You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by sb...@apache.org on 2012/07/24 03:32:29 UTC
[7/20] git commit: minor refactor, fix checkstyle issues
minor refactor, fix checkstyle issues
Project: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/commit/93ffd315
Tree: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/tree/93ffd315
Diff: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/diff/93ffd315
Branch: refs/heads/master
Commit: 93ffd3153de3feb3e36eae7db2307953800148d9
Parents: 176fd67
Author: Shane Bryzak <sb...@gmail.com>
Authored: Tue Jun 19 18:31:52 2012 +1000
Committer: Shane Bryzak <sb...@gmail.com>
Committed: Tue Jul 24 10:11:19 2012 +1000
----------------------------------------------------------------------
.../security/impl/authorization/Authorizer.java | 199 -------------
.../authorization/DefaultSecurityStrategy.java | 54 ----
.../authorization/SecuredAnnotationAuthorizer.java | 1 +
.../impl/authorization/SecurityInterceptor.java | 46 ---
.../authorization/SecurityInterceptorBinding.java | 39 ---
.../SecurityInterceptorBindingLiteral.java | 32 --
.../authorization/SecurityMetaDataStorage.java | 231 --------------
.../security/impl/authorization/SecurityUtils.java | 90 ------
.../security/impl/extension/Authorizer.java | 201 +++++++++++++
.../impl/extension/DefaultSecurityStrategy.java | 53 ++++
.../security/impl/extension/SecurityExtension.java | 7 +-
.../impl/extension/SecurityInterceptor.java | 46 +++
.../impl/extension/SecurityInterceptorBinding.java | 39 +++
.../SecurityInterceptorBindingLiteral.java | 33 ++
.../impl/extension/SecurityMetaDataStorage.java | 232 +++++++++++++++
.../security/impl/util/SecurityUtils.java | 90 ++++++
.../impl/authentication/InMemoryUserStorage.java | 3 +-
.../impl/authentication/TestInquiryStorage.java | 2 +-
.../secured/SecuredAnnotationTest.java | 1 +
.../securitybinding/SecurityBindingTest.java | 1 +
.../securityparameterbinding/MockObject.java | 27 +-
.../securityparameterbinding/MockParamBinding.java | 2 +-
.../apache/deltaspike/test/util/ArchiveUtils.java | 3 +-
.../test/util/ShrinkWrapArchiveUtil.java | 4 +
24 files changed, 721 insertions(+), 715 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java
deleted file mode 100644
index 8a3b14a..0000000
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.impl.authorization;
-
-import java.lang.annotation.Annotation;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import javax.enterprise.context.spi.CreationalContext;
-import javax.enterprise.inject.Stereotype;
-import javax.enterprise.inject.Typed;
-import javax.enterprise.inject.spi.AnnotatedMethod;
-import javax.enterprise.inject.spi.Bean;
-import javax.enterprise.inject.spi.BeanManager;
-import javax.enterprise.util.Nonbinding;
-import javax.interceptor.InvocationContext;
-
-import org.apache.deltaspike.core.util.metadata.builder.InjectableMethod;
-import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
-import org.apache.deltaspike.security.api.authorization.SecurityDefinitionException;
-import org.apache.deltaspike.security.api.authorization.SecurityViolation;
-import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType;
-
-/**
- * Responsible for authorizing method invocations.
- */
-@Typed()
-class Authorizer
-{
- private BeanManager beanManager;
-
- private Annotation bindingAnnotation;
- private Map<Method, Object> bindingSecurityBindingMembers = new HashMap<Method, Object>();
-
- private AnnotatedMethod<?> boundAuthorizerMethod;
- private Bean<?> boundAuthorizerBean;
-
- private InjectableMethod<?> boundAuthorizerMethodProxy;
-
- Authorizer(Annotation bindingAnnotation, AnnotatedMethod<?> boundAuthorizerMethod, BeanManager beanManager)
- {
- this.bindingAnnotation = bindingAnnotation;
- this.boundAuthorizerMethod = boundAuthorizerMethod;
- this.beanManager = beanManager;
-
- try
- {
- for (Method method : bindingAnnotation.annotationType().getDeclaredMethods())
- {
- if (method.isAnnotationPresent(Nonbinding.class))
- {
- continue;
- }
- bindingSecurityBindingMembers.put(method, method.invoke(bindingAnnotation));
- }
- }
- catch (InvocationTargetException ex)
- {
- throw new SecurityDefinitionException("Error reading security binding members", ex);
- }
- catch (IllegalAccessException ex)
- {
- throw new SecurityDefinitionException("Error reading security binding members", ex);
- }
- }
-
- void authorize(final InvocationContext ic)
- {
- if (boundAuthorizerBean == null)
- {
- lazyInitTargetBean();
- }
-
- final CreationalContext<?> creationalContext = beanManager.createCreationalContext(boundAuthorizerBean);
-
- Object reference = beanManager.getReference(boundAuthorizerBean,
- boundAuthorizerMethod.getJavaMember().getDeclaringClass(), creationalContext);
-
- Object result = boundAuthorizerMethodProxy.invoke(reference, creationalContext,
- new SecurityParameterValueRedefiner(creationalContext, ic));
-
- if (result.equals(Boolean.FALSE))
- {
- Set<SecurityViolation> violations = new HashSet<SecurityViolation>();
- violations.add(new SecurityViolation()
- {
- private static final long serialVersionUID = 2358753444038521129L;
-
- @Override
- public String getReason()
- {
- return "Authorization check failed";
- }
- });
-
- throw new AccessDeniedException(violations);
- }
- }
-
- @SuppressWarnings({ "unchecked", "rawtypes" })
- private synchronized void lazyInitTargetBean()
- {
- if (boundAuthorizerBean == null)
- {
- Method method = boundAuthorizerMethod.getJavaMember();
-
- Set<Bean<?>> beans = beanManager.getBeans(method.getDeclaringClass());
- if (beans.size() == 1)
- {
- boundAuthorizerBean = beans.iterator().next();
- }
- else if (beans.isEmpty())
- {
- throw new IllegalStateException("Exception looking up authorizer method bean - " +
- "no beans found for method [" + method.getDeclaringClass() + "." +
- method.getName() + "]");
- }
- else if (beans.size() > 1)
- {
- throw new IllegalStateException("Exception looking up authorizer method bean - " +
- "multiple beans found for method [" + method.getDeclaringClass().getName() + "." +
- method.getName() + "]");
- }
-
- boundAuthorizerMethodProxy = new InjectableMethod(boundAuthorizerMethod, boundAuthorizerBean, beanManager);
- }
- }
-
- boolean matchesBinding(Annotation annotation)
- {
- if (!annotation.annotationType().isAnnotationPresent(SecurityBindingType.class) &&
- annotation.annotationType().isAnnotationPresent(Stereotype.class))
- {
- annotation = SecurityUtils.resolveSecurityBindingType(annotation);
- }
-
- if (!annotation.annotationType().equals(bindingAnnotation.annotationType()))
- {
- return false;
- }
-
- for (Method method : annotation.annotationType().getDeclaredMethods())
- {
- if (method.isAnnotationPresent(Nonbinding.class))
- {
- continue;
- }
-
- if (!bindingSecurityBindingMembers.containsKey(method))
- {
- return false;
- }
-
- try
- {
- Object value = method.invoke(annotation);
- if (!bindingSecurityBindingMembers.get(method).equals(value))
- {
- return false;
- }
- }
- catch (InvocationTargetException ex)
- {
- throw new SecurityDefinitionException("Error reading security binding members", ex);
- }
- catch (IllegalAccessException ex)
- {
- throw new SecurityDefinitionException("Error reading security binding members", ex);
- }
- }
-
- return true;
- }
-
- Method getBoundAuthorizerMethod()
- {
- return boundAuthorizerMethod.getJavaMember();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java
deleted file mode 100644
index eefb0c0..0000000
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.impl.authorization;
-
-import org.apache.deltaspike.security.impl.extension.SecurityExtension;
-import org.apache.deltaspike.security.spi.authorization.SecurityStrategy;
-
-import javax.enterprise.context.Dependent;
-import javax.interceptor.InvocationContext;
-import java.lang.reflect.Method;
-
-/**
- * {@inheritDoc}
- */
-@Dependent
-@SuppressWarnings("UnusedDeclaration")
-public class DefaultSecurityStrategy implements SecurityStrategy
-{
- private static final long serialVersionUID = 7992336651801599079L;
-
- /**
- * {@inheritDoc}
- */
- @Override
- public Object execute(InvocationContext invocationContext) throws Exception
- {
- Method method = invocationContext.getMethod();
-
- SecurityMetaDataStorage metaDataStorage = SecurityExtension.getMetaDataStorage();
-
- for (Authorizer authorizer : metaDataStorage.getAuthorizers(invocationContext.getTarget().getClass(), method))
- {
- authorizer.authorize(invocationContext);
- }
-
- return invocationContext.proceed();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
index 89648d2..9cdde08 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
@@ -26,6 +26,7 @@ import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
import org.apache.deltaspike.security.api.authorization.SecurityViolation;
import org.apache.deltaspike.security.api.authorization.annotation.Secured;
import org.apache.deltaspike.security.api.authorization.annotation.Secures;
+import org.apache.deltaspike.security.impl.util.SecurityUtils;
import org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext;
import javax.enterprise.context.Dependent;
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptor.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptor.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptor.java
deleted file mode 100644
index 09a4991..0000000
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptor.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.impl.authorization;
-
-import org.apache.deltaspike.security.spi.authorization.SecurityStrategy;
-
-import javax.inject.Inject;
-import javax.interceptor.AroundInvoke;
-import javax.interceptor.Interceptor;
-import javax.interceptor.InvocationContext;
-import java.io.Serializable;
-
-/**
- * Interceptor for {@link SecurityInterceptorBinding} - details see {@link SecurityStrategy}
- */
-@SecurityInterceptorBinding
-@Interceptor
-public class SecurityInterceptor implements Serializable
-{
- private static final long serialVersionUID = -7094673146532371976L;
-
- @Inject
- private SecurityStrategy securityStrategy;
-
- @AroundInvoke
- public Object filterDeniedInvocations(InvocationContext invocationContext) throws Exception
- {
- return securityStrategy.execute(invocationContext);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptorBinding.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptorBinding.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptorBinding.java
deleted file mode 100644
index 0cd3dd6..0000000
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptorBinding.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-package org.apache.deltaspike.security.impl.authorization;
-
-import javax.interceptor.InterceptorBinding;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * Interceptor binding type for SecurityInterceptor. Users should not apply
- * this binding themselves, it is applied by the security portable extension.
- */
-@Retention(RetentionPolicy.RUNTIME)
-@InterceptorBinding
-@Target({ElementType.TYPE, ElementType.METHOD })
-@interface SecurityInterceptorBinding
-{
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptorBindingLiteral.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptorBindingLiteral.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptorBindingLiteral.java
deleted file mode 100644
index 5888e0c..0000000
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptorBindingLiteral.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-package org.apache.deltaspike.security.impl.authorization;
-
-import javax.enterprise.util.AnnotationLiteral;
-
-/**
- * Annotation literal for SecurityInterceptorBinding
- */
-class SecurityInterceptorBindingLiteral extends AnnotationLiteral<SecurityInterceptorBinding>
- implements SecurityInterceptorBinding
-{
- private static final long serialVersionUID = 2189092542638784524L;
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java
deleted file mode 100644
index b1ced5a..0000000
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.impl.authorization;
-
-import org.apache.deltaspike.security.api.authorization.SecurityDefinitionException;
-
-import javax.enterprise.inject.spi.AnnotatedType;
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Method;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-class SecurityMetaDataStorage
-{
- /**
- * Contains all known authorizers
- */
- private Set<Authorizer> authorizers = new HashSet<Authorizer>();
-
- /**
- * Contains all known secured types
- */
- private Set<AnnotatedType<?>> securedTypes = new HashSet<AnnotatedType<?>>();
-
- /**
- * A mapping between a secured method of a class and its authorizers
- */
- private Map<Class<?>, Map<Method, Set<Authorizer>>> methodAuthorizers =
- new HashMap<Class<?>, Map<Method, Set<Authorizer>>>();
-
-
- void addAuthorizer(Authorizer authorizer)
- {
- authorizers.add(authorizer);
- }
-
- void addSecuredType(AnnotatedType<?> annotatedType)
- {
- securedTypes.add(annotatedType);
- }
-
- Set<AnnotatedType<?>> getSecuredTypes()
- {
- return securedTypes;
- }
-
- void resetSecuredTypes()
- {
- securedTypes = null;
- }
-
- /**
- * This method is invoked by the security interceptor to obtain the
- * authorizer stack for a secured method
- */
- Set<Authorizer> getAuthorizers(Class<?> targetClass, Method targetMethod)
- {
- if (!isMethodMetaDataAvailable(targetClass, targetMethod))
- {
- registerSecuredMethod(targetClass, targetMethod);
- }
-
- return getMethodAuthorizers(targetClass, targetMethod);
- }
-
- synchronized void registerSecuredMethod(Class<?> targetClass, Method targetMethod)
- {
- ensureInitializedAuthorizersForClass(targetClass);
-
- if (!containsMethodAuthorizers(targetClass, targetMethod))
- {
- // Build a list of all security bindings on both the method and its declaring class
- Set<Annotation> bindings = new HashSet<Annotation>();
-
- Class<?> cls = targetClass;
- while (!cls.equals(Object.class))
- {
- for (final Annotation annotation : cls.getAnnotations())
- {
- if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation))
- {
- bindings.add(annotation);
- }
- }
- cls = cls.getSuperclass();
- }
-
- for (final Annotation annotation : targetMethod.getAnnotations())
- {
- if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation))
- {
- bindings.add(annotation);
- }
- }
-
- Set<Authorizer> authorizerStack = new HashSet<Authorizer>();
-
- for (Annotation binding : bindings)
- {
- boolean found = false;
-
- // For each security binding, find a valid authorizer
- for (Authorizer authorizer : authorizers)
- {
- if (authorizer.matchesBinding(binding))
- {
- if (found)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("Matching authorizer methods found: [");
- sb.append(authorizer.getBoundAuthorizerMethod().getDeclaringClass().getName());
- sb.append(".");
- sb.append(authorizer.getBoundAuthorizerMethod().getName());
- sb.append("]");
-
- for (Authorizer a : authorizerStack)
- {
- if (a.matchesBinding(binding))
- {
- sb.append(", [");
- sb.append(a.getBoundAuthorizerMethod().getDeclaringClass().getName());
- sb.append(".");
- sb.append(a.getBoundAuthorizerMethod().getName());
- sb.append("]");
- }
- }
-
- throw new SecurityDefinitionException(
- "Ambiguous authorizers found for security binding type [@" +
- binding.annotationType().getName() + "] on method [" +
- targetMethod.getDeclaringClass().getName() + "." +
- targetMethod.getName() + "]. " + sb.toString());
- }
-
- authorizerStack.add(authorizer);
- found = true;
- }
- }
-
- if (!found)
- {
- throw new SecurityDefinitionException(
- "No matching authorizer found for security binding type [@" +
- binding.annotationType().getName() + "] on method [" +
- targetMethod.getDeclaringClass().getName() + "." +
- targetMethod.getName() + "].");
- }
- }
- addMethodAuthorizer(targetClass, targetMethod, authorizerStack);
- }
- }
-
- Set<Authorizer> getAuthorizers()
- {
- return authorizers;
- }
-
- private boolean containsMethodAuthorizers(Class<?> targetClass, Method targetMethod)
- {
- Map<Method, Set<Authorizer>> resultForClass = methodAuthorizers.get(targetClass);
- return resultForClass.containsKey(targetMethod);
- }
-
- private void ensureInitializedAuthorizersForClass(Class<?> targetClass)
- {
- Map<Method, Set<Authorizer>> resultForClass = methodAuthorizers.get(targetClass);
-
- if (resultForClass == null)
- {
- methodAuthorizers.put(targetClass, new HashMap<Method, Set<Authorizer>>());
- }
- }
-
- private boolean isMethodMetaDataAvailable(Class<?> targetClass, Method targetMethod)
- {
- Map<Method, Set<Authorizer>> result = methodAuthorizers.get(targetClass);
- return result != null && result.containsKey(targetMethod);
- }
-
- private void addMethodAuthorizer(Class<?> targetClass, Method targetMethod, Set<Authorizer> authorizersToAdd)
- {
- Map<Method, Set<Authorizer>> authorizerMapping = methodAuthorizers.get(targetClass);
-
- if (authorizerMapping == null)
- {
- authorizerMapping = new HashMap<Method, Set<Authorizer>>();
- methodAuthorizers.put(targetClass, authorizerMapping);
- }
-
- Set<Authorizer> authorizersForMethod = authorizerMapping.get(targetMethod);
-
- if (authorizersForMethod == null)
- {
- authorizersForMethod = new HashSet<Authorizer>();
- authorizerMapping.put(targetMethod, authorizersForMethod);
- }
-
- authorizersForMethod.addAll(authorizersToAdd);
- }
-
- private Set<Authorizer> getMethodAuthorizers(Class<?> targetClass, Method targetMethod)
- {
- Map<Method, Set<Authorizer>> resultForClass = methodAuthorizers.get(targetClass);
-
- if (resultForClass == null)
- {
- throw new IllegalStateException(
- "no meta-data available for: " + targetClass.getName() + targetMethod.getName());
- }
-
- return resultForClass.get(targetMethod);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityUtils.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityUtils.java
deleted file mode 100644
index 4ff9880..0000000
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityUtils.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.impl.authorization;
-
-import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType;
-
-import javax.enterprise.inject.Stereotype;
-import javax.enterprise.inject.Typed;
-import java.lang.annotation.Annotation;
-import java.util.ArrayList;
-import java.util.List;
-
-@Typed()
-abstract class SecurityUtils
-{
- private SecurityUtils()
- {
- // prevent instantiation
- }
-
- static boolean isMetaAnnotatedWithSecurityBindingType(Annotation annotation)
- {
- if (annotation.annotationType().isAnnotationPresent(SecurityBindingType.class))
- {
- return true;
- }
-
- List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations());
-
- for (Annotation foundAnnotation : result)
- {
- if (SecurityBindingType.class.isAssignableFrom(foundAnnotation.annotationType()))
- {
- return true;
- }
- }
- return false;
- }
-
- static Annotation resolveSecurityBindingType(Annotation annotation)
- {
- List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations());
-
- for (Annotation foundAnnotation : result)
- {
- if (foundAnnotation.annotationType().isAnnotationPresent(SecurityBindingType.class))
- {
- return foundAnnotation;
- }
- }
- throw new IllegalStateException(annotation.annotationType().getName() + " is a " + Stereotype.class.getName() +
- " but it isn't annotated with " + SecurityBindingType.class.getName());
- }
-
- static List<Annotation> getAllAnnotations(Annotation[] annotations)
- {
- List<Annotation> result = new ArrayList<Annotation>();
-
- String annotationName;
- for (Annotation annotation : annotations)
- {
- annotationName = annotation.annotationType().getName();
- if (annotationName.startsWith("java.") || annotationName.startsWith("javax."))
- {
- continue;
- }
-
- result.add(annotation);
- result.addAll(getAllAnnotations(annotation.annotationType().getAnnotations()));
- }
-
- return result;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java
new file mode 100644
index 0000000..deda773
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java
@@ -0,0 +1,201 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl.extension;
+
+import java.lang.annotation.Annotation;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.enterprise.context.spi.CreationalContext;
+import javax.enterprise.inject.Stereotype;
+import javax.enterprise.inject.Typed;
+import javax.enterprise.inject.spi.AnnotatedMethod;
+import javax.enterprise.inject.spi.Bean;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.util.Nonbinding;
+import javax.interceptor.InvocationContext;
+
+import org.apache.deltaspike.core.util.metadata.builder.InjectableMethod;
+import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
+import org.apache.deltaspike.security.api.authorization.SecurityDefinitionException;
+import org.apache.deltaspike.security.api.authorization.SecurityViolation;
+import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType;
+import org.apache.deltaspike.security.impl.authorization.SecurityParameterValueRedefiner;
+import org.apache.deltaspike.security.impl.util.SecurityUtils;
+
+/**
+ * Responsible for authorizing method invocations.
+ */
+@Typed()
+class Authorizer
+{
+ private BeanManager beanManager;
+
+ private Annotation bindingAnnotation;
+ private Map<Method, Object> bindingSecurityBindingMembers = new HashMap<Method, Object>();
+
+ private AnnotatedMethod<?> boundAuthorizerMethod;
+ private Bean<?> boundAuthorizerBean;
+
+ private InjectableMethod<?> boundAuthorizerMethodProxy;
+
+ Authorizer(Annotation bindingAnnotation, AnnotatedMethod<?> boundAuthorizerMethod, BeanManager beanManager)
+ {
+ this.bindingAnnotation = bindingAnnotation;
+ this.boundAuthorizerMethod = boundAuthorizerMethod;
+ this.beanManager = beanManager;
+
+ try
+ {
+ for (Method method : bindingAnnotation.annotationType().getDeclaredMethods())
+ {
+ if (method.isAnnotationPresent(Nonbinding.class))
+ {
+ continue;
+ }
+ bindingSecurityBindingMembers.put(method, method.invoke(bindingAnnotation));
+ }
+ }
+ catch (InvocationTargetException ex)
+ {
+ throw new SecurityDefinitionException("Error reading security binding members", ex);
+ }
+ catch (IllegalAccessException ex)
+ {
+ throw new SecurityDefinitionException("Error reading security binding members", ex);
+ }
+ }
+
+ void authorize(final InvocationContext ic)
+ {
+ if (boundAuthorizerBean == null)
+ {
+ lazyInitTargetBean();
+ }
+
+ final CreationalContext<?> creationalContext = beanManager.createCreationalContext(boundAuthorizerBean);
+
+ Object reference = beanManager.getReference(boundAuthorizerBean,
+ boundAuthorizerMethod.getJavaMember().getDeclaringClass(), creationalContext);
+
+ Object result = boundAuthorizerMethodProxy.invoke(reference, creationalContext,
+ new SecurityParameterValueRedefiner(creationalContext, ic));
+
+ if (result.equals(Boolean.FALSE))
+ {
+ Set<SecurityViolation> violations = new HashSet<SecurityViolation>();
+ violations.add(new SecurityViolation()
+ {
+ private static final long serialVersionUID = 2358753444038521129L;
+
+ @Override
+ public String getReason()
+ {
+ return "Authorization check failed";
+ }
+ });
+
+ throw new AccessDeniedException(violations);
+ }
+ }
+
+ @SuppressWarnings({ "unchecked", "rawtypes" })
+ private synchronized void lazyInitTargetBean()
+ {
+ if (boundAuthorizerBean == null)
+ {
+ Method method = boundAuthorizerMethod.getJavaMember();
+
+ Set<Bean<?>> beans = beanManager.getBeans(method.getDeclaringClass());
+ if (beans.size() == 1)
+ {
+ boundAuthorizerBean = beans.iterator().next();
+ }
+ else if (beans.isEmpty())
+ {
+ throw new IllegalStateException("Exception looking up authorizer method bean - " +
+ "no beans found for method [" + method.getDeclaringClass() + "." +
+ method.getName() + "]");
+ }
+ else if (beans.size() > 1)
+ {
+ throw new IllegalStateException("Exception looking up authorizer method bean - " +
+ "multiple beans found for method [" + method.getDeclaringClass().getName() + "." +
+ method.getName() + "]");
+ }
+
+ boundAuthorizerMethodProxy = new InjectableMethod(boundAuthorizerMethod, boundAuthorizerBean, beanManager);
+ }
+ }
+
+ boolean matchesBinding(Annotation annotation)
+ {
+ if (!annotation.annotationType().isAnnotationPresent(SecurityBindingType.class) &&
+ annotation.annotationType().isAnnotationPresent(Stereotype.class))
+ {
+ annotation = SecurityUtils.resolveSecurityBindingType(annotation);
+ }
+
+ if (!annotation.annotationType().equals(bindingAnnotation.annotationType()))
+ {
+ return false;
+ }
+
+ for (Method method : annotation.annotationType().getDeclaredMethods())
+ {
+ if (method.isAnnotationPresent(Nonbinding.class))
+ {
+ continue;
+ }
+
+ if (!bindingSecurityBindingMembers.containsKey(method))
+ {
+ return false;
+ }
+
+ try
+ {
+ Object value = method.invoke(annotation);
+ if (!bindingSecurityBindingMembers.get(method).equals(value))
+ {
+ return false;
+ }
+ }
+ catch (InvocationTargetException ex)
+ {
+ throw new SecurityDefinitionException("Error reading security binding members", ex);
+ }
+ catch (IllegalAccessException ex)
+ {
+ throw new SecurityDefinitionException("Error reading security binding members", ex);
+ }
+ }
+
+ return true;
+ }
+
+ Method getBoundAuthorizerMethod()
+ {
+ return boundAuthorizerMethod.getJavaMember();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
new file mode 100644
index 0000000..d035c07
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl.extension;
+
+import org.apache.deltaspike.security.spi.authorization.SecurityStrategy;
+
+import javax.enterprise.context.Dependent;
+import javax.interceptor.InvocationContext;
+import java.lang.reflect.Method;
+
+/**
+ * {@inheritDoc}
+ */
+@Dependent
+@SuppressWarnings("UnusedDeclaration")
+public class DefaultSecurityStrategy implements SecurityStrategy
+{
+ private static final long serialVersionUID = 7992336651801599079L;
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Object execute(InvocationContext invocationContext) throws Exception
+ {
+ Method method = invocationContext.getMethod();
+
+ SecurityMetaDataStorage metaDataStorage = SecurityExtension.getMetaDataStorage();
+
+ for (Authorizer authorizer : metaDataStorage.getAuthorizers(invocationContext.getTarget().getClass(), method))
+ {
+ authorizer.authorize(invocationContext);
+ }
+
+ return invocationContext.proceed();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityExtension.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityExtension.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityExtension.java
index 0f74b31..a839e21 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityExtension.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityExtension.java
@@ -25,11 +25,7 @@ import org.apache.deltaspike.core.util.ClassDeactivationUtils;
import org.apache.deltaspike.core.util.ClassUtils;
import org.apache.deltaspike.security.api.authorization.SecurityDefinitionException;
import org.apache.deltaspike.security.api.authorization.annotation.Secures;
-import org.apache.deltaspike.security.impl.authorization.Authorizer;
-import org.apache.deltaspike.security.impl.authorization.SecurityInterceptorBinding;
-import org.apache.deltaspike.security.impl.authorization.SecurityInterceptorBindingLiteral;
-import org.apache.deltaspike.security.impl.authorization.SecurityMetaDataStorage;
-import org.apache.deltaspike.security.impl.authorization.SecurityUtils;
+import org.apache.deltaspike.security.impl.util.SecurityUtils;
import org.apache.deltaspike.security.spi.authentication.Authenticator;
import javax.enterprise.event.Observes;
@@ -50,7 +46,6 @@ import java.util.concurrent.ConcurrentHashMap;
/**
* Extension for processing typesafe security annotations
*/
-//TODO move to extension package
public class SecurityExtension implements Extension, Deactivatable
{
private static final SecurityInterceptorBinding INTERCEPTOR_BINDING = new SecurityInterceptorBindingLiteral();
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptor.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptor.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptor.java
new file mode 100644
index 0000000..b6c4933
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptor.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl.extension;
+
+import org.apache.deltaspike.security.spi.authorization.SecurityStrategy;
+
+import javax.inject.Inject;
+import javax.interceptor.AroundInvoke;
+import javax.interceptor.Interceptor;
+import javax.interceptor.InvocationContext;
+import java.io.Serializable;
+
+/**
+ * Interceptor for {@link SecurityInterceptorBinding} - details see {@link SecurityStrategy}
+ */
+@SecurityInterceptorBinding
+@Interceptor
+public class SecurityInterceptor implements Serializable
+{
+ private static final long serialVersionUID = -7094673146532371976L;
+
+ @Inject
+ private SecurityStrategy securityStrategy;
+
+ @AroundInvoke
+ public Object filterDeniedInvocations(InvocationContext invocationContext) throws Exception
+ {
+ return securityStrategy.execute(invocationContext);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptorBinding.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptorBinding.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptorBinding.java
new file mode 100644
index 0000000..d4599f0
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptorBinding.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.deltaspike.security.impl.extension;
+
+import javax.interceptor.InterceptorBinding;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Interceptor binding type for SecurityInterceptor. Users should not apply
+ * this binding themselves, it is applied by the security portable extension.
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@InterceptorBinding
+@Target({ElementType.TYPE, ElementType.METHOD })
+@interface SecurityInterceptorBinding
+{
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptorBindingLiteral.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptorBindingLiteral.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptorBindingLiteral.java
new file mode 100644
index 0000000..c397f59
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityInterceptorBindingLiteral.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.deltaspike.security.impl.extension;
+
+import javax.enterprise.util.AnnotationLiteral;
+
+
+/**
+ * Annotation literal for SecurityInterceptorBinding
+ */
+class SecurityInterceptorBindingLiteral extends AnnotationLiteral<SecurityInterceptorBinding>
+ implements SecurityInterceptorBinding
+{
+ private static final long serialVersionUID = 2189092542638784524L;
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityMetaDataStorage.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityMetaDataStorage.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityMetaDataStorage.java
new file mode 100644
index 0000000..dc913a7
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityMetaDataStorage.java
@@ -0,0 +1,232 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl.extension;
+
+import org.apache.deltaspike.security.api.authorization.SecurityDefinitionException;
+import org.apache.deltaspike.security.impl.util.SecurityUtils;
+
+import javax.enterprise.inject.spi.AnnotatedType;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+class SecurityMetaDataStorage
+{
+ /**
+ * Contains all known authorizers
+ */
+ private Set<Authorizer> authorizers = new HashSet<Authorizer>();
+
+ /**
+ * Contains all known secured types
+ */
+ private Set<AnnotatedType<?>> securedTypes = new HashSet<AnnotatedType<?>>();
+
+ /**
+ * A mapping between a secured method of a class and its authorizers
+ */
+ private Map<Class<?>, Map<Method, Set<Authorizer>>> methodAuthorizers =
+ new HashMap<Class<?>, Map<Method, Set<Authorizer>>>();
+
+
+ void addAuthorizer(Authorizer authorizer)
+ {
+ authorizers.add(authorizer);
+ }
+
+ void addSecuredType(AnnotatedType<?> annotatedType)
+ {
+ securedTypes.add(annotatedType);
+ }
+
+ Set<AnnotatedType<?>> getSecuredTypes()
+ {
+ return securedTypes;
+ }
+
+ void resetSecuredTypes()
+ {
+ securedTypes = null;
+ }
+
+ /**
+ * This method is invoked by the security interceptor to obtain the
+ * authorizer stack for a secured method
+ */
+ Set<Authorizer> getAuthorizers(Class<?> targetClass, Method targetMethod)
+ {
+ if (!isMethodMetaDataAvailable(targetClass, targetMethod))
+ {
+ registerSecuredMethod(targetClass, targetMethod);
+ }
+
+ return getMethodAuthorizers(targetClass, targetMethod);
+ }
+
+ synchronized void registerSecuredMethod(Class<?> targetClass, Method targetMethod)
+ {
+ ensureInitializedAuthorizersForClass(targetClass);
+
+ if (!containsMethodAuthorizers(targetClass, targetMethod))
+ {
+ // Build a list of all security bindings on both the method and its declaring class
+ Set<Annotation> bindings = new HashSet<Annotation>();
+
+ Class<?> cls = targetClass;
+ while (!cls.equals(Object.class))
+ {
+ for (final Annotation annotation : cls.getAnnotations())
+ {
+ if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation))
+ {
+ bindings.add(annotation);
+ }
+ }
+ cls = cls.getSuperclass();
+ }
+
+ for (final Annotation annotation : targetMethod.getAnnotations())
+ {
+ if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation))
+ {
+ bindings.add(annotation);
+ }
+ }
+
+ Set<Authorizer> authorizerStack = new HashSet<Authorizer>();
+
+ for (Annotation binding : bindings)
+ {
+ boolean found = false;
+
+ // For each security binding, find a valid authorizer
+ for (Authorizer authorizer : authorizers)
+ {
+ if (authorizer.matchesBinding(binding))
+ {
+ if (found)
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("Matching authorizer methods found: [");
+ sb.append(authorizer.getBoundAuthorizerMethod().getDeclaringClass().getName());
+ sb.append(".");
+ sb.append(authorizer.getBoundAuthorizerMethod().getName());
+ sb.append("]");
+
+ for (Authorizer a : authorizerStack)
+ {
+ if (a.matchesBinding(binding))
+ {
+ sb.append(", [");
+ sb.append(a.getBoundAuthorizerMethod().getDeclaringClass().getName());
+ sb.append(".");
+ sb.append(a.getBoundAuthorizerMethod().getName());
+ sb.append("]");
+ }
+ }
+
+ throw new SecurityDefinitionException(
+ "Ambiguous authorizers found for security binding type [@" +
+ binding.annotationType().getName() + "] on method [" +
+ targetMethod.getDeclaringClass().getName() + "." +
+ targetMethod.getName() + "]. " + sb.toString());
+ }
+
+ authorizerStack.add(authorizer);
+ found = true;
+ }
+ }
+
+ if (!found)
+ {
+ throw new SecurityDefinitionException(
+ "No matching authorizer found for security binding type [@" +
+ binding.annotationType().getName() + "] on method [" +
+ targetMethod.getDeclaringClass().getName() + "." +
+ targetMethod.getName() + "].");
+ }
+ }
+ addMethodAuthorizer(targetClass, targetMethod, authorizerStack);
+ }
+ }
+
+ Set<Authorizer> getAuthorizers()
+ {
+ return authorizers;
+ }
+
+ private boolean containsMethodAuthorizers(Class<?> targetClass, Method targetMethod)
+ {
+ Map<Method, Set<Authorizer>> resultForClass = methodAuthorizers.get(targetClass);
+ return resultForClass.containsKey(targetMethod);
+ }
+
+ private void ensureInitializedAuthorizersForClass(Class<?> targetClass)
+ {
+ Map<Method, Set<Authorizer>> resultForClass = methodAuthorizers.get(targetClass);
+
+ if (resultForClass == null)
+ {
+ methodAuthorizers.put(targetClass, new HashMap<Method, Set<Authorizer>>());
+ }
+ }
+
+ private boolean isMethodMetaDataAvailable(Class<?> targetClass, Method targetMethod)
+ {
+ Map<Method, Set<Authorizer>> result = methodAuthorizers.get(targetClass);
+ return result != null && result.containsKey(targetMethod);
+ }
+
+ private void addMethodAuthorizer(Class<?> targetClass, Method targetMethod, Set<Authorizer> authorizersToAdd)
+ {
+ Map<Method, Set<Authorizer>> authorizerMapping = methodAuthorizers.get(targetClass);
+
+ if (authorizerMapping == null)
+ {
+ authorizerMapping = new HashMap<Method, Set<Authorizer>>();
+ methodAuthorizers.put(targetClass, authorizerMapping);
+ }
+
+ Set<Authorizer> authorizersForMethod = authorizerMapping.get(targetMethod);
+
+ if (authorizersForMethod == null)
+ {
+ authorizersForMethod = new HashSet<Authorizer>();
+ authorizerMapping.put(targetMethod, authorizersForMethod);
+ }
+
+ authorizersForMethod.addAll(authorizersToAdd);
+ }
+
+ private Set<Authorizer> getMethodAuthorizers(Class<?> targetClass, Method targetMethod)
+ {
+ Map<Method, Set<Authorizer>> resultForClass = methodAuthorizers.get(targetClass);
+
+ if (resultForClass == null)
+ {
+ throw new IllegalStateException(
+ "no meta-data available for: " + targetClass.getName() + targetMethod.getName());
+ }
+
+ return resultForClass.get(targetMethod);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/util/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/util/SecurityUtils.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/util/SecurityUtils.java
new file mode 100644
index 0000000..0b952ba
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/util/SecurityUtils.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl.util;
+
+import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType;
+
+import javax.enterprise.inject.Stereotype;
+import javax.enterprise.inject.Typed;
+import java.lang.annotation.Annotation;
+import java.util.ArrayList;
+import java.util.List;
+
+@Typed()
+public abstract class SecurityUtils
+{
+ private SecurityUtils()
+ {
+ // prevent instantiation
+ }
+
+ public static boolean isMetaAnnotatedWithSecurityBindingType(Annotation annotation)
+ {
+ if (annotation.annotationType().isAnnotationPresent(SecurityBindingType.class))
+ {
+ return true;
+ }
+
+ List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations());
+
+ for (Annotation foundAnnotation : result)
+ {
+ if (SecurityBindingType.class.isAssignableFrom(foundAnnotation.annotationType()))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public static Annotation resolveSecurityBindingType(Annotation annotation)
+ {
+ List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations());
+
+ for (Annotation foundAnnotation : result)
+ {
+ if (foundAnnotation.annotationType().isAnnotationPresent(SecurityBindingType.class))
+ {
+ return foundAnnotation;
+ }
+ }
+ throw new IllegalStateException(annotation.annotationType().getName() + " is a " + Stereotype.class.getName() +
+ " but it isn't annotated with " + SecurityBindingType.class.getName());
+ }
+
+ public static List<Annotation> getAllAnnotations(Annotation[] annotations)
+ {
+ List<Annotation> result = new ArrayList<Annotation>();
+
+ String annotationName;
+ for (Annotation annotation : annotations)
+ {
+ annotationName = annotation.annotationType().getName();
+ if (annotationName.startsWith("java.") || annotationName.startsWith("javax."))
+ {
+ continue;
+ }
+
+ result.add(annotation);
+ result.addAll(getAllAnnotations(annotation.annotationType().getAnnotations()));
+ }
+
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/InMemoryUserStorage.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/InMemoryUserStorage.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/InMemoryUserStorage.java
index 2930881..aaae788 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/InMemoryUserStorage.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/InMemoryUserStorage.java
@@ -28,7 +28,8 @@ class InMemoryUserStorage
{
private static Map<String, String> simpleUserPasswordMapping = new ConcurrentHashMap<String, String>();
- private InMemoryUserStorage() { }
+ private InMemoryUserStorage()
+ { }
static void setPassword(String userName, String password)
{
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/TestInquiryStorage.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/TestInquiryStorage.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/TestInquiryStorage.java
index df95924..9272d0c 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/TestInquiryStorage.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/TestInquiryStorage.java
@@ -38,7 +38,7 @@ public class TestInquiryStorage implements InquiryStorage
public boolean addInquiry(Inquiry inquiry)
{
- if(identity.isLoggedIn())
+ if (identity.isLoggedIn())
{
userInquiries.put(inquiry.getInquiryId(), new InquiryEntry(identity.getUser().getId(), inquiry));
}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java
index 32caa1b..7b899d8 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/secured/SecuredAnnotationTest.java
@@ -40,6 +40,7 @@ public class SecuredAnnotationTest
public static WebArchive deploy()
{
return ShrinkWrap.create(WebArchive.class, "secured-annotation-test.war")
+
.addAsLibraries(ArchiveUtils.getDeltaSpikeCoreAndSecurityArchive())
.addPackage("org.apache.deltaspike.test.security.impl.authorization.secured")
.addAsWebInfResource(ArchiveUtils.getBeansXml(), "beans.xml");
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java
index 94751cf..823b260 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securitybinding/SecurityBindingTest.java
@@ -48,6 +48,7 @@ public class SecurityBindingTest
// .addAsLibraries(testJar)
// .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
+
return ShrinkWrap.create(WebArchive.class, "security-binding-test.war")
.addAsLibraries(ArchiveUtils.getDeltaSpikeCoreAndSecurityArchive())
.addPackage(SecurityBindingTest.class.getPackage())
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockObject.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockObject.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockObject.java
index 4a7d503..6b52ad4 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockObject.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockObject.java
@@ -21,21 +21,20 @@ package org.apache.deltaspike.test.security.impl.authorization.securityparameter
public class MockObject
{
- private boolean value;
+ private boolean value;
- public MockObject(boolean value)
- {
- this.value = value;
- }
+ public MockObject(boolean value)
+ {
+ this.value = value;
+ }
- public boolean isValue()
- {
- return value;
- }
+ public boolean isValue()
+ {
+ return value;
+ }
- public void setValue(boolean value)
- {
- this.value = value;
- }
-
+ public void setValue(boolean value)
+ {
+ this.value = value;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockParamBinding.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockParamBinding.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockParamBinding.java
index 6359a2f..ce99fac 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockParamBinding.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/securityparameterbinding/MockParamBinding.java
@@ -28,7 +28,7 @@ import java.lang.annotation.Target;
import org.apache.deltaspike.security.api.authorization.annotation.SecurityParameterBinding;
@Retention(value = RUNTIME)
-@Target({PARAMETER})
+@Target({ PARAMETER })
@Documented
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ArchiveUtils.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ArchiveUtils.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ArchiveUtils.java
index af6f7ad..f9c6905 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ArchiveUtils.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ArchiveUtils.java
@@ -27,7 +27,8 @@ import org.jboss.shrinkwrap.api.spec.JavaArchive;
*/
public class ArchiveUtils
{
- private ArchiveUtils() { }
+ private ArchiveUtils()
+ { }
public static JavaArchive[] getDeltaSpikeCoreAndSecurityArchive()
{
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/93ffd315/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ShrinkWrapArchiveUtil.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ShrinkWrapArchiveUtil.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ShrinkWrapArchiveUtil.java
index edfd8eb..ad5169d 100644
--- a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ShrinkWrapArchiveUtil.java
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/util/ShrinkWrapArchiveUtil.java
@@ -43,6 +43,10 @@ import java.util.zip.ZipEntry;
public class ShrinkWrapArchiveUtil
{
private static final Logger LOG = Logger.getLogger(ShrinkWrapArchiveUtil.class.getName());
+
+ private ShrinkWrapArchiveUtil()
+ { }
+
/**
* Resolve all markerFiles from the current ClassPath and package the root nodes
* into a JavaArchive.