You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by gp...@apache.org on 2012/02/15 09:56:24 UTC
git commit: DELTASPIKE-70 and DELTASPIKE-71
Updated Branches:
refs/heads/master 5bab94504 -> d48f3dd69
DELTASPIKE-70 and DELTASPIKE-71
security module (basic setup) and
@Secured (first draft before refactoring)
Project: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/commit/d48f3dd6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/tree/d48f3dd6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/diff/d48f3dd6
Branch: refs/heads/master
Commit: d48f3dd69e9d0e76a5181c44b8fabe3b468e2163
Parents: 5bab945
Author: gpetracek <gp...@apache.org>
Authored: Wed Feb 15 09:37:03 2012 +0100
Committer: gpetracek <gp...@apache.org>
Committed: Wed Feb 15 09:37:03 2012 +0100
----------------------------------------------------------------------
.../deltaspike/core/spi/InterceptorStrategy.java | 36 +++
deltaspike/examples/jse-owb-examples/pom.xml | 20 ++-
.../src/main/resources/META-INF/beans.xml | 3 +
deltaspike/examples/pom.xml | 2 +-
deltaspike/modules/pom.xml | 47 ++++
deltaspike/modules/security/api/pom.xml | 60 +++++
.../security/api/AccessDecisionState.java | 27 +++
.../security/api/AccessDecisionVoter.java | 44 ++++
.../security/api/AccessDecisionVoterContext.java | 63 +++++
.../security/api/AccessDeniedException.java | 51 ++++
.../apache/deltaspike/security/api/Secured.java | 54 +++++
.../deltaspike/security/api/SecurityViolation.java | 34 +++
.../spi/EditableAccessDecisionVoterContext.java | 55 +++++
.../deltaspike/security/spi/SecurityStrategy.java | 28 +++
.../api/src/main/resources/META-INF/beans.xml | 22 ++
.../test/category/FullProfileCategory.java | 27 +++
.../deltaspike/test/category/SeCategory.java | 27 +++
.../test/category/WebProfileCategory.java | 27 +++
deltaspike/modules/security/impl/pom.xml | 69 ++++++
.../impl/DefaultAccessDecisionVoterContext.java | 150 ++++++++++++
.../security/impl/DefaultSecurityStrategy.java | 182 +++++++++++++++
.../security/impl/SecurityInterceptor.java | 58 +++++
.../impl/src/main/resources/META-INF/beans.xml | 26 ++
.../test/category/FullProfileCategory.java | 27 +++
.../deltaspike/test/category/SeCategory.java | 27 +++
.../test/category/WebProfileCategory.java | 27 +++
.../impl/src/test/resources/META-INF/beans.xml | 31 +++
.../impl/src/test/resources/WEB-INF/beans.xml | 33 +++
deltaspike/modules/security/pom.xml | 40 ++++
deltaspike/parent/pom.xml | 19 ++
deltaspike/pom.xml | 1 +
31 files changed, 1313 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/spi/InterceptorStrategy.java
----------------------------------------------------------------------
diff --git a/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/spi/InterceptorStrategy.java b/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/spi/InterceptorStrategy.java
new file mode 100644
index 0000000..b87498c
--- /dev/null
+++ b/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/spi/InterceptorStrategy.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.core.spi;
+
+import javax.interceptor.InvocationContext;
+import java.io.Serializable;
+
+/**
+ * Base interface for all interceptor strategies which allow to provide custom implementations for CODI interceptors.
+ */
+public interface InterceptorStrategy extends Serializable
+{
+ /**
+ * Method which will be invoked by the interceptor method annotated with {@link javax.interceptor.AroundInvoke}
+ * @param invocationContext current invocation-context
+ * @return result of the intercepted method
+ * @throws Exception exception which might be thrown by the intercepted method
+ */
+ Object execute(InvocationContext invocationContext) throws Exception;
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/examples/jse-owb-examples/pom.xml
----------------------------------------------------------------------
diff --git a/deltaspike/examples/jse-owb-examples/pom.xml b/deltaspike/examples/jse-owb-examples/pom.xml
index a22f039..3548d50 100644
--- a/deltaspike/examples/jse-owb-examples/pom.xml
+++ b/deltaspike/examples/jse-owb-examples/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.deltaspike.examples</groupId>
<artifactId>jse-examples-project</artifactId>
- <version>0.1-incubating-SNAPSHOT</version>
+ <version>0.2-incubating-SNAPSHOT</version>
</parent>
<groupId>org.apache.deltaspike.examples</groupId>
@@ -67,14 +67,28 @@
<dependency>
<groupId>org.apache.deltaspike.core</groupId>
<artifactId>deltaspike-core-api</artifactId>
- <version>0.1-incubating-SNAPSHOT</version>
+ <version>0.2-incubating-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.deltaspike.core</groupId>
<artifactId>deltaspike-core-impl</artifactId>
- <version>0.1-incubating-SNAPSHOT</version>
+ <version>0.2-incubating-SNAPSHOT</version>
+ <scope>runtime</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>deltaspike-security-module-api</artifactId>
+ <version>0.2-incubating-SNAPSHOT</version>
+ <scope>compile</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>deltaspike-security-module-impl</artifactId>
+ <version>0.2-incubating-SNAPSHOT</version>
<scope>runtime</scope>
</dependency>
</dependencies>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/examples/jse-owb-examples/src/main/resources/META-INF/beans.xml
----------------------------------------------------------------------
diff --git a/deltaspike/examples/jse-owb-examples/src/main/resources/META-INF/beans.xml b/deltaspike/examples/jse-owb-examples/src/main/resources/META-INF/beans.xml
index 4070730..ec7e07b 100644
--- a/deltaspike/examples/jse-owb-examples/src/main/resources/META-INF/beans.xml
+++ b/deltaspike/examples/jse-owb-examples/src/main/resources/META-INF/beans.xml
@@ -20,4 +20,7 @@
<beans xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+ <interceptors>
+ <class>org.apache.deltaspike.security.impl.SecurityInterceptor</class>
+ </interceptors>
</beans>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/examples/pom.xml
----------------------------------------------------------------------
diff --git a/deltaspike/examples/pom.xml b/deltaspike/examples/pom.xml
index 4809a1a..c77f78f 100644
--- a/deltaspike/examples/pom.xml
+++ b/deltaspike/examples/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.deltaspike</groupId>
<artifactId>parent</artifactId>
- <version>0.1-incubating-SNAPSHOT</version>
+ <version>0.2-incubating-SNAPSHOT</version>
<relativePath>../parent/pom.xml</relativePath>
</parent>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/pom.xml
----------------------------------------------------------------------
diff --git a/deltaspike/modules/pom.xml b/deltaspike/modules/pom.xml
new file mode 100644
index 0000000..e9fbf45
--- /dev/null
+++ b/deltaspike/modules/pom.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.deltaspike</groupId>
+ <artifactId>parent-code</artifactId>
+ <version>0.2-incubating-SNAPSHOT</version>
+ <relativePath>../parent/code/pom.xml</relativePath>
+ </parent>
+
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>modules-project</artifactId>
+ <version>0.2-incubating-SNAPSHOT</version>
+ <packaging>pom</packaging>
+
+ <name>Apache DeltaSpike Modules</name>
+
+ <modules>
+ <module>security</module>
+ </modules>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-jcdi_1.0_spec</artifactId>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/pom.xml
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/pom.xml b/deltaspike/modules/security/api/pom.xml
new file mode 100644
index 0000000..7abe455
--- /dev/null
+++ b/deltaspike/modules/security/api/pom.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>security-module-project</artifactId>
+ <version>0.2-incubating-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>deltaspike-security-module-api</artifactId>
+
+ <name>Apache DeltaSpike Security-Module API</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.deltaspike.core</groupId>
+ <artifactId>deltaspike-core-api</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <inherited>true</inherited>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionState.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionState.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionState.java
new file mode 100644
index 0000000..f6ec581
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionState.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api;
+
+/**
+ * State-enum for {@link AccessDecisionVoterContext}
+ */
+public enum AccessDecisionState
+{
+ INITIAL, VOTE_IN_PROGRESS, VIOLATION_FOUND, NO_VIOLATION_FOUND
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoter.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoter.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoter.java
new file mode 100644
index 0000000..fdddcef
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoter.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api;
+
+import java.io.Serializable;
+import java.util.Set;
+
+/**
+ * Interface for implementing concrete voters.
+ * A voter has to add an instance of
+ * {@link SecurityViolation} to the given result-set,
+ * if a restriction is detected.<p/>
+ * A voter has to be used in combination with {@link Secured}.<p/>
+ * A voter can use every scope which is active. It's recommended to use
+ * {@link javax.enterprise.context.ApplicationScoped} for stateless voters and e.g.
+ * {@link javax.enterprise.context.RequestScoped} otherwise.
+ */
+public interface AccessDecisionVoter extends Serializable
+{
+ /**
+ * Checks the permission for the given {@link javax.interceptor.InvocationContext}.
+ * If a violation is detected, it should be added to a set which gets returned by the method.
+ *
+ * @param accessDecisionVoterContext current access-decision-voter-context
+ * @return a set which contains violations which have been detected
+ */
+ Set<SecurityViolation> checkPermission(AccessDecisionVoterContext accessDecisionVoterContext);
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoterContext.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoterContext.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoterContext.java
new file mode 100644
index 0000000..91daaca
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoterContext.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Optional context which allows to get the current state as well as the results of the security check.
+ * (Optional because it requires a useful scope which depends on the environment.)
+ */
+public interface AccessDecisionVoterContext
+{
+ /**
+ * Exposes the current state
+ * @return current state
+ */
+ AccessDecisionState getState();
+
+ /**
+ * Exposes the found violations
+ * @return found violations
+ */
+ List<SecurityViolation> getViolations();
+
+ /**
+ * TODO review it (this method is new)
+ * Exposes the source e.g. {@link javax.interceptor.InvocationContext}
+ * @return the source which triggered the
+ */
+ <T> T getSource();
+
+ /**
+ * Exposes the found meta-data
+ * @return found meta-data
+ */
+ Map<String, Object> getMetaData();
+
+ /**
+ * Exposes meta-data for the given key
+ * @param key meta-data key
+ * @param targetType target type
+ * @param <T> target type
+ * @return meta-data for the given key or null if there is no value for the given key
+ */
+ <T> T getMetaDataFor(String key, Class<T> targetType);
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDeniedException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDeniedException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDeniedException.java
new file mode 100644
index 0000000..9ec7ccb
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDeniedException.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api;
+
+import java.util.Set;
+
+/**
+ * Exception occurs in case of a security-violation.
+ * It's aware of the reason for the violation as well as the error-view which should be used to display the restriction.
+ */
+public class AccessDeniedException extends SecurityException
+{
+ private static final long serialVersionUID = -4066763895951237969L;
+
+ private Set<SecurityViolation> violations;
+
+ /**
+ * Constructor for creating the exception for the given violations and error-view
+ * @param violations current violations
+ */
+ public AccessDeniedException(Set<SecurityViolation> violations)
+ {
+ this.violations = violations;
+ }
+
+ /**
+ * All {@link SecurityViolation} which were found by a {@link AccessDecisionVoter}
+ *
+ * @return all security-violations
+ */
+ public Set<SecurityViolation> getViolations()
+ {
+ return violations;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Secured.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Secured.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Secured.java
new file mode 100644
index 0000000..c67e6fa
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Secured.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api;
+
+import javax.enterprise.util.Nonbinding;
+import javax.interceptor.InterceptorBinding;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * TODO refactor it as soon as we have @SecurityBindingType
+ *
+ * Interceptor for securing beans.
+ * It's also possible to use it as meta-annotation for type-safe view-configs.
+ */
+@Target({ TYPE, METHOD, ANNOTATION_TYPE })
+@Retention(RUNTIME)
+@Documented
+
+//cdi annotations
+@InterceptorBinding
+public @interface Secured
+{
+ /**
+ * {@link AccessDecisionVoter}s which will be invoked before accessing the intercepted instance or in case of
+ * view-configs before a view gets used.
+ *
+ * @return the configured access-decision-voters which should be used for the voting process
+ */
+ @Nonbinding
+ Class<? extends AccessDecisionVoter>[] value();
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityViolation.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityViolation.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityViolation.java
new file mode 100644
index 0000000..c2f688e
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityViolation.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api;
+
+import java.io.Serializable;
+
+/**
+ * Provides the concrete reason for the restriction.
+ */
+public interface SecurityViolation extends Serializable
+{
+ /**
+ * Provides a description of the violation.
+ *
+ * @return description of the violation
+ */
+ String getReason();
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/spi/EditableAccessDecisionVoterContext.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/spi/EditableAccessDecisionVoterContext.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/spi/EditableAccessDecisionVoterContext.java
new file mode 100644
index 0000000..e7d9563
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/spi/EditableAccessDecisionVoterContext.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.spi;
+
+import org.apache.deltaspike.security.api.AccessDecisionState;
+import org.apache.deltaspike.security.api.AccessDecisionVoterContext;
+import org.apache.deltaspike.security.api.SecurityViolation;
+
+/**
+ * Interface which allows to provide a custom {@link AccessDecisionVoterContext} implementation
+ */
+public interface EditableAccessDecisionVoterContext extends AccessDecisionVoterContext
+{
+ /**
+ * Allows to add custom meta-data. The default security strategy adds custom annotations of the intercepted method
+ * as well as class-level annotations. (Currently inherited annotations aren't supported)
+ * @param key key for the meta-data
+ * @param metaData meta-data which should be added
+ */
+ void addMetaData(String key, Object metaData);
+
+ /**
+ * Updates the state of the context
+ * @param accessDecisionVoterState current state
+ */
+ void setState(AccessDecisionState accessDecisionVoterState);
+
+ /**
+ * TODO review it (this method is new)
+ * @param source e.g. the invocation-context
+ */
+ void setSource(Object source);
+
+ /**
+ * Adds a new {@link SecurityViolation} to the context
+ * @param securityViolation security-violation which should be added
+ */
+ void addViolation(SecurityViolation securityViolation);
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/spi/SecurityStrategy.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/spi/SecurityStrategy.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/spi/SecurityStrategy.java
new file mode 100644
index 0000000..c19175d
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/spi/SecurityStrategy.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.spi;
+
+import org.apache.deltaspike.core.spi.InterceptorStrategy;
+
+/**
+ * Marker interface for a pluggable strategy for {@link org.apache.deltaspike.security.api.Secured}
+ */
+public interface SecurityStrategy extends InterceptorStrategy
+{
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/main/resources/META-INF/beans.xml
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/resources/META-INF/beans.xml b/deltaspike/modules/security/api/src/main/resources/META-INF/beans.xml
new file mode 100644
index 0000000..c913a0e
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/resources/META-INF/beans.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd"/>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/FullProfileCategory.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/FullProfileCategory.java b/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/FullProfileCategory.java
new file mode 100644
index 0000000..85fa586
--- /dev/null
+++ b/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/FullProfileCategory.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.test.category;
+
+/**
+ * Category marker interface. Tests which are Full profile minimum.
+ */
+public interface FullProfileCategory
+{
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/SeCategory.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/SeCategory.java b/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/SeCategory.java
new file mode 100644
index 0000000..1cf75ae
--- /dev/null
+++ b/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/SeCategory.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.test.category;
+
+/**
+ * Category marker interface. Tests which are SE bare minimum.
+ */
+public interface SeCategory
+{
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/WebProfileCategory.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/WebProfileCategory.java b/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/WebProfileCategory.java
new file mode 100644
index 0000000..4d5ab8b
--- /dev/null
+++ b/deltaspike/modules/security/api/src/test/java/org/apache/deltaspike/test/category/WebProfileCategory.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.test.category;
+
+/**
+ * Category marker interface. Tests which are Web profile minimum.
+ */
+public interface WebProfileCategory
+{
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/pom.xml
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/pom.xml b/deltaspike/modules/security/impl/pom.xml
new file mode 100644
index 0000000..addf384
--- /dev/null
+++ b/deltaspike/modules/security/impl/pom.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>security-module-project</artifactId>
+ <version>0.2-incubating-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>deltaspike-security-module-impl</artifactId>
+
+ <name>Apache DeltaSpike Security-Module Impl</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.deltaspike.core</groupId>
+ <artifactId>deltaspike-core-api</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.deltaspike.core</groupId>
+ <artifactId>deltaspike-core-impl</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>deltaspike-security-module-api</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <inherited>true</inherited>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/DefaultAccessDecisionVoterContext.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/DefaultAccessDecisionVoterContext.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/DefaultAccessDecisionVoterContext.java
new file mode 100644
index 0000000..564b9fe
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/DefaultAccessDecisionVoterContext.java
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl;
+
+import org.apache.deltaspike.security.api.AccessDecisionState;
+import org.apache.deltaspike.security.api.SecurityViolation;
+import org.apache.deltaspike.security.spi.EditableAccessDecisionVoterContext;
+
+import javax.enterprise.context.RequestScoped;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * {@inheritDoc}
+ */
+@RequestScoped //TODO we might need a scope for it
+public class DefaultAccessDecisionVoterContext implements EditableAccessDecisionVoterContext
+{
+ private AccessDecisionState state = AccessDecisionState.INITIAL;
+
+ private List<SecurityViolation> securityViolations;
+
+ private Map<String, Object> metaData = new HashMap<String, Object>();
+
+ private Object source;
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public AccessDecisionState getState()
+ {
+ return this.state;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public List<SecurityViolation> getViolations()
+ {
+ if (this.securityViolations == null)
+ {
+ return Collections.emptyList();
+ }
+ return Collections.unmodifiableList(this.securityViolations);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public <T> T getSource()
+ {
+ return (T)this.source;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void setSource(Object source)
+ {
+ this.source = source;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Map<String, Object> getMetaData()
+ {
+ return Collections.unmodifiableMap(this.metaData);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public <T> T getMetaDataFor(String key, Class<T> targetType)
+ {
+ return (T) this.metaData.get(key);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void addMetaData(String key, Object metaData)
+ {
+ //TODO specify nested security calls
+ this.metaData.put(key, metaData);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void setState(AccessDecisionState accessDecisionVoterState)
+ {
+ if (AccessDecisionState.VOTE_IN_PROGRESS.equals(accessDecisionVoterState))
+ {
+ this.securityViolations = new ArrayList<SecurityViolation>(); //lazy init
+ }
+
+ this.state = accessDecisionVoterState;
+
+ if (AccessDecisionState.INITIAL.equals(accessDecisionVoterState) ||
+ AccessDecisionState.VOTE_IN_PROGRESS.equals(accessDecisionVoterState))
+ {
+ return;
+ }
+
+ //meta-data is only needed until the end of a voting process
+ this.metaData.clear();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void addViolation(SecurityViolation securityViolation)
+ {
+ if (this.securityViolations == null)
+ {
+ throw new IllegalStateException(
+ AccessDecisionState.VOTE_IN_PROGRESS.name() + " is required for adding security-violations");
+ }
+ this.securityViolations.add(securityViolation);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/DefaultSecurityStrategy.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/DefaultSecurityStrategy.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/DefaultSecurityStrategy.java
new file mode 100644
index 0000000..e8a157c
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/DefaultSecurityStrategy.java
@@ -0,0 +1,182 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl;
+
+import org.apache.deltaspike.core.api.provider.BeanProvider;
+import org.apache.deltaspike.security.api.AccessDecisionState;
+import org.apache.deltaspike.security.api.AccessDecisionVoter;
+import org.apache.deltaspike.security.api.AccessDecisionVoterContext;
+import org.apache.deltaspike.security.api.AccessDeniedException;
+import org.apache.deltaspike.security.api.Secured;
+import org.apache.deltaspike.security.api.SecurityViolation;
+import org.apache.deltaspike.security.spi.EditableAccessDecisionVoterContext;
+import org.apache.deltaspike.security.spi.SecurityStrategy;
+
+import javax.enterprise.context.Dependent;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+import javax.interceptor.InvocationContext;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * {@inheritDoc}
+ */
+@Dependent
+public class DefaultSecurityStrategy implements SecurityStrategy
+{
+ private static final long serialVersionUID = 7992336651801599079L;
+
+ @Inject
+ private AccessDecisionVoterContext voterContext;
+
+ //all implementations will be serializable
+ @Inject
+ @SuppressWarnings("NonSerializableFieldInSerializableClass")
+ private BeanManager beanManager;
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Object execute(InvocationContext invocationContext) throws Exception
+ {
+ Secured secured = null;
+
+ List<Annotation> annotatedTypeMetadata = extractMetadata(invocationContext);
+
+ for (Annotation annotation : annotatedTypeMetadata)
+ {
+ if (Secured.class.isAssignableFrom(annotation.annotationType()))
+ {
+ secured = (Secured) annotation;
+ }
+ else if (voterContext instanceof EditableAccessDecisionVoterContext)
+ {
+ ((EditableAccessDecisionVoterContext) voterContext)
+ .addMetaData(annotation.annotationType().getName(), annotation);
+ }
+ }
+
+ if (secured != null)
+ {
+ Class<? extends AccessDecisionVoter>[] voterClasses = secured.value();
+
+ invokeVoters(invocationContext, Arrays.asList(voterClasses));
+ }
+
+ return invocationContext.proceed();
+ }
+
+ private List<Annotation> extractMetadata(InvocationContext invocationContext)
+ {
+ List<Annotation> result = new ArrayList<Annotation>();
+
+ Method method = invocationContext.getMethod();
+
+ result.addAll(getAllAnnotations(method.getAnnotations()));
+ result.addAll(getAllAnnotations(method.getDeclaringClass().getAnnotations()));
+
+ return result;
+ }
+
+ private List<Annotation> getAllAnnotations(Annotation[] annotations)
+ {
+ List<Annotation> result = new ArrayList<Annotation>();
+
+ String annotationName;
+ for (Annotation annotation : annotations)
+ {
+ annotationName = annotation.annotationType().getName();
+ if (annotationName.startsWith("java.") || annotationName.startsWith("javax."))
+ {
+ continue;
+ }
+
+ result.add(annotation);
+ result.addAll(getAllAnnotations(annotation.annotationType().getAnnotations()));
+ }
+
+ return result;
+ }
+
+ /**
+ * Helper for invoking the given {@link AccessDecisionVoter}s
+ *
+ * @param invocationContext current invocation-context (might be null in case of secured views)
+ * @param accessDecisionVoters current access-decision-voters
+ */
+ private void invokeVoters(InvocationContext invocationContext,
+ List<Class<? extends AccessDecisionVoter>> accessDecisionVoters)
+ {
+ if (accessDecisionVoters == null)
+ {
+ return;
+ }
+
+ AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
+ try
+ {
+ if (voterContext instanceof EditableAccessDecisionVoterContext)
+ {
+ ((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
+ ((EditableAccessDecisionVoterContext) voterContext).setSource(invocationContext);
+ }
+
+ Set<SecurityViolation> violations;
+
+ AccessDecisionVoter voter;
+ for (Class<? extends AccessDecisionVoter> voterClass : accessDecisionVoters)
+ {
+ voter = BeanProvider.getContextualReference(voterClass, false);
+
+ violations = voter.checkPermission(voterContext);
+
+ if (violations != null && violations.size() > 0)
+ {
+ if (voterContext instanceof EditableAccessDecisionVoterContext)
+ {
+ voterState = AccessDecisionState.VIOLATION_FOUND;
+ for (SecurityViolation securityViolation : violations)
+ {
+ ((EditableAccessDecisionVoterContext) voterContext).addViolation(securityViolation);
+ }
+ }
+ throw new AccessDeniedException(violations);
+ }
+ }
+ }
+ finally
+ {
+ if (voterContext instanceof EditableAccessDecisionVoterContext)
+ {
+ if (AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState))
+ {
+ voterState = AccessDecisionState.NO_VIOLATION_FOUND;
+ }
+
+ ((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/SecurityInterceptor.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/SecurityInterceptor.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/SecurityInterceptor.java
new file mode 100644
index 0000000..e963a32
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/SecurityInterceptor.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl;
+
+import org.apache.deltaspike.security.api.AccessDecisionVoter;
+import org.apache.deltaspike.security.api.Secured;
+import org.apache.deltaspike.security.spi.SecurityStrategy;
+
+import javax.inject.Inject;
+import javax.interceptor.AroundInvoke;
+import javax.interceptor.Interceptor;
+import javax.interceptor.InvocationContext;
+import java.io.Serializable;
+
+/**
+ * Interceptor for {@link Secured} - details see {@link SecurityStrategy}
+ */
+@Secured(SecurityInterceptor.PlaceHolderVoter.class)
+@Interceptor
+public class SecurityInterceptor implements Serializable
+{
+ private static final long serialVersionUID = -7094673146532371976L;
+
+ @Inject
+ private SecurityStrategy securityStrategy;
+
+ /**
+ * Triggers the registered {@link AccessDecisionVoter}s
+ * @param invocationContext current invocation-context
+ * @return result of the intercepted method
+ * @throws Exception exception which might be thrown by the intercepted method
+ */
+ @AroundInvoke
+ public Object filterDeniedInvocations(InvocationContext invocationContext) throws Exception
+ {
+ return this.securityStrategy.execute(invocationContext);
+ }
+
+ interface PlaceHolderVoter extends AccessDecisionVoter
+ {
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/src/main/resources/META-INF/beans.xml
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/resources/META-INF/beans.xml b/deltaspike/modules/security/impl/src/main/resources/META-INF/beans.xml
new file mode 100644
index 0000000..ec7e07b
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/resources/META-INF/beans.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+ <interceptors>
+ <class>org.apache.deltaspike.security.impl.SecurityInterceptor</class>
+ </interceptors>
+</beans>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/FullProfileCategory.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/FullProfileCategory.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/FullProfileCategory.java
new file mode 100644
index 0000000..85fa586
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/FullProfileCategory.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.test.category;
+
+/**
+ * Category marker interface. Tests which are Full profile minimum.
+ */
+public interface FullProfileCategory
+{
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/SeCategory.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/SeCategory.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/SeCategory.java
new file mode 100644
index 0000000..1cf75ae
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/SeCategory.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.test.category;
+
+/**
+ * Category marker interface. Tests which are SE bare minimum.
+ */
+public interface SeCategory
+{
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/WebProfileCategory.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/WebProfileCategory.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/WebProfileCategory.java
new file mode 100644
index 0000000..4d5ab8b
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/category/WebProfileCategory.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.test.category;
+
+/**
+ * Category marker interface. Tests which are Web profile minimum.
+ */
+public interface WebProfileCategory
+{
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/src/test/resources/META-INF/beans.xml
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/resources/META-INF/beans.xml b/deltaspike/modules/security/impl/src/test/resources/META-INF/beans.xml
new file mode 100644
index 0000000..e17526f
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/resources/META-INF/beans.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+ <!-- TODO change it to the global alternative approach as soon as it is committed -->
+ <alternatives>
+ <class>org.apache.deltaspike.test.security.impl.customsecured.AlternativeSecurityStrategy</class>
+ </alternatives>
+
+ <interceptors>
+ <class>org.apache.deltaspike.security.impl.SecurityInterceptor</class>
+ </interceptors>
+</beans>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/impl/src/test/resources/WEB-INF/beans.xml
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/resources/WEB-INF/beans.xml b/deltaspike/modules/security/impl/src/test/resources/WEB-INF/beans.xml
new file mode 100644
index 0000000..739e67e
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/resources/WEB-INF/beans.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+
+ <!-- TODO change it to the global alternative approach as soon as it is committed -->
+ <alternatives>
+ <class>org.apache.deltaspike.test.security.impl.customsecured.AlternativeSecurityStrategy</class>
+ </alternatives>
+
+ <!-- workaround which works with arquillian+owb but not with arquillian+weld - TODO get rid of it at all -->
+ <interceptors>
+ <class>org.apache.deltaspike.security.impl.SecurityInterceptor</class>
+ </interceptors>
+</beans>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/modules/security/pom.xml
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/pom.xml b/deltaspike/modules/security/pom.xml
new file mode 100644
index 0000000..338c74f
--- /dev/null
+++ b/deltaspike/modules/security/pom.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>modules-project</artifactId>
+ <version>0.2-incubating-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>security-module-project</artifactId>
+ <version>0.2-incubating-SNAPSHOT</version>
+ <packaging>pom</packaging>
+
+ <name>Apache DeltaSpike Security-Module</name>
+
+ <modules>
+ <module>api</module>
+ <module>impl</module>
+ </modules>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/parent/pom.xml
----------------------------------------------------------------------
diff --git a/deltaspike/parent/pom.xml b/deltaspike/parent/pom.xml
index 439a249..b267086 100644
--- a/deltaspike/parent/pom.xml
+++ b/deltaspike/parent/pom.xml
@@ -296,7 +296,26 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.deltaspike.core</groupId>
+ <artifactId>deltaspike-core-api</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.deltaspike.core</groupId>
+ <artifactId>deltaspike-core-impl</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.deltaspike.modules</groupId>
+ <artifactId>deltaspike-security-module-api</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
</dependencies>
</dependencyManagement>
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/d48f3dd6/deltaspike/pom.xml
----------------------------------------------------------------------
diff --git a/deltaspike/pom.xml b/deltaspike/pom.xml
index ac993f7..81b67c4 100644
--- a/deltaspike/pom.xml
+++ b/deltaspike/pom.xml
@@ -55,6 +55,7 @@
<module>checkstyle-rules</module>
<module>parent</module>
<module>core</module>
+ <module>modules</module>
</modules>
<build>