Author: mgrigorov
Date: Fri Nov 18 11:00:08 2011
New Revision: 1203591
URL: http://svn.apache.org/viewvc?rev=1203591&view=rev
Log:
WICKET-3974 Wicket-auth annotation always denies access if the deny list is
empty
Added:
wicket/trunk/wicket-auth-roles/src/test/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategyTest.java
Modified:
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/AbstractRoleAuthorizationStrategy.java
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AuthorizeAction.java
Modified:
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/AbstractRoleAuthorizationStrategy.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/AbstractRoleAuthorizationStrategy.java?rev=1203591&r1=1203590&r2=1203591&view=diff
==============================================================================
---
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/AbstractRoleAuthorizationStrategy.java
(original)
+++
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/AbstractRoleAuthorizationStrategy.java
Fri Nov 18 11:00:08 2011
@@ -17,6 +17,7 @@
package org.apache.wicket.authroles.authorization.strategies.role;
import org.apache.wicket.authorization.IAuthorizationStrategy;
+import org.apache.wicket.util.lang.Args;
/**
* Base strategy that uses an instance of
@@ -37,10 +38,7 @@ public abstract class AbstractRoleAuthor
*/
public AbstractRoleAuthorizationStrategy(IRoleCheckingStrategy
roleCheckingStrategy)
{
- if (roleCheckingStrategy == null)
- {
- throw new
IllegalArgumentException("roleCheckingStrategy must be not null");
- }
+ Args.notNull(roleCheckingStrategy, "roleCheckingStrategy");
this.roleCheckingStrategy = roleCheckingStrategy;
}
@@ -79,11 +77,6 @@ public abstract class AbstractRoleAuthor
return true;
}
- if (roles.size() == 1)
- {
- return "".equals(roles.iterator().next());
- }
-
return false;
}
}
Modified:
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java?rev=1203591&r1=1203590&r2=1203591&view=diff
==============================================================================
---
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
(original)
+++
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategy.java
Fri Nov 18 11:00:08 2011
@@ -125,13 +125,14 @@ public class AnnotationsRoleAuthorizatio
{
if
(action.getName().equals(authorizeActionAnnotation.action()))
{
- if (hasAny(new
Roles(authorizeActionAnnotation.deny())))
+ Roles deniedRoles = new
Roles(authorizeActionAnnotation.deny());
+ if (isEmpty(deniedRoles) == false &&
hasAny(deniedRoles))
{
return false;
}
- Roles roles = new
Roles(authorizeActionAnnotation.roles());
- if (!(isEmpty(roles) || hasAny(roles)))
+ Roles acceptedRoles = new
Roles(authorizeActionAnnotation.roles());
+ if (!(isEmpty(acceptedRoles) ||
hasAny(acceptedRoles)))
{
return false;
}
Modified:
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AuthorizeAction.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AuthorizeAction.java?rev=1203591&r1=1203590&r2=1203591&view=diff
==============================================================================
---
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AuthorizeAction.java
(original)
+++
wicket/trunk/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AuthorizeAction.java
Fri Nov 18 11:00:08 2011
@@ -58,7 +58,7 @@ public @interface AuthorizeAction {
* @return the roles for this action. The default is an empty string
(annotations do not allow
* null default values)
*/
- String[] roles() default "";
+ String[] roles() default { };
/**
* The roles to deny for this action.
@@ -66,5 +66,5 @@ public @interface AuthorizeAction {
* @return the roles to deny for this action. The default is an empty
string (annotations do not
* allow null default values)
*/
- String[] deny() default "";
+ String[] deny() default { };
}
\ No newline at end of file
Added:
wicket/trunk/wicket-auth-roles/src/test/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategyTest.java
URL:
http://svn.apache.org/viewvc/wicket/trunk/wicket-auth-roles/src/test/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategyTest.java?rev=1203591&view=auto
==============================================================================
---
wicket/trunk/wicket-auth-roles/src/test/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategyTest.java
(added)
+++
wicket/trunk/wicket-auth-roles/src/test/java/org/apache/wicket/authroles/authorization/strategies/role/annotations/AnnotationsRoleAuthorizationStrategyTest.java
Fri Nov 18 11:00:08 2011
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.authroles.authorization.strategies.role.annotations;
+
+import org.apache.wicket.Component;
+import
org.apache.wicket.authroles.authorization.strategies.role.IRoleCheckingStrategy;
+import org.apache.wicket.authroles.authorization.strategies.role.Roles;
+import org.apache.wicket.markup.html.WebComponent;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+/**
+ * Tests for {@link AnnotationsRoleAuthorizationStrategy}
+ */
+public class AnnotationsRoleAuthorizationStrategyTest extends Assert
+{
+ /**
+ * https://issues.apache.org/jira/browse/WICKET-3974
+ */
+ @Test
+ public void allowNonDeniedRoles()
+ {
+ AnnotationsRoleAuthorizationStrategy strategy = new
AnnotationsRoleAuthorizationStrategy(
+ new IRoleCheckingStrategy()
+ {
+ public boolean hasAnyRole(Roles roles)
+ {
+ return roles.contains("role1");
+ }
+ });
+
+ // use mock to not need Application in the thread
+ TestComponent component = Mockito.mock(TestComponent.class);
+ assertTrue(strategy.isActionAuthorized(component,
Component.RENDER));
+ }
+
+ /**
+ * A component without denied roles.
+ */
+ @AuthorizeAction(action = "RENDER", roles = { "role1" })
+ private static class TestComponent extends WebComponent
+ {
+ private static final long serialVersionUID = 1L;
+
+ private TestComponent()
+ {
+ super("notUsed");
+ }
+
+ }
+}
