This is an automated email from the ASF dual-hosted git repository.
ahuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/causeway.git
The following commit(s) were added to refs/heads/master by this push:
new 7813ea0564 CAUSEWAY-3698: polishes the SimpleRealm
7813ea0564 is described below
commit 7813ea0564ef882a32d40453d6d8b5d5f2f5ee0a
Author: Andi Huber <[email protected]>
AuthorDate: Thu Mar 21 12:40:25 2024 +0100
CAUSEWAY-3698: polishes the SimpleRealm
---
.../simple/authorization/SimpleAuthorizor.java | 9 +++---
.../security/simple/realm/SimpleRealm.java | 34 ++++++++++++++++------
.../security/simple/SecuritySimpleAuthTest.java | 18 +++++++++---
3 files changed, 44 insertions(+), 17 deletions(-)
diff --git
a/security/simple/src/main/java/org/apache/causeway/security/simple/authorization/SimpleAuthorizor.java
b/security/simple/src/main/java/org/apache/causeway/security/simple/authorization/SimpleAuthorizor.java
index 93d432efbb..867a7cbc9a 100644
---
a/security/simple/src/main/java/org/apache/causeway/security/simple/authorization/SimpleAuthorizor.java
+++
b/security/simple/src/main/java/org/apache/causeway/security/simple/authorization/SimpleAuthorizor.java
@@ -33,6 +33,7 @@ import org.apache.causeway.applib.services.user.UserMemento;
import org.apache.causeway.core.security.authorization.Authorizor;
import org.apache.causeway.security.simple.CausewayModuleSecuritySimple;
import org.apache.causeway.security.simple.realm.SimpleRealm;
+import org.apache.causeway.security.simple.realm.SimpleRealm.Grant;
import lombok.RequiredArgsConstructor;
@@ -53,19 +54,19 @@ public class SimpleAuthorizor implements Authorizor {
@Override
public boolean isVisible(final InteractionContext ctx, final Identifier
identifier) {
return roles(ctx.getUser()).stream()
- .anyMatch(role->role.grantsRead().test(identifier));
+
.anyMatch(role->Grant.valueOf(role.grants().apply(identifier)).grantsRead());
}
@Override
public boolean isUsable(final InteractionContext ctx, final Identifier
identifier) {
return roles(ctx.getUser()).stream()
- .anyMatch(role->role.grantsChange().test(identifier));
+
.anyMatch(role->Grant.valueOf(role.grants().apply(identifier)).grantsChange());
}
protected List<SimpleRealm.Role> roles(final UserMemento userMemento){
var roles = realm.lookupUserByName(userMemento.getName())
- .map(SimpleRealm.User::roles)
- .orElseGet(List::of);
+ .map(SimpleRealm.User::roles)
+ .orElseGet(List::of);
return roles;
}
diff --git
a/security/simple/src/main/java/org/apache/causeway/security/simple/realm/SimpleRealm.java
b/security/simple/src/main/java/org/apache/causeway/security/simple/realm/SimpleRealm.java
index 890f559e69..0f24b8629e 100644
---
a/security/simple/src/main/java/org/apache/causeway/security/simple/realm/SimpleRealm.java
+++
b/security/simple/src/main/java/org/apache/causeway/security/simple/realm/SimpleRealm.java
@@ -22,7 +22,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
-import java.util.function.Predicate;
+import java.util.function.Function;
import java.util.stream.Collectors;
import org.springframework.lang.Nullable;
@@ -37,26 +37,42 @@ import lombok.experimental.Accessors;
@Component
public class SimpleRealm {
+ public enum Grant {
+ NONE,
+ READ,
+ CHANGE;
+ public boolean grantsRead() {
+ return this==READ
+ || this==CHANGE;
+ }
+ public boolean grantsChange() {
+ return this==CHANGE;
+ }
+ public static Grant valueOf(@Nullable final Grant grant) {
+ return grant!=null
+ ? grant
+ : Grant.NONE;
+ }
+ }
+
@Value @Accessors(fluent=true)
public static class Role {
String name;
- Predicate<Identifier> grantsRead;
- Predicate<Identifier> grantsChange;
+ Function<Identifier, Grant> grants;
}
+
@Value @Accessors(fluent=true)
public static class User {
String name;
String encryptedPass;
List<Role> roles;
}
+
final Map<String, Role> roles = new HashMap<>();
final Map<String, User> users = new HashMap<>();
- public SimpleRealm addRoleWithReadAndChange(final String name, final
Predicate<Identifier> grants) {
- roles.put(name, new Role(name, grants, grants));
- return this;
- }
- public SimpleRealm addRoleWithReadOnly(final String name, final
Predicate<Identifier> grants) {
- roles.put(name, new Role(name, grants, id->false));
+
+ public SimpleRealm addRole(final String name, final Function<Identifier,
Grant> grants) {
+ roles.put(name, new Role(name, grants));
return this;
}
public SimpleRealm addUser(final String name, final String pass, final
List<String> roleNames) {
diff --git
a/security/simple/src/test/java/org/apache/causeway/security/simple/SecuritySimpleAuthTest.java
b/security/simple/src/test/java/org/apache/causeway/security/simple/SecuritySimpleAuthTest.java
index 0a84fa544e..3a9cc1f3dd 100644
---
a/security/simple/src/test/java/org/apache/causeway/security/simple/SecuritySimpleAuthTest.java
+++
b/security/simple/src/test/java/org/apache/causeway/security/simple/SecuritySimpleAuthTest.java
@@ -42,6 +42,7 @@ import
org.apache.causeway.core.security.authentication.AuthenticationRequestPas
import org.apache.causeway.security.simple.authentication.SimpleAuthenticator;
import org.apache.causeway.security.simple.authorization.SimpleAuthorizor;
import org.apache.causeway.security.simple.realm.SimpleRealm;
+import org.apache.causeway.security.simple.realm.SimpleRealm.Grant;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
@@ -53,10 +54,19 @@ class SecuritySimpleAuthTest {
private SimpleRealm realm = new SimpleRealm()
//roles
- .addRoleWithReadAndChange("admin_role", id->true)
- .addRoleWithReadAndChange("order_role",
id->id.getFullIdentityString().contains("Order"))
- .addRoleWithReadAndChange("customer_role",
id->id.getFullIdentityString().contains("Customer"))
- .addRoleWithReadOnly("reader_role",
id->!id.getFullIdentityString().contains("TopSecret"))
+ .addRole("admin_role", id->Grant.CHANGE)
+ .addRole("order_role", id->
+ id.getFullIdentityString().contains("Order")
+ ? Grant.CHANGE
+ : Grant.NONE)
+ .addRole("customer_role", id->
+ id.getFullIdentityString().contains("Customer")
+ ? Grant.CHANGE
+ : Grant.NONE)
+ .addRole("reader_role", id->
+ id.getFullIdentityString().contains("TopSecret")
+ ? Grant.NONE
+ : Grant.READ)
//users
.addUser("sven", passEncoder.encode("pass0"),
List.of("admin_role"))
.addUser("dick", passEncoder.encode("pass1"),
List.of("reader_role", "order_role"))
