Return-Path: X-Original-To: apmail-incubator-deltaspike-commits-archive@minotaur.apache.org Delivered-To: apmail-incubator-deltaspike-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8291D9141 for ; Thu, 29 Mar 2012 11:03:00 +0000 (UTC) Received: (qmail 51772 invoked by uid 500); 29 Mar 2012 11:03:00 -0000 Delivered-To: apmail-incubator-deltaspike-commits-archive@incubator.apache.org Received: (qmail 51728 invoked by uid 500); 29 Mar 2012 11:03:00 -0000 Mailing-List: contact deltaspike-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: deltaspike-dev@incubator.apache.org Delivered-To: mailing list deltaspike-commits@incubator.apache.org Received: (qmail 51713 invoked by uid 99); 29 Mar 2012 11:03:00 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Mar 2012 11:03:00 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id B982E9DE2; Thu, 29 Mar 2012 11:02:59 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: gpetracek@apache.org To: deltaspike-commits@incubator.apache.org X-Mailer: ASF-Git Admin Mailer Subject: [2/2] git commit: DELTASPIKE-69 cleanup Message-Id: <20120329110259.B982E9DE2@tyr.zones.apache.org> Date: Thu, 29 Mar 2012 11:02:59 +0000 (UTC) DELTASPIKE-69 cleanup Project: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/commit/750f7cdb Tree: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/tree/750f7cdb Diff: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/diff/750f7cdb Branch: refs/heads/master Commit: 750f7cdbd59eca550923265aa3d0a11fa784f018 Parents: 07b8332 Author: gpetracek Authored: Thu Mar 29 12:46:38 2012 +0200 Committer: gpetracek Committed: Thu Mar 29 12:46:38 2012 +0200 ---------------------------------------------------------------------- .../api/authorization/AccessDeniedException.java | 2 +- .../api/authorization/AuthorizationException.java | 39 ------- .../security/impl/authorization/Authorizer.java | 85 ++++++++------- .../authorization/DefaultSecurityStrategy.java | 1 + .../authorization/SecuredAnnotationAuthorizer.java | 2 + .../impl/authorization/SecurityExtension.java | 20 ++-- .../authorization/SecurityMetaDataStorage.java | 11 +-- 7 files changed, 62 insertions(+), 98 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java index 834066b..d291901 100644 --- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java +++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java @@ -24,7 +24,7 @@ import java.util.Set; * Exception occurs in case of a security-violation. * It's aware of the reason for the violation as well as the error-view which should be used to display the restriction. */ -public class AccessDeniedException extends org.apache.deltaspike.security.api.SecurityException +public class AccessDeniedException extends SecurityException { private static final long serialVersionUID = -4066763895951237969L; http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java deleted file mode 100644 index 5e7432f..0000000 --- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.deltaspike.security.api.authorization; - -/** - * Thrown when an authenticated user has insufficient privileges to perform an operation. - * - */ -public class AuthorizationException extends org.apache.deltaspike.security.api.SecurityException -{ - private static final long serialVersionUID = -981091398588455903L; - - public AuthorizationException(String message) - { - super(message); - } - - public AuthorizationException(String message, Throwable cause) - { - super(message, cause); - } -} http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java index 067964f..d7684ee 100644 --- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java +++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/Authorizer.java @@ -20,12 +20,14 @@ package org.apache.deltaspike.security.impl.authorization; import org.apache.deltaspike.core.api.metadata.builder.InjectableMethod; import org.apache.deltaspike.core.api.metadata.builder.ParameterValueRedefiner; -import org.apache.deltaspike.security.api.authorization.AuthorizationException; +import org.apache.deltaspike.security.api.authorization.AccessDeniedException; import org.apache.deltaspike.security.api.authorization.SecurityDefinitionException; +import org.apache.deltaspike.security.api.authorization.SecurityViolation; import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType; import javax.enterprise.context.spi.CreationalContext; import javax.enterprise.inject.Stereotype; +import javax.enterprise.inject.Typed; import javax.enterprise.inject.spi.AnnotatedMethod; import javax.enterprise.inject.spi.Bean; import javax.enterprise.inject.spi.BeanManager; @@ -35,36 +37,38 @@ import java.lang.annotation.Annotation; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.HashMap; +import java.util.HashSet; import java.util.Map; import java.util.Set; +@Typed() class Authorizer { private BeanManager beanManager; - private Annotation binding; - private Map memberValues = new HashMap(); + private Annotation bindingAnnotation; + private Map bindingSecurityBindingMembers = new HashMap(); - private AnnotatedMethod implementationMethod; - private Bean targetBean; + private AnnotatedMethod boundAuthorizerMethod; + private Bean boundAuthorizerBean; - private InjectableMethod injectableMethod; + private InjectableMethod boundAuthorizerMethodProxy; - Authorizer(Annotation binding, AnnotatedMethod implementationMethod, BeanManager beanManager) + Authorizer(Annotation bindingAnnotation, AnnotatedMethod boundAuthorizerMethod, BeanManager beanManager) { - this.binding = binding; - this.implementationMethod = implementationMethod; + this.bindingAnnotation = bindingAnnotation; + this.boundAuthorizerMethod = boundAuthorizerMethod; this.beanManager = beanManager; try { - for (Method method : binding.annotationType().getDeclaredMethods()) + for (Method method : bindingAnnotation.annotationType().getDeclaredMethods()) { if (method.isAnnotationPresent(Nonbinding.class)) { continue; } - memberValues.put(method, method.invoke(binding)); + bindingSecurityBindingMembers.put(method, method.invoke(bindingAnnotation)); } } catch (InvocationTargetException ex) @@ -77,19 +81,19 @@ class Authorizer } } - public void authorize(final InvocationContext ic) + void authorize(final InvocationContext ic) { - if (targetBean == null) + if (boundAuthorizerBean == null) { lazyInitTargetBean(); } - final CreationalContext creationalContext = beanManager.createCreationalContext(targetBean); + final CreationalContext creationalContext = beanManager.createCreationalContext(boundAuthorizerBean); - Object reference = beanManager.getReference(targetBean, - implementationMethod.getJavaMember().getDeclaringClass(), creationalContext); + Object reference = beanManager.getReference(boundAuthorizerBean, + boundAuthorizerMethod.getJavaMember().getDeclaringClass(), creationalContext); - Object result = injectableMethod.invoke(reference, creationalContext, new ParameterValueRedefiner() { + Object result = boundAuthorizerMethodProxy.invoke(reference, creationalContext, new ParameterValueRedefiner() { @Override public Object redefineParameterValue(ParameterValue value) @@ -107,21 +111,33 @@ class Authorizer if (result.equals(Boolean.FALSE)) { - throw new AuthorizationException("Authorization check failed"); + Set violations = new HashSet(); + violations.add(new SecurityViolation() + { + private static final long serialVersionUID = 2358753444038521129L; + + @Override + public String getReason() + { + return "Authorization check failed"; + } + }); + + throw new AccessDeniedException(violations); } } @SuppressWarnings({ "unchecked", "rawtypes" }) private synchronized void lazyInitTargetBean() { - if (targetBean == null) + if (boundAuthorizerBean == null) { - Method method = implementationMethod.getJavaMember(); + Method method = boundAuthorizerMethod.getJavaMember(); Set> beans = beanManager.getBeans(method.getDeclaringClass()); if (beans.size() == 1) { - targetBean = beans.iterator().next(); + boundAuthorizerBean = beans.iterator().next(); } else if (beans.isEmpty()) { @@ -136,11 +152,11 @@ class Authorizer method.getName() + "]"); } - injectableMethod = new InjectableMethod(implementationMethod, targetBean, beanManager); + boundAuthorizerMethodProxy = new InjectableMethod(boundAuthorizerMethod, boundAuthorizerBean, beanManager); } } - public boolean matchesBinding(Annotation annotation) + boolean matchesBinding(Annotation annotation) { if (!annotation.annotationType().isAnnotationPresent(SecurityBindingType.class) && annotation.annotationType().isAnnotationPresent(Stereotype.class)) @@ -148,7 +164,7 @@ class Authorizer annotation = SecurityUtils.resolveSecurityBindingType(annotation); } - if (!annotation.annotationType().equals(binding.annotationType())) + if (!annotation.annotationType().equals(bindingAnnotation.annotationType())) { return false; } @@ -160,7 +176,7 @@ class Authorizer continue; } - if (!memberValues.containsKey(method)) + if (!bindingSecurityBindingMembers.containsKey(method)) { return false; } @@ -168,7 +184,7 @@ class Authorizer try { Object value = method.invoke(annotation); - if (!memberValues.get(method).equals(value)) + if (!bindingSecurityBindingMembers.get(method).equals(value)) { return false; } @@ -186,21 +202,8 @@ class Authorizer return true; } - public Method getImplementationMethod() - { - return implementationMethod.getJavaMember(); - } - - @Override - public boolean equals(Object value) - { - return false; - } - - //not used - @Override - public int hashCode() + Method getBoundAuthorizerMethod() { - return 0; + return boundAuthorizerMethod.getJavaMember(); } } http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java index 102ac27..123199a 100644 --- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java +++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/DefaultSecurityStrategy.java @@ -28,6 +28,7 @@ import java.lang.reflect.Method; * {@inheritDoc} */ @Dependent +@SuppressWarnings("UnusedDeclaration") public class DefaultSecurityStrategy implements SecurityStrategy { private static final long serialVersionUID = 7992336651801599079L; http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java index 3e629ee..89648d2 100644 --- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java +++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java @@ -42,12 +42,14 @@ import java.util.Set; * Authorizer implementation for the {@link @Secured} annotation */ @Dependent +@SuppressWarnings("UnusedDeclaration") public class SecuredAnnotationAuthorizer { @Inject private AccessDecisionVoterContext voterContext; @Secures @Secured({ }) + @SuppressWarnings("UnusedDeclaration") public boolean doSecuredCheck(InvocationContext invocationContext) throws Exception { Secured secured = null; http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java index 8805166..8e30a19 100644 --- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java +++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityExtension.java @@ -221,38 +221,38 @@ public class SecurityExtension implements Extension, Deactivatable * Registers the specified authorizer method (i.e. a method annotated with * the @Secures annotation) * - * @param m + * @param annotatedMethod * @param beanManager * @throws SecurityDefinitionException */ - private void registerAuthorizer(AnnotatedMethod m, BeanManager beanManager) + private void registerAuthorizer(AnnotatedMethod annotatedMethod, BeanManager beanManager) { - if (!m.getJavaMember().getReturnType().equals(Boolean.class) && - !m.getJavaMember().getReturnType().equals(Boolean.TYPE)) + if (!annotatedMethod.getJavaMember().getReturnType().equals(Boolean.class) && + !annotatedMethod.getJavaMember().getReturnType().equals(Boolean.TYPE)) { throw new SecurityDefinitionException("Invalid authorizer method [" + - m.getJavaMember().getDeclaringClass().getName() + "." + - m.getJavaMember().getName() + "] - does not return a boolean."); + annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." + + annotatedMethod.getJavaMember().getName() + "] - does not return a boolean."); } // Locate the binding type Annotation binding = null; - for (Annotation annotation : m.getAnnotations()) + for (Annotation annotation : annotatedMethod.getAnnotations()) { if (SecurityUtils.isMetaAnnotatedWithSecurityBindingType(annotation)) { if (binding != null) { throw new SecurityDefinitionException("Invalid authorizer method [" + - m.getJavaMember().getDeclaringClass().getName() + "." + - m.getJavaMember().getName() + "] - declares multiple security binding types"); + annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." + + annotatedMethod.getJavaMember().getName() + "] - declares multiple security binding types"); } binding = annotation; } } - Authorizer authorizer = new Authorizer(binding, m, beanManager); + Authorizer authorizer = new Authorizer(binding, annotatedMethod, beanManager); getMetaDataStorage().addAuthorizer(authorizer); } http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/750f7cdb/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java index 298256e..4d0ea7b 100644 --- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java +++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityMetaDataStorage.java @@ -28,9 +28,6 @@ import java.util.HashSet; import java.util.Map; import java.util.Set; -/** - * - */ class SecurityMetaDataStorage { /** @@ -133,9 +130,9 @@ class SecurityMetaDataStorage { StringBuilder sb = new StringBuilder(); sb.append("Matching authorizer methods found: ["); - sb.append(authorizer.getImplementationMethod().getDeclaringClass().getName()); + sb.append(authorizer.getBoundAuthorizerMethod().getDeclaringClass().getName()); sb.append("."); - sb.append(authorizer.getImplementationMethod().getName()); + sb.append(authorizer.getBoundAuthorizerMethod().getName()); sb.append("]"); for (Authorizer a : authorizerStack) @@ -143,9 +140,9 @@ class SecurityMetaDataStorage if (a.matchesBinding(binding)) { sb.append(", ["); - sb.append(a.getImplementationMethod().getDeclaringClass().getName()); + sb.append(a.getBoundAuthorizerMethod().getDeclaringClass().getName()); sb.append("."); - sb.append(a.getImplementationMethod().getName()); + sb.append(a.getBoundAuthorizerMethod().getName()); sb.append("]"); } }