You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2019/12/07 11:48:32 UTC
[isis] 04/06: ISIS-2218: AuthorizationManagerDefault renamed to
AuthorizationManager, removes interface
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
commit e9c68b76a1c420bbc75854e68f0305fa1e225183
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Sat Dec 7 11:02:36 2019 +0000
ISIS-2218: AuthorizationManagerDefault renamed to AuthorizationManager, removes interface
In the process, moved from RuntimeServices to SecurityApi.
To do this required (re)moving te MetaModelRefiner implementation from AuthorizationManagerDefault, because that has a dependency on metamodel (and security-api does not depend on metamodel). However, since there is now only ever one implementation of AuthorizationManager, the adding of the AuthorizationFacetFactory is now simply part o fthe ProgrammingModelJava8.
Also:
- inlined MetaModelRefiner.getAll ... only used in one place.
- removes init() and shutdown() from Authorizor API, none of the implementations used them (and they can always just declare a @PostConstruct if nec).
- renames XxxAuthorizor to AuthorizerXxx and register as @Service's rather than @Beans
And:
- renames IsisModuleSecurityRealm to IsisModuleExtSecmanShiroRealm
---
.../isis/metamodel/facetapi/MetaModelRefiner.java | 6 -
.../dflt/ProgrammingModelFacetsJava8.java | 8 +-
.../specloader/ProgrammingModelServiceDefault.java | 2 +-
.../services/IsisModuleRuntimeServices.java | 3 +-
.../services/auth/AuthorizationManagerDefault.java | 131 ---------------------
.../isis/security/api/IsisModuleSecurityApi.java | 4 +
.../manager/AuthorizationManager.java | 99 ++++++++++++++--
.../api/authorization/standard/Authorizor.java | 11 --
.../AuthenticationManager_authenticators_Test.java | 1 -
.../security/bypass/IsisModuleSecurityBypass.java | 6 +-
.../bypass/authorization/AuthorizorBypass.java | 25 ++--
.../keycloak/IsisModuleSecurityKeycloak.java | 9 +-
.../authentication/AuthenticatorKeycloak.java | 3 -
...loakAuthorizor.java => AuthorizorKeycloak.java} | 24 ++--
.../security/shiro/IsisModuleSecurityShiro.java | 10 +-
.../shiro/authentication/AuthenticatorShiro.java | 5 +-
.../{ShiroAuthorizor.java => AuthorizorShiro.java} | 31 ++---
...AuthenticatorOrAuthorizorTest_authenticate.java | 8 +-
...ticatorOrAuthorizorTest_isVisibleInAnyRole.java | 8 +-
.../components/AuthorizationManagerAllowAll.java | 37 ------
examples/demo/src/main/resources/shiro.ini | 2 +-
.../test/resources/shiro-secman-ldap-cached.ini | 2 +-
.../src/test/resources/shiro-secman-ldap.ini | 2 +-
.../smoketests/src/test/resources/shiro-secman.ini | 2 +-
...alm.java => IsisModuleExtSecmanShiroRealm.java} | 4 +-
.../secman/shiro/PrincipalForApplicationUser.java | 10 +-
.../extensions/secman/shiro/util/ShiroUtils.java | 8 +-
27 files changed, 173 insertions(+), 288 deletions(-)
diff --git a/core/metamodel/src/main/java/org/apache/isis/metamodel/facetapi/MetaModelRefiner.java b/core/metamodel/src/main/java/org/apache/isis/metamodel/facetapi/MetaModelRefiner.java
index d1922bc..6d9a9ed 100644
--- a/core/metamodel/src/main/java/org/apache/isis/metamodel/facetapi/MetaModelRefiner.java
+++ b/core/metamodel/src/main/java/org/apache/isis/metamodel/facetapi/MetaModelRefiner.java
@@ -33,10 +33,4 @@ public interface MetaModelRefiner {
void refineProgrammingModel(ProgrammingModel programmingModel);
- // -- LOOKUP ALL REFINERS
-
- static Can<MetaModelRefiner> getAll(ServiceRegistry serviceRegistry) {
- return serviceRegistry.select(MetaModelRefiner.class);
- }
-
}
diff --git a/core/metamodel/src/main/java/org/apache/isis/metamodel/progmodels/dflt/ProgrammingModelFacetsJava8.java b/core/metamodel/src/main/java/org/apache/isis/metamodel/progmodels/dflt/ProgrammingModelFacetsJava8.java
index ca6ba4b..f697316 100644
--- a/core/metamodel/src/main/java/org/apache/isis/metamodel/progmodels/dflt/ProgrammingModelFacetsJava8.java
+++ b/core/metamodel/src/main/java/org/apache/isis/metamodel/progmodels/dflt/ProgrammingModelFacetsJava8.java
@@ -17,7 +17,10 @@
package org.apache.isis.metamodel.progmodels.dflt;
+import lombok.val;
+
import org.apache.isis.applib.services.inject.ServiceInjector;
+import org.apache.isis.metamodel.authorization.standard.AuthorizationFacetFactory;
import org.apache.isis.metamodel.facets.actions.action.ActionAnnotationFacetFactory;
import org.apache.isis.metamodel.facets.actions.action.ActionChoicesForCollectionParameterFacetFactory;
import org.apache.isis.metamodel.facets.actions.defaults.method.ActionDefaultsFacetViaMethodFactory;
@@ -329,6 +332,8 @@ public final class ProgrammingModelFacetsJava8 extends ProgrammingModelAbstract
addFactory(FacetProcessingOrder.G1_VALUE_TYPES, Jdk8OffsetDateTimeValueFacetUsingSemanticsProviderFactory.class);
addFactory(FacetProcessingOrder.G1_VALUE_TYPES, Jdk8LocalDateTimeValueFacetUsingSemanticsProviderFactory.class);
+ addFactory(FacetProcessingOrder.Z0_BEFORE_FINALLY, AuthorizationFacetFactory.class);
+
// written to not trample over TypeOf if already installed
addFactory(FacetProcessingOrder.Z1_FINALLY, CollectionFacetFactory.class);
// must come after CollectionFacetFactory
@@ -352,7 +357,8 @@ public final class ProgrammingModelFacetsJava8 extends ProgrammingModelAbstract
addPostProcessor(PostProcessingOrder.A1_BUILTIN, DeriveFacetsPostProcessor.class);
addValidator(new TitlesAndTranslationsValidator());
-
+
+
}
diff --git a/core/metamodel/src/main/java/org/apache/isis/metamodel/specloader/ProgrammingModelServiceDefault.java b/core/metamodel/src/main/java/org/apache/isis/metamodel/specloader/ProgrammingModelServiceDefault.java
index b54fced..4cabc5b 100644
--- a/core/metamodel/src/main/java/org/apache/isis/metamodel/specloader/ProgrammingModelServiceDefault.java
+++ b/core/metamodel/src/main/java/org/apache/isis/metamodel/specloader/ProgrammingModelServiceDefault.java
@@ -71,7 +71,7 @@ public class ProgrammingModelServiceDefault implements ProgrammingModelService {
// from all plugins out there, add their contributed FacetFactories, Validators
// and PostProcessors to the programming model
- val metaModelRefiners = MetaModelRefiner.getAll(serviceRegistry);
+ val metaModelRefiners = serviceRegistry.select(MetaModelRefiner.class);
for (val metaModelRefiner : metaModelRefiners) {
metaModelRefiner.refineProgrammingModel(programmingModel);
}
diff --git a/core/runtime-services/src/main/java/org/apache/isis/runtime/services/IsisModuleRuntimeServices.java b/core/runtime-services/src/main/java/org/apache/isis/runtime/services/IsisModuleRuntimeServices.java
index e5a6025..7f5793a 100644
--- a/core/runtime-services/src/main/java/org/apache/isis/runtime/services/IsisModuleRuntimeServices.java
+++ b/core/runtime-services/src/main/java/org/apache/isis/runtime/services/IsisModuleRuntimeServices.java
@@ -24,7 +24,7 @@ import org.springframework.context.annotation.Import;
import org.apache.isis.codegen.bytebuddy.IsisModuleCodegenByteBuddy;
import org.apache.isis.runtime.IsisModuleRuntime;
import org.apache.isis.runtime.services.auth.AuthenticationSessionProviderDefault;
-import org.apache.isis.runtime.services.auth.AuthorizationManagerDefault;
+import org.apache.isis.security.api.authorization.manager.AuthorizationManager;
import org.apache.isis.runtime.services.background.CommandExecutorServiceDefault;
import org.apache.isis.runtime.services.bookmarks.BookmarkServiceInternalDefault;
import org.apache.isis.runtime.services.command.CommandDtoServiceInternalDefault;
@@ -59,7 +59,6 @@ import org.apache.isis.runtime.services.xmlsnapshot.XmlSnapshotServiceDefault;
// @Service's
AuthenticationSessionProviderDefault.class,
- AuthorizationManagerDefault.class,
BookmarkServiceInternalDefault.class,
CommandDtoServiceInternalDefault.class,
CommandExecutorServiceDefault.class,
diff --git a/core/runtime-services/src/main/java/org/apache/isis/runtime/services/auth/AuthorizationManagerDefault.java b/core/runtime-services/src/main/java/org/apache/isis/runtime/services/auth/AuthorizationManagerDefault.java
deleted file mode 100644
index 74303e3..0000000
--- a/core/runtime-services/src/main/java/org/apache/isis/runtime/services/auth/AuthorizationManagerDefault.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.isis.runtime.services.auth;
-
-import javax.annotation.PostConstruct;
-import javax.annotation.PreDestroy;
-import javax.inject.Inject;
-import javax.inject.Named;
-
-import org.apache.isis.applib.annotation.OrderPrecedence;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.context.annotation.Primary;
-import org.springframework.core.annotation.Order;
-import org.springframework.stereotype.Service;
-
-import org.apache.isis.applib.Identifier;
-import org.apache.isis.applib.services.sudo.SudoService;
-import org.apache.isis.metamodel.authorization.standard.AuthorizationFacetFactory;
-import org.apache.isis.metamodel.facetapi.MetaModelRefiner;
-import org.apache.isis.metamodel.progmodel.ProgrammingModel;
-import org.apache.isis.metamodel.progmodel.ProgrammingModel.FacetProcessingOrder;
-import org.apache.isis.security.api.authentication.AuthenticationSession;
-import org.apache.isis.security.api.authorization.manager.AuthorizationManager;
-import org.apache.isis.security.api.authorization.standard.Authorizor;
-
-import lombok.extern.log4j.Log4j2;
-import lombok.val;
-
-@Service
-@Named("isisRuntimeServices.AuthorizationManagerDefault")
-@Order(OrderPrecedence.MIDPOINT)
-@Primary
-@Qualifier("Default")
-@Log4j2
-public class AuthorizationManagerDefault implements AuthorizationManager, MetaModelRefiner {
-
- @Inject protected Authorizor authorizor;
-
- // -- LIFECYCLE
-
- @PostConstruct
- public void init() {
- authorizor.init();
- }
-
- @PreDestroy
- public void shutdown() {
- if(authorizor == null) {
- return;
- }
- authorizor.shutdown();
- }
-
- // -- API
-
- @Override
- public boolean isUsable(final AuthenticationSession session, final Identifier identifier) {
- if (isPerspectiveMember(identifier)) {
- return true;
- }
- if(containsSudoSuperuserRole(session)) {
- return true;
- }
- if (authorizor.isUsableInAnyRole(identifier)) {
- return true;
- }
-
- if(session.streamRoles()
- .anyMatch(roleName->authorizor.isUsableInRole(roleName, identifier)) ) {
- return true;
- }
-
- return false;
- }
-
- @Override
- public boolean isVisible(final AuthenticationSession session, final Identifier identifier) {
- if (isPerspectiveMember(identifier)) {
- return true;
- }
-
- // no-op if is visibility context check at object-level
- if (identifier.getMemberName().equals("")) {
- return true;
- }
-
- if(containsSudoSuperuserRole(session)) {
- return true;
- }
- if (authorizor.isVisibleInAnyRole(identifier)) {
- return true;
- }
- if(session.streamRoles()
- .anyMatch(roleName->authorizor.isVisibleInRole(roleName, identifier)) ) {
- return true;
- }
- return false;
- }
-
- private static boolean containsSudoSuperuserRole(final AuthenticationSession session) {
- return session.hasRole(SudoService.ACCESS_ALL_ROLE);
- }
-
- private boolean isPerspectiveMember(final Identifier identifier) {
- return (identifier.getClassName().equals(""));
- }
-
- @Override
- public void refineProgrammingModel(ProgrammingModel programmingModel) {
- val authorizationFacetFactory = new AuthorizationFacetFactory();
- programmingModel.addFactory(FacetProcessingOrder.Z0_BEFORE_FINALLY, authorizationFacetFactory);
- }
-
-}
diff --git a/core/security/api/src/main/java/org/apache/isis/security/api/IsisModuleSecurityApi.java b/core/security/api/src/main/java/org/apache/isis/security/api/IsisModuleSecurityApi.java
index 5bff1eb..053df4f 100644
--- a/core/security/api/src/main/java/org/apache/isis/security/api/IsisModuleSecurityApi.java
+++ b/core/security/api/src/main/java/org/apache/isis/security/api/IsisModuleSecurityApi.java
@@ -20,6 +20,7 @@ package org.apache.isis.security.api;
import org.apache.isis.security.api.authentication.manager.AuthenticationManager;
import org.apache.isis.security.api.authentication.standard.RandomCodeGeneratorDefault;
+import org.apache.isis.security.api.authorization.manager.AuthorizationManager;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
@@ -27,6 +28,9 @@ import org.springframework.context.annotation.Import;
@Import({
// @Service's
AuthenticationManager.class,
+ AuthorizationManager.class,
+
+ // @Component's
RandomCodeGeneratorDefault.class,
})
public class IsisModuleSecurityApi {
diff --git a/core/security/api/src/main/java/org/apache/isis/security/api/authorization/manager/AuthorizationManager.java b/core/security/api/src/main/java/org/apache/isis/security/api/authorization/manager/AuthorizationManager.java
index 388b007..ffe866d 100644
--- a/core/security/api/src/main/java/org/apache/isis/security/api/authorization/manager/AuthorizationManager.java
+++ b/core/security/api/src/main/java/org/apache/isis/security/api/authorization/manager/AuthorizationManager.java
@@ -19,28 +19,103 @@
package org.apache.isis.security.api.authorization.manager;
+import lombok.extern.log4j.Log4j2;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+
import org.apache.isis.applib.Identifier;
+import org.apache.isis.applib.annotation.OrderPrecedence;
+import org.apache.isis.applib.services.sudo.SudoService;
import org.apache.isis.security.api.authentication.AuthenticationSession;
+import org.apache.isis.security.api.authorization.standard.Authorizor;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Primary;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Service;
/**
* Authorizes the user in the current session view and use members of an object.
- *
*/
-public interface AuthorizationManager {
+@Service
+@Named("isisSecurityApi.AuthorizationManager")
+@Order(OrderPrecedence.MIDPOINT)
+@Primary
+@Qualifier("Default")
+@Log4j2
+public class AuthorizationManager {
+
+ private final Authorizor authorizor;
+
+ @Inject
+ public AuthorizationManager(Authorizor authorizor) {
+ this.authorizor = authorizor;
+ }
/**
- * Returns true when the user represented by the specified session is
- * authorized to view the member of the class/object represented by the
- * member identifier. Normally the view of the specified field, or the
- * display of the action will be suppress if this returns false.
+ * Whether the user represented by the specified session is authorized to view the member of the class/object
+ * represented by the member identifier.
+ *
+ * <p>
+ * Normally the view of the specified field, or the display of the action will be suppress if this returns false.
+ * </p>
*/
- boolean isVisible(AuthenticationSession session, Identifier identifier);
+ public boolean isUsable(final AuthenticationSession session, final Identifier identifier) {
+ if (isPerspectiveMember(identifier)) {
+ return true;
+ }
+ if(containsSudoSuperuserRole(session)) {
+ return true;
+ }
+ if (authorizor.isUsableInAnyRole(identifier)) {
+ return true;
+ }
+
+ if(session.streamRoles()
+ .anyMatch(roleName->authorizor.isUsableInRole(roleName, identifier)) ) {
+ return true;
+ }
+
+ return false;
+ }
/**
- * Returns true when the use represented by the specified session is
- * authorized to change the field represented by the member identifier.
- * Normally the specified field will be not appear editable if this returns
- * false.
+ * Whether the user represented by the specified session is authorized to change the field represented by the
+ * member identifier.
+ *
+ * <p>
+ * Normally the specified field will be not appear editable if this returns false.
+ * </p>
*/
- boolean isUsable(AuthenticationSession session, Identifier identifier);
+ public boolean isVisible(final AuthenticationSession session, final Identifier identifier) {
+ if (isPerspectiveMember(identifier)) {
+ return true;
+ }
+
+ // no-op if is visibility context check at object-level
+ if (identifier.getMemberName().equals("")) {
+ return true;
+ }
+
+ if(containsSudoSuperuserRole(session)) {
+ return true;
+ }
+ if (authorizor.isVisibleInAnyRole(identifier)) {
+ return true;
+ }
+ if(session.streamRoles()
+ .anyMatch(roleName->authorizor.isVisibleInRole(roleName, identifier)) ) {
+ return true;
+ }
+ return false;
+ }
+
+ private static boolean containsSudoSuperuserRole(final AuthenticationSession session) {
+ return session.hasRole(SudoService.ACCESS_ALL_ROLE);
+ }
+
+ private boolean isPerspectiveMember(final Identifier identifier) {
+ return (identifier.getClassName().equals(""));
+ }
+
}
diff --git a/core/security/api/src/main/java/org/apache/isis/security/api/authorization/standard/Authorizor.java b/core/security/api/src/main/java/org/apache/isis/security/api/authorization/standard/Authorizor.java
index 747a754..80d624a 100644
--- a/core/security/api/src/main/java/org/apache/isis/security/api/authorization/standard/Authorizor.java
+++ b/core/security/api/src/main/java/org/apache/isis/security/api/authorization/standard/Authorizor.java
@@ -24,9 +24,6 @@ import org.apache.isis.commons.internal.components.ApplicationScopedComponent;
public interface Authorizor extends ApplicationScopedComponent {
- void init();
- void shutdown();
-
boolean isVisibleInAnyRole(final Identifier identifier);
boolean isUsableInAnyRole(final Identifier identifier);
@@ -45,14 +42,6 @@ public interface Authorizor extends ApplicationScopedComponent {
final static Authorizor NOP = new Authorizor() {
@Override
- public void init() {
- }
-
- @Override
- public void shutdown() {
- }
-
- @Override
public boolean isVisibleInRole(final String user, final Identifier identifier) {
return true;
}
diff --git a/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/AuthenticationManager_authenticators_Test.java b/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/AuthenticationManager_authenticators_Test.java
index f7e35c9..c822f05 100644
--- a/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/AuthenticationManager_authenticators_Test.java
+++ b/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/AuthenticationManager_authenticators_Test.java
@@ -41,7 +41,6 @@ import static org.junit.Assert.assertThat;
@RunWith(JMock.class)
public class AuthenticationManager_authenticators_Test {
- @Rule
private final Mockery mockery = new JUnit4Mockery();
private AuthenticationManager authenticationManager;
diff --git a/core/security/bypass/src/main/java/org/apache/isis/security/bypass/IsisModuleSecurityBypass.java b/core/security/bypass/src/main/java/org/apache/isis/security/bypass/IsisModuleSecurityBypass.java
index dc02344..4e0cb29 100644
--- a/core/security/bypass/src/main/java/org/apache/isis/security/bypass/IsisModuleSecurityBypass.java
+++ b/core/security/bypass/src/main/java/org/apache/isis/security/bypass/IsisModuleSecurityBypass.java
@@ -43,13 +43,9 @@ import org.apache.isis.security.api.authorization.standard.Authorizor;
// @Service's
AuthenticatorBypass.class,
+ AuthorizorBypass.class,
})
public class IsisModuleSecurityBypass {
- @Bean @Singleton
- public Authorizor authorizor() {
- return new AuthorizorBypass();
- }
-
}
diff --git a/core/security/bypass/src/main/java/org/apache/isis/security/bypass/authorization/AuthorizorBypass.java b/core/security/bypass/src/main/java/org/apache/isis/security/bypass/authorization/AuthorizorBypass.java
index d97a4fa..f36238a 100644
--- a/core/security/bypass/src/main/java/org/apache/isis/security/bypass/authorization/AuthorizorBypass.java
+++ b/core/security/bypass/src/main/java/org/apache/isis/security/bypass/authorization/AuthorizorBypass.java
@@ -19,22 +19,25 @@
package org.apache.isis.security.bypass.authorization;
+import lombok.extern.log4j.Log4j2;
+
+import javax.inject.Named;
+
import org.apache.isis.applib.Identifier;
+import org.apache.isis.applib.annotation.OrderPrecedence;
import org.apache.isis.security.api.authorization.standard.Authorizor;
-
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Service;
+
+@Service
+@Named("isisSecurityBypass.AuthorizorBypass")
+@Order(OrderPrecedence.LOW)
+@Qualifier("Bypass")
+@Log4j2
public class AuthorizorBypass implements Authorizor {
@Override
- public void init() {
- // does nothing
- }
-
- @Override
- public void shutdown() {
- // does nothing
- }
-
- @Override
public boolean isUsableInRole(final String role, final Identifier identifier) {
return true;
}
diff --git a/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/IsisModuleSecurityKeycloak.java b/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/IsisModuleSecurityKeycloak.java
index f29c06a..6fe9b16 100644
--- a/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/IsisModuleSecurityKeycloak.java
+++ b/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/IsisModuleSecurityKeycloak.java
@@ -22,7 +22,7 @@ import javax.inject.Singleton;
import org.apache.isis.runtime.services.IsisModuleRuntimeServices;
import org.apache.isis.security.keycloak.authentication.AuthenticatorKeycloak;
-import org.apache.isis.security.keycloak.authorization.KeycloakAuthorizor;
+import org.apache.isis.security.keycloak.authorization.AuthorizorKeycloak;
import org.apache.isis.security.keycloak.webmodule.WebModuleKeycloak;
import org.apache.isis.webapp.IsisModuleWebapp;
import org.springframework.context.annotation.Bean;
@@ -44,15 +44,10 @@ import org.apache.isis.security.api.authorization.standard.Authorizor;
// @Service's
AuthenticatorKeycloak.class,
+ AuthorizorKeycloak.class,
WebModuleKeycloak.class,
})
public class IsisModuleSecurityKeycloak {
- @Bean @Singleton
- public Authorizor autorizor() {
- return new KeycloakAuthorizor();
- }
-
-
}
diff --git a/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authentication/AuthenticatorKeycloak.java b/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authentication/AuthenticatorKeycloak.java
index 99573df..f8d5bde 100644
--- a/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authentication/AuthenticatorKeycloak.java
+++ b/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authentication/AuthenticatorKeycloak.java
@@ -42,9 +42,6 @@ import org.springframework.stereotype.Service;
@Log4j2
public class AuthenticatorKeycloak implements Authenticator {
- public AuthenticatorKeycloak() {
- }
-
@Override
public final boolean canAuthenticate(final Class<? extends AuthenticationRequest> authenticationRequestClass) {
return true;
diff --git a/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authorization/KeycloakAuthorizor.java b/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authorization/AuthorizorKeycloak.java
similarity index 78%
rename from core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authorization/KeycloakAuthorizor.java
rename to core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authorization/AuthorizorKeycloak.java
index a1908ae..e32f54d 100644
--- a/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authorization/KeycloakAuthorizor.java
+++ b/core/security/keycloak/src/main/java/org/apache/isis/security/keycloak/authorization/AuthorizorKeycloak.java
@@ -19,19 +19,23 @@
package org.apache.isis.security.keycloak.authorization;
-import org.apache.isis.applib.Identifier;
-import org.apache.isis.security.api.authorization.standard.Authorizor;
-
-public class KeycloakAuthorizor implements Authorizor {
+import lombok.extern.log4j.Log4j2;
- @Override
- public void init() {
- }
+import javax.inject.Named;
+import org.apache.isis.applib.Identifier;
+import org.apache.isis.applib.annotation.OrderPrecedence;
+import org.apache.isis.security.api.authorization.standard.Authorizor;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Service;
- @Override
- public void shutdown() {
- }
+@Service
+@Named("isisSecurityKeycloak.AuthorizorKeycloak")
+@Order(OrderPrecedence.HIGH)
+@Qualifier("Keycloak")
+@Log4j2
+public class AuthorizorKeycloak implements Authorizor {
@Override
public boolean isVisibleInRole(String role, Identifier identifier) {
diff --git a/core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisModuleSecurityShiro.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisModuleSecurityShiro.java
index fd9df93..f67f075 100644
--- a/core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisModuleSecurityShiro.java
+++ b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisModuleSecurityShiro.java
@@ -27,10 +27,9 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
-import org.apache.isis.security.api.authentication.standard.Authenticator;
import org.apache.isis.security.api.authorization.standard.Authorizor;
import org.apache.isis.security.shiro.authentication.AuthenticatorShiro;
-import org.apache.isis.security.shiro.authorization.ShiroAuthorizor;
+import org.apache.isis.security.shiro.authorization.AuthorizorShiro;
/**
* Configuration Bean to support Isis Security using Shiro.
@@ -45,15 +44,10 @@ import org.apache.isis.security.shiro.authorization.ShiroAuthorizor;
// @Service's
AuthenticatorShiro.class,
+ AuthorizorShiro.class,
WebModuleShiro.class,
})
public class IsisModuleSecurityShiro {
- @Bean @Singleton
- public Authorizor autorizor() {
- return new ShiroAuthorizor();
- }
-
-
}
diff --git a/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/AuthenticatorShiro.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/AuthenticatorShiro.java
index c025f87..01a8a08 100644
--- a/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/AuthenticatorShiro.java
+++ b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/AuthenticatorShiro.java
@@ -66,15 +66,14 @@ import lombok.extern.log4j.Log4j2;
* in the role of {@link Authenticator}.
*
* <p>
- * However, although there are two objects, they are set up to share the same
- * {@link SecurityManager Shiro SecurityManager}
+ * However, although there are two objects, they are set up to share the same {@link SecurityManager Shiro SecurityManager}
* (bound to a thread-local).
* </p>
*/
@Service
@Named("isisSecurityShiro.AuthenticatorShiro")
@Order(OrderPrecedence.HIGH)
-@Qualifier("Keycloak")
+@Qualifier("Shiro")
@Log4j2
public class AuthenticatorShiro implements Authenticator {
diff --git a/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizor.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/AuthorizorShiro.java
similarity index 87%
rename from core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizor.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/AuthorizorShiro.java
index 5bcfa91..42c2e9e 100644
--- a/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizor.java
+++ b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/AuthorizorShiro.java
@@ -18,6 +18,11 @@
*/
package org.apache.isis.security.shiro.authorization;
+import lombok.extern.log4j.Log4j2;
+
+import javax.inject.Named;
+
+import org.apache.isis.applib.annotation.OrderPrecedence;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.RealmSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
@@ -27,27 +32,25 @@ import org.apache.isis.applib.Identifier;
import org.apache.isis.security.api.authentication.standard.Authenticator;
import org.apache.isis.security.api.authorization.standard.Authorizor;
import org.apache.isis.security.shiro.context.ShiroSecurityContext;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Service;
/**
- * If Shiro is configured for both {@link AuthenticationManagerInstaller authentication} and
- * {@link AuthorizationManagerInstaller authorization} (as recommended), then this class is
- * instantiated twice in the role of the {@link Authorizor}.
+ * If Shiro is configured for both authentication and authorization (as recommended), then this class is
+ * in the role of {@link Authorizor}.
*
* <p>
* However, although there are two objects, they are set up to share the same {@link SecurityManager Shiro SecurityManager}
* (bound to a thread-local).
+ * </p>
*/
-public class ShiroAuthorizor implements Authorizor {
-
- @Override
- public void init() {
- }
-
-
- @Override
- public void shutdown() {
- }
-
+@Service
+@Named("isisSecurityShiro.AuthorizorShiro")
+@Order(OrderPrecedence.HIGH)
+@Qualifier("Shiro")
+@Log4j2
+public class AuthorizorShiro implements Authorizor {
@Override
public boolean isVisibleInAnyRole(Identifier identifier) {
diff --git a/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java
index 5c0449a..0f848fd 100644
--- a/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java
+++ b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java
@@ -35,7 +35,7 @@ import org.apache.isis.security.api.authentication.AuthenticationRequest;
import org.apache.isis.security.api.authentication.AuthenticationRequestPassword;
import org.apache.isis.security.api.authentication.AuthenticationSession;
import org.apache.isis.security.shiro.authentication.AuthenticatorShiro;
-import org.apache.isis.security.shiro.authorization.ShiroAuthorizor;
+import org.apache.isis.security.shiro.authorization.AuthorizorShiro;
import org.apache.isis.unittestsupport.jmocking.JUnitRuleMockery2;
import org.apache.isis.unittestsupport.jmocking.JUnitRuleMockery2.Mode;
@@ -52,7 +52,7 @@ public class ShiroAuthenticatorOrAuthorizorTest_authenticate {
public JUnitRuleMockery2 context = JUnitRuleMockery2.createFor(Mode.INTERFACES_AND_CLASSES);
private AuthenticatorShiro authenticator;
- private ShiroAuthorizor authorizor;
+ private AuthorizorShiro authorizor;
@Before
public void setUp() throws Exception {
@@ -63,9 +63,7 @@ public class ShiroAuthenticatorOrAuthorizorTest_authenticate {
configuration.getAuthentication().getShiro().setAutoLogoutIfAlreadyAuthenticated(false);
authenticator = new AuthenticatorShiro(configuration);
- authorizor = new ShiroAuthorizor();
-
- authorizor.init();
+ authorizor = new AuthorizorShiro();
}
@After
diff --git a/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java
index 20ed8b2..bba9770 100644
--- a/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java
+++ b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java
@@ -35,7 +35,7 @@ import org.apache.isis.config.IsisConfiguration;
import org.apache.isis.security.api.authentication.AuthenticationRequest;
import org.apache.isis.security.api.authentication.AuthenticationRequestPassword;
import org.apache.isis.security.shiro.authentication.AuthenticatorShiro;
-import org.apache.isis.security.shiro.authorization.ShiroAuthorizor;
+import org.apache.isis.security.shiro.authorization.AuthorizorShiro;
import org.apache.isis.unittestsupport.config.IsisConfigurationLegacy;
import org.apache.isis.unittestsupport.jmocking.JUnitRuleMockery2;
import org.apache.isis.unittestsupport.jmocking.JUnitRuleMockery2.Mode;
@@ -54,7 +54,7 @@ public class ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole {
private IsisConfigurationLegacy mockConfiguration;
private AuthenticatorShiro authenticator;
- private ShiroAuthorizor authorizor;
+ private AuthorizorShiro authorizor;
@Before
public void setUp() throws Exception {
@@ -65,9 +65,7 @@ public class ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole {
configuration.getAuthentication().getShiro().setAutoLogoutIfAlreadyAuthenticated(false);
authenticator = new AuthenticatorShiro(configuration);
- authorizor = new ShiroAuthorizor();
-
- authorizor.init();
+ authorizor = new AuthorizorShiro();
}
diff --git a/core/testsupport/integtestsupport/src/main/java/org/apache/isis/integtestsupport/components/AuthorizationManagerAllowAll.java b/core/testsupport/integtestsupport/src/main/java/org/apache/isis/integtestsupport/components/AuthorizationManagerAllowAll.java
deleted file mode 100644
index 2ad73d7..0000000
--- a/core/testsupport/integtestsupport/src/main/java/org/apache/isis/integtestsupport/components/AuthorizationManagerAllowAll.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.isis.integtestsupport.components;
-
-import org.apache.isis.applib.Identifier;
-import org.apache.isis.security.api.authentication.AuthenticationSession;
-import org.apache.isis.security.api.authorization.manager.AuthorizationManager;
-
-public class AuthorizationManagerAllowAll implements AuthorizationManager {
-
- @Override
- public boolean isUsable(final AuthenticationSession session, final Identifier identifier) {
- return true;
- }
-
- @Override
- public boolean isVisible(final AuthenticationSession session, final Identifier identifier) {
- return true;
- }
-
-}
diff --git a/examples/demo/src/main/resources/shiro.ini b/examples/demo/src/main/resources/shiro.ini
index 7cea7b3..e9785da 100644
--- a/examples/demo/src/main/resources/shiro.ini
+++ b/examples/demo/src/main/resources/shiro.ini
@@ -20,7 +20,7 @@
[main]
authenticationStrategy=org.apache.isis.extensions.secman.shiro.AuthenticationStrategyForIsisModuleSecurityRealm
-isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleSecurityRealm
+isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleExtSecmanShiroRealm
securityManager.authenticator.authenticationStrategy = $authenticationStrategy
securityManager.realms = $isisModuleSecurityRealm
diff --git a/examples/smoketests/src/test/resources/shiro-secman-ldap-cached.ini b/examples/smoketests/src/test/resources/shiro-secman-ldap-cached.ini
index 3fa2ca3..93269f8 100644
--- a/examples/smoketests/src/test/resources/shiro-secman-ldap-cached.ini
+++ b/examples/smoketests/src/test/resources/shiro-secman-ldap-cached.ini
@@ -34,7 +34,7 @@ ldapRealm.uniqueMemberAttribute = uniqueMember
ldapRealm.uniqueMemberAttributeValueTemplate = uid={0}
authenticationStrategy=org.apache.isis.extensions.secman.shiro.AuthenticationStrategyForIsisModuleSecurityRealm
-isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleSecurityRealm
+isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleExtSecmanShiroRealm
isisModuleSecurityRealm.delegateAuthenticationRealm=$ldapRealm
isisModuleSecurityRealm.authenticationCachingEnabled = true
diff --git a/examples/smoketests/src/test/resources/shiro-secman-ldap.ini b/examples/smoketests/src/test/resources/shiro-secman-ldap.ini
index 77eaf1c..34137b1 100644
--- a/examples/smoketests/src/test/resources/shiro-secman-ldap.ini
+++ b/examples/smoketests/src/test/resources/shiro-secman-ldap.ini
@@ -34,7 +34,7 @@ ldapRealm.uniqueMemberAttribute = uniqueMember
ldapRealm.uniqueMemberAttributeValueTemplate = uid={0}
authenticationStrategy=org.apache.isis.extensions.secman.shiro.AuthenticationStrategyForIsisModuleSecurityRealm
-isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleSecurityRealm
+isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleExtSecmanShiroRealm
isisModuleSecurityRealm.delegateAuthenticationRealm=$ldapRealm
securityManager.authenticator.authenticationStrategy = $authenticationStrategy
diff --git a/examples/smoketests/src/test/resources/shiro-secman.ini b/examples/smoketests/src/test/resources/shiro-secman.ini
index 03c8241..4104fba 100644
--- a/examples/smoketests/src/test/resources/shiro-secman.ini
+++ b/examples/smoketests/src/test/resources/shiro-secman.ini
@@ -20,7 +20,7 @@
[main]
authenticationStrategy=org.apache.isis.extensions.secman.shiro.AuthenticationStrategyForIsisModuleSecurityRealm
-isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleSecurityRealm
+isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleExtSecmanShiroRealm
securityManager.authenticator.authenticationStrategy = $authenticationStrategy
securityManager.realms = $isisModuleSecurityRealm
diff --git a/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleSecurityRealm.java b/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java
similarity index 98%
rename from extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleSecurityRealm.java
rename to extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java
index 4ec950e..d47515a 100644
--- a/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleSecurityRealm.java
+++ b/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/IsisModuleExtSecmanShiroRealm.java
@@ -53,7 +53,7 @@ import lombok.Getter;
import lombok.Setter;
import lombok.val;
-public class IsisModuleSecurityRealm extends AuthorizingRealm implements SecurityRealm {
+public class IsisModuleExtSecmanShiroRealm extends AuthorizingRealm implements SecurityRealm {
@Inject protected ServiceInjector serviceInjector;
@Inject protected IsisSessionFactory isisSessionFactory;
@@ -67,7 +67,7 @@ public class IsisModuleSecurityRealm extends AuthorizingRealm implements Securit
* permission strings that are provided by Isis'
* {@link Authorizor} for Shiro.
*/
- public IsisModuleSecurityRealm() {
+ public IsisModuleExtSecmanShiroRealm() {
setPermissionResolver(new PermissionResolverForIsisShiroAuthorizor());
}
diff --git a/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/PrincipalForApplicationUser.java b/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/PrincipalForApplicationUser.java
index 3b6134c..0cdec88 100644
--- a/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/PrincipalForApplicationUser.java
+++ b/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/PrincipalForApplicationUser.java
@@ -42,15 +42,15 @@ import lombok.val;
/**
- * Acts as the Principal for the {@link IsisModuleSecurityRealm}, meaning that it is returned from
- * {@link IsisModuleSecurityRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) authentication}, and passed into
- * {@link IsisModuleSecurityRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) authorization}.
+ * Acts as the Principal for the {@link IsisModuleExtSecmanShiroRealm}, meaning that it is returned from
+ * {@link IsisModuleExtSecmanShiroRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) authentication}, and passed into
+ * {@link IsisModuleExtSecmanShiroRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) authorization}.
*
* <p>
* To minimize database lookups, holds the user, corresponding roles and the full set of permissions
* (all as value objects). The permissions are eagerly looked up during
- * {@link IsisModuleSecurityRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) authentication} and so the
- * {@link IsisModuleSecurityRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) authorization} merely involves
+ * {@link IsisModuleExtSecmanShiroRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken) authentication} and so the
+ * {@link IsisModuleExtSecmanShiroRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) authorization} merely involves
* creating an adapter object for the appropriate Shiro API.
* </p>
*
diff --git a/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/util/ShiroUtils.java b/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/util/ShiroUtils.java
index efcd168..e2da215 100644
--- a/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/util/ShiroUtils.java
+++ b/extensions/security/secman/realm-shiro/src/main/java/org/apache/isis/extensions/secman/shiro/util/ShiroUtils.java
@@ -22,7 +22,7 @@ import lombok.experimental.UtilityClass;
import java.util.Collection;
-import org.apache.isis.extensions.secman.shiro.IsisModuleSecurityRealm;
+import org.apache.isis.extensions.secman.shiro.IsisModuleExtSecmanShiroRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.UnavailableSecurityManagerException;
import org.apache.shiro.authc.AuthenticationException;
@@ -45,12 +45,12 @@ public class ShiroUtils {
return (RealmSecurityManager) securityManager;
}
- public static IsisModuleSecurityRealm getIsisModuleSecurityRealm() {
+ public static IsisModuleExtSecmanShiroRealm getIsisModuleSecurityRealm() {
final RealmSecurityManager securityManager = getSecurityManager();
final Collection<Realm> realms = securityManager.getRealms();
for (Realm realm : realms) {
- if(realm instanceof IsisModuleSecurityRealm) {
- IsisModuleSecurityRealm imsr = (IsisModuleSecurityRealm) realm;
+ if(realm instanceof IsisModuleExtSecmanShiroRealm) {
+ IsisModuleExtSecmanShiroRealm imsr = (IsisModuleExtSecmanShiroRealm) realm;
return imsr;
}
}