This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/causeway.git
The following commit(s) were added to refs/heads/master by this push:
new 017e12daeb CAUSEWAY-3404: Change logic in
PrincipalForApplicationUser#isLocked to consider th null case also as locked
017e12daeb is described below
commit 017e12daeb0def3cfd20fa3703ddcebbe0bee3de
Author: Andi Huber <[email protected]>
AuthorDate: Thu May 11 19:22:49 2023 +0200
CAUSEWAY-3404: Change logic in PrincipalForApplicationUser#isLocked to
consider th null case also as locked
---
.../user/dom/ApplicationUserRepositoryAbstract.java | 4 ++--
.../secman/applib/user/dom/ApplicationUserStatus.java | 18 ++++++++++++++++--
.../applib/user/dom/mixins/ApplicationUser_lock.java | 4 +++-
.../applib/user/dom/mixins/ApplicationUser_unlock.java | 4 +++-
.../shiro/realm/CausewayModuleExtSecmanShiroRealm.java | 3 ++-
.../shiro/realm/PrincipalForApplicationUser.java | 2 +-
6 files changed, 27 insertions(+), 8 deletions(-)
diff --git
a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUserRepositoryAbstract.java
b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUserRepositoryAbstract.java
index a3cb4d3592..d653a7c38a 100644
---
a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUserRepositoryAbstract.java
+++
b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUserRepositoryAbstract.java
@@ -187,7 +187,7 @@ implements ApplicationUserRepository {
@Override
public void enable(final ApplicationUser user) {
- if(user.getStatus() != ApplicationUserStatus.UNLOCKED) {
+ if(ApplicationUserStatus.canUnlock(user.getStatus())) {
factoryService.mixin(ApplicationUser_unlock.class, user)
.act();
}
@@ -195,7 +195,7 @@ implements ApplicationUserRepository {
@Override
public void disable(final ApplicationUser user) {
- if(user.getStatus() != ApplicationUserStatus.LOCKED) {
+ if(ApplicationUserStatus.canLock(user.getStatus())) {
factoryService.mixin(ApplicationUser_lock.class, user)
.act();
}
diff --git
a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUserStatus.java
b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUserStatus.java
index 0740035027..ab7eba0de4 100644
---
a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUserStatus.java
+++
b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/ApplicationUserStatus.java
@@ -40,8 +40,22 @@ public enum ApplicationUserStatus {
return _Strings.capitalize(name());
}
- public static boolean isUnlocked(final @Nullable ApplicationUserStatus
applicationUserStatus) {
- return applicationUserStatus == UNLOCKED;
+ public static boolean isUnlocked(final @Nullable ApplicationUserStatus
status) {
+ return status == UNLOCKED;
+ }
+
+ public static boolean isLockedOrUnspecified(final @Nullable
ApplicationUserStatus status) {
+ return !isUnlocked(status);
+ }
+
+ /** Whether can transition to state LOCKED. That is, YES if not already at
that state. */
+ public static boolean canLock(final @Nullable ApplicationUserStatus
status) {
+ return status != ApplicationUserStatus.LOCKED;
+ }
+
+ /** Whether can transition to state UNLOCKED. That is, YES if not already
at that state. */
+ public static boolean canUnlock(final @Nullable ApplicationUserStatus
status) {
+ return status != ApplicationUserStatus.UNLOCKED;
}
}
diff --git
a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/mixins/ApplicationUser_lock.java
b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/mixins/ApplicationUser_lock.java
index a643e729d1..00df0c71bc 100644
---
a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/mixins/ApplicationUser_lock.java
+++
b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/mixins/ApplicationUser_lock.java
@@ -66,7 +66,9 @@ public class ApplicationUser_lock {
if(applicationUserRepository.isAdminUser(target)) {
return String.format("Cannot lock the '%s' user.",
config.getExtensions().getSecman().getSeed().getAdmin().getUserName());
}
- return target.getStatus() == ApplicationUserStatus.LOCKED ? "Status is
already set to LOCKED": null;
+ return ApplicationUserStatus.canLock(target.getStatus())
+ ? "Status is already set to LOCKED"
+ : null;
}
}
diff --git
a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/mixins/ApplicationUser_unlock.java
b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/mixins/ApplicationUser_unlock.java
index aeeabe7908..73c43386b6 100644
---
a/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/mixins/ApplicationUser_unlock.java
+++
b/extensions/security/secman/applib/src/main/java/org/apache/causeway/extensions/secman/applib/user/dom/mixins/ApplicationUser_unlock.java
@@ -56,7 +56,9 @@ public class ApplicationUser_unlock {
}
@MemberSupport public String disableAct() {
- return target.getStatus() == ApplicationUserStatus.UNLOCKED ? "Status
is already set to UNLOCKED": null;
+ return ApplicationUserStatus.canUnlock(target.getStatus())
+ ? "Status is already set to UNLOCKED"
+ : null;
}
}
diff --git
a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/CausewayModuleExtSecmanShiroRealm.java
b/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/CausewayModuleExtSecmanShiroRealm.java
index 2eaef92550..7157ef45ef 100644
---
a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/CausewayModuleExtSecmanShiroRealm.java
+++
b/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/CausewayModuleExtSecmanShiroRealm.java
@@ -128,7 +128,8 @@ public class CausewayModuleExtSecmanShiroRealm extends
AuthorizingRealm {
if(isAutoUnlockIfDelegatedAndAuthenticated) {
principal = newPrincipal;
} else {
- _Assert.assertTrue(newPrincipal.isLocked(), "As configured in
" + SECMAN_UNLOCK_DELEGATED_USERS + ", auto-created user accounts are initially
locked!");
+ _Assert.assertTrue(newPrincipal.isLocked(),
+ ()->"As configured in " +
SECMAN_UNLOCK_DELEGATED_USERS + ", auto-created user accounts are initially
locked!");
throw disabledAccountException(username); // default behavior
after user auto-creation
}
}
diff --git
a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalForApplicationUser.java
b/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalForApplicationUser.java
index 38196e132e..cd9c47a273 100644
---
a/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalForApplicationUser.java
+++
b/extensions/security/secman/delegated-shiro/src/main/java/org/apache/causeway/extensions/secman/delegated/shiro/realm/PrincipalForApplicationUser.java
@@ -89,7 +89,7 @@ class PrincipalForApplicationUser implements
AuthorizationInfo {
@Getter(value = AccessLevel.PACKAGE) private final
ApplicationPermissionValueSet permissionSet;
public boolean isLocked() {
- return getStatus() == ApplicationUserStatus.LOCKED;
+ return ApplicationUserStatus.isLockedOrUnspecified(getStatus());
}
@Override
