Mailing-List: contact commits-help@deltaspike.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@deltaspike.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: gpetracek@apache.org
To: commits@deltaspike.apache.org
Message-Id: <5f6a8ef0a8c14d8f995fee3a12768518@git.apache.org>
Subject: deltaspike git commit: DELTASPIKE-828 cycle detection and tests for
 SecurityUtils#getAllAnnotations
Date: Sat, 31 Jan 2015 18:52:33 +0000 (UTC)

Repository: deltaspike
Updated Branches:
  refs/heads/master 21070d3b0 -> f2a3ea4e1


DELTASPIKE-828 cycle detection and tests for SecurityUtils#getAllAnnotations


Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/f2a3ea4e
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/f2a3ea4e
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/f2a3ea4e

Branch: refs/heads/master
Commit: f2a3ea4e16726e29596c28eaef3b1a1f9dbd6e47
Parents: 21070d3
Author: gpetracek <gpetracek@apache.org>
Authored: Sat Jan 31 19:44:31 2015 +0100
Committer: gpetracek <gpetracek@apache.org>
Committed: Sat Jan 31 19:52:09 2015 +0100

----------------------------------------------------------------------
 .../SecuredAnnotationAuthorizer.java            | 11 ++---
 .../security/impl/util/SecurityUtils.java       | 19 ++++++--
 .../impl/authorization/util/AnnotationA.java    | 34 +++++++++++++
 .../impl/authorization/util/AnnotationB.java    | 33 +++++++++++++
 .../impl/authorization/util/AnnotationC.java    | 33 +++++++++++++
 .../impl/authorization/util/AnnotationX.java    | 34 +++++++++++++
 .../impl/authorization/util/DirectCycle.java    | 24 ++++++++++
 .../impl/authorization/util/IndirectCycle.java  | 24 ++++++++++
 .../authorization/util/SecurityUtilsTest.java   | 50 ++++++++++++++++++++
 9 files changed, 251 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/deltaspike/blob/f2a3ea4e/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
index bcfc810..edc30e0 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
@@ -34,10 +34,7 @@ import javax.inject.Inject;
 import javax.interceptor.InvocationContext;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 
 /**
  * Authorizer implementation for the {@link @Secured} annotation
@@ -87,8 +84,10 @@ public class SecuredAnnotationAuthorizer
 
         Method method = invocationContext.getMethod();
 
-        result.addAll(SecurityUtils.getAllAnnotations(method.getAnnotations()));
-        result.addAll(SecurityUtils.getAllAnnotations(method.getDeclaringClass().getAnnotations()));
+        result.addAll(SecurityUtils.getAllAnnotations(method.getAnnotations(),
+            new HashSet<Class<? extends Annotation>>()));
+        result.addAll(SecurityUtils.getAllAnnotations(method.getDeclaringClass().getAnnotations(),
+            new HashSet<Class<? extends Annotation>>()));
 
         return result;
     }

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/f2a3ea4e/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/util/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/util/SecurityUtils.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/util/SecurityUtils.java
index 68c3e05..2e06f3d 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/util/SecurityUtils.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/util/SecurityUtils.java
@@ -71,7 +71,8 @@ public abstract class SecurityUtils
             return true;
         }
 
-        List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations());
+        List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations(),
+            new HashSet<Class<? extends Annotation>>());
 
         for (Annotation foundAnnotation : result)
         {
@@ -85,7 +86,8 @@ public abstract class SecurityUtils
 
     public static Annotation resolveSecurityBindingType(Annotation annotation)
     {
-        List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations());
+        List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations(),
+            new HashSet<Class<? extends Annotation>>());
 
         for (Annotation foundAnnotation : result)
         {
@@ -105,7 +107,8 @@ public abstract class SecurityUtils
             return true;
         }
 
-        List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations());
+        List<Annotation> result = getAllAnnotations(annotation.annotationType().getAnnotations(),
+            new HashSet<Class<? extends Annotation>>());
 
         for (Annotation foundAnnotation : result)
         {
@@ -117,7 +120,8 @@ public abstract class SecurityUtils
         return false;
     }
 
-    public static List<Annotation> getAllAnnotations(Annotation[] annotations)
+    public static List<Annotation> getAllAnnotations(Annotation[] annotations,
+                                                     Set<Class<? extends Annotation>> annotationPath)
     {
         List<Annotation> result = new ArrayList<Annotation>();
 
@@ -131,7 +135,12 @@ public abstract class SecurityUtils
             }
 
             result.add(annotation);
-            result.addAll(getAllAnnotations(annotation.annotationType().getAnnotations()));
+
+            if (!annotationPath.contains(annotation.annotationType()))
+            {
+                annotationPath.add(annotation.annotationType());
+                result.addAll(getAllAnnotations(annotation.annotationType().getAnnotations(), annotationPath));
+            }
         }
 
         return result;

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/f2a3ea4e/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationA.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationA.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationA.java
new file mode 100644
index 0000000..c36ff8b
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationA.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.test.security.impl.authorization.util;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Retention(value = RUNTIME)
+@Target({TYPE, ANNOTATION_TYPE } )
+
+@AnnotationC
+public @interface AnnotationA
+{
+}

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/f2a3ea4e/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationB.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationB.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationB.java
new file mode 100644
index 0000000..9b29ae1
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationB.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.test.security.impl.authorization.util;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Retention(value = RUNTIME)
+@Target({ANNOTATION_TYPE } )
+
+@AnnotationA
+public @interface AnnotationB
+{
+}

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/f2a3ea4e/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationC.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationC.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationC.java
new file mode 100644
index 0000000..91481a2
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationC.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.test.security.impl.authorization.util;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Retention(value = RUNTIME)
+@Target({ANNOTATION_TYPE } )
+
+@AnnotationB
+public @interface AnnotationC
+{
+}

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/f2a3ea4e/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationX.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationX.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationX.java
new file mode 100644
index 0000000..2db8eb7
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/AnnotationX.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.test.security.impl.authorization.util;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Retention(value = RUNTIME)
+@Target({TYPE, ANNOTATION_TYPE } )
+
+@AnnotationX
+public @interface AnnotationX
+{
+}

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/f2a3ea4e/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/DirectCycle.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/DirectCycle.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/DirectCycle.java
new file mode 100644
index 0000000..095b6e4
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/DirectCycle.java
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.test.security.impl.authorization.util;
+
+@AnnotationX
+public class DirectCycle
+{
+}

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/f2a3ea4e/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/IndirectCycle.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/IndirectCycle.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/IndirectCycle.java
new file mode 100644
index 0000000..f9a225a
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/IndirectCycle.java
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.test.security.impl.authorization.util;
+
+@AnnotationA
+public class IndirectCycle
+{
+}

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/f2a3ea4e/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/SecurityUtilsTest.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/SecurityUtilsTest.java b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/SecurityUtilsTest.java
new file mode 100644
index 0000000..99263b4
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authorization/util/SecurityUtilsTest.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.test.security.impl.authorization.util;
+
+import org.apache.deltaspike.security.impl.util.SecurityUtils;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.lang.annotation.Annotation;
+import java.util.HashSet;
+import java.util.List;
+
+public class SecurityUtilsTest
+{
+    @Test
+    public void directCycleDetection()
+    {
+        List<Annotation> result = SecurityUtils.getAllAnnotations(
+            DirectCycle.class.getAnnotations(), new HashSet<Class<? extends Annotation>>());
+
+        Assert.assertNotNull(result);
+        Assert.assertEquals(2, result.size());
+    }
+
+    @Test
+    public void indirectCycleDetection()
+    {
+        List<Annotation> result = SecurityUtils.getAllAnnotations(
+            IndirectCycle.class.getAnnotations(), new HashSet<Class<? extends Annotation>>());
+
+        Assert.assertNotNull(result);
+        Assert.assertEquals(4, result.size());
+    }
+}