You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by ah...@apache.org on 2022/01/14 08:10:09 UTC
[isis] branch master updated: ISIS-2729: replace wicket-viewer default authorized user role with a generic constant
This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
The following commit(s) were added to refs/heads/master by this push:
new 6bccbca ISIS-2729: replace wicket-viewer default authorized user role with a generic constant
6bccbca is described below
commit 6bccbcafa4b646fa849b02f8035e800ef0461ebc
Author: Andi Huber <ah...@apache.org>
AuthorDate: Fri Jan 14 09:09:26 2022 +0100
ISIS-2729: replace wicket-viewer default authorized user role with a
generic constant
---
.../modules/ROOT/pages/2021/2.0.0-M7/mignotes.adoc | 16 ++++++++++++++++
.../isis/applib/services/user/ImpersonateMenu.java | 6 +++---
.../apache/isis/applib/services/user/UserMemento.java | 4 ++++
.../security/spring/webmodule/SpringSecurityFilter.java | 2 +-
.../isis/viewer/wicket/ui/pages/entity/EntityPage.java | 3 ++-
.../isis/viewer/wicket/ui/pages/error/ErrorPage.java | 5 +++--
.../isis/viewer/wicket/ui/pages/home/HomePage.java | 3 ++-
.../standalonecollection/StandaloneCollectionPage.java | 3 ++-
.../isis/viewer/wicket/ui/pages/value/ValuePage.java | 3 ++-
.../wicket/ui/pages/voidreturn/VoidReturnPage.java | 3 ++-
.../integration/AuthenticatedWebSessionForIsis.java | 8 +++-----
11 files changed, 40 insertions(+), 16 deletions(-)
diff --git a/antora/components/relnotes/modules/ROOT/pages/2021/2.0.0-M7/mignotes.adoc b/antora/components/relnotes/modules/ROOT/pages/2021/2.0.0-M7/mignotes.adoc
index 6f9e01d..ce71430 100644
--- a/antora/components/relnotes/modules/ROOT/pages/2021/2.0.0-M7/mignotes.adoc
+++ b/antora/components/relnotes/modules/ROOT/pages/2021/2.0.0-M7/mignotes.adoc
@@ -201,6 +201,22 @@ not compatible with the old ones.
</dependency>
----
+== Security Integration
+
+_Wicket Viewer_ default authorized user role was renamed for generic reuse.
+
+[cols="2a,3a", options="header"]
+
+|===
+
+| previously
+| new
+
+| `org.apache.isis.viewer.wicket.roles.USER` renamed
+| use `org.apache.isis.security.AUTHORIZED_USER_ROLE` instead
+
+|===
+
== Maven Artifacts
`-dn5` suffix was removed from artifacts, because we migrated DataNucleus 5.x to 6.x
diff --git a/api/applib/src/main/java/org/apache/isis/applib/services/user/ImpersonateMenu.java b/api/applib/src/main/java/org/apache/isis/applib/services/user/ImpersonateMenu.java
index 8bb1f46..e2b7930 100644
--- a/api/applib/src/main/java/org/apache/isis/applib/services/user/ImpersonateMenu.java
+++ b/api/applib/src/main/java/org/apache/isis/applib/services/user/ImpersonateMenu.java
@@ -100,7 +100,7 @@ public class ImpersonateMenu {
final String userName) {
// TODO: should use an SPI for each configured viewer to add in its own role if necessary.
- userService.impersonateUser(userName, Collections.singletonList("org.apache.isis.viewer.wicket.roles.USER"), null);
+ userService.impersonateUser(userName, Collections.singletonList(UserMemento.AUTHORIZED_USER_ROLE), null);
messageService.informUser("Now impersonating " + userName);
}
@MemberSupport public boolean hideAct() {
@@ -148,8 +148,8 @@ public class ImpersonateMenu {
// TODO: should use an SPI for each configured viewer to add in its own role if necessary.
val roleNamesCopy = new ArrayList<>(roleNames);
- if(!roleNamesCopy.contains("org.apache.isis.viewer.wicket.roles.USER")) {
- roleNamesCopy.add("org.apache.isis.viewer.wicket.roles.USER");
+ if(!roleNamesCopy.contains(UserMemento.AUTHORIZED_USER_ROLE)) {
+ roleNamesCopy.add(UserMemento.AUTHORIZED_USER_ROLE);
}
userService.impersonateUser(userName, roleNamesCopy, multiTenancyToken);
messageService.informUser("Now impersonating " + userName);
diff --git a/api/applib/src/main/java/org/apache/isis/applib/services/user/UserMemento.java b/api/applib/src/main/java/org/apache/isis/applib/services/user/UserMemento.java
index 5b43149..922903d 100644
--- a/api/applib/src/main/java/org/apache/isis/applib/services/user/UserMemento.java
+++ b/api/applib/src/main/java/org/apache/isis/applib/services/user/UserMemento.java
@@ -76,6 +76,10 @@ public class UserMemento implements Serializable {
public static final String LOGICAL_TYPE_NAME = IsisModuleApplib.NAMESPACE + ".UserMemento";
+ /** Also used by the wicket-viewer and its AuthorizeInstantiation(...) annotations;
+ * the actual value is arbitrary; however, we use namespace style to clarify the origin*/
+ public static final String AUTHORIZED_USER_ROLE = "org.apache.isis.security.AUTHORIZED_USER_ROLE";
+
private static final long serialVersionUID = 7190090455587885367L;
private static final UserMemento SYSTEM_USER = UserMemento.ofName("__system");
diff --git a/security/spring/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java b/security/spring/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java
index eef18af..521b608 100644
--- a/security/spring/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java
+++ b/security/spring/src/main/java/org/apache/isis/security/spring/webmodule/SpringSecurityFilter.java
@@ -81,7 +81,7 @@ public class SpringSecurityFilter implements Filter {
}
// TODO: this should be added by Wicket viewer
- userMemento = userMemento.withRoleAdded("org.apache.isis.viewer.wicket.roles.USER")
+ userMemento = userMemento.withRoleAdded(UserMemento.AUTHORIZED_USER_ROLE)
.withAuthenticationSource(AuthenticationSource.EXTERNAL);
interactionService.run(
diff --git a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/entity/EntityPage.java b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/entity/EntityPage.java
index 82fc229..c4e8fb3 100644
--- a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/entity/EntityPage.java
+++ b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/entity/EntityPage.java
@@ -32,6 +32,7 @@ import org.apache.wicket.request.component.IRequestablePage;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.request.resource.CssResourceReference;
+import org.apache.isis.applib.services.user.UserMemento;
import org.apache.isis.commons.internal.base._Refs;
import org.apache.isis.commons.internal.base._Refs.ObjectReference;
import org.apache.isis.commons.internal.base._Timing;
@@ -58,7 +59,7 @@ import lombok.val;
/**
* Web page representing an entity.
*/
-@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")
+@AuthorizeInstantiation(UserMemento.AUTHORIZED_USER_ROLE)
//@Log4j2
public class EntityPage extends PageAbstract {
diff --git a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/error/ErrorPage.java b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/error/ErrorPage.java
index 36c61e7..5d0637a 100644
--- a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/error/ErrorPage.java
+++ b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/error/ErrorPage.java
@@ -25,6 +25,7 @@ import org.apache.wicket.authroles.authorization.strategies.role.annotations.Aut
import org.apache.isis.applib.services.error.ErrorDetails;
import org.apache.isis.applib.services.error.ErrorReportingService;
import org.apache.isis.applib.services.error.Ticket;
+import org.apache.isis.applib.services.user.UserMemento;
import org.apache.isis.commons.internal.collections._Lists;
import org.apache.isis.viewer.wicket.model.util.PageParameterUtils;
import org.apache.isis.viewer.wicket.ui.errors.ExceptionModel;
@@ -37,7 +38,7 @@ import lombok.val;
/**
* Web page representing the home page (showing a welcome message).
*/
-@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")
+@AuthorizeInstantiation(UserMemento.AUTHORIZED_USER_ROLE)
public class ErrorPage extends PageAbstract {
private static final long serialVersionUID = 1L;
@@ -45,7 +46,7 @@ public class ErrorPage extends PageAbstract {
private static final String ID_EXCEPTION_STACK_TRACE = "exceptionStackTrace";
- public ErrorPage(ExceptionModel exceptionModel) {
+ public ErrorPage(final ExceptionModel exceptionModel) {
super(PageParameterUtils.newPageParameters(), null);
addBookmarkedPages(themeDiv);
diff --git a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/home/HomePage.java b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/home/HomePage.java
index f48a299..9d90633 100644
--- a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/home/HomePage.java
+++ b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/home/HomePage.java
@@ -23,6 +23,7 @@ import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.isis.applib.services.message.MessageService;
+import org.apache.isis.applib.services.user.UserMemento;
import org.apache.isis.core.metamodel.spec.ManagedObjects;
import org.apache.isis.viewer.common.model.components.ComponentType;
import org.apache.isis.viewer.wicket.ui.components.widgets.breadcrumbs.BreadcrumbModelProvider;
@@ -35,7 +36,7 @@ import lombok.val;
/**
* Web page representing the home page (showing a welcome message).
*/
-@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")
+@AuthorizeInstantiation(UserMemento.AUTHORIZED_USER_ROLE)
public class HomePage extends PageAbstract {
private static final long serialVersionUID = 1L;
diff --git a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/standalonecollection/StandaloneCollectionPage.java b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/standalonecollection/StandaloneCollectionPage.java
index 8db2cbf..048de98 100644
--- a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/standalonecollection/StandaloneCollectionPage.java
+++ b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/standalonecollection/StandaloneCollectionPage.java
@@ -21,6 +21,7 @@ package org.apache.isis.viewer.wicket.ui.pages.standalonecollection;
import org.apache.wicket.Component;
import org.apache.wicket.authroles.authorization.strategies.role.annotations.AuthorizeInstantiation;
+import org.apache.isis.applib.services.user.UserMemento;
import org.apache.isis.viewer.common.model.components.ComponentType;
import org.apache.isis.viewer.wicket.model.models.EntityCollectionModelStandalone;
import org.apache.isis.viewer.wicket.model.util.PageParameterUtils;
@@ -29,7 +30,7 @@ import org.apache.isis.viewer.wicket.ui.pages.PageAbstract;
/**
* Web page representing an action invocation.
*/
-@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")
+@AuthorizeInstantiation(UserMemento.AUTHORIZED_USER_ROLE)
public class StandaloneCollectionPage extends PageAbstract {
private static final long serialVersionUID = 1L;
diff --git a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/value/ValuePage.java b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/value/ValuePage.java
index 7bab8e5..f2cdbbc 100644
--- a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/value/ValuePage.java
+++ b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/value/ValuePage.java
@@ -21,6 +21,7 @@ package org.apache.isis.viewer.wicket.ui.pages.value;
import org.apache.wicket.Component;
import org.apache.wicket.authroles.authorization.strategies.role.annotations.AuthorizeInstantiation;
+import org.apache.isis.applib.services.user.UserMemento;
import org.apache.isis.viewer.common.model.components.ComponentType;
import org.apache.isis.viewer.wicket.model.models.ActionModel;
import org.apache.isis.viewer.wicket.model.models.ValueModel;
@@ -31,7 +32,7 @@ import org.apache.isis.viewer.wicket.ui.util.Wkt;
/**
* Web page representing an action invocation.
*/
-@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")
+@AuthorizeInstantiation(UserMemento.AUTHORIZED_USER_ROLE)
public class ValuePage extends PageAbstract {
private static final long serialVersionUID = 1L;
diff --git a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/voidreturn/VoidReturnPage.java b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/voidreturn/VoidReturnPage.java
index b3b0fe8..948bc9c 100644
--- a/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/voidreturn/VoidReturnPage.java
+++ b/viewers/wicket/ui/src/main/java/org/apache/isis/viewer/wicket/ui/pages/voidreturn/VoidReturnPage.java
@@ -20,6 +20,7 @@ package org.apache.isis.viewer.wicket.ui.pages.voidreturn;
import org.apache.wicket.authroles.authorization.strategies.role.annotations.AuthorizeInstantiation;
+import org.apache.isis.applib.services.user.UserMemento;
import org.apache.isis.viewer.common.model.components.ComponentType;
import org.apache.isis.viewer.wicket.model.models.ActionModel;
import org.apache.isis.viewer.wicket.model.models.VoidModel;
@@ -30,7 +31,7 @@ import org.apache.isis.viewer.wicket.ui.util.Wkt;
/**
* Web page representing an action invocation.
*/
-@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")
+@AuthorizeInstantiation(UserMemento.AUTHORIZED_USER_ROLE)
public class VoidReturnPage extends PageAbstract {
private static final long serialVersionUID = 1L;
diff --git a/viewers/wicket/viewer/src/main/java/org/apache/isis/viewer/wicket/viewer/integration/AuthenticatedWebSessionForIsis.java b/viewers/wicket/viewer/src/main/java/org/apache/isis/viewer/wicket/viewer/integration/AuthenticatedWebSessionForIsis.java
index 187ad7f..223f7a2 100644
--- a/viewers/wicket/viewer/src/main/java/org/apache/isis/viewer/wicket/viewer/integration/AuthenticatedWebSessionForIsis.java
+++ b/viewers/wicket/viewer/src/main/java/org/apache/isis/viewer/wicket/viewer/integration/AuthenticatedWebSessionForIsis.java
@@ -57,8 +57,6 @@ implements BreadcrumbModelProvider, BookmarkedPagesModelProvider, HasCommonConte
private static final long serialVersionUID = 1L;
- public static final String USER_ROLE = "org.apache.isis.viewer.wicket.roles.USER";
-
public static AuthenticatedWebSessionForIsis get() {
return (AuthenticatedWebSessionForIsis) Session.get();
}
@@ -73,11 +71,11 @@ implements BreadcrumbModelProvider, BookmarkedPagesModelProvider, HasCommonConte
*/
private InteractionContext authentication;
- public AuthenticatedWebSessionForIsis(Request request) {
+ public AuthenticatedWebSessionForIsis(final Request request) {
super(request);
}
- public void init(IsisAppCommonContext commonContext) {
+ public void init(final IsisAppCommonContext commonContext) {
this.commonContext = commonContext;
bookmarkedPagesModel = new BookmarkedPagesModel(commonContext);
breadcrumbModel = new BreadcrumbModel(commonContext);
@@ -87,7 +85,7 @@ implements BreadcrumbModelProvider, BookmarkedPagesModelProvider, HasCommonConte
@Override
public synchronized boolean authenticate(final String username, final String password) {
val authenticationRequest = new AuthenticationRequestPassword(username, password);
- authenticationRequest.addRole(USER_ROLE);
+ authenticationRequest.addRole(UserMemento.AUTHORIZED_USER_ROLE);
this.authentication = getAuthenticationManager().authenticate(authenticationRequest);
if (this.authentication != null) {
log(SessionLoggingService.Type.LOGIN, username, null);