Author: carlucci
Date: Fri Jun 1 21:09:55 2012
New Revision: 1345349
URL: http://svn.apache.org/viewvc?rev=1345349&view=rev
Log:
RAVE-644: Fix RavePermissionEvaluator to work with interface-based model pattern
Modified:
rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
Modified:
rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
URL:
http://svn.apache.org/viewvc/rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java?rev=1345349&r1=1345348&r2=1345349&view=diff
==============================================================================
---
rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
(original)
+++
rave/branches/model_interfaces/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
Fri Jun 1 21:09:55 2012
@@ -34,21 +34,21 @@ import java.util.*;
* Custom PermissionEvaluator for Rave that stores a map of
ModelPermissionEvaluators
* each of which is responsible for handling Domain Object Security for the
Rave Model
* objects
- *
+ *
* @author carlucci
*/
@Component
public class RavePermissionEvaluator implements PermissionEvaluator {
- private Map<String, ModelPermissionEvaluator<?>>
modelPermissionEvaluatorMap;
-
+ private Map<Class, ModelPermissionEvaluator<?>>
modelPermissionEvaluatorMap;
+
/**
- * Constructor which will take in a component-scanned list of all
ModelPermissionEvaluator
- * classes found by Spring component scanner. The constructor builds the
+ * Constructor which will take in a component-scanned list of all
ModelPermissionEvaluator
+ * classes found by Spring component scanner. The constructor builds the
* internal Map by using the Model type (Model Class) as the key, thus
ensuring
* only one ModelPermissionEvaluator class exists for each Model object.
The
* constructor first sorts the injected list of ModelPermissionEvaluator
objects
* by the loadOrder field to allow overrides of the default
ModelPermissionEvaluators.
- *
+ *
* @param modelPermissionEvaluatorList autowired injected list of all
ModelPermissionEvaluator classes found
* by the component scanner
*/
@@ -63,19 +63,19 @@ public class RavePermissionEvaluator imp
public int compare(ModelPermissionEvaluator o1,
ModelPermissionEvaluator o2) {
return new Integer(o1.getLoadOrder()).compareTo(new
Integer(o2.getLoadOrder()));
}
- });
-
+ });
+
// build the map using the model type/class as the key
- modelPermissionEvaluatorMap = new HashMap<String,
ModelPermissionEvaluator<?>>();
+ modelPermissionEvaluatorMap = new HashMap<Class,
ModelPermissionEvaluator<?>>();
for (ModelPermissionEvaluator<?> mpe : modelPermissionEvaluatorList) {
- modelPermissionEvaluatorMap.put(mpe.getType().getName(), mpe);
+ modelPermissionEvaluatorMap.put(mpe.getType(), mpe);
}
}
-
+
/**
- * Checks to see if the Authentication object has the supplied permission
+ * Checks to see if the Authentication object has the supplied permission
* on the supplied domain object
- *
+ *
* @param authentication the Authentication object
* @param targetDomainObject the domain object needing permission check
* @param permissionString the permission to check
@@ -88,17 +88,17 @@ public class RavePermissionEvaluator imp
return false;
}
// find the appropriate ModelPermissionEvaluator from the map based on
- // the targetDomainObject's class and invoke the hasPermission
function
- return
getEvaluator(targetDomainObject.getClass().getName()).hasPermission(authentication,
targetDomainObject,
+ // the targetDomainObject's class and invoke the hasPermission function
+ return
getEvaluator(targetDomainObject.getClass()).hasPermission(authentication,
targetDomainObject,
getPermission(targetDomainObject, (String) permissionString));
}
/**
- * Checks to see if the Authentication object has the supplied permission
+ * Checks to see if the Authentication object has the supplied permission
* on the supplied targetType (model class name) and targetId (entityId).
* This method can be used when a permission check is needed and the method
- * does not currently have the domain object, only its entityId
- *
+ * does not currently have the domain object, only its entityId
+ *
* @param authentication the Authentication object
* @param targetId the entityId of the targetType class
* @param targetType the class name of the domain object
@@ -107,23 +107,55 @@ public class RavePermissionEvaluator imp
*/
@Override
public boolean hasPermission(Authentication authentication, Serializable
targetId, String targetType, Object permissionString) {
- // find the appropriate ModelPermissionEvaluator from the map based on
+ // find the appropriate ModelPermissionEvaluator from the map based on
// the targetType and invoke the hasPermission function
Permission permission = Permission.fromString((String)
permissionString);
if (permission == Permission.CREATE_OR_UPDATE) {
throw new IllegalArgumentException("CREATE_OR_UPDATE not supported
in this context.");
}
- return getEvaluator(targetType).hasPermission(authentication,
targetId, targetType, permission);
- }
-
- private ModelPermissionEvaluator getEvaluator(String targetType) throws
IllegalArgumentException {
+
+ // The targetType comes in as a String representing the Class (from
the Spring annotations)
+ // so we need to convert it to a Class
+ Class clazz = null;
+ try {
+ clazz = Class.forName(targetType);
+ } catch (ClassNotFoundException e) {
+ throw new IllegalArgumentException("Class " + targetType + " not
found", e);
+ }
+
+ return getEvaluator(clazz).hasPermission(authentication, targetId,
targetType, permission);
+ }
+
+ private ModelPermissionEvaluator getEvaluator(Class targetType) throws
IllegalArgumentException {
ModelPermissionEvaluator mpe =
modelPermissionEvaluatorMap.get(targetType);
if (mpe == null) {
- throw new IllegalArgumentException("ModelPermissionEvaluator not
found for type " + targetType);
+ // search for and register a compatible MPE
+ mpe =
findAndRegisterCompatibleModelPermissionEvaluator(targetType);
+ // at this point, if we still haven't found a compatible MPE,
throw exception
+ if (mpe == null) {
+ throw new IllegalArgumentException("ModelPermissionEvaluator
not found for type " + targetType);
+ }
}
return mpe;
}
+ private ModelPermissionEvaluator
findAndRegisterCompatibleModelPermissionEvaluator(Class modelClass) {
+ // look to see if this model class implements one of the types of the
registered MPE's
+ // and add an entry into the map for it. This will allow, for
example, a JpaPage class
+ // to use the registered MPE for the Page interface
+ for (Map.Entry<Class, ModelPermissionEvaluator<?>>
classModelPermissionEvaluatorEntry : modelPermissionEvaluatorMap.entrySet()) {
+ Class registeredModelClass =
classModelPermissionEvaluatorEntry.getKey();
+ ModelPermissionEvaluator<?> registeredMpe =
classModelPermissionEvaluatorEntry.getValue();
+ if (registeredModelClass.isAssignableFrom(modelClass)) {
+ // register this new mapping of model class to mpe class
+ modelPermissionEvaluatorMap.put(modelClass, registeredMpe);
+ return registeredMpe;
+ }
+ }
+ // we didn't find a compatible ModelPermissionEvaluator...
+ return null;
+ }
+
private Permission getPermission(Object targetDomainObject, String
permissionString) {
Permission permission = Permission.fromString((String)
permissionString);
if (permission.equals(Permission.CREATE_OR_UPDATE)) {
Modified:
rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
URL:
http://svn.apache.org/viewvc/rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java?rev=1345349&r1=1345348&r2=1345349&view=diff
==============================================================================
---
rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
(original)
+++
rave/branches/model_interfaces/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
Fri Jun 1 21:09:55 2012
@@ -40,89 +40,103 @@ public class RavePermissionEvaluatorTest
private Authentication authentication;
private BasicEntityModel basicEntityModel;
private NonBasicEntityModel nonBasicEntityModel;
-
+
private String READ_PERMISSION = "read";
private String CREATE_OR_UPDATE_PERMISSION = "create_or_update";
private Long VALID_BASIC_ENTITY_MODEL_ID = 4L;
-
-
+
@Before
public void setUp() {
List<ModelPermissionEvaluator<?>> modelPermissionEvaluatorList = new
ArrayList<ModelPermissionEvaluator<?>>();
- modelPermissionEvaluatorList.add(new
BasicEntityModelPermissionEvaluator());
- modelPermissionEvaluatorList.add(new
NonBasicEntityModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new
BasicEntityModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new
NonBasicEntityModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new TestModelPermissionEvaluator());
ravePermissionEvaluator = new
RavePermissionEvaluator(modelPermissionEvaluatorList);
-
+
authentication = createMock(Authentication.class);
- basicEntityModel = new BasicEntityModel(VALID_BASIC_ENTITY_MODEL_ID);
+ basicEntityModel = new BasicEntityModel(VALID_BASIC_ENTITY_MODEL_ID);
nonBasicEntityModel = new NonBasicEntityModel();
}
-
+
@Test
public void testLoadOrderOverride() {
@SuppressWarnings("unchecked")
ModelPermissionEvaluator<BasicEntityModel>
mockedOverriddenPermissionEvaluator =
createMock(ModelPermissionEvaluator.class);
expect(mockedOverriddenPermissionEvaluator.getType()).andReturn(BasicEntityModel.class);
expect(mockedOverriddenPermissionEvaluator.getLoadOrder()).andReturn(2);
-
expect(mockedOverriddenPermissionEvaluator.hasPermission(authentication,
basicEntityModel, Permission.fromString(READ_PERMISSION))).andReturn(true);
+
expect(mockedOverriddenPermissionEvaluator.hasPermission(authentication,
basicEntityModel, Permission.fromString(READ_PERMISSION))).andReturn(true);
replay(mockedOverriddenPermissionEvaluator);
-
+
List<ModelPermissionEvaluator<?>> modelPermissionEvaluatorList = new
ArrayList<ModelPermissionEvaluator<?>>();
// note we are adding the override instance first to verify the
Collections.sort works as expected
modelPermissionEvaluatorList.add(mockedOverriddenPermissionEvaluator);
- modelPermissionEvaluatorList.add(new
BasicEntityModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new
BasicEntityModelPermissionEvaluator());
ravePermissionEvaluator = new
RavePermissionEvaluator(modelPermissionEvaluatorList);
-
- assertThat(ravePermissionEvaluator.hasPermission(authentication,
basicEntityModel, READ_PERMISSION), is(true));
- verify(mockedOverriddenPermissionEvaluator);
- }
-
- @Test
- public void testHasPermission_3args_read() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication,
basicEntityModel, READ_PERMISSION), is(true));
- }
-
- @Test
- public void testHasPermission_3args_createOrUpdate_nullEntityId() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication, new
BasicEntityModel(), CREATE_OR_UPDATE_PERMISSION), is(true));
- }
-
- @Test
- public void testHasPermission_3args_createOrUpdate_populatedEntityId() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication,
basicEntityModel, CREATE_OR_UPDATE_PERMISSION), is(true));
- }
-
+
+ assertThat(ravePermissionEvaluator.hasPermission(authentication,
basicEntityModel, READ_PERMISSION), is(true));
+ verify(mockedOverriddenPermissionEvaluator);
+ }
+
+ @Test
+ public void testHasPermission_3args_read() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication,
basicEntityModel, READ_PERMISSION), is(true));
+ }
+
+ @Test
+ public void testHasPermission_3args_createOrUpdate_nullEntityId() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, new
BasicEntityModel(), CREATE_OR_UPDATE_PERMISSION), is(true));
+ }
+
+ @Test
+ public void testHasPermission_3args_createOrUpdate_populatedEntityId() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication,
basicEntityModel, CREATE_OR_UPDATE_PERMISSION), is(true));
+ }
+
@Test(expected=IllegalArgumentException.class)
- public void testHasPermission_3args_createOrUpdate_nonBasicEntityModel() {
+ public void testHasPermission_3args_createOrUpdate_nonBasicEntityModel() {
ravePermissionEvaluator.hasPermission(authentication,
nonBasicEntityModel, CREATE_OR_UPDATE_PERMISSION);
- }
-
+ }
+
@Test
- public void testHasPermission_3args_nullModel() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication, null,
READ_PERMISSION), is(false));
+ public void testHasPermission_3args_nullModel() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, null,
READ_PERMISSION), is(false));
}
-
+
@Test(expected=IllegalArgumentException.class)
- public void testHasPermission_3args_invalidEvaluator() {
+ public void testHasPermission_3args_invalidEvaluator() {
List<String> list = new ArrayList<String>();
- assertThat(ravePermissionEvaluator.hasPermission(authentication, list,
READ_PERMISSION), is(true));
- }
-
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, list,
READ_PERMISSION), is(true));
+ }
+
@Test
- public void testHasPermission_4args() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication,
VALID_BASIC_ENTITY_MODEL_ID, BasicEntityModel.class.getName(),
READ_PERMISSION), is(true));
+ public void testHasPermission_4args() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication,
VALID_BASIC_ENTITY_MODEL_ID, BasicEntityModel.class.getName(),
READ_PERMISSION), is(true));
}
@Test(expected=IllegalArgumentException.class)
- public void testHasPermission_4args_createOrUpdatePermission() {
+ public void testHasPermission_4args_createOrUpdatePermission() {
ravePermissionEvaluator.hasPermission(authentication,
VALID_BASIC_ENTITY_MODEL_ID, BasicEntityModel.class.getName(),
CREATE_OR_UPDATE_PERMISSION);
- }
-
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testHasPermission_4args_invalidClass() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication,
VALID_BASIC_ENTITY_MODEL_ID, "badclass", READ_PERMISSION), is(true));
+ }
+
+ @Test
+ public void testFindAndRegisterCompatibleMPE() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, new
TestModelImpl(), READ_PERMISSION), is(true));
+ }
+
+ interface TestModel {};
+
+ class TestModelImpl implements TestModel {}
+
class BasicEntityModel implements BasicEntity {
private Long entityId;
-
+
public BasicEntityModel() { }
-
+
public BasicEntityModel(Long entityId) {
this.entityId = entityId;
}
@@ -137,7 +151,7 @@ public class RavePermissionEvaluatorTest
this.entityId = entityId;
}
}
-
+
class BasicEntityModelPermissionEvaluator extends
AbstractModelPermissionEvaluator<BasicEntityModel> {
@Override
public Class<BasicEntityModel> getType() {
@@ -148,17 +162,17 @@ public class RavePermissionEvaluatorTest
public boolean hasPermission(Authentication authentication,
BasicEntityModel basicEntityModel, Permission permission) {
return true;
}
-
+
@Override
public boolean hasPermission(Authentication authentication,
Serializable targetId, String targetType, Permission permission) {
return true;
}
- }
-
- class NonBasicEntityModel {
- public NonBasicEntityModel() { }
}
-
+
+ class NonBasicEntityModel {
+ public NonBasicEntityModel() { }
+ }
+
class NonBasicEntityModelPermissionEvaluator extends
AbstractModelPermissionEvaluator<NonBasicEntityModel> {
@Override
public Class<NonBasicEntityModel> getType() {
@@ -169,10 +183,28 @@ public class RavePermissionEvaluatorTest
public boolean hasPermission(Authentication authentication,
NonBasicEntityModel nonBasicEntityModel, Permission permission) {
return true;
}
-
+
@Override
public boolean hasPermission(Authentication authentication,
Serializable targetId, String targetType, Permission permission) {
return true;
}
- }
+ }
+
+ class TestModelPermissionEvaluator extends
AbstractModelPermissionEvaluator<TestModel> {
+ @Override
+ public Class<TestModel> getType() {
+ return TestModel.class;
+ }
+
+ @Override
+ public boolean hasPermission(Authentication authentication, TestModel
testModel, Permission permission) {
+ return true;
+ }
+
+ @Override
+ public boolean hasPermission(Authentication authentication,
Serializable targetId, String targetType, Permission permission) {
+ return true;
+ }
+ }
+
}
