Project

General

Profile

Revision dbf39472

IDdbf3947240f1e23415a8de23e3b265bc18193785
Parent 3a45cdbe
Child f4cf248d

Added by Andreas Kohlbecker over 8 years ago

fixing #3133

View differences:

.gitattributes
1330 1330
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/CdmPermissionClass.java -text
1331 1331
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/CdmPermissionEvaluator.java -text
1332 1332
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/Operation.java -text
1333
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/Role.java -text
1333 1334
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/voter/CdmPermissionVoter.java -text
1334 1335
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/voter/DescriptionBaseVoter.java -text
1335 1336
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/voter/DescriptionElementVoter.java -text
cdmlib-model/src/main/java/eu/etaxonomy/cdm/model/common/GrantedAuthorityImpl.java
25 25
@XmlRootElement(name = "Group")
26 26
@Entity
27 27
public class GrantedAuthorityImpl extends CdmBase implements GrantedAuthority {
28

  
28 29
    private static final long serialVersionUID = 2651969425860655040L;
29 30
    private static final Logger logger = Logger
30 31
            .getLogger(GrantedAuthority.class);
......
41 42
        return new GrantedAuthorityImpl();
42 43
    }
43 44

  
45
    /* (non-Javadoc)
46
     * @see org.springframework.security.core.GrantedAuthority#getAuthority()
47
     */
48
    @Override
44 49
    public String getAuthority() {
45 50
        return authority;
46 51
    }
......
49 54
        this.authority = authority;
50 55
    }
51 56

  
57
    /**
58
     * @param o
59
     * @return
60
     */
52 61
    public int compareTo(Object o) {
53 62
        if (o instanceof GrantedAuthority) {
54 63
            return this.authority.compareTo(((GrantedAuthority) o)
......
90 99
            return null;
91 100
        }
92 101
    }
93

  
94
    /**
95
     * The role prefix 'ROLE_' is defined in
96
     * the spring security <code>RoleVoter</code>
97
     *
98
     * @author a.kohlbecker
99
     * @date Oct 5, 2012
100
     *
101
     */
102
    public enum Role {
103

  
104
        ROLE_ADMIN,
105
        ROLE_USER_MANAGER
106

  
107
    }
108 102
}
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/CdmAuthority.java
8 8

  
9 9
import org.apache.log4j.Logger;
10 10
import org.springframework.security.access.ConfigAttribute;
11
import org.springframework.security.core.GrantedAuthority;
11 12

  
12 13
import eu.etaxonomy.cdm.model.common.CdmBase;
14
import eu.etaxonomy.cdm.model.common.GrantedAuthorityImpl;
13 15

  
14 16
import sun.security.provider.PolicyParser.ParsingException;
15 17

  
......
48 50
 *
49 51
 * @author k.luther
50 52
 */
51
public class CdmAuthority implements ConfigAttribute {
53
public class CdmAuthority implements GrantedAuthority, ConfigAttribute {
52 54

  
53 55
    private static final long serialVersionUID = 1L;
54 56

  
......
57 59
    CdmPermissionClass permissionClass;
58 60
    String property;
59 61
    EnumSet<CRUD> operation;
60
     UUID targetUuid;
62
    UUID targetUuid;
61 63

  
62 64
    public CdmAuthority(CdmBase targetDomainObject, EnumSet<CRUD> operation, UUID uuid){
63 65
        this.permissionClass = CdmPermissionClass.getValueOf(targetDomainObject);
......
81 83
        this.targetUuid = uuid;
82 84
    }
83 85

  
84
    /**
85
     * Constructs a new CdmAuthority by parsing the contents of an
86
     * authority string. For details on the syntax please refer to the class
87
     * documentation above.
88
     *
89
     * TODO usually one would not use a constructor but a valueOf(String) or fromSting() method for this
90
     *
91
     * @param authority
92
     * @throws ParsingException
93
     */
94
    public CdmAuthority (String authority) throws ParsingException{
86
    private CdmAuthority (String authority) throws ParsingException{
95 87

  
96 88
        String[] tokens = parse(authority);
97 89
        // className must never be null
......
179 171
        return tokens;
180 172
    }
181 173

  
174
    /**
175
     * {@inheritDoc}
176
     *
177
     * same as {@link #toString()} and  {@link #getAttribute()}
178
     */
179
    @Override
180
    public String getAuthority() {
181
        return toString();
182
    }
183

  
184
    /**
185
     * {@inheritDoc}
186
     *
187
     * same as {@link #toString()} and  {@link #getAuthority()}
188
     */
189
    @Override
190
    public String getAttribute() {
191
        return toString();
192
    }
182 193

  
183 194
    @Override
184 195
    public String toString() {
......
194 205
        return sb.toString() ;
195 206
    }
196 207

  
197
    @Override
198
    public String getAttribute() {
199
        return toString();
208
    /**
209
     * Constructs a new CdmAuthority by parsing the authority string.
210
     * For details on the syntax please refer to the class
211
     * documentation above.
212
     *
213
     *
214
     * @param authority
215
     * @throws ParsingException
216
     */
217
    public static CdmAuthority from(GrantedAuthority authority) throws ParsingException {
218
        return new CdmAuthority(authority.getAuthority());
200 219
    }
201 220

  
221
    /**
222
     * @return
223
     * @throws ParsingException
224
     */
225
    public GrantedAuthorityImpl toGrantedAuthorityImpl() throws ParsingException {
226
        GrantedAuthorityImpl grantedAuthority = GrantedAuthorityImpl.NewInstance();
227
        grantedAuthority.setAuthority(getAuthority());
228
        return grantedAuthority;
229
    }
230

  
231

  
232

  
202 233
}
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/CdmPermissionEvaluator.java
24 24
import org.springframework.stereotype.Component;
25 25

  
26 26
import eu.etaxonomy.cdm.model.common.CdmBase;
27
import static eu.etaxonomy.cdm.model.common.GrantedAuthorityImpl.Role;
28 27

  
29 28
/**
30 29
 * @author k.luther
......
98 97
            return true; // it might be wrong to return true
99 98
        }
100 99

  
101
        try{
102
            //evalPermission = new CdmAuthority(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, ((CdmBase)targetDomainObject).getUuid());
103
            evalPermission = new CdmAuthority((CdmBase)targetDomainObject, requiredOperation, ((CdmBase)targetDomainObject).getUuid());
104
        }catch(NullPointerException e){
105
            //evalPermission = new CdmAuthority(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, null);
106
            evalPermission = new CdmAuthority((CdmBase)targetDomainObject, requiredOperation, null);
107
        }
100
        evalPermission = authorityRequiredFor((CdmBase)targetDomainObject, requiredOperation);
108 101

  
109 102

  
110 103
        if (evalPermission.permissionClass != null) {
......
117 110

  
118 111
    }
119 112

  
113
    /**
114
     * @param targetEntity
115
     * @param requiredOperation
116
     * @return
117
     */
118
    private CdmAuthority authorityRequiredFor(CdmBase targetEntity, EnumSet<CRUD> requiredOperation) {
119
        CdmAuthority evalPermission;
120
        try{
121
            //evalPermission = new CdmAuthority(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, (targetDomainObject).getUuid());
122
            evalPermission = new CdmAuthority(targetEntity, requiredOperation, (targetEntity).getUuid());
123
        }catch(NullPointerException e){
124
            // TODO document where the NPE is coming from
125

  
126
            //evalPermission = new CdmAuthority(targetDomainObject.getClass().getSimpleName().toUpperCase(), cdmPermission, null);
127
            evalPermission = new CdmAuthority(targetEntity, requiredOperation, null);
128
        }
129
        return evalPermission;
130
    }
131

  
120 132

  
121 133
    /**
122 134
     * @param authorities
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/Role.java
1
package eu.etaxonomy.cdm.persistence.hibernate.permission;
2

  
3
import java.util.UUID;
4

  
5
import junit.framework.Assert;
6

  
7
import org.springframework.beans.factory.BeanFactoryAware;
8
import org.springframework.beans.factory.annotation.Autowired;
9
import org.springframework.context.ApplicationContext;
10
import org.springframework.stereotype.Component;
11

  
12
import eu.etaxonomy.cdm.model.common.GrantedAuthorityImpl;
13
import eu.etaxonomy.cdm.persistence.dao.common.IGrantedAuthorityDao;
14

  
15
/**
16
 * The role prefix 'ROLE_' is defined in the spring security
17
 * <code>RoleVoter</code>
18
 *
19
 * @author a.kohlbecker
20
 * @date Oct 5, 2012
21
 *
22
 *
23
 */
24
public enum Role {
25

  
26
    ROLE_ADMIN(UUID.fromString("56eac992-67ba-40be-896c-4e992ca2afc0")),
27
    ROLE_USER_MANAGER(UUID.fromString("9eabd2c6-0590-4a1e-95f5-99cc58b63aa7"));
28

  
29
    private UUID uuid;
30

  
31
    Role(UUID uuid) {
32
        this.uuid = uuid;
33
    }
34

  
35
    /**
36
     * <b>WARNING:</b> This method must only be used when there is nothing in
37
     * hibernate to be flushed to the database. Otherwise you risk of getting
38
     * into an endless loop. Alternatively you can use
39
     * {@link #asNewGrantedAuthority()}
40
     *
41
     *
42
     * @return either an instance which already is persited to the database or a
43
     *         fresh not persisted instance of {@link GrantedAuthorityImpl} for
44
     *         the Role.
45
     */
46
    public GrantedAuthorityImpl asGrantedAuthority(IGrantedAuthorityDao grantedAuthorityDao) {
47
        GrantedAuthorityImpl grantedAuthority = grantedAuthorityDao.findByUuid(uuid);
48
        if (grantedAuthority == null) {
49
            grantedAuthority = asNewGrantedAuthority();
50
        } else {
51
            // perform consistency check
52
            Assert.assertEquals(name(), grantedAuthority.getAuthority());
53
        }
54
        return grantedAuthority;
55
    }
56

  
57
    /**
58
     * @return a fresh <b>not persisted instance</b> of {@link GrantedAuthorityImpl}
59
     *         for the Role.
60
     */
61
    public GrantedAuthorityImpl asNewGrantedAuthority() {
62
        GrantedAuthorityImpl grantedAuthority;
63
        grantedAuthority = GrantedAuthorityImpl.NewInstance();
64
        grantedAuthority.setUuid(uuid);
65
        grantedAuthority.setAuthority(name());
66
        return grantedAuthority;
67
    }
68

  
69
}
cdmlib-persistence/src/main/java/eu/etaxonomy/cdm/persistence/hibernate/permission/voter/CdmPermissionVoter.java
101 101

  
102 102
            for (GrantedAuthority authority: authentication.getAuthorities()){
103 103

  
104
                CdmAuthority ap;
104
                CdmAuthority auth;
105 105
                try {
106
                    ap = new CdmAuthority(authority.getAuthority());
106
                    auth = CdmAuthority.from(authority);
107 107
                } catch (ParsingException e) {
108 108
                    logger.debug("skipping " + authority.getAuthority() + " due to ParsingException");
109 109
                    continue;
......
117 117

  
118 118
                ValidationResult vr = new ValidationResult();
119 119

  
120
                boolean isALL = ap.getPermissionClass().equals(CdmPermissionClass.ALL);
120
                boolean isALL = auth.getPermissionClass().equals(CdmPermissionClass.ALL);
121 121

  
122
                vr.isClassMatch = isALL || ap.getPermissionClass().equals(evalPermission.getPermissionClass());
123
                vr.isPermissionMatch = ap.getOperation().containsAll(evalPermission.getOperation());
124
                vr.isUuidMatch = ap.hasTargetUuid() && ap.getTargetUUID().equals(((CdmBase)object).getUuid());
122
                vr.isClassMatch = isALL || auth.getPermissionClass().equals(evalPermission.getPermissionClass());
123
                vr.isPermissionMatch = auth.getOperation().containsAll(evalPermission.getOperation());
124
                vr.isUuidMatch = auth.hasTargetUuid() && auth.getTargetUUID().equals(((CdmBase)object).getUuid());
125 125

  
126 126
                //
127 127
                // only vote if no property is defined.
128 128
                // Authorities with properties must be voted by type specific voters.
129 129
                //
130
                if(!ap.hasProperty()){
131
                    if ( !ap.hasTargetUuid() && vr.isClassMatch && vr.isPermissionMatch){
130
                if(!auth.hasProperty()){
131
                    if ( !auth.hasTargetUuid() && vr.isClassMatch && vr.isPermissionMatch){
132 132
                        logger.debug("no tragetUuid, class & permission match => ACCESS_GRANTED");
133 133
                        return ACCESS_GRANTED;
134 134
                    }
......
151 151
                // ask subclasses for further voting decisions
152 152
                // subclasses will cast votes for specific Cdm Types
153 153
                //
154
                Integer furtherVotingResult = furtherVotingDescisions(ap, object, attributes, vr);
154
                Integer furtherVotingResult = furtherVotingDescisions(auth, object, attributes, vr);
155 155
                if(furtherVotingResult != null && furtherVotingResult != ACCESS_ABSTAIN){
156 156
                    logger.debug("furtherVotingResult => " + furtherVotingResult);
157 157
                    return furtherVotingResult;
cdmlib-services/src/main/java/eu/etaxonomy/cdm/api/application/CdmApplicationController.java
72 72
import eu.etaxonomy.cdm.model.common.DefinedTermBase;
73 73
import eu.etaxonomy.cdm.model.common.GrantedAuthorityImpl;
74 74
import eu.etaxonomy.cdm.model.common.User;
75
import eu.etaxonomy.cdm.model.common.GrantedAuthorityImpl.Role;
76 75
import eu.etaxonomy.cdm.persistence.hibernate.permission.CRUD;
77 76
import eu.etaxonomy.cdm.persistence.hibernate.permission.Operation;
77
import eu.etaxonomy.cdm.persistence.hibernate.permission.Role;
78 78

  
79 79

  
80 80
/**
......
268 268
    }
269 269

  
270 270
    protected void createAdminUser(){
271
        User firstUser = User.NewInstance("admin", "00000");
272
        GrantedAuthorityImpl role_admin = GrantedAuthorityImpl.NewInstance();
273
        role_admin.setAuthority(Role.ROLE_ADMIN.name());
271

  
274 272
        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
275
        authorities.add(role_admin);
273
        authorities.add(Role.ROLE_ADMIN.asNewGrantedAuthority());
274

  
275
        User firstUser = User.NewInstance("admin", "00000");
276 276
        firstUser.setGrantedAuthorities(authorities);
277 277
        getUserService().save(firstUser);
278 278

  
279

  
280 279
        logger.info("Admin user created.");
281 280
    }
282 281

  

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)