You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rave.apache.org by ca...@apache.org on 2012/06/01 23:09:55 UTC
svn commit: r1345349 - in
/rave/branches/model_interfaces/rave-components/rave-core/src:
main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
Author: carlucci
Date: Fri Jun 1 21:09:55 2012
New Revision: 1345349
URL: http://svn.apache.org/viewvc?rev=1345349&view=rev
Log:
RAVE-644: Fix RavePermissionEvaluator to work with interface-based model pattern
Modified:
rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
Modified: rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
URL: http://svn.apache.org/viewvc/rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java?rev=1345349&r1=1345348&r2=1345349&view=diff
==============================================================================
--- rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java (original)
+++ rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java Fri Jun 1 21:09:55 2012
@@ -34,21 +34,21 @@ import java.util.*;
* Custom PermissionEvaluator for Rave that stores a map of ModelPermissionEvaluators
* each of which is responsible for handling Domain Object Security for the Rave Model
* objects
- *
+ *
* @author carlucci
*/
@Component
public class RavePermissionEvaluator implements PermissionEvaluator {
- private Map<String, ModelPermissionEvaluator<?>> modelPermissionEvaluatorMap;
-
+ private Map<Class, ModelPermissionEvaluator<?>> modelPermissionEvaluatorMap;
+
/**
- * Constructor which will take in a component-scanned list of all ModelPermissionEvaluator
- * classes found by Spring component scanner. The constructor builds the
+ * Constructor which will take in a component-scanned list of all ModelPermissionEvaluator
+ * classes found by Spring component scanner. The constructor builds the
* internal Map by using the Model type (Model Class) as the key, thus ensuring
* only one ModelPermissionEvaluator class exists for each Model object. The
* constructor first sorts the injected list of ModelPermissionEvaluator objects
* by the loadOrder field to allow overrides of the default ModelPermissionEvaluators.
- *
+ *
* @param modelPermissionEvaluatorList autowired injected list of all ModelPermissionEvaluator classes found
* by the component scanner
*/
@@ -63,19 +63,19 @@ public class RavePermissionEvaluator imp
public int compare(ModelPermissionEvaluator o1, ModelPermissionEvaluator o2) {
return new Integer(o1.getLoadOrder()).compareTo(new Integer(o2.getLoadOrder()));
}
- });
-
+ });
+
// build the map using the model type/class as the key
- modelPermissionEvaluatorMap = new HashMap<String, ModelPermissionEvaluator<?>>();
+ modelPermissionEvaluatorMap = new HashMap<Class, ModelPermissionEvaluator<?>>();
for (ModelPermissionEvaluator<?> mpe : modelPermissionEvaluatorList) {
- modelPermissionEvaluatorMap.put(mpe.getType().getName(), mpe);
+ modelPermissionEvaluatorMap.put(mpe.getType(), mpe);
}
}
-
+
/**
- * Checks to see if the Authentication object has the supplied permission
+ * Checks to see if the Authentication object has the supplied permission
* on the supplied domain object
- *
+ *
* @param authentication the Authentication object
* @param targetDomainObject the domain object needing permission check
* @param permissionString the permission to check
@@ -88,17 +88,17 @@ public class RavePermissionEvaluator imp
return false;
}
// find the appropriate ModelPermissionEvaluator from the map based on
- // the targetDomainObject's class and invoke the hasPermission function
- return getEvaluator(targetDomainObject.getClass().getName()).hasPermission(authentication, targetDomainObject,
+ // the targetDomainObject's class and invoke the hasPermission function
+ return getEvaluator(targetDomainObject.getClass()).hasPermission(authentication, targetDomainObject,
getPermission(targetDomainObject, (String) permissionString));
}
/**
- * Checks to see if the Authentication object has the supplied permission
+ * Checks to see if the Authentication object has the supplied permission
* on the supplied targetType (model class name) and targetId (entityId).
* This method can be used when a permission check is needed and the method
- * does not currently have the domain object, only its entityId
- *
+ * does not currently have the domain object, only its entityId
+ *
* @param authentication the Authentication object
* @param targetId the entityId of the targetType class
* @param targetType the class name of the domain object
@@ -107,23 +107,55 @@ public class RavePermissionEvaluator imp
*/
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permissionString) {
- // find the appropriate ModelPermissionEvaluator from the map based on
+ // find the appropriate ModelPermissionEvaluator from the map based on
// the targetType and invoke the hasPermission function
Permission permission = Permission.fromString((String) permissionString);
if (permission == Permission.CREATE_OR_UPDATE) {
throw new IllegalArgumentException("CREATE_OR_UPDATE not supported in this context.");
}
- return getEvaluator(targetType).hasPermission(authentication, targetId, targetType, permission);
- }
-
- private ModelPermissionEvaluator getEvaluator(String targetType) throws IllegalArgumentException {
+
+ // The targetType comes in as a String representing the Class (from the Spring annotations)
+ // so we need to convert it to a Class
+ Class clazz = null;
+ try {
+ clazz = Class.forName(targetType);
+ } catch (ClassNotFoundException e) {
+ throw new IllegalArgumentException("Class " + targetType + " not found", e);
+ }
+
+ return getEvaluator(clazz).hasPermission(authentication, targetId, targetType, permission);
+ }
+
+ private ModelPermissionEvaluator getEvaluator(Class targetType) throws IllegalArgumentException {
ModelPermissionEvaluator mpe = modelPermissionEvaluatorMap.get(targetType);
if (mpe == null) {
- throw new IllegalArgumentException("ModelPermissionEvaluator not found for type " + targetType);
+ // search for and register a compatible MPE
+ mpe = findAndRegisterCompatibleModelPermissionEvaluator(targetType);
+ // at this point, if we still haven't found a compatible MPE, throw exception
+ if (mpe == null) {
+ throw new IllegalArgumentException("ModelPermissionEvaluator not found for type " + targetType);
+ }
}
return mpe;
}
+ private ModelPermissionEvaluator findAndRegisterCompatibleModelPermissionEvaluator(Class modelClass) {
+ // look to see if this model class implements one of the types of the registered MPE's
+ // and add an entry into the map for it. This will allow, for example, a JpaPage class
+ // to use the registered MPE for the Page interface
+ for (Map.Entry<Class, ModelPermissionEvaluator<?>> classModelPermissionEvaluatorEntry : modelPermissionEvaluatorMap.entrySet()) {
+ Class registeredModelClass = classModelPermissionEvaluatorEntry.getKey();
+ ModelPermissionEvaluator<?> registeredMpe = classModelPermissionEvaluatorEntry.getValue();
+ if (registeredModelClass.isAssignableFrom(modelClass)) {
+ // register this new mapping of model class to mpe class
+ modelPermissionEvaluatorMap.put(modelClass, registeredMpe);
+ return registeredMpe;
+ }
+ }
+ // we didn't find a compatible ModelPermissionEvaluator...
+ return null;
+ }
+
private Permission getPermission(Object targetDomainObject, String permissionString) {
Permission permission = Permission.fromString((String) permissionString);
if (permission.equals(Permission.CREATE_OR_UPDATE)) {
Modified: rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
URL: http://svn.apache.org/viewvc/rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java?rev=1345349&r1=1345348&r2=1345349&view=diff
==============================================================================
--- rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java (original)
+++ rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java Fri Jun 1 21:09:55 2012
@@ -40,89 +40,103 @@ public class RavePermissionEvaluatorTest
private Authentication authentication;
private BasicEntityModel basicEntityModel;
private NonBasicEntityModel nonBasicEntityModel;
-
+
private String READ_PERMISSION = "read";
private String CREATE_OR_UPDATE_PERMISSION = "create_or_update";
private Long VALID_BASIC_ENTITY_MODEL_ID = 4L;
-
-
+
@Before
public void setUp() {
List<ModelPermissionEvaluator<?>> modelPermissionEvaluatorList = new ArrayList<ModelPermissionEvaluator<?>>();
- modelPermissionEvaluatorList.add(new BasicEntityModelPermissionEvaluator());
- modelPermissionEvaluatorList.add(new NonBasicEntityModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new BasicEntityModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new NonBasicEntityModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new TestModelPermissionEvaluator());
ravePermissionEvaluator = new RavePermissionEvaluator(modelPermissionEvaluatorList);
-
+
authentication = createMock(Authentication.class);
- basicEntityModel = new BasicEntityModel(VALID_BASIC_ENTITY_MODEL_ID);
+ basicEntityModel = new BasicEntityModel(VALID_BASIC_ENTITY_MODEL_ID);
nonBasicEntityModel = new NonBasicEntityModel();
}
-
+
@Test
public void testLoadOrderOverride() {
@SuppressWarnings("unchecked")
ModelPermissionEvaluator<BasicEntityModel> mockedOverriddenPermissionEvaluator = createMock(ModelPermissionEvaluator.class);
expect(mockedOverriddenPermissionEvaluator.getType()).andReturn(BasicEntityModel.class);
expect(mockedOverriddenPermissionEvaluator.getLoadOrder()).andReturn(2);
- expect(mockedOverriddenPermissionEvaluator.hasPermission(authentication, basicEntityModel, Permission.fromString(READ_PERMISSION))).andReturn(true);
+ expect(mockedOverriddenPermissionEvaluator.hasPermission(authentication, basicEntityModel, Permission.fromString(READ_PERMISSION))).andReturn(true);
replay(mockedOverriddenPermissionEvaluator);
-
+
List<ModelPermissionEvaluator<?>> modelPermissionEvaluatorList = new ArrayList<ModelPermissionEvaluator<?>>();
// note we are adding the override instance first to verify the Collections.sort works as expected
modelPermissionEvaluatorList.add(mockedOverriddenPermissionEvaluator);
- modelPermissionEvaluatorList.add(new BasicEntityModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new BasicEntityModelPermissionEvaluator());
ravePermissionEvaluator = new RavePermissionEvaluator(modelPermissionEvaluatorList);
-
- assertThat(ravePermissionEvaluator.hasPermission(authentication, basicEntityModel, READ_PERMISSION), is(true));
- verify(mockedOverriddenPermissionEvaluator);
- }
-
- @Test
- public void testHasPermission_3args_read() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication, basicEntityModel, READ_PERMISSION), is(true));
- }
-
- @Test
- public void testHasPermission_3args_createOrUpdate_nullEntityId() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication, new BasicEntityModel(), CREATE_OR_UPDATE_PERMISSION), is(true));
- }
-
- @Test
- public void testHasPermission_3args_createOrUpdate_populatedEntityId() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication, basicEntityModel, CREATE_OR_UPDATE_PERMISSION), is(true));
- }
-
+
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, basicEntityModel, READ_PERMISSION), is(true));
+ verify(mockedOverriddenPermissionEvaluator);
+ }
+
+ @Test
+ public void testHasPermission_3args_read() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, basicEntityModel, READ_PERMISSION), is(true));
+ }
+
+ @Test
+ public void testHasPermission_3args_createOrUpdate_nullEntityId() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, new BasicEntityModel(), CREATE_OR_UPDATE_PERMISSION), is(true));
+ }
+
+ @Test
+ public void testHasPermission_3args_createOrUpdate_populatedEntityId() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, basicEntityModel, CREATE_OR_UPDATE_PERMISSION), is(true));
+ }
+
@Test(expected=IllegalArgumentException.class)
- public void testHasPermission_3args_createOrUpdate_nonBasicEntityModel() {
+ public void testHasPermission_3args_createOrUpdate_nonBasicEntityModel() {
ravePermissionEvaluator.hasPermission(authentication, nonBasicEntityModel, CREATE_OR_UPDATE_PERMISSION);
- }
-
+ }
+
@Test
- public void testHasPermission_3args_nullModel() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication, null, READ_PERMISSION), is(false));
+ public void testHasPermission_3args_nullModel() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, null, READ_PERMISSION), is(false));
}
-
+
@Test(expected=IllegalArgumentException.class)
- public void testHasPermission_3args_invalidEvaluator() {
+ public void testHasPermission_3args_invalidEvaluator() {
List<String> list = new ArrayList<String>();
- assertThat(ravePermissionEvaluator.hasPermission(authentication, list, READ_PERMISSION), is(true));
- }
-
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, list, READ_PERMISSION), is(true));
+ }
+
@Test
- public void testHasPermission_4args() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication, VALID_BASIC_ENTITY_MODEL_ID, BasicEntityModel.class.getName(), READ_PERMISSION), is(true));
+ public void testHasPermission_4args() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, VALID_BASIC_ENTITY_MODEL_ID, BasicEntityModel.class.getName(), READ_PERMISSION), is(true));
}
@Test(expected=IllegalArgumentException.class)
- public void testHasPermission_4args_createOrUpdatePermission() {
+ public void testHasPermission_4args_createOrUpdatePermission() {
ravePermissionEvaluator.hasPermission(authentication, VALID_BASIC_ENTITY_MODEL_ID, BasicEntityModel.class.getName(), CREATE_OR_UPDATE_PERMISSION);
- }
-
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testHasPermission_4args_invalidClass() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, VALID_BASIC_ENTITY_MODEL_ID, "badclass", READ_PERMISSION), is(true));
+ }
+
+ @Test
+ public void testFindAndRegisterCompatibleMPE() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, new TestModelImpl(), READ_PERMISSION), is(true));
+ }
+
+ interface TestModel {};
+
+ class TestModelImpl implements TestModel {}
+
class BasicEntityModel implements BasicEntity {
private Long entityId;
-
+
public BasicEntityModel() { }
-
+
public BasicEntityModel(Long entityId) {
this.entityId = entityId;
}
@@ -137,7 +151,7 @@ public class RavePermissionEvaluatorTest
this.entityId = entityId;
}
}
-
+
class BasicEntityModelPermissionEvaluator extends AbstractModelPermissionEvaluator<BasicEntityModel> {
@Override
public Class<BasicEntityModel> getType() {
@@ -148,17 +162,17 @@ public class RavePermissionEvaluatorTest
public boolean hasPermission(Authentication authentication, BasicEntityModel basicEntityModel, Permission permission) {
return true;
}
-
+
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Permission permission) {
return true;
}
- }
-
- class NonBasicEntityModel {
- public NonBasicEntityModel() { }
}
-
+
+ class NonBasicEntityModel {
+ public NonBasicEntityModel() { }
+ }
+
class NonBasicEntityModelPermissionEvaluator extends AbstractModelPermissionEvaluator<NonBasicEntityModel> {
@Override
public Class<NonBasicEntityModel> getType() {
@@ -169,10 +183,28 @@ public class RavePermissionEvaluatorTest
public boolean hasPermission(Authentication authentication, NonBasicEntityModel nonBasicEntityModel, Permission permission) {
return true;
}
-
+
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Permission permission) {
return true;
}
- }
+ }
+
+ class TestModelPermissionEvaluator extends AbstractModelPermissionEvaluator<TestModel> {
+ @Override
+ public Class<TestModel> getType() {
+ return TestModel.class;
+ }
+
+ @Override
+ public boolean hasPermission(Authentication authentication, TestModel testModel, Permission permission) {
+ return true;
+ }
+
+ @Override
+ public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Permission permission) {
+ return true;
+ }
+ }
+
}