cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a.@apache.org
Subject svn commit: r1446180 - in /cxf/trunk/rt/core/src: main/java/org/apache/cxf/interceptor/security/ test/java/org/apache/cxf/interceptor/security/
Date Thu, 14 Feb 2013 13:59:47 GMT
Author: ay
Date: Thu Feb 14 13:59:47 2013
New Revision: 1446180

URL: http://svn.apache.org/r1446180
Log:
[CXF-4829] Add OperationInfo based authorizing interceptor

Added:
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java
  (with props)
    cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptorTest.java
  (with props)
Modified:
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java
    cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptor.java
    cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptorTest.java

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java?rev=1446180&r1=1446179&r2=1446180&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java
(original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/AbstractAuthorizingInInterceptor.java
Thu Feb 14 13:59:47 2013
@@ -48,7 +48,6 @@ public abstract class AbstractAuthorizin
         SecurityContext sc = message.get(SecurityContext.class);
         if (sc != null && sc.getUserPrincipal() != null) {
             Method method = getTargetMethod(message);
-            
             if (authorize(sc, method)) {
                 return;
             }

Added: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java?rev=1446180&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java
(added)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java
Thu Feb 14 13:59:47 2013
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.interceptor.security;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.service.model.BindingOperationInfo;
+import org.apache.cxf.service.model.OperationInfo;
+
+/**
+ * 
+ */
+public class OperationInfoAuthorizingInterceptor extends SimpleAuthorizingInterceptor {
+    private static final Logger LOG = LogUtils.getL7dLogger(OperationInfoAuthorizingInterceptor.class);
+
+    @Override
+    public void handleMessage(Message message) throws Fault {
+        SecurityContext sc = message.get(SecurityContext.class);
+        if (sc != null && sc.getUserPrincipal() != null) {
+            OperationInfo opinfo = getTargetOperationInfo(message);
+            if (opinfo != null && opinfo.getName() != null
+                && authorize(sc, opinfo.getName().getLocalPart())) {
+                return;
+            }
+        }
+        
+        throw new AccessDeniedException("Unauthorized");
+
+    }
+
+    protected boolean authorize(SecurityContext sc, String key) {
+        List<String> expectedRoles = getExpectedRoles(key);
+        if (expectedRoles.isEmpty()) {
+            List<String> denyRoles = getDenyRoles(key);
+            return denyRoles.isEmpty() ? true : isUserInRole(sc, denyRoles, true);
+        }
+        
+        if (isUserInRole(sc, expectedRoles, false)) {
+            return true;
+        }
+        if (LOG.isLoggable(Level.FINE)) {
+            LOG.fine(sc.getUserPrincipal().getName() + " is not authorized");
+        }
+        return false;
+    }
+
+    protected OperationInfo getTargetOperationInfo(Message message) {
+        BindingOperationInfo bop = message.getExchange().get(BindingOperationInfo.class);
+        return bop != null ? bop.getOperationInfo() : null;
+    }
+
+    protected List<String> getExpectedRoles(String key) {
+        List<String> roles = methodRolesMap.get(key);
+        if (roles != null) {
+            return roles;
+        }
+        return globalRoles;
+    }
+
+    protected List<String> getDenyRoles(String key) {
+        return Collections.emptyList();    
+    }
+}

Propchange: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptor.java
------------------------------------------------------------------------------
    svn:executable = *

Modified: cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptor.java?rev=1446180&r1=1446179&r2=1446180&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptor.java
(original)
+++ cxf/trunk/rt/core/src/main/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptor.java
Thu Feb 14 13:59:47 2013
@@ -31,9 +31,9 @@ import org.apache.cxf.security.SecurityC
 
 public class SimpleAuthorizingInterceptor extends AbstractAuthorizingInInterceptor {
 
-    private Map<String, List<String>> methodRolesMap = new HashMap<String,
List<String>>();
-    private Map<String, List<String>> userRolesMap = Collections.emptyMap();
-    private List<String> globalRoles = Collections.emptyList();
+    protected Map<String, List<String>> methodRolesMap = new HashMap<String,
List<String>>();
+    protected Map<String, List<String>> userRolesMap = Collections.emptyMap();
+    protected List<String> globalRoles = Collections.emptyList();
     private boolean checkConfiguredRolesOnly;
     
     @Override 

Added: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptorTest.java?rev=1446180&view=auto
==============================================================================
--- cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptorTest.java
(added)
+++ cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptorTest.java
Thu Feb 14 13:59:47 2013
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.interceptor.security;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.service.Service;
+import org.apache.cxf.service.invoker.MethodDispatcher;
+import org.apache.cxf.service.model.BindingOperationInfo;
+import org.apache.cxf.service.model.OperationInfo;
+import org.easymock.EasyMock;
+
+import org.junit.Before;
+
+public class OperationInfoAuthorizingInterceptorTest extends SimpleAuthorizingInterceptorTest
{
+
+    @Before
+    @Override
+    public void setUp() throws Exception {
+        Exchange ex = setUpExchange();
+        Service service = EasyMock.createMock(Service.class);
+        ex.put(Service.class, service);
+        MethodDispatcher md = EasyMock.createMock(MethodDispatcher.class);
+        EasyMock.expect(service.get(MethodDispatcher.class.getName())).andReturn(md).anyTimes();
+        
+        BindingOperationInfo boi = EasyMock.createMock(BindingOperationInfo.class);
+        ex.put(BindingOperationInfo.class, boi);
+        EasyMock.expect(md.getMethod(boi)).andReturn(null);
+        OperationInfo opinfo = EasyMock.createMock(OperationInfo.class);
+        EasyMock.expect(opinfo.getName()).andReturn(new QName("urn:test", "echo")).anyTimes();
+        EasyMock.expect(boi.getOperationInfo()).andReturn(opinfo).anyTimes();
+        EasyMock.replay(service, md, boi, opinfo);
+    }
+    
+    @Override
+    protected SimpleAuthorizingInterceptor createSimpleAuthorizingInterceptor() {
+        return new OperationInfoAuthorizingInterceptor();
+    }
+    
+    @Override
+    protected SimpleAuthorizingInterceptor createSimpleAuthorizingInterceptorWithDenyRoles(final
String role) {
+        SimpleAuthorizingInterceptor in = new OperationInfoAuthorizingInterceptor() {
+            @Override
+            public List<String> getDenyRoles(String key) {
+                return Collections.singletonList(role);
+            }
+        };
+        return in;
+    }
+}

Propchange: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/OperationInfoAuthorizingInterceptorTest.java
------------------------------------------------------------------------------
    svn:executable = *

Modified: cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptorTest.java?rev=1446180&r1=1446179&r2=1446180&view=diff
==============================================================================
--- cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptorTest.java
(original)
+++ cxf/trunk/rt/core/src/test/java/org/apache/cxf/interceptor/security/SimpleAuthorizingInterceptorTest.java
Thu Feb 14 13:59:47 2013
@@ -39,16 +39,14 @@ import org.junit.Test;
 
 public class SimpleAuthorizingInterceptorTest extends Assert {
 
+    protected Message message = new MessageImpl();
     private Method method;
-    private Message message = new MessageImpl();
+
     
     @Before
     public void setUp() throws Exception {
         method = TestService.class.getMethod("echo", new Class[]{});
-        message.put(SecurityContext.class, new TestSecurityContext());
-        Exchange ex = new ExchangeImpl();
-        message.setExchange(ex);
-        
+        Exchange ex = setUpExchange();
         Service service = EasyMock.createMock(Service.class);
         ex.put(Service.class, service);
         MethodDispatcher md = EasyMock.createMock(MethodDispatcher.class);
@@ -62,33 +60,54 @@ public class SimpleAuthorizingIntercepto
         EasyMock.replay(service, md);
     }
     
+    protected Exchange setUpExchange() {
+        message.put(SecurityContext.class, new TestSecurityContext());
+        Exchange ex = new ExchangeImpl();
+        message.setExchange(ex);
+        return ex;
+    }
+    
+    protected SimpleAuthorizingInterceptor createSimpleAuthorizingInterceptor() {
+        return new SimpleAuthorizingInterceptor();
+    }
+    
+    protected SimpleAuthorizingInterceptor createSimpleAuthorizingInterceptorWithDenyRoles(final
String role) {
+        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor() {
+            @Override
+            public List<String> getDenyRoles(Method m) {
+                return Collections.singletonList(role);
+            }
+        };
+        return in;
+    }
+    
     @Test(expected = AccessDeniedException.class)
     public void testNoSecurityContext() {
         message.put(SecurityContext.class, null);
-        new SimpleAuthorizingInterceptor().handleMessage(message);
+        createSimpleAuthorizingInterceptor().handleMessage(message);
     }
     
     @Test(expected = AccessDeniedException.class)
     public void testIncompleteSecurityContext() {
         message.put(SecurityContext.class, new IncompleteSecurityContext());
-        new SimpleAuthorizingInterceptor().handleMessage(message);    
+        createSimpleAuthorizingInterceptor().handleMessage(message);    
     }
     
     @Test
     public void testPermitWithNoRoles() {
-        new SimpleAuthorizingInterceptor().handleMessage(message);    
+        createSimpleAuthorizingInterceptor().handleMessage(message);    
     }
     
     @Test
     public void testPermitWithMethodRoles() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor();
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptor(); 
         in.setMethodRolesMap(Collections.singletonMap("echo", "role1 testRole"));
         in.handleMessage(message);    
     }
     
     @Test
     public void testPermitWithMethodRolesConfigurationOnly() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor();
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptor(); 
         in.setCheckConfiguredRolesOnly(true);
         in.setUserRolesMap(Collections.singletonMap("testUser", "role1"));
         in.setMethodRolesMap(Collections.singletonMap("echo", "role1 role2"));
@@ -97,7 +116,7 @@ public class SimpleAuthorizingIntercepto
     
     @Test(expected = AccessDeniedException.class)
     public void testDenyWithMethodRolesConfigurationOnly() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor();
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptor(); 
         in.setCheckConfiguredRolesOnly(true);
         in.setUserRolesMap(Collections.singletonMap("testUser", "role1"));
         in.setMethodRolesMap(Collections.singletonMap("echo", "role2 role3"));
@@ -106,7 +125,7 @@ public class SimpleAuthorizingIntercepto
     
     @Test(expected = AccessDeniedException.class)
     public void testEmptyRolesConfigurationOnly() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor();
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptor(); 
         in.setCheckConfiguredRolesOnly(true);
         in.setMethodRolesMap(Collections.singletonMap("echo", "role1 role2"));
         in.handleMessage(message);    
@@ -114,65 +133,47 @@ public class SimpleAuthorizingIntercepto
     
     @Test
     public void testPermitAll() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor();
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptor(); 
         in.setMethodRolesMap(Collections.singletonMap("echo", "*"));
         in.handleMessage(message);    
     }
     
     @Test
     public void testPermitWithClassRoles() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor();
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptor(); 
         in.setGlobalRoles("role1 testRole");
         in.handleMessage(message);    
     }
     
     @Test(expected = AccessDeniedException.class)
     public void testDenyWithMethodRoles() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor();
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptor(); 
         in.setMethodRolesMap(Collections.singletonMap("echo", "role1 role2"));
         in.handleMessage(message);    
     }
     
     @Test(expected = AccessDeniedException.class)
     public void testDenyWithClassRoles() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor();
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptor(); 
         in.setGlobalRoles("role1 role2");
         in.handleMessage(message);    
     }
     
     @Test
     public void testPermitWithDenyRoles() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor() {
-            @Override
-            public List<String> getDenyRoles(Method m) {
-                return Collections.singletonList("frogs");
-            }
-           
-        };
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptorWithDenyRoles("frogs");
         in.handleMessage(message);    
     }
     
     @Test(expected = AccessDeniedException.class)
     public void testDenyWithDenyRoles() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor() {
-            @Override
-            public List<String> getDenyRoles(Method m) {
-                return Collections.singletonList("testRole");
-            }
-           
-        };
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptorWithDenyRoles("testRole");
         in.handleMessage(message);    
     }
     
     @Test(expected = AccessDeniedException.class)
     public void testDenyAll() {
-        SimpleAuthorizingInterceptor in = new SimpleAuthorizingInterceptor() {
-            @Override
-            public List<String> getDenyRoles(Method m) {
-                return Collections.singletonList("*");
-            }
-           
-        };
+        SimpleAuthorizingInterceptor in = createSimpleAuthorizingInterceptorWithDenyRoles("*");

         in.handleMessage(message);    
     }
     



Mime
View raw message