecutionPath() + "[" + permission + "]", module);
}
- if (!this.permission.implies(permission)) {
- throw new AccessControlException(this.executionPath);
+ this.permission.reset();
+ this.node.getPermissions(this.executionContext.getExecutionPath(), this.permission);
+ if (this.verbose) {
+ Debug.logInfo("Found permission(s): " + this.executionContext.getUserLogin().getString("userLoginId") +
+ "@" + this.executionContext.getExecutionPath() + "[" + this.permission + "]", module);
}
+ if (this.disabled) {
+ return;
+ }
+ if (this.permission.implies(permission) && this.hasServicePermission()) {
+ return;
+ }
+ throw new AccessControlException(this.executionContext.getUserLogin().getString("userLoginId") +
+ "@" + this.executionContext.getExecutionPath() + "[" + permission + "]");
}
public List<E> applyFilters(List<E> list) {
- String upperPath = this.executionPath.toUpperCase();
- if (upperPath.startsWith("OFBIZ/EXAMPLE")) {
- if (this.verbose) {
- Debug.logInfo("Applying List filter \"securityRedesignTest\" for path " + this.executionPath, module);
- }
- return new SecurityAwareList<E>(list, this.serviceNameList, this.executionContext);
+ if (this.permission.getFilterNames().size() > 0) {
+ return new SecurityAwareList<E>(list, this.permission.getFilterNames(), this.executionContext);
}
return list;
}
public ListIterator<E> applyFilters(ListIterator<E> listIterator) {
- String upperPath = this.executionPath.toUpperCase();
- if (upperPath.startsWith("OFBIZ/EXAMPLE")) {
- if (this.verbose) {
- Debug.logInfo("Applying ListIterator filter \"securityRedesignTest\" for path " + this.executionPath, module);
- }
- return new SecurityAwareListIterator<E>(listIterator, this.serviceNameList, this.executionContext);
+ if (this.permission.getFilterNames().size() > 0) {
+ return new SecurityAwareListIterator<E>(listIterator, this.permission.getFilterNames(), this.executionContext);
}
return listIterator;
}
public EntityListIterator applyFilters(EntityListIterator listIterator) {
- String upperPath = this.executionPath.toUpperCase();
- if (upperPath.startsWith("OFBIZ/EXAMPLE")) {
- if (this.verbose) {
- Debug.logInfo("Applying EntityListIterator filter \"securityRedesignTest\" for path " + this.executionPath, module);
- }
+ if (this.permission.getFilterNames().size() > 0) {
// Commented out for now - causes problems with list pagination in UI
// return new SecurityAwareEli(listIterator, this.serviceNameList, this.executionContext);
}
return listIterator;
}
+
+ protected boolean hasServicePermission() {
+ try {
+ if (this.permission.getServiceNames().size() == 0) {
+ return true;
+ }
+ LocalDispatcher dispatcher = this.executionContext.getDispatcher();
+ DispatchContext ctx = dispatcher.getDispatchContext();
+ Map<String, ? extends Object> params = this.executionContext.getParameters();
+ for (String serviceName : this.permission.getServiceNames()) {
+ ModelService modelService = ctx.getModelService(serviceName);
+ Map<String, Object> context = FastMap.newInstance();
+ if (params != null) {
+ context.putAll(params);
+ }
+ if (!context.containsKey("userLogin")) {
+ context.put("userLogin", this.executionContext.getUserLogin());
+ }
+ if (!context.containsKey("locale")) {
+ context.put("locale", this.executionContext.getLocale());
+ }
+ if (!context.containsKey("timeZone")) {
+ context.put("timeZone", this.executionContext.getTimeZone());
+ }
+ context = modelService.makeValid(context, ModelService.IN_PARAM);
+ Map<String, Object> result = dispatcher.runSync(serviceName, context);
+ Boolean hasPermission = (Boolean) result.get("hasPermission");
+ if (hasPermission != null && !hasPermission.booleanValue()) {
+ return false;
+ }
+ }
+ } catch (Exception e) {
+ Debug.logError(e, module);
+ }
+ return true;
+ }
}
Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java Fri Aug 28 16:48:37 2009
@@ -18,21 +18,22 @@
*******************************************************************************/
package org.ofbiz.context;
-import static org.ofbiz.api.authorization.BasicPermissions.Admin;
-
import java.security.AccessControlException;
import java.security.Permission;
import java.util.List;
-import java.util.ListIterator;
+import org.ofbiz.api.authorization.BasicPermissions;
import org.ofbiz.entity.AccessController;
-import org.ofbiz.api.authorization.PermissionsIntersection;
+import org.ofbiz.entity.GenericDelegator;
+import org.ofbiz.entity.GenericEntityException;
+import org.ofbiz.entity.GenericValue;
+import org.ofbiz.entity.condition.EntityCondition;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilMisc;
+import org.ofbiz.base.util.cache.UtilCache;
import org.ofbiz.security.AuthorizationManager;
import org.ofbiz.security.OFBizSecurity;
import org.ofbiz.service.ExecutionContext;
-import org.ofbiz.service.ServicePermission;
/**
* An implementation of the AuthorizationManager interface that uses the OFBiz database
@@ -40,28 +41,17 @@
*/
public class AuthorizationManagerImpl<E> extends OFBizSecurity implements AuthorizationManager {
- // Right now this class is being used as a test jig for the various classes
- // it will be working with. The actual implementation will occur once the
- // entities are defined and in place.
+ // Right now this class implements permission checking only.
public static final String module = AuthorizationManagerImpl.class.getName();
-
- protected Permission testPermission = null;
- protected Permission getTestPermission(ExecutionContext executionContext) {
- if (this.testPermission == null) {
- // Build test permissions
- this.testPermission = new PermissionsIntersection("TestPermissions",
- UtilMisc.toList(new ServicePermission("securityRedesignTest", executionContext),
- Admin));
- }
- return this.testPermission;
- }
+ protected static final UtilCache<String, PathNode> userPermCache = new UtilCache<String, PathNode>("authorization.UserPermissions");
+ public static final AccessController<?> nullAccessController = new NullAccessController();
+ protected static boolean underConstruction = false;
public AuthorizationManagerImpl() {
}
- public void assignGroupPermission(String userGroupId, String artifactId,
- Permission permission) {
+ public void assignGroupPermission(String userGroupId, String artifactId, Permission permission) {
// TODO Auto-generated method stub
}
@@ -71,8 +61,7 @@
}
- public void assignUserPermission(String userLoginId, String artifactId,
- Permission permission) {
+ public void assignUserPermission(String userLoginId, String artifactId, Permission permission) {
// TODO Auto-generated method stub
}
@@ -97,8 +86,7 @@
}
- public void deleteGroupPermission(String userGroupId, String artifactId,
- Permission permission) {
+ public void deleteGroupPermission(String userGroupId, String artifactId, Permission permission) {
// TODO Auto-generated method stub
}
@@ -118,8 +106,7 @@
}
- public void deleteUserPermission(String userLoginId, String artifactId,
- Permission permission) {
+ public void deleteUserPermission(String userLoginId, String artifactId, Permission permission) {
// TODO Auto-generated method stub
}
@@ -134,8 +121,91 @@
}
- public AccessController<E> getAccessController(org.ofbiz.api.context.ExecutionContext executionContext) {
- return new AccessControllerImpl<E>((ExecutionContext) executionContext, this.getTestPermission((ExecutionContext) executionContext));
- }
+ @SuppressWarnings("unchecked")
+ public AccessController<?> getAccessController(org.ofbiz.api.context.ExecutionContext executionContext) throws AccessControlException {
+ String userLoginId = ((ExecutionContext) executionContext).getUserLogin().getString("userLoginId");
+ PathNode node = userPermCache.get(userLoginId);
+ if (node == null) {
+ synchronized (userPermCache) {
+ if (underConstruction) {
+ return nullAccessController;
+ }
+ node = userPermCache.get(userLoginId);
+ if (node == null) {
+ node = getUserPermissionsNode((ExecutionContext) executionContext);
+ userPermCache.put(userLoginId, node);
+ }
+ }
+ }
+ return new AccessControllerImpl((ExecutionContext) executionContext, node);
+ }
+
+ @SuppressWarnings("unchecked")
+ protected static PathNode getUserPermissionsNode(ExecutionContext executionContext) throws AccessControlException {
+ underConstruction = true;
+ // Set up the ExecutionContext for unrestricted access to security-aware artifacts
+ ExecutionContext localContext = (ExecutionContext) executionContext;
+ AuthorizationManager originalSecurity = localContext.getSecurity();
+ localContext.setSecurity(new NullAuthorizationManager());
+ String userLoginId = executionContext.getUserLogin().getString("userLoginId");
+ GenericDelegator delegator = executionContext.getDelegator();
+ PathNode node = new PathNode();
+ try {
+ // Process group membership permissions first
+ List<GenericValue> groupMemberships = delegator.findList("UserToUserGroupRelationship", EntityCondition.makeCondition(UtilMisc.toMap("userLoginId", userLoginId)), null, null, null, false);
+ for (GenericValue userGroup : groupMemberships) {
+ processGroupPermissions(userGroup.getString("groupId"), node, delegator);
+ }
+ // Process user permissions last
+ List<GenericValue> permissionValues = delegator.findList("UserToArtifactPermRel", EntityCondition.makeCondition(UtilMisc.toMap("userLoginId", userLoginId)), null, null, null, false);
+ setPermissions(userLoginId, node, permissionValues);
+ } catch (GenericEntityException e) {
+ throw new AccessControlException(e.getMessage());
+ } finally {
+ localContext.setSecurity(originalSecurity);
+ underConstruction = false;
+ }
+ return node;
+ }
+
+ protected static void processGroupPermissions(String groupId, PathNode node, GenericDelegator delegator) throws AccessControlException {
+ try {
+ // Process this group's memberships first
+ List<GenericValue> parentGroups = delegator.findList("UserGroupRelationship", EntityCondition.makeCondition(UtilMisc.toMap("toGroupId", groupId)), null, null, null, false);
+ for (GenericValue parentGroup : parentGroups) {
+ processGroupPermissions(parentGroup.getString("fromGroupId"), node, delegator);
+ }
+ // Process this group's permissions
+ List<GenericValue> permissionValues = delegator.findList("UserGroupToArtifactPermRel", EntityCondition.makeCondition(UtilMisc.toMap("groupId", groupId)), null, null, null, false);
+ setPermissions(groupId, node, permissionValues);
+ } catch (GenericEntityException e) {
+ throw new AccessControlException(e.getMessage());
+ }
+ }
+
+ protected static void setPermissions(String id, PathNode node, List<GenericValue> permissionValues) {
+ for (GenericValue value : permissionValues) {
+ String artifactPath = value.getString("artifactPath");
+ OFBizPermission target = new OFBizPermission(id + "@" + artifactPath);
+ String[] pair = value.getString("permissionValue").split("=");
+ if ("filter".equalsIgnoreCase(pair[0])) {
+ target.filters.add(pair[1]);
+ } else if ("service".equalsIgnoreCase(pair[0])) {
+ target.services.add(pair[1]);
+ } else {
+ Permission permission = BasicPermissions.ConversionMap.get(pair[0].toUpperCase());
+ if (permission != null) {
+ if ("true".equalsIgnoreCase(pair[1])) {
+ target.includePermissions.getPermissionsSet().add(permission);
+ } else {
+ target.excludePermissions.getPermissionsSet().add(permission);
+ }
+ } else {
+ throw new AccessControlException("Invalid permission: " + pair[0]);
+ }
+ }
+ node.setPermissions(artifactPath, target);
+ }
+ }
}
Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java Fri Aug 28 16:48:37 2009
@@ -37,6 +37,7 @@
/** ExecutionContext implementation. */
public class ExecutionContextImpl extends org.ofbiz.api.context.ExecutionContextImpl implements ExecutionContext {
+ public static final String module = ExecutionContextImpl.class.getName();
protected GenericDelegator delegator = null;
protected LocalDispatcher dispatcher = null;
protected AuthorizationManager security = null;
@@ -74,6 +75,10 @@
} catch (GenericEntityException e) {
Debug.logError(e, "Error while getting NOT_LOGGED_IN user: ", module);
}
+ if (this.userLogin == null) {
+ this.userLogin = localDelegator.makeValue("UserLogin");
+ this.userLogin.set("userLoginId", "NOT_LOGGED_IN");
+ }
}
return this.userLogin;
}
@@ -113,6 +118,6 @@
}
public AccessController<?> getAccessController() {
- return (AccessController<?>) this.getSecurity().getAccessController(this);
+ return (AccessController<?>) this.getSecurity().getAccessController(this);
}
}
Added: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java?rev=808951&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java (added)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java Fri Aug 28 16:48:37 2009
@@ -0,0 +1,44 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.context;
+
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.util.List;
+import java.util.ListIterator;
+
+import org.ofbiz.entity.AccessController;
+import org.ofbiz.entity.util.EntityListIterator;
+
+public class NullAccessController<E> implements AccessController<E> {
+
+ public EntityListIterator applyFilters(EntityListIterator listIterator) {
+ return listIterator;
+ }
+
+ public List<E> applyFilters(List<E> list) {
+ return list;
+ }
+
+ public ListIterator<E> applyFilters(ListIterator<E> list) {
+ return list;
+ }
+
+ public void checkPermission(Permission permission) throws AccessControlException {}
+}
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java
------------------------------------------------------------------------------
svn:keywords = "Date Rev Author URL Id"
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAccessController.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java?rev=808951&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java (added)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java Fri Aug 28 16:48:37 2009
@@ -0,0 +1,163 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.context;
+
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpSession;
+
+import org.ofbiz.entity.GenericDelegator;
+import org.ofbiz.entity.GenericValue;
+import org.ofbiz.security.AuthorizationManager;
+
+/** An implementation of <code>AuthorizationManager</code> that allows
+ * unrestricted access to all security-aware artifacts. This class
+ * is intended to be used in situations where user permissions are
+ * not available or accessible (the initial data load for example).
+ * <p>Extreme care should be taken when using this class so that
+ * security holes are not introduced. A recommended strategy is:<br><br>
+ * <ul>
+ * <li>Save the current <code>AuthorizationManager</code> instance in
+ * a local variable - using <code>ExecutionContext.getSecurity()</code>.</li>
+ * <li>Call <code>ExecutionContext.setSecurity(...)</code> with a
+ * <code>NullAuthorizationManager</code> instance.</li>
+ * <li>Perform the unrestricted tasks.</li>
+ * <li>Restore the original <code>AuthorizationManager</code> by
+ * calling <code>ExecutionContext.setSecurity(...)</code> with the
+ * saved <code>AuthorizationManager</code> instance.</li>
+ * </ul></p>
+ *
+ * @param <E>
+ */
+public class NullAuthorizationManager<E> implements AuthorizationManager {
+
+ public void assignGroupPermission(String userGroupId, String artifactId,
+ Permission permission) {
+ }
+
+ public void assignGroupToGroup(String childGroupId, String parentGroupId) {
+ }
+
+ public void assignUserPermission(String userLoginId, String artifactId,
+ Permission permission) {
+ }
+
+ public void assignUserToGroup(String userLoginId, String userGroupId) {
+ }
+
+ public void createUser(String userLoginId, String password) {
+ }
+
+ public String createUserGroup(String description) {
+ return null;
+ }
+
+ public void deleteGroupFromGroup(String childGroupId, String parentGroupId) {
+ }
+
+ public void deleteGroupPermission(String userGroupId, String artifactId,
+ Permission permission) {
+ }
+
+ public void deleteUser(String userLoginId) {
+ }
+
+ public void deleteUserFromGroup(String userLoginId, String userGroupId) {
+ }
+
+ public void deleteUserGroup(String userGroupId) {
+ }
+
+ public void deleteUserPermission(String userLoginId, String artifactId,
+ Permission permission) {
+ }
+
+ public void updateUser(String userLoginId, String password) {
+ }
+
+ public void updateUserGroup(String userGroupId, String description) {
+ }
+
+ public org.ofbiz.api.authorization.AccessController getAccessController(
+ org.ofbiz.api.context.ExecutionContext executionContext)
+ throws AccessControlException {
+ return AuthorizationManagerImpl.nullAccessController;
+ }
+
+ public void clearUserData(GenericValue userLogin) {
+ }
+
+ public Iterator<GenericValue> findUserLoginSecurityGroupByUserLoginId(
+ String userLoginId) {
+ return null;
+ }
+
+ public GenericDelegator getDelegator() {
+ return null;
+ }
+
+ public boolean hasEntityPermission(String entity, String action,
+ HttpSession session) {
+ return true;
+ }
+
+ public boolean hasEntityPermission(String entity, String action,
+ GenericValue userLogin) {
+ return true;
+ }
+
+ public boolean hasPermission(String permission, HttpSession session) {
+ return true;
+ }
+
+ public boolean hasPermission(String permission, GenericValue userLogin) {
+ return true;
+ }
+
+ public boolean hasRolePermission(String application, String action,
+ String primaryKey, String role, HttpSession session) {
+ return true;
+ }
+
+ public boolean hasRolePermission(String application, String action,
+ String primaryKey, String role, GenericValue userLogin) {
+ return true;
+ }
+
+ public boolean hasRolePermission(String application, String action,
+ String primaryKey, List<String> roles, GenericValue userLogin) {
+ return true;
+ }
+
+ public boolean hasRolePermission(String application, String action,
+ String primaryKey, List<String> roles, HttpSession session) {
+ return true;
+ }
+
+ public boolean securityGroupPermissionExists(String groupId,
+ String permission) {
+ return true;
+ }
+
+ public void setDelegator(GenericDelegator delegator) {
+ }
+}
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java
------------------------------------------------------------------------------
svn:keywords = "Date Rev Author URL Id"
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/NullAuthorizationManager.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java?rev=808951&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java (added)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java Fri Aug 28 16:48:37 2009
@@ -0,0 +1,140 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.context;
+
+import static org.ofbiz.api.authorization.BasicPermissions.*;
+
+import java.security.Permission;
+import java.util.Set;
+
+import javolution.util.FastSet;
+
+import org.ofbiz.api.authorization.PermissionsUnion;
+
+/** OFBizPermission class.
+ * <p>This class enforces the security-aware artifact permission
+ * checking rules:<br>
+ * <ul>
+ * <li>If the permissions list contains the specified permission,
+ * then access is granted</li>
+ * <li>If services are specified, and all services return
+ * <code>hasPermission=true</code>, then access is granted</li>
+ * <li>The class contains a list of filters that can be used
+ * by filter implementations</li>
+ * </ul></p>
+ *
+ */
+@SuppressWarnings("serial")
+public class OFBizPermission extends Permission {
+
+ protected Permission adminPermission = null;
+ protected final PermissionsUnion includePermissions;
+ protected final PermissionsUnion excludePermissions;
+ protected final Set<String> filters = FastSet.newInstance();
+ protected final Set<String> services = FastSet.newInstance();
+
+ public OFBizPermission(String name) {
+ super(name);
+ this.includePermissions = new PermissionsUnion(name);
+ this.excludePermissions = new PermissionsUnion(name);
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ try {
+ OFBizPermission that = (OFBizPermission) obj;
+ return this.getName().equals(that.getName());
+ } catch (Exception e) {}
+ return false;
+ }
+
+ @Override
+ public String getActions() {
+ return null;
+ }
+
+ @Override
+ public int hashCode() {
+ return this.getName().hashCode();
+ }
+
+ @Override
+ public boolean implies(Permission permission) {
+ if (this.adminPermission != null) {
+ return this.adminPermission.implies(permission);
+ }
+ return this.includePermissions.implies(permission) && !this.excludePermissions.implies(permission);
+ }
+
+ public Set<String> getFilterNames() {
+ return this.filters;
+ }
+
+ public Set<String> getServiceNames() {
+ return this.services;
+ }
+
+ public void accumulatePermissions(OFBizPermission permission) {
+ if (permission == null || this.adminPermission != null) {
+ return;
+ }
+ if (permission.includePermissions.getPermissionsSet().contains(Admin)) {
+ this.adminPermission = Admin;
+ return;
+ }
+ this.includePermissions.getPermissionsSet().removeAll(permission.excludePermissions.getPermissionsSet());
+ this.excludePermissions.getPermissionsSet().removeAll(permission.includePermissions.getPermissionsSet());
+ this.includePermissions.getPermissionsSet().addAll(permission.includePermissions.getPermissionsSet());
+ this.excludePermissions.getPermissionsSet().addAll(permission.excludePermissions.getPermissionsSet());
+ this.filters.addAll(permission.filters);
+ this.services.addAll(permission.services);
+ }
+
+ public void reset() {
+ this.adminPermission = null;
+ this.includePermissions.getPermissionsSet().clear();
+ this.excludePermissions.getPermissionsSet().clear();
+ this.filters.clear();
+ this.services.clear();
+ }
+
+ @Override
+ public String toString() {
+ if (this.adminPermission != null) {
+ return this.adminPermission.toString();
+ }
+ StringBuilder sb = new StringBuilder();
+ sb.append(this.includePermissions);
+ sb.append(" ");
+ sb.append(this.excludePermissions);
+ for (String filter : this.filters) {
+ sb.append(" filter=");
+ sb.append(filter);
+ }
+ for (String service : this.services) {
+ sb.append(" service=");
+ sb.append(service);
+ }
+ return sb.toString().trim();
+ }
+
+}
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java
------------------------------------------------------------------------------
svn:keywords = "Date Rev Author URL Id"
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/OFBizPermission.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java?rev=808951&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java (added)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java Fri Aug 28 16:48:37 2009
@@ -0,0 +1,66 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.context;
+
+import java.util.Map;
+
+import javolution.util.FastMap;
+
+public class PathNode {
+
+ protected Map<String, PathNode> childNodes = null;
+ protected OFBizPermission permission = null;
+
+ public void setPermissions(String artifactPath, OFBizPermission permission) {
+ int pos = artifactPath.indexOf("/");
+ if (pos == -1) {
+ if (this.permission == null) {
+ this.permission = permission;
+ } else {
+ this.permission.accumulatePermissions(permission);
+ }
+ return;
+ }
+ String key = artifactPath.substring(0, pos - 1).toUpperCase();
+ if (this.childNodes == null) {
+ this.childNodes = FastMap.newInstance();
+ }
+ PathNode node = this.childNodes.get(key);
+ if (node == null) {
+ node = new PathNode();
+ this.childNodes.put(key, node);
+ }
+ node.setPermissions(artifactPath.substring(pos + 1), permission);
+ }
+
+ public void getPermissions(String artifactPath, OFBizPermission permission) {
+ permission.accumulatePermissions(this.permission);
+ int pos = artifactPath.indexOf("/");
+ if (pos == -1) {
+ return;
+ }
+ String key = artifactPath.substring(0, pos - 1).toUpperCase();
+ if (this.childNodes != null) {
+ PathNode node = this.childNodes.get(key);
+ if (node != null) {
+ node.getPermissions(artifactPath, permission);
+ }
+ }
+ }
+}
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java
------------------------------------------------------------------------------
svn:keywords = "Date Rev Author URL Id"
Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/PathNode.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareEli.java Fri Aug 28 16:48:37 2009
@@ -19,6 +19,7 @@
package org.ofbiz.context;
import java.util.List;
+import java.util.Set;
import javolution.util.FastList;
@@ -44,7 +45,7 @@
protected final EntityListIterator listIterator;
protected GenericValue previousValue = null;
- public SecurityAwareEli(EntityListIterator iterator, List<String> serviceNameList, ExecutionContext executionContext) {
+ public SecurityAwareEli(EntityListIterator iterator, Set<String> serviceNameList, ExecutionContext executionContext) {
super(iterator, serviceNameList, executionContext);
this.listIterator = iterator;
}
Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java Fri Aug 28 16:48:37 2009
@@ -19,7 +19,7 @@
package org.ofbiz.context;
import java.util.Iterator;
-import java.util.List;
+import java.util.Set;
import java.util.Map;
import javolution.util.FastMap;
@@ -44,11 +44,11 @@
public static final String module = SecurityAwareIterator.class.getName();
protected final Iterator<E> iterator;
- protected final List<String> serviceNameList;
+ protected final Set<String> serviceNameList;
protected final ExecutionContext executionContext;
protected E nextValue = null;
- public SecurityAwareIterator(Iterator<E> iterator, List<String> serviceNameList, ExecutionContext executionContext) {
+ public SecurityAwareIterator(Iterator<E> iterator, Set<String> serviceNameList, ExecutionContext executionContext) {
this.iterator = iterator;
this.serviceNameList = serviceNameList;
this.executionContext = executionContext;
Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareList.java Fri Aug 28 16:48:37 2009
@@ -22,6 +22,7 @@
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
+import java.util.Set;
import org.ofbiz.service.ExecutionContext;
@@ -32,10 +33,10 @@
public class SecurityAwareList<E> extends ArrayList<E> implements List<E> {
protected final static String module = SecurityAwareList.class.getName();
- protected final List<String> serviceNameList;
+ protected final Set<String> serviceNameList;
protected final ExecutionContext executionContext;
- public SecurityAwareList(List<E> valueList, List<String> serviceNameList, ExecutionContext executionContext) {
+ public SecurityAwareList(List<E> valueList, Set<String> serviceNameList, ExecutionContext executionContext) {
super(valueList.size());
this.addAll(valueList);
this.trimToSize();
Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java Fri Aug 28 16:48:37 2009
@@ -20,6 +20,7 @@
import java.util.List;
import java.util.ListIterator;
+import java.util.Set;
import org.ofbiz.service.ExecutionContext;
@@ -40,7 +41,7 @@
protected E previousValue = null;
protected int index = 0;
- public SecurityAwareListIterator(ListIterator<E> iterator, List<String> serviceNameList, ExecutionContext executionContext) {
+ public SecurityAwareListIterator(ListIterator<E> iterator, Set<String> serviceNameList, ExecutionContext executionContext) {
super(iterator, serviceNameList, executionContext);
this.listIterator = iterator;
}
Modified: ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/AccessController.java Fri Aug 28 16:48:37 2009
@@ -28,6 +28,16 @@
*/
public interface AccessController<E> extends org.ofbiz.api.authorization.AccessController<E> {
+ /** Applies permission filters to an <code>EntityListIterator</code>. The
+ * returned <code>EntityListIterator</code> is security-aware, so methods
+ * that return a <code>GenericValue</code> will return only the
+ * values the user has permission to access.
+ *
+ * @param list The <code>EntityListIterator</code> to apply filters to
+ * @return A security-aware <code>EntityListIterator</code> if filters
+ * were specified for the current artifact, or the original
+ * <code>EntityListIterator</code> otherwise
+ */
public EntityListIterator applyFilters(EntityListIterator listIterator);
}
Modified: ofbiz/branches/executioncontext20090812/framework/entityext/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/entityext/build.xml?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/entityext/build.xml (original)
+++ ofbiz/branches/executioncontext20090812/framework/entityext/build.xml Fri Aug 28 16:48:37 2009
@@ -39,6 +39,7 @@
<fileset dir="../security/build/lib" includes="*.jar"/>
<fileset dir="../service/lib" includes="*.jar"/>
<fileset dir="../service/build/lib" includes="*.jar"/>
+ <fileset dir="../context/build/lib" includes="*.jar"/>
</path>
<!-- ================================================================== -->
Modified: ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java Fri Aug 28 16:48:37 2009
@@ -35,6 +35,9 @@
import org.ofbiz.base.util.StringUtil;
import org.ofbiz.base.util.UtilURL;
import org.ofbiz.base.util.UtilValidate;
+import org.ofbiz.context.AuthorizationManagerImpl;
+import org.ofbiz.context.ExecutionContextImpl;
+import org.ofbiz.entity.AccessController;
import org.ofbiz.entity.DelegatorFactory;
import org.ofbiz.entity.GenericDelegator;
import org.ofbiz.entity.GenericEntityException;
@@ -225,7 +228,7 @@
String delegatorNameToUse = overrideDelegator != null ? overrideDelegator : delegatorName;
String groupNameToUse = overrideGroup != null ? overrideGroup : entityGroupName;
- GenericDelegator delegator = DelegatorFactory.getGenericDelegator(delegatorNameToUse);
+ GenericDelegator delegator = DelegatorFactory.getGenericDelegator(delegatorNameToUse, new LoaderExecutionContext());
if (delegator == null) {
throw new ContainerException("Invalid delegator name!");
}
@@ -470,4 +473,12 @@
*/
public void stop() throws ContainerException {
}
+
+ // TODO: Find an implementation-agnostic way to do this
+ protected static class LoaderExecutionContext extends ExecutionContextImpl {
+ @Override
+ public AccessController<?> getAccessController() {
+ return AuthorizationManagerImpl.nullAccessController;
+ }
+ }
}
Modified: ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml (original)
+++ ofbiz/branches/executioncontext20090812/framework/example/data/ExampleSecurityData.xml Fri Aug 28 16:48:37 2009
@@ -35,6 +35,13 @@
<ArtifactPath artifactPath="ofbiz/example" description="Example Application"/>
<ArtifactPath artifactPath="ofbiz/exampleext" description="Extended Example Application"/>
+ <!-- Data needed to get users logged in -->
+ <ArtifactPath artifactPath="ofbiz/example/getUserPreferenceGroup" description="Example Application - getUserPreferenceGroup service"/>
+ <ArtifactPath artifactPath="ofbiz/example/login" description="Example Application - Login screen"/>
+ <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/getUserPreferenceGroup" permissionValue="access=true"/>
+ <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/login" permissionValue="access=true"/>
+ <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/login" permissionValue="view=true"/>
+
<!-- Data needed for the transition to security-aware artifacts. As each webapp
is converted over to the new security design, the corresponding admin
permission should be removed. -->
Modified: ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/minilang/src/org/ofbiz/minilang/method/callops/SetServiceFields.java Fri Aug 28 16:48:37 2009
@@ -101,7 +101,15 @@
methodContext.setErrorReturn(errMsg, simpleMethod);
return false;
}
+ Map<String, Object> originalParams = methodContext.getParameters();
for (ModelParam modelParam: modelService.getInModelParamList()) {
+ if (modelParam.internal) {
+ // Copy internal parameters
+ Object value = originalParams.get(modelParam.name);
+ if (value != null) {
+ toMap.put(modelParam.name, value);
+ }
+ }
if (fromMap.containsKey(modelParam.name)) {
Object value = fromMap.get(modelParam.name);
Modified: ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml (original)
+++ ofbiz/branches/executioncontext20090812/framework/security/data/SecurityData.xml Fri Aug 28 16:48:37 2009
@@ -61,6 +61,7 @@
<UserLogin userLoginId="NOT_LOGGED_IN" enabled="N" isSystem="N"/>
<UserGroup groupId="OFBIZ_USERS" description="All OFBiz users"/>
<ArtifactPath artifactPath="ofbiz" description="The artifact path root"/>
+ <ArtifactPermission permissionValue="access=true" description="Access granted"/>
<ArtifactPermission permissionValue="admin=true" description="Admin access granted"/>
<ArtifactPermission permissionValue="create=true" description="Create access granted"/>
<ArtifactPermission permissionValue="create=false" description="Create access denied"/>
@@ -71,5 +72,9 @@
<ArtifactPermission permissionValue="view=true" description="View access granted"/>
<ArtifactPermission permissionValue="view=false" description="View access denied"/>
<UserToArtifactPermRel userLoginId="system" artifactPath="ofbiz" permissionValue="admin=true"/>
+ <ArtifactPath artifactPath="ofbiz/getUserPreferenceGroup" description="The getUserPreferenceGroup service"/>
+ <ArtifactPath artifactPath="ofbiz/getVisualThemeResources" description="The getVisualThemeResources service"/>
+ <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/getUserPreferenceGroup" permissionValue="access=true"/>
+ <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/getVisualThemeResources" permissionValue="access=true"/>
</entity-engine-xml>
Modified: ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml?rev=808951&r1=808950&r2=808951&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml (original)
+++ ofbiz/branches/executioncontext20090812/framework/security/entitydef/entitymodel.xml Fri Aug 28 16:48:37 2009
@@ -344,7 +344,7 @@
<field name="groupId" type="id-ne"/>
<field name="artifactPath" type="id-vlong-ne"/>
<field name="permissionValue" type="id-long-ne"/>
- <prim-key field="userLoginId"/>
+ <prim-key field="groupId"/>
<prim-key field="artifactPath"/>
<prim-key field="permissionValue"/>
<relation type="one" fk-name="UGAP_USER_GROUP" rel-entity-name="UserGroup">