You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ad...@apache.org on 2009/08/27 04:57:34 UTC

svn commit: r808261 - in /ofbiz/branches/executioncontext20090812: ./ framework/api/config/ framework/api/src/org/ofbiz/api/authorization/

Author: adrianc
Date: Thu Aug 27 02:57:34 2009
New Revision: 808261

URL: http://svn.apache.org/viewvc?rev=808261&view=rev
Log:
Added security-aware Freemarker transform.

Added:
    ofbiz/branches/executioncontext20090812/framework/api/config/freemarkerTransforms.properties   (with props)
    ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java   (with props)
Modified:
    ofbiz/branches/executioncontext20090812/BranchReadMe.txt
    ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java

Modified: ofbiz/branches/executioncontext20090812/BranchReadMe.txt
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/BranchReadMe.txt?rev=808261&r1=808260&r2=808261&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/BranchReadMe.txt (original)
+++ ofbiz/branches/executioncontext20090812/BranchReadMe.txt Thu Aug 27 02:57:34 2009
@@ -43,3 +43,10 @@
 action, change the settings in api.properties. You'll see info
 messages in the console log.
 
+2009-08-26: Added security-aware Freemarker transform. Template
+sections can be controlled with:
+
+<@ofbizSecurity permission="view" artifactId="thisTemplate">Some text</...@ofbizSecurity>
+
+If the user has permission to view the artifact, then "Some text"
+will be rendered.

Added: ofbiz/branches/executioncontext20090812/framework/api/config/freemarkerTransforms.properties
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/config/freemarkerTransforms.properties?rev=808261&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/config/freemarkerTransforms.properties (added)
+++ ofbiz/branches/executioncontext20090812/framework/api/config/freemarkerTransforms.properties Thu Aug 27 02:57:34 2009
@@ -0,0 +1,24 @@
+###############################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+###############################################################################
+### FreeMarker transforms ###
+#############################
+
+# entries are in the form: key=transform name, property=transform class name
+
+ofbizSecurity=org.ofbiz.api.authorization.OfbizSecurityTransform

Propchange: ofbiz/branches/executioncontext20090812/framework/api/config/freemarkerTransforms.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/branches/executioncontext20090812/framework/api/config/freemarkerTransforms.properties
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/branches/executioncontext20090812/framework/api/config/freemarkerTransforms.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java?rev=808261&r1=808260&r2=808261&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java (original)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java Thu Aug 27 02:57:34 2009
@@ -19,15 +19,31 @@
 package org.ofbiz.api.authorization;
 
 import java.security.Permission;
+import java.util.Map;
+
+import javolution.util.FastMap;
 
 /**
  * A collection of basic permissions.
  */
 public class BasicPermissions {
+
 	public static final Permission Access = new BasicPermission("access=true");
 	public static final Permission Admin = new AdminPermission();
 	public static final Permission Create = new BasicPermission("create=true");
 	public static final Permission Delete = new BasicPermission("delete=true");
 	public static final Permission Update = new BasicPermission("update=true");
 	public static final Permission View = new BasicPermission("view=true");
+	public static final Map<String, Permission> ConversionMap = createConversionMap();
+
+    protected static Map<String, Permission> createConversionMap() {
+        Map<String, Permission> conversionMap = FastMap.newInstance();
+        conversionMap.put("ACCESS", Access);
+        conversionMap.put("ADMIN", Admin);
+        conversionMap.put("CREATE", Create);
+        conversionMap.put("DELETE", Delete);
+        conversionMap.put("UPDATE", Update);
+        conversionMap.put("VIEW", View);
+        return conversionMap;
+    }
 }

Added: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java?rev=808261&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java (added)
+++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java Thu Aug 27 02:57:34 2009
@@ -0,0 +1,84 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.api.authorization;
+
+import java.io.IOException;
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.util.Map;
+
+import org.ofbiz.api.context.ExecutionContext;
+import org.ofbiz.api.context.GenericExecutionArtifact;
+import org.ofbiz.base.util.Debug;
+
+import freemarker.core.Environment;
+import freemarker.ext.beans.BeanModel;
+import freemarker.template.SimpleScalar;
+import freemarker.template.Template;
+import freemarker.template.TemplateDirectiveBody;
+import freemarker.template.TemplateException;
+import freemarker.template.TemplateModel;
+import freemarker.template.TemplateDirectiveModel;
+
+/**
+ * OfbizSecurityTransform - Security-aware Freemarker transform.
+ */
+public class OfbizSecurityTransform implements TemplateDirectiveModel {
+
+    public final static String module = OfbizSecurityTransform.class.getName();
+
+    @SuppressWarnings("unchecked")
+    public void execute(Environment env, Map params, TemplateModel[] loopVars, TemplateDirectiveBody body) throws TemplateException, IOException {
+        if (body == null) {
+            return;
+        }
+        SimpleScalar obj = (SimpleScalar) params.get("artifactId");
+        if (obj == null) {
+            Debug.logError("artifactId parameter not found, unable to execute transform", module);
+            return;
+        }
+        String artifactId = obj.getAsString();
+        obj = (SimpleScalar) params.get("permission");
+        if (obj == null) {
+            Debug.logError("permission parameter not found, unable to execute transform", module);
+            return;
+        }
+        String permStr = obj.getAsString();
+        Permission permission = BasicPermissions.ConversionMap.get(permStr.toUpperCase());
+        if (permission == null) {
+            Debug.logError("Unkown permission \"" + permStr + "\", unable to execute transform", module);
+            return;
+        }
+        BeanModel contextBean = (BeanModel)env.getVariable("executionContext");
+        if (contextBean == null) {
+            Debug.logError("ExecutionContext not found, unable to execute transform", module);
+            return;
+        }
+        Template template = env.getTemplate();
+        String location = template.getName();
+        ExecutionContext executionContext = (ExecutionContext) contextBean.getWrappedObject();
+        executionContext.pushExecutionArtifact(new GenericExecutionArtifact(location, artifactId));
+        AccessController<?> accessController = executionContext.getAccessController();
+        try {
+            accessController.checkPermission(permission);
+            body.render(env.getOut());
+        } catch (AccessControlException e) {}
+        executionContext.popExecutionArtifact();
+    }
+}

Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain