ofbiz-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From adri...@apache.org
Subject svn commit: r894961 [3/4] - in /ofbiz/branches/executioncontext20091231: ./ applications/accounting/ applications/accounting/data/ applications/content/ applications/content/data/ applications/humanres/data/ applications/manufacturing/ applications/man...
Date Fri, 01 Jan 2010 00:38:57 GMT
Added: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java?rev=894961&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java (added)
+++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java Fri Jan  1 00:38:52 2010
@@ -0,0 +1,126 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.context;
+
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Map;
+
+import javolution.util.FastMap;
+
+import org.ofbiz.base.util.Debug;
+import org.ofbiz.service.ThreadContext;
+import org.ofbiz.service.LocalDispatcher;
+import org.ofbiz.service.DispatchContext;
+import org.ofbiz.service.ModelService;
+
+/**
+ * SecurityAwareIterator class. This class decorates an <code>
+ * Iterator</code> instance and filters a list of
+ * <code>Object</code>s based on a set of permission services.
+ * <p>The permission service must implement <code>permissionInterface</code>
+ * and accept an optional <code>candidateObject</code> parameter (parameter
+ * type is <code>java.lang.Object</code>). The service should
+ * return <code>hasPermission = true</code> if the user is granted access
+ * to the <code>candidateObject</code>.</p>
+ */
+public class SecurityAwareIterator<E> implements Iterator<E> {
+
+    public static final String module = SecurityAwareIterator.class.getName();
+    protected final Iterator<E> iterator;
+    protected final Set<String> serviceNameList;
+    protected E nextValue = null;
+
+    public SecurityAwareIterator(Iterator<E> iterator, Set<String> serviceNameList) {
+        this.iterator = iterator;
+        this.serviceNameList = serviceNameList;
+        getNext();
+    }
+
+    protected void getNext() {
+        // Unusual loop for EntityListIterator compatibility
+        E value = null;
+        try {
+            value = this.iterator.next();
+        } catch (Exception e) {}
+        while (value != null) {
+            if (this.hasPermission(value)) {
+                this.nextValue = value;
+                return;
+            }
+            value = null;
+            try {
+                value = this.iterator.next();
+            } catch (Exception e) {}
+        }
+    }
+
+    public boolean hasNext() {
+        return this.nextValue != null;
+    }
+
+    public E next() {
+        E value = this.nextValue;
+        this.nextValue = null;
+        this.getNext();
+        return value;
+    }
+
+    public void remove() {
+        this.iterator.remove();
+    }
+
+    protected boolean hasPermission(E value) {
+        if (ThreadContext.getUserLogin() == null) {
+            // This is here for development purposes
+            return true;
+        }
+        try {
+            LocalDispatcher dispatcher = ThreadContext.getDispatcher();
+            DispatchContext ctx = dispatcher.getDispatchContext();
+            Map<String, ? extends Object> params = ThreadContext.getParameters();
+            for (String serviceName : this.serviceNameList) {
+                ModelService modelService = ctx.getModelService(serviceName);
+                Map<String, Object> context = FastMap.newInstance();
+                if (params != null) {
+                    context.putAll(params);
+                }
+                if (!context.containsKey("userLogin")) {
+                    context.put("userLogin", ThreadContext.getUserLogin());
+                }
+                if (!context.containsKey("locale")) {
+                    context.put("locale", ThreadContext.getLocale());
+                }
+                if (!context.containsKey("timeZone")) {
+                    context.put("timeZone", ThreadContext.getTimeZone());
+                }
+                context.put("candidateObject", value);
+                context = modelService.makeValid(context, ModelService.IN_PARAM);
+                Map<String, Object> result = dispatcher.runSync(serviceName, context);
+                Boolean hasPermission = (Boolean) result.get("hasPermission");
+                if (hasPermission != null && !hasPermission.booleanValue()) {
+                    return false;
+                }
+            }
+        } catch (Exception e) {
+            Debug.logError(e, module);
+        }
+        return true;
+    }
+}

Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareList.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareList.java?rev=894961&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareList.java (added)
+++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareList.java Fri Jan  1 00:38:52 2010
@@ -0,0 +1,52 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.context;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ListIterator;
+import java.util.Set;
+
+/**
+ * SecurityAwareList class.
+ */
+@SuppressWarnings("serial")
+public class SecurityAwareList<E> extends ArrayList<E> implements List<E> {
+
+	protected final static String module = SecurityAwareList.class.getName();
+    protected final Set<String> serviceNameList;
+
+	public SecurityAwareList(List<E> valueList, Set<String> serviceNameList) {
+		super(valueList.size());
+		this.addAll(valueList);
+		this.trimToSize();
+		this.serviceNameList = serviceNameList;
+	}
+
+	@Override
+    public Iterator<E> iterator() {
+        return new SecurityAwareIterator<E>(super.iterator(), this.serviceNameList);
+    }
+
+    @Override
+    public ListIterator<E> listIterator() {
+        return new SecurityAwareListIterator<E>(super.listIterator(), this.serviceNameList);
+    }
+}

Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareList.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareList.java
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareList.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java?rev=894961&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java (added)
+++ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java Fri Jan  1 00:38:52 2010
@@ -0,0 +1,99 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.context;
+
+import java.util.ListIterator;
+import java.util.Set;
+
+/**
+ * SecurityAwareListIterator class.  This class decorates a <code>
+ * ListIterator</code> instance and filters a list of
+ * <code>Object</code>s based on a set of permission services.
+ * <p>The permission service must implement <code>permissionInterface</code>
+ * and accept an optional <code>candidateObject</code> parameter (parameter
+ * type is <code>java.lang.Object</code>). The service should
+ * return <code>hasPermission = true</code> if the user is granted access
+ * to the <code>candidateObject</code>.</p>
+ */
+public class SecurityAwareListIterator<E> extends SecurityAwareIterator<E> implements ListIterator<E> {
+
+    public static final String module = SecurityAwareListIterator.class.getName();
+    protected final ListIterator<E> listIterator;
+    protected E previousValue = null;
+    protected int index = 0;
+
+    public SecurityAwareListIterator(ListIterator<E> iterator, Set<String> serviceNameList) {
+        super(iterator, serviceNameList);
+        this.listIterator = iterator;
+    }
+
+    protected void getPrevious() {
+        // Unusual loop for EntityListIterator compatibility
+        E value = null;
+        try {
+            value = this.listIterator.previous();
+        } catch (Exception e) {}
+        while (value != null) {
+            if (this.hasPermission(value)) {
+                this.index--;
+                this.previousValue = value;
+                return;
+            }
+            value = null;
+            try {
+                value = this.listIterator.previous();
+            } catch (Exception e) {}
+        }
+    }
+
+    public E next() {
+        E value = super.next();
+        if (value != null) {
+            this.index++;
+        }
+        return value;
+    }
+
+    public void add(E o) {
+        this.listIterator.add(o);
+    }
+
+    public boolean hasPrevious() {
+        return this.previousValue != null;
+    }
+
+    public int nextIndex() {
+        return this.index + 1;
+    }
+
+    public E previous() {
+        E value = this.previousValue;
+        this.previousValue = null;
+        this.getPrevious();
+        return value;
+    }
+
+    public int previousIndex() {
+        return this.index - 1;
+    }
+
+    public void set(E o) {
+        this.listIterator.set(o);
+    }
+}

Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: ofbiz/branches/executioncontext20091231/framework/entity/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/entity/build.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/entity/build.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/entity/build.xml Fri Jan  1 00:38:52 2010
@@ -32,6 +32,7 @@
     <path id="local.class.path">
         <fileset dir="${lib.dir}" includes="*.jar"/>
         <fileset dir="${lib.dir}/jdbc" includes="*.jar"/>
+        <fileset dir="../api/build/lib" includes="*.jar"/>
         <fileset dir="../base/lib" includes="*.jar"/>
         <fileset dir="../base/lib/commons" includes="*.jar"/>
         <fileset dir="../base/lib/j2eespecs" includes="*.jar"/>

Added: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ExecutionContext.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ExecutionContext.java?rev=894961&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ExecutionContext.java (added)
+++ ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ExecutionContext.java Fri Jan  1 00:38:52 2010
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.ofbiz.entity;
+
+/**
+ * ExecutionContext Interface. This interface extends the ExecutionContext
+ * interface defined in the <code>base</code> component.
+ */
+public interface ExecutionContext extends org.ofbiz.api.context.ExecutionContext {
+
+	/** Returns the current <code>GenericDelegator</code> instance.
+	 * 
+	 * @return The current <code>GenericDelegator</code> instance
+	 */
+	public Delegator getDelegator();
+
+	/** Clears all user data kept in the <code>ExecutionContext</code>.
+	 * This method is typically called when the user logs out.
+	 */
+	public void clearUserData();
+
+	/** Returns the current userLogin <code>GenericValue</code>.
+	 * 
+	 * @return The current userLogin <code>GenericValue</code>
+	 */
+	public GenericValue getUserLogin();
+
+	/** Sets the current <code>Delegator</code> instance.
+	 * 
+	 * @param delegator The new <code>Delegator</code> instance
+	 */
+	public void setDelegator(Delegator delegator);
+
+    /** Sets the current userLogin <code>GenericValue</code>.
+     * 
+     * @param userLogin The new userLogin <code>GenericValue</code>.
+     */
+	public void setUserLogin(GenericValue userLogin);
+}

Propchange: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ExecutionContext.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ExecutionContext.java
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ExecutionContext.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericDelegator.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericDelegator.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericDelegator.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericDelegator.java Fri Jan  1 00:38:52 2010
@@ -18,6 +18,10 @@
  */
 package org.ofbiz.entity;
 
+import static org.ofbiz.api.authorization.BasicPermissions.Create;
+import static org.ofbiz.api.authorization.BasicPermissions.Delete;
+import static org.ofbiz.api.authorization.BasicPermissions.Update;
+
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.net.URL;
@@ -37,6 +41,7 @@
 import javolution.util.FastList;
 import javolution.util.FastMap;
 
+import org.ofbiz.api.authorization.AccessController;
 import org.ofbiz.base.util.Debug;
 import org.ofbiz.base.util.GeneralRuntimeException;
 import org.ofbiz.base.util.UtilDateTime;
@@ -278,7 +283,12 @@
         GenericDelegator.delegatorCache.put(delegatorName, this);
 
         // setup the crypto class
-        this.crypto = new EntityCrypto(this);
+        try {
+            ThreadContext.runUnprotected();
+            this.crypto = new EntityCrypto(this);
+        } finally {
+            ThreadContext.endRunUnprotected();
+        }
 
         //time to do some tricks with manual class loading that resolves circular dependencies, like calling services...
         ClassLoader loader = Thread.currentThread().getContextClassLoader();
@@ -785,6 +795,8 @@
     public GenericValue create(GenericValue value, boolean doCacheClear) throws GenericEntityException {
         boolean beganTransaction = false;
         try {
+            ThreadContext.pushExecutionArtifact(value);
+            ThreadContext.getAccessController().checkPermission(Create);
             if (alwaysUseTransaction) {
                 beganTransaction = TransactionUtil.begin();
             }
@@ -839,6 +851,7 @@
             // after rolling back, rethrow the exception
             throw e;
         } finally {
+            ThreadContext.popExecutionArtifact();
             // only commit the transaction if we started one... this will throw an exception if it fails
             TransactionUtil.commit(beganTransaction);
         }
@@ -848,6 +861,8 @@
      * @see org.ofbiz.entity.Delegator#createOrStore(org.ofbiz.entity.GenericValue, boolean)
      */
     public GenericValue createOrStore(GenericValue value, boolean doCacheClear) throws GenericEntityException {
+        ThreadContext.pushExecutionArtifact(value);
+        AccessController accessController = ThreadContext.getAccessController();
         boolean beganTransaction = false;
         try {
             if (alwaysUseTransaction) {
@@ -856,8 +871,10 @@
 
             GenericValue checkValue = this.findOne(value.getEntityName(), value.getPrimaryKey(), false);
             if (checkValue != null) {
+                accessController.checkPermission(Update);
                 this.store(value, doCacheClear);
             } else {
+                accessController.checkPermission(Create);
                 this.create(value, doCacheClear);
             }
             if (value.lockEnabled()) {
@@ -877,6 +894,7 @@
             // after rolling back, rethrow the exception
             throw e;
         } finally {
+            ThreadContext.popExecutionArtifact();
             // only commit the transaction if we started one... this will throw an exception if it fails
             TransactionUtil.commit(beganTransaction);
         }
@@ -932,6 +950,8 @@
     public int removeByPrimaryKey(GenericPK primaryKey, boolean doCacheClear) throws GenericEntityException {
         boolean beganTransaction = false;
         try {
+            ThreadContext.pushExecutionArtifact(primaryKey);
+            ThreadContext.getAccessController().checkPermission(Delete);
             if (alwaysUseTransaction) {
                 beganTransaction = TransactionUtil.begin();
             }
@@ -980,6 +1000,7 @@
             // after rolling back, rethrow the exception
             throw e;
         } finally {
+            ThreadContext.popExecutionArtifact();
             // only commit the transaction if we started one... this will throw an exception if it fails
             TransactionUtil.commit(beganTransaction);
         }
@@ -999,6 +1020,8 @@
         // NOTE: this does not call the GenericDelegator.removeByPrimaryKey method because it has more information to pass to the ECA rule hander
         boolean beganTransaction = false;
         try {
+            ThreadContext.pushExecutionArtifact(value);
+            ThreadContext.getAccessController().checkPermission(Delete);
             if (alwaysUseTransaction) {
                 beganTransaction = TransactionUtil.begin();
             }
@@ -1095,6 +1118,8 @@
     public int removeByCondition(String entityName, EntityCondition condition, boolean doCacheClear) throws GenericEntityException {
         boolean beganTransaction = false;
         try {
+            ThreadContext.pushExecutionArtifact("GenericDelegator.removeByCondition", entityName);
+            ThreadContext.getAccessController().checkPermission(Delete);
             if (alwaysUseTransaction) {
                 beganTransaction = TransactionUtil.begin();
             }
@@ -1132,6 +1157,7 @@
             // after rolling back, rethrow the exception
             throw e;
         } finally {
+            ThreadContext.popExecutionArtifact();
             // only commit the transaction if we started one... this will throw an exception if it fails
             TransactionUtil.commit(beganTransaction);
         }
@@ -1206,6 +1232,8 @@
     public int storeByCondition(String entityName, Map<String, ? extends Object> fieldsToSet, EntityCondition condition, boolean doCacheClear) throws GenericEntityException {
         boolean beganTransaction = false;
         try {
+            ThreadContext.pushExecutionArtifact("GenericDelegator.storeByCondition", entityName);
+            ThreadContext.getAccessController().checkPermission(Update);
             if (alwaysUseTransaction) {
                 beganTransaction = TransactionUtil.begin();
             }
@@ -1243,6 +1271,7 @@
             // after rolling back, rethrow the exception
             throw e;
         } finally {
+            ThreadContext.popExecutionArtifact();
             // only commit the transaction if we started one... this will throw an exception if it fails
             TransactionUtil.commit(beganTransaction);
         }
@@ -1261,6 +1290,8 @@
     public int store(GenericValue value, boolean doCacheClear) throws GenericEntityException {
         boolean beganTransaction = false;
         try {
+            ThreadContext.pushExecutionArtifact(value);
+            ThreadContext.getAccessController().checkPermission(Update);
             if (alwaysUseTransaction) {
                 beganTransaction = TransactionUtil.begin();
             }
@@ -1314,6 +1345,7 @@
             // after rolling back, rethrow the exception
             throw e;
         } finally {
+            ThreadContext.popExecutionArtifact();
             // only commit the transaction if we started one... this will throw an exception if it fails
             TransactionUtil.commit(beganTransaction);
         }
@@ -1703,7 +1735,7 @@
             }
 
             this.decryptFields(results);
-            return results;
+            return ThreadContext.getAccessController().applyFilters(results);
         } catch (GenericEntityException e) {
             String errMsg = "Failure in findAllByPrimaryKeys operation, rolling back transaction";
             Debug.logError(e, errMsg, module);
@@ -1770,7 +1802,7 @@
             }
 
             this.decryptFields(results);
-            return results;
+            return ThreadContext.getAccessController().applyFilters(results);
         } catch (GenericEntityException e) {
             String errMsg = "Failure in findAllByPrimaryKeysCache operation, rolling back transaction";
             Debug.logError(e, errMsg, module);
@@ -2116,7 +2148,10 @@
         eli.setDelegator(this);
 
         ecaRunner.evalRules(EntityEcaHandler.EV_RETURN, EntityEcaHandler.OP_FIND, dummyValue, false);
-        return eli;
+        ThreadContext.pushExecutionArtifact(modelEntity);
+        ListIterator<GenericValue> li = ThreadContext.getAccessController().applyFilters((ListIterator<GenericValue>) eli);
+        ThreadContext.popExecutionArtifact();
+        return (EntityListIterator) li;
     }
 
     /* (non-Javadoc)
@@ -2136,6 +2171,9 @@
 
             List<GenericValue> cacheList = this.cache.get(entityName, entityCondition, orderBy);
             if (cacheList != null) {
+                ThreadContext.pushExecutionArtifact("GenericDelegator.findList", entityName);
+                cacheList = ThreadContext.getAccessController().applyFilters(cacheList);
+                ThreadContext.popExecutionArtifact();
                 return cacheList;
             }
         }
@@ -2155,6 +2193,9 @@
                 ecaRunner.evalRules(EntityEcaHandler.EV_CACHE_PUT, EntityEcaHandler.OP_FIND, dummyValue, false);
                 this.cache.put(entityName, entityCondition, orderBy, list);
             }
+            ThreadContext.pushExecutionArtifact("GenericDelegator.findList", entityName);
+            list = ThreadContext.getAccessController().applyFilters(list);
+            ThreadContext.popExecutionArtifact();
             return list;
         } catch (GenericEntityException e) {
             String errMsg = "Failure in findByCondition operation for entity [" + entityName + "]: " + e.toString() + ". Rolling back transaction.";
@@ -2198,6 +2239,9 @@
                 havingEntityCondition, fieldsToSelect, orderBy, findOptions);
         eli.setDelegator(this);
         //TODO: add decrypt fields
+        ThreadContext.pushExecutionArtifact("GenericDelegator.findListIteratorByCondition", modelViewEntity.getEntityName());
+        eli = (EntityListIterator) ThreadContext.getAccessController().applyFilters(eli);
+        ThreadContext.popExecutionArtifact();
         return eli;
     }
 

Modified: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericEntity.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericEntity.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericEntity.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericEntity.java Fri Jan  1 00:38:52 2010
@@ -38,6 +38,7 @@
 import javolution.util.FastList;
 import javolution.util.FastMap;
 
+import org.ofbiz.api.context.ExecutionArtifact;
 import org.ofbiz.base.crypto.HashCrypt;
 import org.ofbiz.base.util.Base64;
 import org.ofbiz.base.util.Debug;
@@ -67,7 +68,8 @@
  * <code>Observer</code>.
  *
  */
-public class GenericEntity extends Observable implements Map<String, Object>, LocalizedMap<Object>, Serializable, Comparable<GenericEntity>, Cloneable, Reusable {
+@SuppressWarnings("serial")
+public class GenericEntity extends Observable implements Map<String, Object>, LocalizedMap<Object>, Serializable, Comparable<GenericEntity>, Cloneable, Reusable, ExecutionArtifact {
 
     public static final String module = GenericEntity.class.getName();
     public static final GenericEntity NULL_ENTITY = new NullGenericEntity();
@@ -202,6 +204,14 @@
         this.internalDelegator = value.internalDelegator;
     }
 
+    public String getLocation() {
+        return this.modelEntity.getLocation();
+    }
+
+    public String getName() {
+        return this.entityName;
+    }
+
     public void reset() {
         // from GenericEntity
         this.delegatorName = null;
@@ -284,7 +294,6 @@
     /** Get the GenericDelegator instance that created this value object and that is responsible for it.
      *@return GenericDelegator object
      */
-    @SuppressWarnings("deprecation")
     public Delegator getDelegator() {
         if (internalDelegator == null) {
             if (delegatorName == null) delegatorName = "default";

Added: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ThreadContext.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ThreadContext.java?rev=894961&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ThreadContext.java (added)
+++ ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ThreadContext.java Fri Jan  1 00:38:52 2010
@@ -0,0 +1,51 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.entity;
+
+/** A convenience class for accessing the current thread's <code>ExecutionContext</code>.
+ * @see {@link org.ofbiz.entity.ExecutionContext} 
+ */
+public class ThreadContext extends org.ofbiz.api.context.ThreadContext {
+
+    protected static final String module = ThreadContext.class.getName();
+
+    public static void clearUserData() {
+        getExecutionContext().clearUserData();
+    }
+
+    public static Delegator getDelegator() {
+        return getExecutionContext().getDelegator();
+    }
+
+    protected static ExecutionContext getExecutionContext() {
+        return (ExecutionContext) executionContext.get();
+    }
+
+    public static GenericValue getUserLogin() {
+        return getExecutionContext().getUserLogin();
+    }
+
+    public static void setDelegator(Delegator delegator) {
+        getExecutionContext().setDelegator(delegator);
+    }
+
+    public static void setUserLogin(GenericValue userLogin) {
+        getExecutionContext().setUserLogin(userLogin);
+    }
+}

Propchange: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ThreadContext.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ThreadContext.java
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ThreadContext.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java Fri Jan  1 00:38:52 2010
@@ -33,6 +33,7 @@
 import javolution.util.FastList;
 import javolution.util.FastMap;
 
+import org.ofbiz.api.context.ExecutionArtifact;
 import org.ofbiz.base.util.Debug;
 import org.ofbiz.base.util.GeneralException;
 import org.ofbiz.base.util.ObjectType;
@@ -56,7 +57,7 @@
  *
  */
 @SuppressWarnings("serial")
-public class ModelEntity extends ModelInfo implements Comparable<ModelEntity>, Serializable {
+public class ModelEntity extends ModelInfo implements Comparable<ModelEntity>, Serializable, ExecutionArtifact {
 
     public static final String module = ModelEntity.class.getName();
 
@@ -312,6 +313,10 @@
         return this.entityName;
     }
 
+    public String getName() {
+        return this.entityName;
+    }
+
     public void setEntityName(String entityName) {
         this.entityName = entityName;
     }

Modified: ofbiz/branches/executioncontext20091231/framework/entityext/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/entityext/build.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/entityext/build.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/entityext/build.xml Fri Jan  1 00:38:52 2010
@@ -30,6 +30,7 @@
     <property name="ofbiz.home.dir" value="../.."/>
 
     <path id="local.class.path">
+        <fileset dir="../api/build/lib" includes="*.jar"/>
         <fileset dir="../base/lib" includes="*.jar"/>
         <fileset dir="../base/lib/j2eespecs" includes="*.jar"/>
         <fileset dir="../base/build/lib" includes="*.jar"/>

Modified: ofbiz/branches/executioncontext20091231/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java Fri Jan  1 00:38:52 2010
@@ -42,6 +42,7 @@
 import org.ofbiz.entity.model.ModelEntity;
 import org.ofbiz.entity.util.EntityDataLoader;
 import org.ofbiz.service.ServiceDispatcher;
+import org.ofbiz.service.ThreadContext;
 
 
 /**
@@ -376,15 +377,24 @@
             }
 
             Debug.logImportant("=-=-=-=-=-=-= Starting the data load...", module);
-
-            for (URL dataUrl: urlList) {
-                try {
-                    int rowsChanged = EntityDataLoader.loadData(dataUrl, helperName, delegator, errorMessages, txTimeout, useDummyFks, maintainTxs, tryInserts);
-                    totalRowsChanged += rowsChanged;
-                    infoMessages.add(changedFormat.format(rowsChanged) + " of " + changedFormat.format(totalRowsChanged) + " from " + dataUrl.toExternalForm());
-                } catch (GenericEntityException e) {
-                    Debug.logError(e, "Error loading data file: " + dataUrl.toExternalForm(), module);
+            try {
+                // Set up the execution context
+                ThreadContext.runUnprotected();
+                ThreadContext.setDelegator(delegator);
+                ThreadContext.pushExecutionArtifact(module, "EntityDataLoad");
+                for (URL dataUrl: urlList) {
+                    try {
+                        int rowsChanged = EntityDataLoader.loadData(dataUrl, helperName, delegator, errorMessages, txTimeout, useDummyFks, maintainTxs, tryInserts);
+                        totalRowsChanged += rowsChanged;
+                        infoMessages.add(changedFormat.format(rowsChanged) + " of " + changedFormat.format(totalRowsChanged) + " from " + dataUrl.toExternalForm());
+                    } catch (GenericEntityException e) {
+                        Debug.logError(e, "Error loading data file: " + dataUrl.toExternalForm(), module);
+                    }
                 }
+            } finally {
+                ThreadContext.popExecutionArtifact();
+                ThreadContext.endRunUnprotected();
+
             }
         } else {
             Debug.logImportant("=-=-=-=-=-=-= No data load files found.", module);

Modified: ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml Fri Jan  1 00:38:52 2010
@@ -31,4 +31,24 @@
     <SecurityGroupPermission groupId="FLEXADMIN" permissionId="EXAMPLE_VIEW"/>
     <SecurityGroupPermission groupId="VIEWADMIN" permissionId="EXAMPLE_VIEW"/>
     <SecurityGroupPermission groupId="BIZADMIN" permissionId="EXAMPLE_ADMIN"/>
+
+    <ArtifactPath artifactPath="ofbiz/example" description="Example Application"/>
+    <ArtifactPath artifactPath="ofbiz/exampleext" description="Extended Example Application"/>
+
+    <!-- Data needed to get users logged in -->
+    <ArtifactPath artifactPath="ofbiz/example/getUserPreferenceGroup" description="Example Application - getUserPreferenceGroup service"/>
+    <ArtifactPath artifactPath="ofbiz/example/login" description="Example Application - Login screen"/>
+    <ArtifactPath artifactPath="ofbiz/example/ServerHit" description="Example Application - Server hit"/>
+    <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/getUserPreferenceGroup" permissionValue="access=true"/>
+    <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/login" permissionValue="access=true"/>
+    <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/login" permissionValue="view=true"/>
+    <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/example/ServerHit" permissionValue="create=true"/>
+
+    <!-- Data needed for the transition to security-aware artifacts. As each webapp
+         is converted over to the new security design, the corresponding admin
+         permission should be removed. -->
+
+<!--     <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/example" permissionValue="admin=true"/> -->
+    <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/exampleext" permissionValue="admin=true"/>
+
 </entity-engine-xml>

Modified: ofbiz/branches/executioncontext20091231/framework/minilang/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/minilang/build.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/minilang/build.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/minilang/build.xml Fri Jan  1 00:38:52 2010
@@ -31,6 +31,7 @@
 
     <path id="local.class.path">
         <!-- <fileset dir="${lib.dir}" includes="*.jar"/> -->
+        <fileset dir="../api/build/lib" includes="*.jar"/>
         <fileset dir="../base/lib" includes="*.jar"/>
         <fileset dir="../base/lib/j2eespecs" includes="*.jar"/>
         <fileset dir="../base/lib/scripting" includes="*.jar"/>

Modified: ofbiz/branches/executioncontext20091231/framework/security/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/security/build.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/security/build.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/security/build.xml Fri Jan  1 00:38:52 2010
@@ -31,6 +31,7 @@
 
     <path id="local.class.path">
         <!--<fileset dir="${lib.dir}" includes="*.jar"/>-->
+        <fileset dir="../api/build/lib" includes="*.jar"/>
         <fileset dir="../base/lib" includes="*.jar"/>
         <fileset dir="../base/lib/j2eespecs" includes="*.jar"/>
         <fileset dir="../base/build/lib" includes="*.jar"/>

Modified: ofbiz/branches/executioncontext20091231/framework/security/config/security.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/security/config/security.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/security/config/security.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/security/config/security.xml Fri Jan  1 00:38:52 2010
@@ -20,7 +20,7 @@
 
 <security-config>
     <!-- This is the default implementation and uses the OFBizSecurity implementation as its default -->
-    <security name="default"/>
+    <security name="default" class="org.ofbiz.context.AuthorizationManagerImpl"/>
 
     <!-- This is an example custom implementation and uses the class name specified as security implementation -->
     <!--

Modified: ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml Fri Jan  1 00:38:52 2010
@@ -57,4 +57,22 @@
     <UserLoginSecurityGroup groupId="FULLADMIN" userLoginId="system" fromDate="2001-01-01 12:00:00.0"/>
     <!-- Anonymous UserLogin is referenced by services in various components -->
     <UserLogin userLoginId="anonymous" enabled="N"/>
+
+    <!-- Data needed to bootstrap the security-aware artifacts -->
+
+    <UserLogin userLoginId="NOT_LOGGED_IN" enabled="N" isSystem="N"/>
+    <UserGroup groupId="OFBIZ_USERS" description="All OFBiz users"/>
+    <ArtifactPath artifactPath="ofbiz" description="The artifact path root"/>
+    <ArtifactPermission permissionValue="access=true" description="Access granted"/>
+    <ArtifactPermission permissionValue="admin=true" description="Admin access granted"/>
+    <ArtifactPermission permissionValue="create=true" description="Create access granted"/>
+    <ArtifactPermission permissionValue="create=false" description="Create access denied"/>
+    <ArtifactPermission permissionValue="delete=true" description="Delete access granted"/>
+    <ArtifactPermission permissionValue="delete=false" description="Delete access denied"/>
+    <ArtifactPermission permissionValue="update=true" description="Update access granted"/>
+    <ArtifactPermission permissionValue="update=false" description="Update access denied"/>
+    <ArtifactPermission permissionValue="view=true" description="View access granted"/>
+    <ArtifactPermission permissionValue="view=false" description="View access denied"/>
+    <UserToArtifactPermRel userLoginId="system" artifactPath="ofbiz" permissionValue="admin=true"/>
+
 </entity-engine-xml>

Modified: ofbiz/branches/executioncontext20091231/framework/security/entitydef/entitymodel.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/security/entitydef/entitymodel.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/security/entitydef/entitymodel.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/security/entitydef/entitymodel.xml Fri Jan  1 00:38:52 2010
@@ -247,4 +247,115 @@
       <prim-key field="viewNameId"/>
       <prim-key field="userLoginId"/>
     </entity>
+
+  <!-- ========================================================= -->
+  <!-- org.ofbiz.security.artifactsecurity -->
+  <!-- ========================================================= -->
+
+    <entity entity-name="UserGroup"
+            package-name="org.ofbiz.security.artifactsecurity"
+            default-resource-name="SecurityEntityLabels"
+            title="Security Component - User Group Entity">
+      <field name="groupId" type="id-ne"/>
+      <field name="description" type="description"/>
+      <prim-key field="groupId"/>
+    </entity>
+
+    <entity entity-name="UserGroupRelationship"
+            package-name="org.ofbiz.security.artifactsecurity"
+            default-resource-name="SecurityEntityLabels"
+            title="Security Component - User Group-To-User Group Relationship Entity">
+      <field name="fromGroupId" type="id-ne">
+          <description>The parent user group</description>
+      </field>
+      <field name="toGroupId" type="id-ne">
+          <description>The child user group</description>
+      </field>
+      <prim-key field="fromGroupId"/>
+      <prim-key field="toGroupId"/>
+      <relation type="one" fk-name="UGR_FROM_GROUP" rel-entity-name="UserGroup">
+        <key-map field-name="fromGroupId" rel-field-name="groupId"/>
+      </relation>
+      <relation type="one" fk-name="UGR_TO_GROUP" rel-entity-name="UserGroup">
+        <key-map field-name="toGroupId" rel-field-name="groupId"/>
+      </relation>
+    </entity>
+
+    <entity entity-name="UserToUserGroupRel"
+            package-name="org.ofbiz.security.artifactsecurity"
+            default-resource-name="SecurityEntityLabels"
+            title="Security Component - User-To-User Group Relationship Entity">
+      <field name="groupId" type="id-ne"/>
+      <field name="userLoginId" type="id-vlong-ne"/>
+      <prim-key field="groupId"/>
+      <prim-key field="userLoginId"/>
+      <relation type="one" fk-name="UTUGR_GROUP" rel-entity-name="UserGroup">
+        <key-map field-name="groupId"/>
+      </relation>
+      <relation type="one" fk-name="UTUGR_USER_LOGIN" rel-entity-name="UserLogin">
+        <key-map field-name="userLoginId"/>
+      </relation>
+    </entity>
+
+    <entity entity-name="ArtifactPermission"
+            package-name="org.ofbiz.security.artifactsecurity"
+            title="Security Component - Artifact Permission Entity">
+      <field name="permissionValue" type="id-long-ne">
+          <description>The permission value: create=true, service=checkPermission, filter=someFilter</description>
+      </field>
+      <field name="description" type="description"/>
+      <prim-key field="permissionValue"/>
+    </entity>
+
+    <entity entity-name="ArtifactPath"
+            package-name="org.ofbiz.security.artifactsecurity"
+            default-resource-name="SecurityEntityLabels"
+            title="Security Component - Artifact Path Entity">
+      <field name="artifactPath" type="id-vlong-ne"/>
+      <field name="description" type="description"/>
+      <prim-key field="artifactPath"/>
+    </entity>
+
+    <entity entity-name="UserToArtifactPermRel"
+            package-name="org.ofbiz.security.artifactsecurity"
+            default-resource-name="SecurityEntityLabels"
+            title="Security Component - User-To-Artifact Permission Relationship Entity">
+      <field name="userLoginId" type="id-vlong-ne"/>
+      <field name="artifactPath" type="id-vlong-ne"/>
+      <field name="permissionValue" type="id-long-ne"/>
+      <prim-key field="userLoginId"/>
+      <prim-key field="artifactPath"/>
+      <prim-key field="permissionValue"/>
+      <relation type="one" fk-name="UAP_USER_LOGIN" rel-entity-name="UserLogin">
+        <key-map field-name="userLoginId"/>
+      </relation>
+      <relation type="one" fk-name="UAP_ARTFCT_PATH" rel-entity-name="ArtifactPath">
+        <key-map field-name="artifactPath"/>
+      </relation>
+      <relation type="one" fk-name="UAP_ARTFCT_PERM" rel-entity-name="ArtifactPermission">
+        <key-map field-name="permissionValue"/>
+      </relation>
+    </entity>
+
+    <entity entity-name="UserGrpToArtifactPermRel"
+            package-name="org.ofbiz.security.artifactsecurity"
+            default-resource-name="SecurityEntityLabels"
+            title="Security Component - User Group-To-Artifact Permission Relationship Entity">
+      <field name="groupId" type="id-ne"/>
+      <field name="artifactPath" type="id-vlong-ne"/>
+      <field name="permissionValue" type="id-long-ne"/>
+      <prim-key field="groupId"/>
+      <prim-key field="artifactPath"/>
+      <prim-key field="permissionValue"/>
+      <relation type="one" fk-name="UGAP_USER_GROUP" rel-entity-name="UserGroup">
+        <key-map field-name="groupId"/>
+      </relation>
+      <relation type="one" fk-name="UGAP_ARTFCT_PATH" rel-entity-name="ArtifactPath">
+        <key-map field-name="artifactPath"/>
+      </relation>
+      <relation type="one" fk-name="UGAP_ARTFCT_PERM" rel-entity-name="ArtifactPermission">
+        <key-map field-name="permissionValue"/>
+      </relation>
+    </entity>
+
 </entitymodel>

Modified: ofbiz/branches/executioncontext20091231/framework/security/src/org/ofbiz/security/authz/AuthorizationFactory.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/security/src/org/ofbiz/security/authz/AuthorizationFactory.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/security/src/org/ofbiz/security/authz/AuthorizationFactory.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/security/src/org/ofbiz/security/authz/AuthorizationFactory.java Fri Jan  1 00:38:52 2010
@@ -66,7 +66,8 @@
         synchronized (AuthorizationFactory.class) {
             try {
                 ClassLoader loader = Thread.currentThread().getContextClassLoader();
-                Class c = loader.loadClass(getAuthorizationClass(securityName));
+//                Class c = loader.loadClass(getAuthorizationClass(securityName));
+                Class c = loader.loadClass(DEFAULT_AUTHORIZATION);
                 security = (Authorization) c.newInstance();
                 security.setDelegator(delegator);
             } catch (ClassNotFoundException cnf) {

Modified: ofbiz/branches/executioncontext20091231/framework/service/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/service/build.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/service/build.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/service/build.xml Fri Jan  1 00:38:52 2010
@@ -31,6 +31,7 @@
 
     <path id="local.class.path">
         <fileset dir="${lib.dir}" includes="*.jar"/>
+        <fileset dir="../api/build/lib" includes="*.jar"/>
         <fileset dir="../base/lib" includes="*.jar"/>
         <fileset dir="../base/lib/commons" includes="*.jar"/>
         <fileset dir="../base/lib/j2eespecs" includes="*.jar"/>

Added: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ExecutionContext.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ExecutionContext.java?rev=894961&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ExecutionContext.java (added)
+++ ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ExecutionContext.java Fri Jan  1 00:38:52 2010
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.ofbiz.service;
+
+import org.ofbiz.service.LocalDispatcher;
+
+/**
+ * ExecutionContext Interface. This interface extends the ExecutionContext
+ * interface defined in the <code>security</code> component.
+ */
+public interface ExecutionContext extends org.ofbiz.entity.ExecutionContext {
+
+	/** Returns the current <code>LocalDispatcher</code> instance.
+	 * 
+	 * @return The current <code>LocalDispatcher</code> instance
+	 */
+	public LocalDispatcher getDispatcher();
+
+	/** Sets the current <code>LocalDispatcher</code> instance.
+	 * 
+	 * @param dispatcher The new <code>LocalDispatcher</code> instance
+	 */
+	public void setDispatcher(LocalDispatcher dispatcher);
+}

Propchange: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ExecutionContext.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ExecutionContext.java
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ExecutionContext.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ModelService.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ModelService.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ModelService.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ModelService.java Fri Jan  1 00:38:52 2010
@@ -59,6 +59,7 @@
 import javolution.util.FastList;
 import javolution.util.FastMap;
 
+import org.ofbiz.api.context.ExecutionArtifact;
 import org.ofbiz.base.util.Debug;
 import org.ofbiz.base.util.GeneralException;
 import org.ofbiz.base.util.ObjectType;
@@ -81,7 +82,7 @@
  * Generic Service Model Class
  */
 @SuppressWarnings("serial")
-public class ModelService extends AbstractMap<String, Object> implements Serializable {
+public class ModelService extends AbstractMap<String, Object> implements Serializable, ExecutionArtifact {
     private static final Field[] MODEL_SERVICE_FIELDS;
     private static final Map<String, Field> MODEL_SERVICE_FIELD_MAP = FastMap.newInstance();
     static {
@@ -250,6 +251,13 @@
         return null;
     }
 
+    public String getLocation() {
+        return this.definitionLocation;
+    }
+
+    public String getName() {
+        return this.name;
+    }
     private final class ModelServiceMapEntry implements Map.Entry<String, Object> {
         private final Field field;
 

Modified: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ServiceDispatcher.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ServiceDispatcher.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ServiceDispatcher.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ServiceDispatcher.java Fri Jan  1 00:38:52 2010
@@ -18,6 +18,8 @@
  *******************************************************************************/
 package org.ofbiz.service;
 
+import static org.ofbiz.api.authorization.BasicPermissions.Access;
+
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@@ -296,6 +298,18 @@
         // start the transaction
         boolean beganTrans = false;
         try {
+            ThreadContext.initializeContext(context);
+            ThreadContext.pushExecutionArtifact(modelService, context);
+            boolean permissionService = false;
+            for (ModelServiceIface iface: modelService.implServices) {
+                if ("permissionInterface".equals(iface.getService())) {
+                    permissionService = true;
+                    break;
+                }
+            }
+            if (!permissionService) {
+                ThreadContext.getAccessController().checkPermission(Access);
+            }
             //Debug.logInfo("=========================== " + modelService.name + " 1 tx status =" + TransactionUtil.getStatusString() + ", modelService.requireNewTransaction=" + modelService.requireNewTransaction + ", modelService.useTransaction=" + modelService.useTransaction + ", TransactionUtil.isTransactionInPlace()=" + TransactionUtil.isTransactionInPlace(), module);
             if (modelService.useTransaction) {
                 if (TransactionUtil.isTransactionInPlace()) {
@@ -561,6 +575,7 @@
             Debug.logError(te, "Problems with the transaction", module);
             throw new GenericServiceException("Problems with the transaction.", te.getNested());
         } finally {
+            ThreadContext.popExecutionArtifact();
             // release the semaphore lock
             if (lock != null) {
                 lock.release();

Added: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ThreadContext.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ThreadContext.java?rev=894961&view=auto
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ThreadContext.java (added)
+++ ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ThreadContext.java Fri Jan  1 00:38:52 2010
@@ -0,0 +1,41 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *******************************************************************************/
+package org.ofbiz.service;
+
+
+/** A convenience class for accessing the current thread's <code>ExecutionContext</code>.
+ * @see {@link org.ofbiz.service.ExecutionContext} 
+ */
+public class ThreadContext extends org.ofbiz.entity.ThreadContext {
+
+    protected static final String module = ThreadContext.class.getName();
+
+    public static LocalDispatcher getDispatcher() {
+        return getExecutionContext().getDispatcher();
+    }
+
+    protected static ExecutionContext getExecutionContext() {
+        return (ExecutionContext) executionContext.get();
+    }
+
+    public static void setDispatcher(LocalDispatcher dispatcher) {
+        getExecutionContext().setDispatcher(dispatcher);
+    }
+
+}

Propchange: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ThreadContext.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ThreadContext.java
------------------------------------------------------------------------------
    svn:keywords = "Date Rev Author URL Id"

Propchange: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ThreadContext.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/GenericServiceJob.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/GenericServiceJob.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/GenericServiceJob.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/GenericServiceJob.java Fri Jan  1 00:38:52 2010
@@ -25,6 +25,7 @@
 import org.ofbiz.service.GenericRequester;
 import org.ofbiz.service.LocalDispatcher;
 import org.ofbiz.service.ModelService;
+import org.ofbiz.service.ThreadContext;
 
 /**
  * Generic Service Job - A generic async-service Job.
@@ -61,13 +62,22 @@
      */
     @Override
     public void exec() throws InvalidJobException {
-        init();
-
+        ThreadContext.reset();
+        try {
+            ThreadContext.runUnprotected();
+            ThreadContext.pushExecutionArtifact(module, "ServiceJob");
+            init();
+        } finally {
+            ThreadContext.endRunUnprotected();
+        }
         // no transaction is necessary since runSync handles this
         try {
+            ThreadContext.setDispatcher(this.dctx.getDispatcher());
+            Map<String, Object> serviceCtx = getContext();
+            ThreadContext.initializeContext(serviceCtx);
             // get the dispatcher and invoke the service via runSync -- will run all ECAs
             LocalDispatcher dispatcher = dctx.getDispatcher();
-            Map<String, Object> result = dispatcher.runSync(getServiceName(), getContext());
+            Map<String, Object> result = dispatcher.runSync(getServiceName(), serviceCtx);
 
             // check for a failure
             boolean isError = ModelService.RESPOND_ERROR.equals(result.get(ModelService.RESPONSE_MESSAGE));
@@ -88,6 +98,8 @@
 
             // call the failed method
             this.failed(t);
+        } finally {
+            ThreadContext.popExecutionArtifact();
         }
 
         // call the finish method

Modified: ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/JobPoller.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/JobPoller.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/JobPoller.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/JobPoller.java Fri Jan  1 00:38:52 2010
@@ -25,6 +25,7 @@
 import javolution.util.FastMap;
 
 import org.ofbiz.base.util.Debug;
+import org.ofbiz.service.ThreadContext;
 import org.ofbiz.service.config.ServiceConfigUtil;
 
 /**
@@ -84,6 +85,8 @@
             java.lang.Thread.sleep(30000);
         } catch (InterruptedException e) {
         }
+        ThreadContext.runUnprotected();
+        ThreadContext.pushExecutionArtifact(module, "JobPoller");
         while (isRunning) {
             try {
                 // grab a list of jobs to run.
@@ -103,6 +106,7 @@
                 stop();
             }
         }
+        ThreadContext.popExecutionArtifact();
     }
 
     /**

Modified: ofbiz/branches/executioncontext20091231/framework/webapp/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/webapp/build.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/webapp/build.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/webapp/build.xml Fri Jan  1 00:38:52 2010
@@ -31,6 +31,7 @@
 
     <path id="local.class.path">
         <fileset dir="${lib.dir}" includes="*.jar"/>
+        <fileset dir="../api/build/lib" includes="*.jar"/>
         <fileset dir="../base/lib" includes="*.jar"/>
         <fileset dir="../base/lib/commons" includes="*.jar"/>
         <fileset dir="../base/lib/j2eespecs" includes="*.jar"/>

Modified: ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java Fri Jan  1 00:38:52 2010
@@ -31,6 +31,7 @@
 
 import org.apache.bsf.BSFManager;
 
+import org.ofbiz.api.authorization.AuthorizationManager;
 import org.ofbiz.base.util.Debug;
 import org.ofbiz.base.util.UtilGenerics;
 import org.ofbiz.base.util.UtilHttp;
@@ -46,6 +47,7 @@
 import org.ofbiz.security.Security;
 import org.ofbiz.security.authz.Authorization;
 import org.ofbiz.service.LocalDispatcher;
+import org.ofbiz.service.ThreadContext;
 import org.ofbiz.webapp.stats.ServerHitBin;
 import org.ofbiz.webapp.stats.VisitHandler;
 
@@ -149,6 +151,10 @@
         if (Debug.verboseOn())
             Debug.logVerbose("Control Path: " + request.getAttribute("_CONTROL_PATH_"), module);
 
+        ThreadContext.reset();
+        ThreadContext.setLocale(UtilHttp.getLocale(request));
+        ThreadContext.setUserLogin(userLogin);
+        
         // for convenience, and necessity with event handlers, make security and delegator available in the request:
         // try to get it from the session first so that we can have a delegator/dispatcher/security for a certain user if desired
         Delegator delegator = null;
@@ -165,6 +171,7 @@
             request.setAttribute("delegator", delegator);
             // always put this in the session too so that session events can use the delegator
             session.setAttribute("delegatorName", delegator.getDelegatorName());
+            ThreadContext.setDelegator(delegator);
         }
 
         LocalDispatcher dispatcher = (LocalDispatcher) session.getAttribute("dispatcher");
@@ -173,6 +180,8 @@
         }
         if (dispatcher == null) {
             Debug.logError("[ControlServlet] ERROR: dispatcher not found in ServletContext", module);
+        } else {
+            ThreadContext.setDispatcher(dispatcher);
         }
         request.setAttribute("dispatcher", dispatcher);
 
@@ -185,12 +194,14 @@
         }
         request.setAttribute("authz", authz); // maybe we should also add the value to 'security'
         
-        Security security = (Security) session.getAttribute("security");
+        AuthorizationManager security = (AuthorizationManager) session.getAttribute("security");
         if (security == null) {
-            security = (Security) getServletContext().getAttribute("security");
+            security = (AuthorizationManager) getServletContext().getAttribute("security");
         }
         if (security == null) {
             Debug.logError("[ControlServlet] ERROR: security not found in ServletContext", module);
+        } else {
+            ThreadContext.setSecurity(security);
         }
         request.setAttribute("security", security);
 
@@ -309,6 +320,7 @@
             Debug.logError("Error in ControlServlet output where response isCommitted and there is no session (probably because of a logout); not saving ServerHit/Bin information because there is no session and as the response isCommitted we can't get a new one. The output was successful, but we just can't save ServerHit/Bin info.", module);
         } else {
             try {
+                ThreadContext.pushExecutionArtifact(module, webappName);
                 UtilHttp.setInitialRequestInfo(request);
                 VisitHandler.getVisitor(request, response);
                 if (requestHandler.trackStats(request)) {
@@ -316,6 +328,8 @@
                 }
             } catch (Throwable t) {
                 Debug.logError(t, "Error in ControlServlet saving ServerHit/Bin information; the output was successful, but can't save this tracking information. The error was: " + t.toString(), module);
+            } finally {
+                ThreadContext.popExecutionArtifact();
             }
         }
         if (Debug.timingOn()) timer.timerString("[" + rname + "] Request Done", module);

Modified: ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Fri Jan  1 00:38:52 2010
@@ -65,6 +65,7 @@
 import org.ofbiz.service.LocalDispatcher;
 import org.ofbiz.service.ModelService;
 import org.ofbiz.service.ServiceUtil;
+import org.ofbiz.service.ThreadContext;
 import org.ofbiz.webapp.stats.VisitHandler;
 
 /**
@@ -485,11 +486,6 @@
         HttpSession session = request.getSession();
 
         Delegator delegator = (Delegator) request.getAttribute("delegator");
-        Security security = (Security) request.getAttribute("security");
-
-        if (security != null && userLogin != null) {
-            security.clearUserData(userLogin);
-        }
 
         // set the logged out flag
         LoginWorker.setLoggedOut(userLogin.getString("userLoginId"), delegator);
@@ -508,6 +504,13 @@
         if (currCatalog != null) session.setAttribute("CURRENT_CATALOG_ID", currCatalog);
         if (delegatorName != null) session.setAttribute("delegatorName", delegatorName);
         // DON'T save the cart, causes too many problems: if (shoppingCart != null) session.setAttribute("shoppingCart", new WebShoppingCart(shoppingCart, session));
+
+        // Must be done last
+        Security security = (Security) request.getAttribute("security");
+        if (security != null && userLogin != null) {
+            security.clearUserData(userLogin);
+        }
+        ThreadContext.clearUserData();
     }
 
     public static String autoLoginSet(HttpServletRequest request, HttpServletResponse response) {

Modified: ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Fri Jan  1 00:38:52 2010
@@ -49,6 +49,7 @@
 import org.ofbiz.entity.Delegator;
 import org.ofbiz.entity.GenericEntityException;
 import org.ofbiz.entity.GenericValue;
+import org.ofbiz.service.ThreadContext;
 import org.ofbiz.webapp.event.EventFactory;
 import org.ofbiz.webapp.event.EventHandler;
 import org.ofbiz.webapp.event.EventHandlerException;
@@ -142,6 +143,9 @@
             throw new RequestHandlerException(requestMissingErrorMessage);
         }
 
+        Locale locale = ThreadContext.getLocale();
+        ThreadContext.pushExecutionArtifact(UtilHttp.getFullRequestUrl(request).toString(), cname, UtilHttp.getParameterMap(request));
+        
         String eventReturn = null;
         boolean interruptRequest = false;
 
@@ -180,7 +184,6 @@
                 // If the request method was POST then return an error to avoid problems with XSRF where the request may have come from another machine/program and had the same session ID but was not encrypted as it should have been (we used to let it pass to not lose data since it was too late to protect that data anyway)
                 if (request.getMethod().equalsIgnoreCase("POST")) {
                     // we can't redirect with the body parameters, and for better security from XSRF, just return an error message
-                    Locale locale = UtilHttp.getLocale(request);
                     String errMsg = UtilProperties.getMessage("WebappUiLabels", "requestHandler.InsecureFormPostToSecureRequest", locale);
                     Debug.logError("Got a insecure (non-https) form POST to a secure (http) request [" + requestMap.uri + "], returning error", module);
 
@@ -274,6 +277,7 @@
                 if (visit != null) {
                     for (ConfigXMLReader.Event event: controllerConfig.firstVisitEventList.values()) {
                         try {
+                            ThreadContext.pushExecutionArtifact(event.path, event.invoke);
                             String returnString = this.runEvent(request, response, event, null, "firstvisit");
                             if (returnString != null && !returnString.equalsIgnoreCase("success")) {
                                 throw new EventHandlerException("First-Visit event did not return 'success'.");
@@ -282,6 +286,8 @@
                             }
                         } catch (EventHandlerException e) {
                             Debug.logError(e, module);
+                        } finally {
+                            ThreadContext.popExecutionArtifact();
                         }
                     }
                 }
@@ -290,6 +296,7 @@
             // Invoke the pre-processor (but NOT in a chain)
             for (ConfigXMLReader.Event event: controllerConfig.preprocessorEventList.values()) {
                 try {
+                    ThreadContext.pushExecutionArtifact(event.path, event.invoke);
                     String returnString = this.runEvent(request, response, event, null, "preprocessor");
                     if (returnString != null && !returnString.equalsIgnoreCase("success")) {
                         if (!returnString.contains(":_protect_:")) {
@@ -314,6 +321,8 @@
                     }
                 } catch (EventHandlerException e) {
                     Debug.logError(e, module);
+                } finally {
+                    ThreadContext.popExecutionArtifact();
                 }
             }
         }
@@ -322,6 +331,7 @@
         // Warning: this could cause problems if more then one event attempts to return a response.
         if (interruptRequest) {
             if (Debug.infoOn()) Debug.logInfo("[Pre-Processor Interrupted Request, not running: [" + requestMap.uri + "], sessionId=" + UtilHttp.getSessionId(request), module);
+            ThreadContext.popExecutionArtifact();
             return;
         }
 
@@ -338,9 +348,12 @@
             String checkLoginReturnString = null;
 
             try {
+                ThreadContext.pushExecutionArtifact(checkLoginEvent.path, checkLoginEvent.invoke);
                 checkLoginReturnString = this.runEvent(request, response, checkLoginEvent, null, "security-auth");
             } catch (EventHandlerException e) {
                 throw new RequestHandlerException(e.getMessage(), e);
+            } finally {
+                ThreadContext.popExecutionArtifact();
             }
             if (!"success".equalsIgnoreCase(checkLoginReturnString)) {
                 // previous URL already saved by event, so just do as the return says...
@@ -368,6 +381,7 @@
         if (eventReturn == null && requestMap.event != null) {
             if (requestMap.event.type != null && requestMap.event.path != null && requestMap.event.invoke != null) {
                 try {
+                    ThreadContext.pushExecutionArtifact(requestMap.event.path, requestMap.event.invoke);
                     long eventStartTime = System.currentTimeMillis();
 
                     // run the request event
@@ -387,12 +401,13 @@
                     // check to see if there is an "error" response, if so go there and make an request error message
                     if (requestMap.requestResponseMap.containsKey("error")) {
                         eventReturn = "error";
-                        Locale locale = UtilHttp.getLocale(request);
                         String errMsg = UtilProperties.getMessage("WebappUiLabels", "requestHandler.error_call_event", locale);
                         request.setAttribute("_ERROR_MESSAGE_", errMsg + ": " + e.toString());
                     } else {
                         throw new RequestHandlerException("Error calling event and no error response was specified", e);
                     }
+                } finally {
+                    ThreadContext.popExecutionArtifact();
                 }
             }
         }
@@ -470,6 +485,7 @@
 
                 // the old/uglier way: doRequest(request, response, previousRequest, userLogin, delegator);
 
+                ThreadContext.popExecutionArtifact();
                 // this is needed as the request handled will be taking care of the view, etc
                 return;
             }
@@ -519,12 +535,15 @@
             // first invoke the post-processor events.
             for (ConfigXMLReader.Event event: controllerConfig.postprocessorEventList.values()) {
                 try {
+                    ThreadContext.pushExecutionArtifact(event.path, event.invoke);
                     String returnString = this.runEvent(request, response, event, requestMap, "postprocessor");
                     if (returnString != null && !returnString.equalsIgnoreCase("success")) {
                         throw new EventHandlerException("Post-Processor event did not return 'success'.");
                     }
                 } catch (EventHandlerException e) {
                     Debug.logError(e, module);
+                } finally {
+                    ThreadContext.popExecutionArtifact();
                 }
             }
 
@@ -619,6 +638,7 @@
                 if (Debug.verboseOn()) Debug.logVerbose("[RequestHandler.doRequest]: Response is handled by the event." + " sessionId=" + UtilHttp.getSessionId(request), module);
             }
         }
+        ThreadContext.popExecutionArtifact();
     }
 
     /** Find the event handler and invoke an event. */
@@ -1092,12 +1112,15 @@
     public void runAfterLoginEvents(HttpServletRequest request, HttpServletResponse response) {
         for (ConfigXMLReader.Event event: getControllerConfig().afterLoginEventList.values()) {
             try {
+                ThreadContext.pushExecutionArtifact(event.path, event.invoke);
                 String returnString = this.runEvent(request, response, event, null, "after-login");
                 if (returnString != null && !returnString.equalsIgnoreCase("success")) {
                     throw new EventHandlerException("Pre-Processor event did not return 'success'.");
                 }
             } catch (EventHandlerException e) {
                 Debug.logError(e, module);
+            } finally {
+                ThreadContext.popExecutionArtifact();
             }
         }
     }
@@ -1105,12 +1128,15 @@
     public void runBeforeLogoutEvents(HttpServletRequest request, HttpServletResponse response) {
         for (ConfigXMLReader.Event event: getControllerConfig().beforeLogoutEventList.values()) {
             try {
+                ThreadContext.pushExecutionArtifact(event.path, event.invoke);
                 String returnString = this.runEvent(request, response, event, null, "before-logout");
                 if (returnString != null && !returnString.equalsIgnoreCase("success")) {
                     throw new EventHandlerException("Pre-Processor event did not return 'success'.");
                 }
             } catch (EventHandlerException e) {
                 Debug.logError(e, module);
+            } finally {
+                ThreadContext.popExecutionArtifact();
             }
         }
     }

Modified: ofbiz/branches/executioncontext20091231/framework/webtools/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/webtools/build.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/webtools/build.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/webtools/build.xml Fri Jan  1 00:38:52 2010
@@ -31,6 +31,7 @@
 
     <path id="local.class.path">
         <!--<fileset dir="${lib.dir}" includes="*.jar"/>-->
+        <fileset dir="../api/build/lib" includes="*.jar"/>
         <fileset dir="../base/lib" includes="*.jar"/>
         <fileset dir="../base/lib/commons" includes="*.jar"/>
         <fileset dir="../base/lib/j2eespecs" includes="*.jar"/>

Modified: ofbiz/branches/executioncontext20091231/framework/webtools/data/WebtoolsSecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/webtools/data/WebtoolsSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/webtools/data/WebtoolsSecurityData.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/webtools/data/WebtoolsSecurityData.xml Fri Jan  1 00:38:52 2010
@@ -94,4 +94,13 @@
     <SecurityGroupPermission groupId="FLEXADMIN" permissionId="UTIL_DEBUG_VIEW"/>
     <SecurityGroupPermission groupId="VIEWADMIN" permissionId="UTIL_CACHE_VIEW"/>
     <SecurityGroupPermission groupId="VIEWADMIN" permissionId="UTIL_DEBUG_VIEW"/>
+
+    <ArtifactPath artifactPath="ofbiz/webtools" description="Webtools Application"/>
+
+    <!-- Data needed for the transition to security-aware artifacts. As each webapp
+         is converted over to the new security design, the corresponding admin
+         permission should be removed. -->
+
+    <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/webtools" permissionValue="admin=true"/>
+
 </entity-engine-xml>

Modified: ofbiz/branches/executioncontext20091231/framework/widget/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/widget/build.xml?rev=894961&r1=894960&r2=894961&view=diff
==============================================================================
--- ofbiz/branches/executioncontext20091231/framework/widget/build.xml (original)
+++ ofbiz/branches/executioncontext20091231/framework/widget/build.xml Fri Jan  1 00:38:52 2010
@@ -31,6 +31,7 @@
 
     <path id="local.class.path">
         <!-- <fileset dir="${lib.dir}" includes="*.jar"/> -->
+        <fileset dir="../api/build/lib" includes="*.jar"/>
         <fileset dir="../base/lib" includes="*.jar"/>
         <fileset dir="../base/lib/commons" includes="*.jar"/>
         <fileset dir="../base/lib/j2eespecs" includes="*.jar"/>



Mime
View raw message