You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by gp...@apache.org on 2012/03/29 13:02:59 UTC
[2/2] git commit: DELTASPIKE-69 cleanup
DELTASPIKE-69 cleanup
Project: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/commit/750f7cdb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/tree/750f7cdb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/diff/750f7cdb
Branch: refs/heads/master
Commit: 750f7cdbd59eca550923265aa3d0a11fa784f018
Parents: 07b8332
Author: gpetracek <gp...@apache.org>
Authored: Thu Mar 29 12:46:38 2012 +0200
Committer: gpetracek <gp...@apache.org>
Committed: Thu Mar 29 12:46:38 2012 +0200
----------------------------------------------------------------------
.../api/authorization/AccessDeniedException.java | 2 +-
.../api/authorization/AuthorizationException.java | 39 -------
.../security/impl/authorization/Authorizer.java | 85 ++++++++-------
.../authorization/DefaultSecurityStrategy.java | 1 +
.../authorization/SecuredAnnotationAuthorizer.java | 2 +
.../impl/authorization/SecurityExtension.java | 20 ++--
.../authorization/SecurityMetaDataStorage.java | 11 +--
7 files changed, 62 insertions(+), 98 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java
index 834066b..d291901 100644
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java
@@ -24,7 +24,7 @@ import java.util.Set;
* Exception occurs in case of a security-violation.
* It's aware of the reason for the violation as well as the error-view which should be used to display the restriction.
*/
-public class AccessDeniedException extends org.apache.deltaspike.security.api.SecurityException
+public class AccessDeniedException extends SecurityException
{
private static final long serialVersionUID = -4066763895951237969L;
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java
deleted file mode 100644
index 5e7432f..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.deltaspike.security.api.authorization;
-
-/**
- * Thrown when an authenticated user has insufficient privileges to perform an operation.
- *
- */
-public class AuthorizationException extends org.apache.deltaspike.security.api.SecurityException
-{
- private static final long serialVersionUID = -981091398588455903L;
-
- public AuthorizationException(String message)
- {
- super(message);
- }
-
- public AuthorizationException(String message, Throwable cause)
- {
- super(message, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java
index 067964f..d7684ee 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java
@@ -20,12 +20,14 @@ package org.apache.deltaspike.security.impl.authorization;
import org.apache.deltaspike.core.api.metadata.builder.InjectableMethod;
import org.apache.deltaspike.core.api.metadata.builder.ParameterValueRedefiner;
-import org.apache.deltaspike.security.api.authorization.AuthorizationException;
+import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
import org.apache.deltaspike.security.api.authorization.SecurityDefinitionException;
+import org.apache.deltaspike.security.api.authorization.SecurityViolation;
import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType;
import javax.enterprise.context.spi.CreationalContext;
import javax.enterprise.inject.Stereotype;
+import javax.enterprise.inject.Typed;
import javax.enterprise.inject.spi.AnnotatedMethod;
import javax.enterprise.inject.spi.Bean;
import javax.enterprise.inject.spi.BeanManager;
@@ -35,36 +37,38 @@ import java.lang.annotation.Annotation;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
import java.util.Set;
+@Typed()
class Authorizer
{
private BeanManager beanManager;
- private Annotation binding;
- private Map<Method, Object> memberValues = new HashMap<Method, Object>();
+ private Annotation bindingAnnotation;
+ private Map<Method, Object> bindingSecurityBindingMembers = new HashMap<Method, Object>();
- private AnnotatedMethod<?> implementationMethod;
- private Bean<?> targetBean;
+ private AnnotatedMethod<?> boundAuthorizerMethod;
+ private Bean<?> boundAuthorizerBean;
- private InjectableMethod<?> injectableMethod;
+ private InjectableMethod<?> boundAuthorizerMethodProxy;
- Authorizer(Annotation binding, AnnotatedMethod<?> implementationMethod, BeanManager beanManager)
+ Authorizer(Annotation bindingAnnotation, AnnotatedMethod<?> boundAuthorizerMethod, BeanManager beanManager)
{
- this.binding = binding;
- this.implementationMethod = implementationMethod;
+ this.bindingAnnotation = bindingAnnotation;
+ this.boundAuthorizerMethod = boundAuthorizerMethod;
this.beanManager = beanManager;
try
{
- for (Method method : binding.annotationType().getDeclaredMethods())
+ for (Method method : bindingAnnotation.annotationType().getDeclaredMethods())
{
if (method.isAnnotationPresent(Nonbinding.class))
{
continue;
}
- memberValues.put(method, method.invoke(binding));
+ bindingSecurityBindingMembers.put(method, method.invoke(bindingAnnotation));
}
}
catch (InvocationTargetException ex)
@@ -77,19 +81,19 @@ class Authorizer
}
}
- public void authorize(final InvocationContext ic)
+ void authorize(final InvocationContext ic)
{
- if (targetBean == null)
+ if (boundAuthorizerBean == null)
{
lazyInitTargetBean();
}
- final CreationalContext<?> creationalContext = beanManager.createCreationalContext(targetBean);
+ final CreationalContext<?> creationalContext = beanManager.createCreationalContext(boundAuthorizerBean);
- Object reference = beanManager.getReference(targetBean,
- implementationMethod.getJavaMember().getDeclaringClass(), creationalContext);
+ Object reference = beanManager.getReference(boundAuthorizerBean,
+ boundAuthorizerMethod.getJavaMember().getDeclaringClass(), creationalContext);
- Object result = injectableMethod.invoke(reference, creationalContext, new ParameterValueRedefiner() {
+ Object result = boundAuthorizerMethodProxy.invoke(reference, creationalContext, new ParameterValueRedefiner() {
@Override
public Object redefineParameterValue(ParameterValue value)
@@ -107,21 +111,33 @@ class Authorizer
if (result.equals(Boolean.FALSE))
{
- throw new AuthorizationException("Authorization check failed");
+ Set<SecurityViolation> violations = new HashSet<SecurityViolation>();
+ violations.add(new SecurityViolation()
+ {
+ private static final long serialVersionUID = 2358753444038521129L;
+
+ @Override
+ public String getReason()
+ {
+ return "Authorization check failed";
+ }
+ });
+
+ throw new AccessDeniedException(violations);
}
}
@SuppressWarnings({ "unchecked", "rawtypes" })
private synchronized void lazyInitTargetBean()
{
- if (targetBean == null)
+ if (boundAuthorizerBean == null)
{
- Method method = implementationMethod.getJavaMember();
+ Method method = boundAuthorizerMethod.getJavaMember();
Set<Bean<?>> beans = beanManager.getBeans(method.getDeclaringClass());
if (beans.size() == 1)
{
- targetBean = beans.iterator().next();
+ boundAuthorizerBean = beans.iterator().next();
}
else if (beans.isEmpty())
{
@@ -136,11 +152,11 @@ class Authorizer
method.getName() + "]");
}
- injectableMethod = new InjectableMethod(implementationMethod, targetBean, beanManager);
+ boundAuthorizerMethodProxy = new InjectableMethod(boundAuthorizerMethod, boundAuthorizerBean, beanManager);
}
}
- public boolean matchesBinding(Annotation annotation)
+ boolean matchesBinding(Annotation annotation)
{
if (!annotation.annotationType().isAnnotationPresent(SecurityBindingType.class) &&
annotation.annotationType().isAnnotationPresent(Stereotype.class))
@@ -148,7 +164,7 @@ class Authorizer
annotation = SecurityUtils.resolveSecurityBindingType(annotation);
}
- if (!annotation.annotationType().equals(binding.annotationType()))
+ if (!annotation.annotationType().equals(bindingAnnotation.annotationType()))
{
return false;
}
@@ -160,7 +176,7 @@ class Authorizer
continue;
}
- if (!memberValues.containsKey(method))
+ if (!bindingSecurityBindingMembers.containsKey(method))
{
return false;
}
@@ -168,7 +184,7 @@ class Authorizer
try
{
Object value = method.invoke(annotation);
- if (!memberValues.get(method).equals(value))
+ if (!bindingSecurityBindingMembers.get(method).equals(value))
{
return false;
}
@@ -186,21 +202,8 @@ class Authorizer
return true;
}
- public Method getImplementationMethod()
- {
- return implementationMethod.getJavaMember();
- }
-
- @Override
- public boolean equals(Object value)
- {
- return false;
- }
-
- //not used
- @Override
- public int hashCode()
+ Method getBoundAuthorizerMethod()
{
- return 0;
+ return boundAuthorizerMethod.getJavaMember();
}
}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java
index 102ac27..123199a 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java
@@ -28,6 +28,7 @@ import java.lang.reflect.Method;
* {@inheritDoc}
*/
@Dependent
+@SuppressWarnings("UnusedDeclaration")
public class DefaultSecurityStrategy implements SecurityStrategy
{
private static final long serialVersionUID = 7992336651801599079L;
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
index 3e629ee..89648d2 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
@@ -42,12 +42,14 @@ import java.util.Set;
* Authorizer implementation for the {@link @Secured} annotation
*/
@Dependent
+@SuppressWarnings("UnusedDeclaration")
public class SecuredAnnotationAuthorizer
{
@Inject
private AccessDecisionVoterContext voterContext;
@Secures @Secured({ })
+ @SuppressWarnings("UnusedDeclaration")
public boolean doSecuredCheck(InvocationContext invocationContext) throws Exception
{
Secured secured = null;
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java
index 8805166..8e30a19 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java
@@ -221,38 +221,38 @@ public class SecurityExtension implements Extension, Deactivatable
* Registers the specified authorizer method (i.e. a method annotated with
* the @Secures annotation)
*
- * @param m
+ * @param annotatedMethod
* @param beanManager
* @throws SecurityDefinitionException
*/
- private void registerAuthorizer(AnnotatedMethod<?> m, BeanManager beanManager)
+ private void registerAuthorizer(AnnotatedMethod<?> annotatedMethod, BeanManager beanManager)
{
- if (!m.getJavaMember().getReturnType().equals(Boolean.class) &&
- !m.getJavaMember().getReturnType().equals(Boolean.TYPE))
+ if (!annotatedMethod.getJavaMember().getReturnType().equals(Boolean.class) &&
+ !annotatedMethod.getJavaMember().getReturnType().equals(Boolean.TYPE))
{
throw new SecurityDefinitionException("Invalid authorizer method [" +
- m.getJavaMember().getDeclaringClass().getName() + "." +
- m.getJavaMember().getName() + "] - does not return a boolean.");
+ annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." +
+ annotatedMethod.getJavaMember().getName() + "] - does not return a boolean.");
}
// Locate the binding type
Annotation binding = null;
- for (Annotation annotation : m.getAnnotations())
+ for (Annotation annotation : annotatedMethod.getAnnotations())
{
if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation))
{
if (binding != null)
{
throw new SecurityDefinitionException("Invalid authorizer method [" +
- m.getJavaMember().getDeclaringClass().getName() + "." +
- m.getJavaMember().getName() + "] - declares multiple security binding types");
+ annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." +
+ annotatedMethod.getJavaMember().getName() + "] - declares multiple security binding types");
}
binding = annotation;
}
}
- Authorizer authorizer = new Authorizer(binding, m, beanManager);
+ Authorizer authorizer = new Authorizer(binding, annotatedMethod, beanManager);
getMetaDataStorage().addAuthorizer(authorizer);
}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java
index 298256e..4d0ea7b 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java
@@ -28,9 +28,6 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-/**
- *
- */
class SecurityMetaDataStorage
{
/**
@@ -133,9 +130,9 @@ class SecurityMetaDataStorage
{
StringBuilder sb = new StringBuilder();
sb.append("Matching authorizer methods found: [");
- sb.append(authorizer.getImplementationMethod().getDeclaringClass().getName());
+ sb.append(authorizer.getBoundAuthorizerMethod().getDeclaringClass().getName());
sb.append(".");
- sb.append(authorizer.getImplementationMethod().getName());
+ sb.append(authorizer.getBoundAuthorizerMethod().getName());
sb.append("]");
for (Authorizer a : authorizerStack)
@@ -143,9 +140,9 @@ class SecurityMetaDataStorage
if (a.matchesBinding(binding))
{
sb.append(", [");
- sb.append(a.getImplementationMethod().getDeclaringClass().getName());
+ sb.append(a.getBoundAuthorizerMethod().getDeclaringClass().getName());
sb.append(".");
- sb.append(a.getImplementationMethod().getName());
+ sb.append(a.getBoundAuthorizerMethod().getName());
sb.append("]");
}
}