Author: cschneider
Date: Fri Jul 31 07:29:02 2015
New Revision: 1693536
URL: http://svn.apache.org/r1693536
Log:
Small refactoring
Modified:
aries/trunk/blueprint/blueprint-authz/pom.xml
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationInterceptor.java
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationNsHandler.java
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/SecurityAnotationParser.java
aries/trunk/blueprint/blueprint-itests/src/test/java/org/apache/aries/blueprint/itests/authz/AuthorizationTest.java
Modified: aries/trunk/blueprint/blueprint-authz/pom.xml
URL:
http://svn.apache.org/viewvc/aries/trunk/blueprint/blueprint-authz/pom.xml?rev=1693536&r1=1693535&r2=1693536&view=diff
==============================================================================
--- aries/trunk/blueprint/blueprint-authz/pom.xml (original)
+++ aries/trunk/blueprint/blueprint-authz/pom.xml Fri Jul 31 07:29:02 2015
@@ -64,7 +64,13 @@
</dependency>
<dependency>
<groupId>org.apache.aries.blueprint</groupId>
- <artifactId>org.apache.aries.blueprint.core</artifactId>
+ <artifactId>org.apache.aries.blueprint.api</artifactId>
+ <version>1.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.aries.blueprint</groupId>
+ <artifactId>blueprint-parser</artifactId>
<version>1.0.0</version>
<scope>provided</scope>
</dependency>
Modified:
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationInterceptor.java
URL:
http://svn.apache.org/viewvc/aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationInterceptor.java?rev=1693536&r1=1693535&r2=1693536&view=diff
==============================================================================
---
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationInterceptor.java
(original)
+++
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationInterceptor.java
Fri Jul 31 07:29:02 2015
@@ -68,18 +68,15 @@ public class AuthorizationInterceptor im
}
Set<Principal> principals = subject.getPrincipals();
-
for (Principal principal : principals) {
if (roles.contains(principal.getName())) {
- if (LOGGER.isDebugEnabled()) {
- LOGGER.debug("Granting access to Method: " + m + " for " +
principal);
- }
+ LOGGER.debug("Granting access to Method: {} for {}.", m,
principal);
return null;
}
}
-
- throw new AccessControlException("Method call " +
m.getDeclaringClass() + "." + m.getName() + " denied. Roles allowed are " +
roles + ". "
- + "Your principals are " +
getNames(principals) +".");
+ String msg = String.format("Method call %s.%s denied. Roles allowed
are %s. Your principals are %s.",
+ m.getDeclaringClass(), m.getName(), roles,
getNames(principals));
+ throw new AccessControlException(msg);
}
private String getNames(Set<Principal> principals) {
Modified:
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationNsHandler.java
URL:
http://svn.apache.org/viewvc/aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationNsHandler.java?rev=1693536&r1=1693535&r2=1693536&view=diff
==============================================================================
---
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationNsHandler.java
(original)
+++
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/AuthorizationNsHandler.java
Fri Jul 31 07:29:02 2015
@@ -39,18 +39,26 @@ public class AuthorizationNsHandler impl
if ("enable".equals(elt.getLocalName())) {
if
(!cdr.containsComponentDefinition(AuthorizationBeanProcessor.AUTH_PROCESSOR_BEAN_NAME))
{
- MutableBeanMetadata meta =
pc.createMetadata(MutableBeanMetadata.class);
-
meta.setId(AuthorizationBeanProcessor.AUTH_PROCESSOR_BEAN_NAME);
- meta.setRuntimeClass(AuthorizationBeanProcessor.class);
- meta.setProcessor(true);
- MutablePassThroughMetadata cdrMeta =
pc.createMetadata(MutablePassThroughMetadata.class);
- cdrMeta.setObject(cdr);
- meta.addProperty("cdr", cdrMeta);
- cdr.registerComponentDefinition(meta);
+ cdr.registerComponentDefinition(authBeanProcessor(pc, cdr));
}
}
}
+ private MutableBeanMetadata authBeanProcessor(ParserContext pc,
ComponentDefinitionRegistry cdr) {
+ MutableBeanMetadata meta =
pc.createMetadata(MutableBeanMetadata.class);
+ meta.setId(AuthorizationBeanProcessor.AUTH_PROCESSOR_BEAN_NAME);
+ meta.setRuntimeClass(AuthorizationBeanProcessor.class);
+ meta.setProcessor(true);
+ meta.addProperty("cdr", passThrough(pc, cdr));
+ return meta;
+ }
+
+ private MutablePassThroughMetadata passThrough(ParserContext pc, Object o)
{
+ MutablePassThroughMetadata meta =
pc.createMetadata(MutablePassThroughMetadata.class);
+ meta.setObject(o);
+ return meta;
+ }
+
public ComponentMetadata decorate(Node node, ComponentMetadata cm,
ParserContext pc) {
if (node instanceof Element) {
parseElement((Element)node, cm, pc);
Modified:
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/SecurityAnotationParser.java
URL:
http://svn.apache.org/viewvc/aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/SecurityAnotationParser.java?rev=1693536&r1=1693535&r2=1693536&view=diff
==============================================================================
---
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/SecurityAnotationParser.java
(original)
+++
aries/trunk/blueprint/blueprint-authz/src/main/java/org/apache/aries/blueprint/authorization/impl/SecurityAnotationParser.java
Fri Jul 31 07:29:02 2015
@@ -37,7 +37,7 @@ class SecurityAnotationParser {
/**
* Get the effective annotation regarding method annotations override
class annotations.
* DenyAll has highest priority then RolesAllowed and in the end
PermitAll.
- * So the most restrictive annotation is pereferred.
+ * So the most restrictive annotation is preferred.
*
* @param m Method to check
* @return effective annotation (either DenyAll, PermitAll or RolesAllowed)
Modified:
aries/trunk/blueprint/blueprint-itests/src/test/java/org/apache/aries/blueprint/itests/authz/AuthorizationTest.java
URL:
http://svn.apache.org/viewvc/aries/trunk/blueprint/blueprint-itests/src/test/java/org/apache/aries/blueprint/itests/authz/AuthorizationTest.java?rev=1693536&r1=1693535&r2=1693536&view=diff
==============================================================================
---
aries/trunk/blueprint/blueprint-itests/src/test/java/org/apache/aries/blueprint/itests/authz/AuthorizationTest.java
(original)
+++
aries/trunk/blueprint/blueprint-itests/src/test/java/org/apache/aries/blueprint/itests/authz/AuthorizationTest.java
Fri Jul 31 07:29:02 2015
@@ -93,6 +93,16 @@ public class AuthorizationTest extends A
@org.ops4j.pax.exam.Configuration
public Option[] configuration() throws IOException, LoginException,
BundleException {
+ return new Option[] {
+ baseOptions(),
+ CoreOptions.keepCaches(),
+ Helper.blueprintBundles(),
+ mvnBundle("org.apache.aries.blueprint",
"org.apache.aries.blueprint.authz"),
+ streamBundle(testBundle()),
+ };
+ }
+
+ private InputStream testBundle() {
InputStream testBundle = TinyBundles.bundle()
.set(Constants.BUNDLE_SYMBOLICNAME, "authz")
.add(SecuredServiceImpl.class)
@@ -101,14 +111,7 @@ public class AuthorizationTest extends A
.set(Constants.EXPORT_PACKAGE,
SecuredService.class.getPackage().getName())
.set(Constants.IMPORT_PACKAGE,
SecuredService.class.getPackage().getName())
.build(TinyBundles.withBnd());
-
- return new Option[] {
- baseOptions(),
- CoreOptions.keepCaches(),
- Helper.blueprintBundles(),
- mvnBundle("org.apache.aries.blueprint",
"org.apache.aries.blueprint.authz"),
- streamBundle(testBundle),
- };
+ return testBundle;
}
private final class CallUserAndAdmin implements PrivilegedAction<Void> {
