Author: adrianc
Date: Tue Jan 12 23:57:05 2010
New Revision: 898579
URL: http://svn.apache.org/viewvc?rev=898579&view=rev
Log:
Some more code reorganization. Added a method to the AccessController so
artifacts other than the current one can be checked.
Added:
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java
(with props)
Removed:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ArtifactPath.java
Modified:
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java
Modified:
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java
Tue Jan 12 23:57:05 2010
@@ -23,6 +23,8 @@
import java.util.List;
import java.util.ListIterator;
+import org.ofbiz.api.context.ArtifactPath;
+
/** AccessController interface. This interface is intended to
* separate the permissions-checking logic from the artifacts
* that use it.
@@ -41,6 +43,18 @@
*/
public void checkPermission(Permission permission) throws
AccessControlException;
+ /** Returns silently if the user has been granted
<code>permission</code>
+ * access for the specified artifact, throws
<code>AccessControlException</code>
+ * otherwise.<p>Client code can call this method when an artifact other
+ * than the current one needs to be checked. If access is granted the
+ * method returns, otherwise it throws an unchecked exception.
+ * Higher level code can catch the exception and handle it accordingly.</p>
+ *
+ * @param permission The permission to check
+ * @throws AccessControlException
+ */
+ public void checkPermission(Permission permission, ArtifactPath
artifactPath) throws AccessControlException;
+
/** Applies permission filters to a <code>List</code>. The
* returned <code>List</code> is security-aware, so methods
* that return an <code>Object</code> will return only the
Modified:
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/AbstractExecutionContext.java
Tue Jan 12 23:57:05 2010
@@ -32,8 +32,6 @@
public abstract class AbstractExecutionContext implements ExecutionContext {
public static final String module =
AbstractExecutionContext.class.getName();
- public static final String PATH_ROOT_NODE_NAME = "ofbiz";
- public static final String PATH_ELEMENT_SEPARATOR = "/";
protected final FastList<ExecutionArtifact> artifactStack =
FastList.newInstance();
protected String currencyUom = null;
@@ -68,9 +66,9 @@
}
public String getExecutionPath() {
- StringBuilder sb = new StringBuilder(PATH_ROOT_NODE_NAME);
+ StringBuilder sb = new
StringBuilder(ArtifactPath.PATH_ROOT_NODE_NAME);
for (ExecutionArtifact artifact : this.artifactStack) {
- sb.append(PATH_ELEMENT_SEPARATOR);
+ sb.append(ArtifactPath.PATH_ELEMENT_SEPARATOR);
sb.append(artifact.getName());
}
return sb.toString();
@@ -78,11 +76,11 @@
public String[] getExecutionPathAsArray() {
FastList<String> elementList = FastList.newInstance();
- elementList.add(PATH_ROOT_NODE_NAME);
+ elementList.add(ArtifactPath.PATH_ROOT_NODE_NAME);
for (ExecutionArtifact artifact : this.artifactStack) {
String artifactName = artifact.getName();
- if (artifactName.contains(PATH_ELEMENT_SEPARATOR)) {
- String[] strArray = artifactName.split(PATH_ELEMENT_SEPARATOR);
+ if (artifactName.contains(ArtifactPath.PATH_ELEMENT_SEPARATOR)) {
+ String[] strArray =
artifactName.split(ArtifactPath.PATH_ELEMENT_SEPARATOR);
for (int i = 0; i < strArray.length; i++) {
elementList.add(strArray[i]);
}
Added:
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java?rev=898579&view=auto
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java
(added)
+++
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java
Tue Jan 12 23:57:05 2010
@@ -0,0 +1,104 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+
*******************************************************************************/
+package org.ofbiz.api.context;
+
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+import javolution.text.TextBuilder;
+import javolution.util.FastList;
+
+/** Artifact path class. */
+public class ArtifactPath implements Iterator<String> {
+
+ public static final String PATH_ROOT_NODE_NAME = "ofbiz";
+ public static final String PATH_ELEMENT_SEPARATOR = "/";
+ public static final ArtifactPath PATH_ROOT = new
ArtifactPath(PATH_ROOT_NODE_NAME);
+
+ protected int currentIndex = 0;
+ protected final String[] pathElementArray;
+ protected FastList<Integer> stack = null;
+ protected final TextBuilder stringBuilder = TextBuilder.newInstance();
+
+ public ArtifactPath(String artifactPath) {
+ this.pathElementArray = artifactPath.split(PATH_ELEMENT_SEPARATOR);
+ }
+
+ public ArtifactPath(String[] pathElementArray) {
+ this.pathElementArray = pathElementArray;
+ }
+
+ public String getCurrentPath() {
+ if (this.pathElementArray.length == 1 || !this.hasNext()) {
+ return this.pathElementArray[this.currentIndex];
+ }
+ return getPathAsString(this.currentIndex);
+ }
+
+ public String getCurrentPathElement() {
+ return this.pathElementArray[this.currentIndex];
+ }
+
+ protected String getPathAsString(int index) {
+ this.stringBuilder.clear();
+ for (int i = index; i < this.pathElementArray.length; i++) {
+ if (i != index) {
+ stringBuilder.append(PATH_ELEMENT_SEPARATOR);
+ }
+ stringBuilder.append(this.pathElementArray[i]);
+ }
+ return stringBuilder.toString();
+ }
+
+ @Override
+ public boolean hasNext() {
+ return this.currentIndex + 1 < this.pathElementArray.length;
+ }
+
+ @Override
+ public String next() {
+ if (!this.hasNext()) {
+ throw new NoSuchElementException();
+ }
+ return this.pathElementArray[++this.currentIndex];
+ }
+
+ @Override
+ public void remove() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void restoreState() {
+ if (this.stack != null && !this.stack.isEmpty()) {
+ this.currentIndex = this.stack.removeLast();
+ }
+ }
+
+ public void saveState() {
+ if (this.stack == null) {
+ this.stack = FastList.newInstance();
+ }
+ this.stack.addLast(this.currentIndex);
+ }
+
+ @Override
+ public String toString() {
+ return getPathAsString(0);
+ }
+}
Propchange:
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java
------------------------------------------------------------------------------
svn:keywords = "Date Rev Author URL Id"
Propchange:
ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ArtifactPath.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java
Tue Jan 12 23:57:05 2010
@@ -27,6 +27,7 @@
import javolution.util.FastMap;
import org.ofbiz.api.authorization.AccessController;
+import org.ofbiz.api.context.ArtifactPath;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilProperties;
import org.ofbiz.entity.util.EntityListIterator;
@@ -75,22 +76,7 @@
}
public void checkPermission(Permission permission) throws
AccessControlException {
- if (this.verbose) {
- Debug.logInfo("Checking permission: " +
ThreadContext.getExecutionPath() + "[" + permission + "]", module);
- }
- this.permissionsGatherer.gatherPermissions(new
ArtifactPath(ThreadContext.getExecutionPathAsArray()));
- if (this.verbose) {
- Debug.logInfo("Found permission(s): " +
ThreadContext.getUserLogin().getString("userLoginId") +
- "@" + ThreadContext.getExecutionPath() + "[" +
this.permission + "]", module);
- }
- if (this.disabled) {
- return;
- }
- if (this.permission.implies(permission) &&
this.hasServicePermission()) {
- return;
- }
- throw new
AccessControlException(ThreadContext.getUserLogin().getString("userLoginId") +
- "@" + ThreadContext.getExecutionPath() + "[" + permission +
"]");
+ checkPermission(permission, new
ArtifactPath(ThreadContext.getExecutionPathAsArray()));
}
protected boolean hasServicePermission() {
@@ -128,4 +114,24 @@
}
return true;
}
+
+ @Override
+ public void checkPermission(Permission permission, ArtifactPath
artifactPath) throws AccessControlException {
+ if (this.verbose) {
+ Debug.logInfo("Checking permission: " + artifactPath + "[" +
permission + "]", module);
+ }
+ this.permissionsGatherer.gatherPermissions(artifactPath);
+ if (this.verbose) {
+ Debug.logInfo("Found permission(s): " +
ThreadContext.getUserLogin().getString("userLoginId") +
+ "@" + artifactPath + "[" + this.permission + "]", module);
+ }
+ if (this.disabled) {
+ return;
+ }
+ if (this.permission.implies(permission) &&
this.hasServicePermission()) {
+ return;
+ }
+ throw new
AccessControlException(ThreadContext.getUserLogin().getString("userLoginId") +
+ "@" + artifactPath + "[" + permission + "]");
+ }
}
Modified:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessDeniedController.java
Tue Jan 12 23:57:05 2010
@@ -26,6 +26,7 @@
import javolution.util.FastList;
import org.ofbiz.api.authorization.AccessController;
+import org.ofbiz.api.context.ArtifactPath;
import org.ofbiz.api.context.ThreadContext;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilProperties;
@@ -44,19 +45,27 @@
this.verbose =
"true".equals(UtilProperties.getPropertyValue("api.properties",
"authorizationManager.verbose"));
}
+ @Override
public <E> List<E> applyFilters(List<E> list) {
return FastList.newInstance();
}
+ @Override
public <E> ListIterator<E> applyFilters(ListIterator<E> list) {
return UtilGenerics.cast(FastList.newInstance().listIterator());
}
+ @Override
public void checkPermission(Permission permission) throws
AccessControlException {
+ checkPermission(permission, new
ArtifactPath(ThreadContext.getExecutionPathAsArray()));
+ }
+
+ @Override
+ public void checkPermission(Permission permission, ArtifactPath
artifactPath) throws AccessControlException {
if (this.verbose) {
- Debug.logInfo("Checking permission: " +
ThreadContext.getExecutionPath() + "[" + permission + "]", module);
+ Debug.logInfo("Checking permission: " + artifactPath + "[" +
permission + "]", module);
Debug.logInfo("Found permission(s): " +
- "access-denied-controller@" +
ThreadContext.getExecutionPath() + "[]", module);
+ "access-denied-controller@" + artifactPath + "[]", module);
}
throw new AccessControlException(null, permission);
}
Modified:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessGrantedController.java
Tue Jan 12 23:57:05 2010
@@ -24,6 +24,7 @@
import java.util.ListIterator;
import org.ofbiz.api.authorization.AccessController;
+import org.ofbiz.api.context.ArtifactPath;
import org.ofbiz.api.context.ThreadContext;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilProperties;
@@ -41,19 +42,27 @@
this.verbose =
"true".equals(UtilProperties.getPropertyValue("api.properties",
"authorizationManager.verbose"));
}
+ @Override
public <E> List<E> applyFilters(List<E> list) {
return list;
}
+ @Override
public <E> ListIterator<E> applyFilters(ListIterator<E> list) {
return list;
}
+ @Override
public void checkPermission(Permission permission) throws
AccessControlException {
+ checkPermission(permission, new
ArtifactPath(ThreadContext.getExecutionPathAsArray()));
+ }
+
+ @Override
+ public void checkPermission(Permission permission, ArtifactPath
artifactPath) throws AccessControlException {
if (this.verbose) {
- Debug.logInfo("Checking permission: " +
ThreadContext.getExecutionPath() + "[" + permission + "]", module);
+ Debug.logInfo("Checking permission: " + artifactPath + "[" +
permission + "]", module);
Debug.logInfo("Found permission(s): " +
- "access-granted-controller@" +
ThreadContext.getExecutionPath() + "[admin=true]", module);
+ "access-granted-controller@" + artifactPath +
"[admin=true]", module);
}
}
}
Modified:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java
Tue Jan 12 23:57:05 2010
@@ -18,23 +18,20 @@
*******************************************************************************/
package org.ofbiz.context;
-import java.security.AccessControlException;
import java.security.Permission;
-import java.sql.Timestamp;
import java.util.List;
import org.ofbiz.api.authorization.AccessController;
+import org.ofbiz.api.authorization.AuthorizationManager;
import org.ofbiz.api.authorization.AuthorizationManagerException;
import org.ofbiz.api.authorization.BasicPermissions;
-import org.ofbiz.api.authorization.AuthorizationManager;
-import org.ofbiz.entity.util.EntityUtil;
+import org.ofbiz.api.context.ArtifactPath;
+import org.ofbiz.base.util.UtilMisc;
+import org.ofbiz.base.util.cache.UtilCache;
import org.ofbiz.entity.Delegator;
import org.ofbiz.entity.GenericEntityException;
import org.ofbiz.entity.GenericValue;
import org.ofbiz.entity.condition.EntityCondition;
-import org.ofbiz.base.util.Debug;
-import org.ofbiz.base.util.UtilMisc;
-import org.ofbiz.base.util.cache.UtilCache;
import org.ofbiz.security.OFBizSecurity;
import org.ofbiz.service.ThreadContext;
Modified:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java
Tue Jan 12 23:57:05 2010
@@ -20,6 +20,8 @@
import java.util.Map;
+import org.ofbiz.api.context.ArtifactPath;
+
/** A node in a permissions tree. */
public abstract class PathNode {
Modified:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionTreeBuilder.java
Tue Jan 12 23:57:05 2010
@@ -18,6 +18,7 @@
*******************************************************************************/
package org.ofbiz.context;
+import org.ofbiz.api.context.ArtifactPath;
import org.ofbiz.context.PathNode.BranchNode;
public class PermissionTreeBuilder extends TreeBuilder {
Modified:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PermissionsGatherer.java
Tue Jan 12 23:57:05 2010
@@ -18,6 +18,7 @@
*******************************************************************************/
package org.ofbiz.context;
+import org.ofbiz.api.context.ArtifactPath;
import org.ofbiz.context.PathNode.BranchNode;
public class PermissionsGatherer extends TreeWalker {
Modified:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeBuilder.java
Tue Jan 12 23:57:05 2010
@@ -20,6 +20,7 @@
import javolution.util.FastMap;
+import org.ofbiz.api.context.ArtifactPath;
import org.ofbiz.context.PathNode.BranchNode;
import org.ofbiz.context.PathNode.SubstitutionNode;
import org.ofbiz.context.PathNode.WildCardNode;
Modified:
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java
URL:
http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java?rev=898579&r1=898578&r2=898579&view=diff
==============================================================================
---
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java
(original)
+++
ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/TreeWalker.java
Tue Jan 12 23:57:05 2010
@@ -18,6 +18,7 @@
*******************************************************************************/
package org.ofbiz.context;
+import org.ofbiz.api.context.ArtifactPath;
import org.ofbiz.context.PathNode.BranchNode;
import org.ofbiz.context.PathNode.SubstitutionNode;
import org.ofbiz.context.PathNode.WildCardNode;
