You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/05/23 17:07:57 UTC
[isis] 02/02: ISIS-2689: introduces AuthorizorChooser SPI,
and auto-registers AuthorizorSecman as higher precedence than
AuthorizorShiro
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
commit d437c658e11f8efb96af2b33b35b85be9ca2a54c
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Sun May 23 18:06:58 2021 +0100
ISIS-2689: introduces AuthorizorChooser SPI, and auto-registers AuthorizorSecman as higher precedence than AuthorizorShiro
This means that adding in secman will effectively disable the shiro authorizor. This is a half-way stop to isis-2607, to decouple secman from shiro completely.
---
.../manager/AuthorizationManager.java | 21 +++++++++++++++++--
.../authorization/manager/AuthorizorChooser.java | 24 ++++++++++++++++++++++
.../secman/api/IsisModuleExtSecmanApi.java | 3 +++
.../secman/api/authorizor/AuthorizorSecman.java | 2 +-
4 files changed, 47 insertions(+), 3 deletions(-)
diff --git a/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizationManager.java b/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizationManager.java
index 8fdbecf..74622b9 100644
--- a/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizationManager.java
+++ b/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizationManager.java
@@ -19,6 +19,8 @@
package org.apache.isis.core.security.authorization.manager;
+import java.util.List;
+
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
@@ -34,8 +36,12 @@ import org.apache.isis.applib.services.sudo.SudoService;
import org.apache.isis.core.security.authentication.Authentication;
import org.apache.isis.core.security.authorization.Authorizor;
+import lombok.val;
+
/**
* Authorizes the user in the current session view and use members of an object.
+ *
+ * @since 1.x {@index}
*/
@Service
@Named("isis.security.AuthorizationManager")
@@ -44,11 +50,22 @@ import org.apache.isis.core.security.authorization.Authorizor;
@Qualifier("Default")
public class AuthorizationManager {
+ private final List<Authorizor> authorizors;
private final Authorizor authorizor;
@Inject
- public AuthorizationManager(Authorizor authorizor) {
- this.authorizor = authorizor;
+ public AuthorizationManager(
+ final List<Authorizor> authorizors,
+ @org.springframework.lang.Nullable final AuthorizorChooser authorizorChooser) {
+ this.authorizors = authorizors;
+ val authorizorPrecedenceChooserToUse = authorizorChooser != null
+ ? authorizorChooser
+ : new AuthorizorChooser() {
+ @Override public Authorizor chooseFrom(final List<Authorizor> authorizors) {
+ return authorizors.get(0);
+ }
+ };
+ this.authorizor = authorizorPrecedenceChooserToUse.chooseFrom(authorizors);
}
/**
diff --git a/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizorChooser.java b/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizorChooser.java
new file mode 100644
index 0000000..4fe05c4
--- /dev/null
+++ b/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizorChooser.java
@@ -0,0 +1,24 @@
+package org.apache.isis.core.security.authorization.manager;
+
+import java.util.List;
+
+import javax.annotation.Nonnull;
+
+import org.apache.isis.core.security.authorization.Authorizor;
+
+/**
+ * Provides an SPI to select from multiple {@link Authorizor}s if more than
+ * one are present on the classpath.
+ *
+ * @since 2.0 {@index}
+ */
+@FunctionalInterface
+public interface AuthorizorChooser {
+
+ /**
+ *
+ * @param authorizors
+ * @return
+ */
+ Authorizor chooseFrom(final List<Authorizor> authorizors);
+}
diff --git a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/IsisModuleExtSecmanApi.java b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/IsisModuleExtSecmanApi.java
index bcb206d..86efc33 100644
--- a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/IsisModuleExtSecmanApi.java
+++ b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/IsisModuleExtSecmanApi.java
@@ -21,6 +21,7 @@ package org.apache.isis.extensions.secman.api;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
+import org.apache.isis.extensions.secman.api.authorizor.AuthorizorSecman;
import org.apache.isis.extensions.secman.api.feature.dom.ApplicationFeatureChoices;
import org.apache.isis.extensions.secman.api.feature.dom.ApplicationFeatureViewModels;
import org.apache.isis.extensions.secman.api.feature.dom.ApplicationNamespace;
@@ -88,6 +89,8 @@ import org.apache.isis.extensions.secman.api.user.menu.MeService;
@Import({
ApplicationFeatureChoices.class,
+ AuthorizorSecman.class,
+
// @DomainService
ApplicationFeatureViewModels.class,
ApplicationOrphanedPermissionManager.class,
diff --git a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/authorizor/AuthorizorSecman.java b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/authorizor/AuthorizorSecman.java
index f2a6438..2f6b2a2 100644
--- a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/authorizor/AuthorizorSecman.java
+++ b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/authorizor/AuthorizorSecman.java
@@ -39,7 +39,7 @@ import org.apache.isis.extensions.secman.api.user.dom.ApplicationUserRepository;
*/
@Service
@Named("isis.ext.secman.AuthorizorSecman")
-@Order(OrderPrecedence.EARLY)
+@Order(OrderPrecedence.EARLY - 10) // before shiro
@Qualifier("Secman")
public class AuthorizorSecman implements Authorizor {