You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/05/23 17:07:55 UTC
[isis] branch master updated (ad44f66 -> d437c65)
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git.
from ad44f66 regenerating docs
new e3203b5 ISIS-2638: simplifies impersonateWithRoles
new d437c65 ISIS-2689: introduces AuthorizorChooser SPI, and auto-registers AuthorizorSecman as higher precedence than AuthorizorShiro
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../isis/applib/services/user/ImpersonateMenu.java | 20 +++---------------
.../manager/AuthorizationManager.java | 21 +++++++++++++++++--
.../authorization/manager/AuthorizorChooser.java | 24 ++++++++++++++++++++++
.../secman/api/IsisModuleExtSecmanApi.java | 3 +++
.../secman/api/authorizor/AuthorizorSecman.java | 2 +-
5 files changed, 50 insertions(+), 20 deletions(-)
create mode 100644 core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizorChooser.java
[isis] 01/02: ISIS-2638: simplifies impersonateWithRoles
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
commit e3203b524061b0a4f27b1527efa1b5bee94bdb72
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Sun May 23 17:58:25 2021 +0100
ISIS-2638: simplifies impersonateWithRoles
... taking advantage of recent fix so that we can now default param #1 based on param #0's arg
---
.../isis/applib/services/user/ImpersonateMenu.java | 20 +++-----------------
1 file changed, 3 insertions(+), 17 deletions(-)
diff --git a/api/applib/src/main/java/org/apache/isis/applib/services/user/ImpersonateMenu.java b/api/applib/src/main/java/org/apache/isis/applib/services/user/ImpersonateMenu.java
index 8a419b9..f7a3d99 100644
--- a/api/applib/src/main/java/org/apache/isis/applib/services/user/ImpersonateMenu.java
+++ b/api/applib/src/main/java/org/apache/isis/applib/services/user/ImpersonateMenu.java
@@ -121,15 +121,9 @@ public class ImpersonateMenu {
@ActionLayout(sequence = "100.2", cssClassFa = "fa-mask")
public void impersonateWithRoles(
final String userName,
- @ParameterLayout(named = "Use user's roles?", labelPosition = LabelPosition.RIGHT)
- final boolean useUsersRoles,
final List<String> roleNames) {
- val rolesToUse = useUsersRoles
- ? impersonateMenuAdvisor().roleNamesFor(userName)
- : roleNames;
-
- this.userService.impersonateUser(userName, rolesToUse);
+ this.userService.impersonateUser(userName, roleNames);
this.messageService.informUser("Now impersonating " + userName);
}
@MemberSupport public boolean hideImpersonateWithRoles() {
@@ -141,18 +135,10 @@ public class ImpersonateMenu {
@MemberSupport public List<String> choices0ImpersonateWithRoles() {
return impersonateMenuAdvisor().allUserNames();
}
- @MemberSupport public boolean default1ImpersonateWithRoles() {
- return true;
- }
- @MemberSupport public boolean hide2ImpersonateWithRoles(final String userName, boolean useUsersRoles) {
- return useUsersRoles;
- }
- @MemberSupport public List<String> choices2ImpersonateWithRoles(final String userName, boolean useUsersRoles) {
+ @MemberSupport public List<String> choices1ImpersonateWithRoles(final String userName) {
return impersonateMenuAdvisor().allRoleNames();
}
- @MemberSupport public List<String> default2ImpersonateWithRoles(final String userName, boolean useUsersRoles) {
- // TODO: this is never called, unfortunately; ISIS-2666
- // TODO: and attempting to use Parameters fails; ISIS-2667
+ @MemberSupport public List<String> default1ImpersonateWithRoles(final String userName) {
return impersonateMenuAdvisor().roleNamesFor(userName);
}
[isis] 02/02: ISIS-2689: introduces AuthorizorChooser SPI,
and auto-registers AuthorizorSecman as higher precedence than
AuthorizorShiro
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/isis.git
commit d437c658e11f8efb96af2b33b35b85be9ca2a54c
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Sun May 23 18:06:58 2021 +0100
ISIS-2689: introduces AuthorizorChooser SPI, and auto-registers AuthorizorSecman as higher precedence than AuthorizorShiro
This means that adding in secman will effectively disable the shiro authorizor. This is a half-way stop to isis-2607, to decouple secman from shiro completely.
---
.../manager/AuthorizationManager.java | 21 +++++++++++++++++--
.../authorization/manager/AuthorizorChooser.java | 24 ++++++++++++++++++++++
.../secman/api/IsisModuleExtSecmanApi.java | 3 +++
.../secman/api/authorizor/AuthorizorSecman.java | 2 +-
4 files changed, 47 insertions(+), 3 deletions(-)
diff --git a/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizationManager.java b/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizationManager.java
index 8fdbecf..74622b9 100644
--- a/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizationManager.java
+++ b/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizationManager.java
@@ -19,6 +19,8 @@
package org.apache.isis.core.security.authorization.manager;
+import java.util.List;
+
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
@@ -34,8 +36,12 @@ import org.apache.isis.applib.services.sudo.SudoService;
import org.apache.isis.core.security.authentication.Authentication;
import org.apache.isis.core.security.authorization.Authorizor;
+import lombok.val;
+
/**
* Authorizes the user in the current session view and use members of an object.
+ *
+ * @since 1.x {@index}
*/
@Service
@Named("isis.security.AuthorizationManager")
@@ -44,11 +50,22 @@ import org.apache.isis.core.security.authorization.Authorizor;
@Qualifier("Default")
public class AuthorizationManager {
+ private final List<Authorizor> authorizors;
private final Authorizor authorizor;
@Inject
- public AuthorizationManager(Authorizor authorizor) {
- this.authorizor = authorizor;
+ public AuthorizationManager(
+ final List<Authorizor> authorizors,
+ @org.springframework.lang.Nullable final AuthorizorChooser authorizorChooser) {
+ this.authorizors = authorizors;
+ val authorizorPrecedenceChooserToUse = authorizorChooser != null
+ ? authorizorChooser
+ : new AuthorizorChooser() {
+ @Override public Authorizor chooseFrom(final List<Authorizor> authorizors) {
+ return authorizors.get(0);
+ }
+ };
+ this.authorizor = authorizorPrecedenceChooserToUse.chooseFrom(authorizors);
}
/**
diff --git a/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizorChooser.java b/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizorChooser.java
new file mode 100644
index 0000000..4fe05c4
--- /dev/null
+++ b/core/security/src/main/java/org/apache/isis/core/security/authorization/manager/AuthorizorChooser.java
@@ -0,0 +1,24 @@
+package org.apache.isis.core.security.authorization.manager;
+
+import java.util.List;
+
+import javax.annotation.Nonnull;
+
+import org.apache.isis.core.security.authorization.Authorizor;
+
+/**
+ * Provides an SPI to select from multiple {@link Authorizor}s if more than
+ * one are present on the classpath.
+ *
+ * @since 2.0 {@index}
+ */
+@FunctionalInterface
+public interface AuthorizorChooser {
+
+ /**
+ *
+ * @param authorizors
+ * @return
+ */
+ Authorizor chooseFrom(final List<Authorizor> authorizors);
+}
diff --git a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/IsisModuleExtSecmanApi.java b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/IsisModuleExtSecmanApi.java
index bcb206d..86efc33 100644
--- a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/IsisModuleExtSecmanApi.java
+++ b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/IsisModuleExtSecmanApi.java
@@ -21,6 +21,7 @@ package org.apache.isis.extensions.secman.api;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
+import org.apache.isis.extensions.secman.api.authorizor.AuthorizorSecman;
import org.apache.isis.extensions.secman.api.feature.dom.ApplicationFeatureChoices;
import org.apache.isis.extensions.secman.api.feature.dom.ApplicationFeatureViewModels;
import org.apache.isis.extensions.secman.api.feature.dom.ApplicationNamespace;
@@ -88,6 +89,8 @@ import org.apache.isis.extensions.secman.api.user.menu.MeService;
@Import({
ApplicationFeatureChoices.class,
+ AuthorizorSecman.class,
+
// @DomainService
ApplicationFeatureViewModels.class,
ApplicationOrphanedPermissionManager.class,
diff --git a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/authorizor/AuthorizorSecman.java b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/authorizor/AuthorizorSecman.java
index f2a6438..2f6b2a2 100644
--- a/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/authorizor/AuthorizorSecman.java
+++ b/extensions/security/secman/api/src/main/java/org/apache/isis/extensions/secman/api/authorizor/AuthorizorSecman.java
@@ -39,7 +39,7 @@ import org.apache.isis.extensions.secman.api.user.dom.ApplicationUserRepository;
*/
@Service
@Named("isis.ext.secman.AuthorizorSecman")
-@Order(OrderPrecedence.EARLY)
+@Order(OrderPrecedence.EARLY - 10) // before shiro
@Qualifier("Secman")
public class AuthorizorSecman implements Authorizor {