[jira] Created: (OFBIZ-2381) Implementation of new Authorization API

Implementation of new Authorization API
---------------------------------------

                 Key: OFBIZ-2381
                 URL: https://issues.apache.org/jira/browse/OFBIZ-2381
             Project: OFBiz
          Issue Type: Sub-task
          Components: framework
    Affects Versions: SVN trunk
            Reporter: Andrew Zeneski
            Assignee: Andrew Zeneski
             Fix For: SVN trunk


Implementation of Authorization API (see documentation on parent task)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#action_10855 ]

Andrew Zeneski logged work on OFBIZ-2381:
-----------------------------------------

                Author: Andrew Zeneski
            Created on: 28/Apr/09 10:00 PM
            Start Date: 28/Apr/09 10:00 PM
    Worklog Time Spent: 24h

Issue Time Tracking
-------------------

            Time Spent: 24h
    Remaining Estimate: 24h  (was: 48h)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Zeneski updated OFBIZ-2381:
----------------------------------

    Attachment: security_2_0-api.patch

Initial implementation of the new Authorization API. Includes Dynamic Access Handlers for:

1. Objects implementing the DynamicAccess interface
2. Groovy scripts (using component:// locations)
3. Groovy scripts (on the classpath or compiled)
4. Services (part of securityext)

Adds new table for AutoGrant permission; adds new field to SecurityPermission to set the dynamicAccess implementation.
Adds test cases for testing the functionality

This implementation is almost ready for checkin, but I am going to spend more time testing first. Here is a preview.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704374#action_12704374 ]

Andrew Zeneski commented on OFBIZ-2381:
---------------------------------------

*Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#action_10856 ]

Andrew Zeneski logged work on OFBIZ-2381:
-----------------------------------------

                Author: Andrew Zeneski
            Created on: 29/Apr/09 11:21 PM
            Start Date: 29/Apr/09 11:21 PM
    Worklog Time Spent: 24h

Issue Time Tracking
-------------------

            Time Spent: 48h  (was: 24h)
    Remaining Estimate: 0h  (was: 24h)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704374#action_12704374 ]

Andrew Zeneski edited comment on OFBIZ-2381 at 4/29/09 11:24 PM:
-----------------------------------------------------------------

*Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
Revision 770036 - Added license header
Revision 770076 - Bug fixes, changed groovy context name to permissionContext
Revision 770077 - Integrated (in context setup) with Webslinger


      was (Author: jaz):
    *Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
 
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Zeneski resolved OFBIZ-2381.
-----------------------------------

    Resolution: Fixed

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704374#action_12704374 ]

Andrew Zeneski edited comment on OFBIZ-2381 at 4/30/09 12:15 PM:
-----------------------------------------------------------------

*Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
Revision 770036 - Added license header
Revision 770076 - Bug fixes, changed groovy context name to permissionContext
Revision 770077 - Integrated (in context setup) with Webslinger
Revision 770401 - Removed 'expanded' parameter from API; included new findMatchingPermissions() method

      was (Author: jaz):
    *Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
Revision 770036 - Added license header
Revision 770076 - Bug fixes, changed groovy context name to permissionContext
Revision 770077 - Integrated (in context setup) with Webslinger

 
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704374#action_12704374 ]

Andrew Zeneski edited comment on OFBIZ-2381 at 4/30/09 12:33 PM:
-----------------------------------------------------------------

*Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
Revision 770036 - Added license header
Revision 770076 - Bug fixes, changed groovy context name to permissionContext
Revision 770077 - Integrated (in context setup) with Webslinger
Revision 770401 - Removed 'expanded' parameter from API; included new findMatchingPermissions() method
Revision 770407 - Fixed themes to work the the API change

      was (Author: jaz):
    *Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
Revision 770036 - Added license header
Revision 770076 - Bug fixes, changed groovy context name to permissionContext
Revision 770077 - Integrated (in context setup) with Webslinger
Revision 770401 - Removed 'expanded' parameter from API; included new findMatchingPermissions() method
 
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704374#action_12704374 ]

Andrew Zeneski edited comment on OFBIZ-2381 at 5/1/09 10:50 AM:
----------------------------------------------------------------

*Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
Revision 770036 - Added license header
Revision 770076 - Bug fixes, changed groovy context name to permissionContext
Revision 770077 - Integrated (in context setup) with Webslinger
Revision 770401 - Removed 'expanded' parameter from API; included new findMatchingPermissions() method
Revision 770407 - Fixed themes to work the the API change
Revision 770771 - Fixed issue w/ ThreadLocal not being cleared by a thread pool

      was (Author: jaz):
    *Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
Revision 770036 - Added license header
Revision 770076 - Bug fixes, changed groovy context name to permissionContext
Revision 770077 - Integrated (in context setup) with Webslinger
Revision 770401 - Removed 'expanded' parameter from API; included new findMatchingPermissions() method
Revision 770407 - Fixed themes to work the the API change
 
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704374#action_12704374 ]

Andrew Zeneski edited comment on OFBIZ-2381 at 5/1/09 2:56 PM:
---------------------------------------------------------------

*Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
Revision 770036 - Added license header
Revision 770076 - Bug fixes, changed groovy context name to permissionContext
Revision 770077 - Integrated (in context setup) with Webslinger
Revision 770401 - Removed 'expanded' parameter from API; included new findMatchingPermissions() method
Revision 770407 - Fixed themes to work the the API change
Revision 770771 - Fixed issue w/ ThreadLocal not being cleared by a thread pool
Revision 770836 - Renamed AbtractAuthorization to AbstractAuthorization as it should have been in the first place

      was (Author: jaz):
    *Commit History*

Revision 769928 - Base API - not enabled will not effect anything
Revision 769929 - Ext. API + Test Cases  - Effects only when running tests
Revision 769936 - Service Engine Integration - dispatchContext.getAuthz() - used in check-permission tags
Revision 769937 -  Controller Integration - use request.getAttribute("authz") - ACTIVE IN CoreEvents.java
Revision 769943 - Widget Integration - enabled when NOT using an action="" element
Revision 769944 - Themes Integration - uses both APIs for checking permission
Revision 769963 - Fix for infinite looping when using hasPermission from service based DA implementations
Revision 769965 - MiniLang (Simple Method) integration - enabled when NOT using an action="" element
Revision 770036 - Added license header
Revision 770076 - Bug fixes, changed groovy context name to permissionContext
Revision 770077 - Integrated (in context setup) with Webslinger
Revision 770401 - Removed 'expanded' parameter from API; included new findMatchingPermissions() method
Revision 770407 - Fixed themes to work the the API change
Revision 770771 - Fixed issue w/ ThreadLocal not being cleared by a thread pool
 
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bruno Busco closed OFBIZ-2381.
------------------------------


Changed from "Resolved" to "Closed" since we do not use the "Resolved" issue status

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.