Project

General

Profile

Revision af113c74

IDaf113c74107be1ef7b6b89b06357a76b31f2b8e5
Parent e68c438e
Child be10b621

Added by Andreas Kohlbecker almost 3 years ago

ref #6855 ICdmPermissionEvaluator method which tests by CdmBase type and does not require an instance

View differences:

cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/CdmSecurityHibernateInterceptor.java
29 29
import eu.etaxonomy.cdm.model.common.CdmBase;
30 30
import eu.etaxonomy.cdm.model.common.IPublishable;
31 31
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;
32
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionEvaluator;
32
import eu.etaxonomy.cdm.persistence.hibernate.permission.ICdmPermissionEvaluator;
33 33
import eu.etaxonomy.cdm.persistence.hibernate.permission.Operation;
34 34
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role;
35 35
/**
......
45 45
    public static final Logger logger = Logger.getLogger(CdmSecurityHibernateInterceptor.class);
46 46

  
47 47

  
48
    private CdmPermissionEvaluator permissionEvaluator;
48
    private ICdmPermissionEvaluator permissionEvaluator;
49 49

  
50
    public CdmPermissionEvaluator getPermissionEvaluator() {
50
    public ICdmPermissionEvaluator getPermissionEvaluator() {
51 51
        return permissionEvaluator;
52 52
    }
53 53

  
54
    public void setPermissionEvaluator(CdmPermissionEvaluator permissionEvaluator) {
54
    public void setPermissionEvaluator(ICdmPermissionEvaluator permissionEvaluator) {
55 55
        this.permissionEvaluator = permissionEvaluator;
56 56
    }
57 57

  
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/CdmPermissionEvaluator.java
9 9
package eu.etaxonomy.cdm.persistence.hibernate.permission;
10 10

  
11 11
import java.io.Serializable;
12
import java.lang.reflect.Constructor;
13
import java.lang.reflect.InvocationTargetException;
12 14
import java.util.Collection;
13 15
import java.util.EnumSet;
14 16
import java.util.HashSet;
......
68 70

  
69 71

  
70 72
        CdmAuthority evalPermission;
71
        EnumSet<CRUD> requiredOperation;
73
        EnumSet<CRUD> requiredOperation = null;
72 74

  
73 75
        if(authentication == null) {
74 76
            return false;
75 77
        }
76 78

  
77 79
        if(logger.isDebugEnabled()){
78
            StringBuilder grantedAuthoritiesTxt = new StringBuilder();
79
            for(GrantedAuthority ga : authentication.getAuthorities()){
80
                grantedAuthoritiesTxt.append("    - ").append(ga.getAuthority()).append("\n");
81
            }
82
            if(grantedAuthoritiesTxt.length() == 0){
83
                grantedAuthoritiesTxt.append("    - ").append("<No GrantedAuthority given>").append("\n");
84
            }
85
            logger.debug("hasPermission()\n"
86
                    + "  User '" + authentication.getName() + "':\n"
87
                    + grantedAuthoritiesTxt
88
                    + "  Object: " + ((CdmBase)targetDomainObject).instanceToString() + "\n"
89
                    + "  Permission: " + permission);
80
            String targteDomainObjText = "  Object: " + ((CdmBase)targetDomainObject).instanceToString();
81
            logUserAndRequirement(authentication, permission.toString(), targteDomainObjText);
90 82
        }
91 83
        try {
92
            // FIXME refactor into Operation ======
93
            if (Operation.isOperation(permission)){
94
                requiredOperation = (EnumSet<CRUD>)permission;
95
            } else {
96
                // try to treat as string
97
                requiredOperation = Operation.fromString(permission.toString());
98
            }
99
            // =======================================
84
            requiredOperation = operationFrom(permission);
100 85

  
101 86
        } catch (IllegalArgumentException e) {
102 87
            logger.debug("permission string '"+ permission.toString() + "' not parsable => true");
103
            return true; // it might be wrong to return true
88
            return true; // FIXME it might be wrong to return true
104 89
        }
105 90

  
106 91
        evalPermission = authorityRequiredFor((CdmBase)targetDomainObject, requiredOperation);
107 92

  
108

  
109 93
        if (evalPermission.permissionClass != null) {
110 94
            logger.debug("starting evaluation => ...");
111 95
            return evalPermission(authentication, evalPermission, (CdmBase) targetDomainObject);
......
116 100

  
117 101
    }
118 102

  
103

  
104
    @Override
105
    public <T extends CdmBase> boolean hasPermission(Authentication authentication, Class<T> targetDomainObjectClass,
106
            EnumSet<CRUD> requiredOperations) {
107

  
108
        if(authentication == null) {
109
            return false;
110
        }
111

  
112
        if(logger.isDebugEnabled()){
113
            String targteDomainObjClassText = "  Cdm-Type: " + targetDomainObjectClass.getSimpleName();
114
            logUserAndRequirement(authentication, requiredOperations.toString(), targteDomainObjClassText);
115
        }
116

  
117
        CdmAuthority evalPermission = new CdmAuthority(CdmPermissionClass.getValueOf(targetDomainObjectClass), null, requiredOperations, null);
118

  
119
        T instance;
120
        try {
121
            Constructor<T> c = targetDomainObjectClass.getDeclaredConstructor();
122
            c.setAccessible(true);
123
            instance = c.newInstance();
124
        } catch (InstantiationException | IllegalAccessException | NoSuchMethodException | SecurityException | IllegalArgumentException | InvocationTargetException e) {
125
            logger.error("Error while creating permission test instance ==> will deny", e);
126
            return false;
127
        }
128

  
129
        return evalPermission(authentication, evalPermission, instance);
130
    }
131

  
132
    /**
133
     * @param authentication
134
     * @param permission
135
     * @param targteDomainObjText
136
     */
137
    protected void logUserAndRequirement(Authentication authentication, String permissions, String targteDomainObjText) {
138
        StringBuilder grantedAuthoritiesTxt = new StringBuilder();
139
        for(GrantedAuthority ga : authentication.getAuthorities()){
140
            grantedAuthoritiesTxt.append("    - ").append(ga.getAuthority()).append("\n");
141
        }
142
        if(grantedAuthoritiesTxt.length() == 0){
143
            grantedAuthoritiesTxt.append("    - ").append("<No GrantedAuthority given>").append("\n");
144
        }
145
        logger.debug("hasPermission()\n"
146
                + "  User '" + authentication.getName() + "':\n"
147
                + grantedAuthoritiesTxt
148
                + targteDomainObjText + "\n"
149
                + "  Permission: " + permissions);
150
    }
151

  
152
    /**
153
     * @param permission
154
     * @return
155
     */
156
    protected EnumSet<CRUD> operationFrom(Object permission) {
157
        EnumSet<CRUD> requiredOperation;
158
        // FIXME refactor into Operation ======
159
        if (Operation.isOperation(permission)){
160
            requiredOperation = (EnumSet<CRUD>)permission;
161
        } else {
162
            // try to treat as string
163
            requiredOperation = Operation.fromString(permission.toString());
164
        }
165
        // =======================================
166
        return requiredOperation;
167
    }
168

  
119 169
    /**
120 170
     * @param targetEntity
121 171
     * @param requiredOperation
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/ICdmPermissionEvaluator.java
8 8
*/
9 9
package eu.etaxonomy.cdm.persistence.hibernate.permission;
10 10

  
11
import java.util.EnumSet;
12

  
11 13
import org.springframework.security.access.PermissionEvaluator;
12 14
import org.springframework.security.core.Authentication;
13 15

  
16
import eu.etaxonomy.cdm.model.common.CdmBase;
17

  
14 18
/**
15 19
 * @author a.kohlbecker
16 20
 * @date Feb 3, 2014
......
20 24

  
21 25
    public boolean hasOneOfRoles(Authentication authentication, Role ... roles);
22 26

  
27
    public <T extends CdmBase> boolean hasPermission(Authentication authentication, Class<T> targetDomainObjectClass,
28
            EnumSet<CRUD> requiredOperations);
29

  
23 30
}
cdmlib-services/src/main/java/eu/etaxonomy/cdm/api/service/ProgressMonitorServiceImpl.java
20 20
import eu.etaxonomy.cdm.common.monitor.RemotingProgressMonitor;
21 21
import eu.etaxonomy.cdm.common.monitor.RemotingProgressMonitorThread;
22 22
import eu.etaxonomy.cdm.model.common.User;
23
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionEvaluator;
23
import eu.etaxonomy.cdm.persistence.hibernate.permission.ICdmPermissionEvaluator;
24 24
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role;
25 25

  
26 26
/**
......
35 35
    public ProgressMonitorManager<IRestServiceProgressMonitor> progressMonitorManager;
36 36

  
37 37
    @Autowired
38
    public CdmPermissionEvaluator permissionEvaluator;
38
    public ICdmPermissionEvaluator permissionEvaluator;
39 39

  
40 40
    /**
41 41
     * {@inheritDoc}
cdmlib-services/src/test/java/eu/etaxonomy/cdm/api/service/SecurityTest.java
60 60
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;
61 61
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmAuthority;
62 62
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionClass;
63
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionEvaluator;
63
import eu.etaxonomy.cdm.persistence.hibernate.permission.ICdmPermissionEvaluator;
64 64
import eu.etaxonomy.cdm.persistence.hibernate.permission.Operation;
65 65
import eu.etaxonomy.cdm.persistence.query.MatchMode;
66 66
import sun.security.provider.PolicyParser.ParsingException;
......
103 103
    private PasswordEncoder passwordEncoder;
104 104

  
105 105
    @SpringBean("cdmPermissionEvaluator")
106
    private CdmPermissionEvaluator permissionEvaluator;
106
    private ICdmPermissionEvaluator permissionEvaluator;
107 107

  
108 108
    @TestDataSource
109 109
    protected DataSource dataSource;
cdmlib-services/src/test/java/eu/etaxonomy/cdm/api/service/SecurityWithTransaction.java
32 32
import eu.etaxonomy.cdm.model.media.Media;
33 33
import eu.etaxonomy.cdm.model.taxon.Taxon;
34 34
import eu.etaxonomy.cdm.model.taxon.TaxonNode;
35
import eu.etaxonomy.cdm.persistence.hibernate.permission.CdmPermissionEvaluator;
35
import eu.etaxonomy.cdm.persistence.hibernate.permission.ICdmPermissionEvaluator;
36 36
import eu.etaxonomy.cdm.test.integration.CdmTransactionalIntegrationTestWithSecurity;
37 37

  
38 38

  
......
73 73
    private AuthenticationManager authenticationManager;
74 74

  
75 75
    @SpringBeanByName
76
    private CdmPermissionEvaluator permissionEvaluator;
76
    private ICdmPermissionEvaluator permissionEvaluator;
77 77

  
78 78
    private UsernamePasswordAuthenticationToken token;
79 79

  

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)