Author: jaz
Date: Fri Jan 5 12:42:51 2007 New Revision: 493185 URL: http://svn.apache.org/viewvc?view=rev&rev=493185 Log: implemeted: 1) default values for service parameters; when default-value is set, it becomes optional, if no value is passed, the defined default value is used. 2) implemented new interface for custom service security Changed JobManager finalize() method to shutdown() since calling finalize() is not recommended in java Added: ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ServiceSecurity.java (with props) Modified: ofbiz/trunk/framework/service/dtd/services.xsd ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelParam.java ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermGroup.java ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java ofbiz/trunk/framework/service/src/org/ofbiz/service/job/JobManager.java Modified: ofbiz/trunk/framework/service/dtd/services.xsd URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/dtd/services.xsd?view=diff&rev=493185&r1=493184&r2=493185 ============================================================================== --- ofbiz/trunk/framework/service/dtd/services.xsd (original) +++ ofbiz/trunk/framework/service/dtd/services.xsd Fri Jan 5 12:42:51 2007 @@ -113,6 +113,7 @@ <xs:sequence> <xs:element minOccurs="0" maxOccurs="unbounded" ref="check-permission"/> <xs:element minOccurs="0" maxOccurs="unbounded" ref="check-role-member"/> + <xs:element minOccurs="0" maxOccurs="unbounded" ref="service-security"/> </xs:sequence> <xs:attributeGroup ref="attlist.required-permissions"/> </xs:complexType> @@ -144,6 +145,15 @@ <xs:attributeGroup name="attlist.check-role-member"> <xs:attribute type="xs:string" name="role-type" use="required"/> </xs:attributeGroup> + <xs:element name="service-security"> + <xs:complexType> + <xs:attributeGroup ref="attlist.service-security"/> + </xs:complexType> + </xs:element> + <xs:attributeGroup name="attlist.service-security"> + <xs:attribute type="xs:string" name="name" use="required"/> + <xs:attribute type="xs:string" name="class" use="required"/> + </xs:attributeGroup> <xs:element name="implements"> <xs:complexType> <xs:attributeGroup ref="attlist.implements"/> @@ -242,6 +252,7 @@ </xs:restriction> </xs:simpleType> </xs:attribute> + <xs:attribute type="xs:string" name="default-value"/> <xs:attribute type="xs:string" name="form-label"/> <xs:attribute type="xs:string" name="entity-name"/> <xs:attribute type="xs:string" name="field-name"/> @@ -286,6 +297,7 @@ </xs:restriction> </xs:simpleType> </xs:attribute> + <xs:attribute type="xs:string" name="default-value"/> <xs:attribute type="xs:string" name="form-label"/> <xs:attribute name="form-display"> <xs:simpleType> Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelParam.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelParam.java?view=diff&rev=493185&r1=493184&r2=493185 ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelParam.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelParam.java Fri Jan 5 12:42:51 2007 @@ -59,6 +59,9 @@ /** Validation methods */ public List validators; + /** Default value */ + public Object defaultValue; + /** Is this Parameter required or optional? Default to false, or required */ public boolean optional = false; public boolean overrideOptional = false; @@ -82,6 +85,7 @@ this.stringMapPrefix = param.stringMapPrefix; this.stringListSuffix = param.stringListSuffix; this.validators = param.validators; + this.defaultValue = param.defaultValue; this.optional = param.optional; this.overrideOptional = param.overrideOptional; this.formDisplay = param.formDisplay; @@ -106,26 +110,25 @@ } public boolean equals(ModelParam model) { - if (model.name.equals(this.name)) - return true; - return false; + return model.name.equals(this.name); } public String toString() { StringBuffer buf = new StringBuffer(); - buf.append(name + "::"); - buf.append(type + "::"); - buf.append(mode + "::"); - buf.append(formLabel + "::"); - buf.append(entityName + "::"); - buf.append(fieldName + "::"); - buf.append(stringMapPrefix + "::"); - buf.append(stringListSuffix + "::"); - buf.append(validators.toString() + "::"); - buf.append(optional + "::"); - buf.append(overrideOptional + "::"); - buf.append(formDisplay + "::"); - buf.append(overrideFormDisplay + "::"); + buf.append(name).append("::"); + buf.append(type).append("::"); + buf.append(mode).append("::"); + buf.append(formLabel).append("::"); + buf.append(entityName).append("::"); + buf.append(fieldName).append("::"); + buf.append(stringMapPrefix).append("::"); + buf.append(stringListSuffix).append("::"); + buf.append(validators.toString()).append("::"); + buf.append(optional).append("::"); + buf.append(overrideOptional).append("::"); + buf.append(formDisplay).append("::"); + buf.append(overrideFormDisplay).append("::"); + buf.append(defaultValue).append("::"); buf.append(internal); return buf.toString(); } Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermGroup.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermGroup.java?view=diff&rev=493185&r1=493184&r2=493185 ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermGroup.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermGroup.java Fri Jan 5 12:42:51 2007 @@ -21,6 +21,7 @@ import java.util.List; import java.util.Iterator; import java.util.LinkedList; +import java.util.Map; import java.io.Serializable; /** @@ -36,13 +37,13 @@ public List permissions = new LinkedList(); public String joinType; - public boolean evalPermissions(Security security, GenericValue userLogin) { + public boolean evalPermissions(DispatchContext dctx, Map context) { if (permissions != null && permissions.size() > 0) { boolean foundOne = false; Iterator i = permissions.iterator(); while (i.hasNext()) { ModelPermission perm = (ModelPermission) i.next(); - if (perm.evalPermission(security, userLogin)) { + if (perm.evalPermission(dctx, context)) { foundOne = true; } else { if (joinType.equals(PERM_JOIN_AND)) { Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java?view=diff&rev=493185&r1=493184&r2=493185 ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelPermission.java Fri Jan 5 12:42:51 2007 @@ -22,8 +22,11 @@ import org.ofbiz.security.Security; import org.ofbiz.base.util.UtilMisc; import org.ofbiz.base.util.Debug; +import org.ofbiz.base.util.ObjectType; +import org.ofbiz.service.security.ServiceSecurity; import java.util.List; +import java.util.Map; import java.io.Serializable; /** @@ -36,24 +39,30 @@ public static final int PERMISSION = 1; public static final int ENTITY_PERMISSION = 2; public static final int ROLE_MEMBER = 3; + public static final int CUSTOM = 4; public ModelService serviceModel = null; public int permissionType = 0; public String nameOrRole = null; public String action = null; + public String clazz = null; - public boolean evalPermission(Security security, GenericValue userLogin) { + public boolean evalPermission(DispatchContext dctx, Map context) { + GenericValue userLogin = (GenericValue) context.get("userLogin"); + Security security = dctx.getSecurity(); if (userLogin == null) { Debug.logInfo("Secure service requested with no userLogin object", module); return false; } switch (permissionType) { - case 1: + case PERMISSION: return evalSimplePermission(security, userLogin); - case 2: + case ENTITY_PERMISSION: return evalEntityPermission(security, userLogin); - case 3: + case ROLE_MEMBER: return evalRoleMember(userLogin); + case CUSTOM: + return evalCustomPermission(dctx, context); default: Debug.logWarning("Invalid permission type [" + permissionType + "] for permission named : " + nameOrRole + " on service : " + serviceModel.name, module); return false; @@ -99,5 +108,22 @@ } } return false; + } + + private boolean evalCustomPermission(DispatchContext dctx, Map context) { + Object obj; + try { + obj = ObjectType.getInstance(clazz); + } catch (Exception e) { + Debug.logError(e, module); + return false; + } + + if (obj != null && (obj instanceof ServiceSecurity)) { + ServiceSecurity sec = (ServiceSecurity) obj; + return sec.hasPermission(dctx, context); + } else { + return false; + } } } Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java?view=diff&rev=493185&r1=493184&r2=493185 ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelService.java Fri Jan 5 12:42:51 2007 @@ -171,23 +171,23 @@ public String toString() { StringBuffer buf = new StringBuffer(); buf.append(name).append("::"); - buf.append(description + "::"); - buf.append(engineName + "::"); - buf.append(nameSpace + "::"); - buf.append(location + "::"); - buf.append(invoke + "::"); - buf.append(defaultEntityName + "::"); - buf.append(auth + "::"); - buf.append(export + "::"); - buf.append(validate + "::"); - buf.append(useTransaction + "::"); - buf.append(requireNewTransaction + "::"); - buf.append(transactionTimeout + "::"); - buf.append(implServices + "::"); - buf.append(overrideParameters + "::"); - buf.append(contextInfo + "::"); - buf.append(contextParamList + "::"); - buf.append(inheritedParameters + "::"); + buf.append(description).append("::"); + buf.append(engineName).append("::"); + buf.append(nameSpace).append("::"); + buf.append(location).append("::"); + buf.append(invoke).append("::"); + buf.append(defaultEntityName).append("::"); + buf.append(auth).append("::"); + buf.append(export).append("::"); + buf.append(validate).append("::"); + buf.append(useTransaction).append("::"); + buf.append(requireNewTransaction).append("::"); + buf.append(transactionTimeout).append("::"); + buf.append(implServices).append("::"); + buf.append(overrideParameters).append("::"); + buf.append(contextInfo).append("::"); + buf.append(contextParamList).append("::"); + buf.append(inheritedParameters).append("::"); return buf.toString(); } @@ -285,6 +285,22 @@ return nameList; } + public void updateDefaultValues(Map context, String mode) { + List params = this.getModelParamList(); + if (params != null) { + Iterator i = params.iterator(); + while (i.hasNext()) { + ModelParam param = (ModelParam) i.next(); + if ("INOUT".equals(param.mode) || mode.equals(param.mode)) { + if (param.defaultValue != null && context.get(param.name) == null) { + context.put(param.name, param.defaultValue); + Debug.log("Set default value for parameter: " + param.name, module); + } + } + } + } + } + /** * Validates a Map against the IN or OUT parameter information * @param test The Map object to test @@ -729,16 +745,16 @@ /** * Evaluates permissions for a service. - * @param security The security object to use for permission checking - * @param userLogin The logged in user's value object + * @param dctx DispatchContext from the invoked service + * @param context Map containing userLogin infromation * @return true if all permissions evaluate true. */ - public boolean evalPermissions(Security security, GenericValue userLogin) { + public boolean evalPermissions(DispatchContext dctx, Map context) { if (this.containsPermissions()) { Iterator i = this.permissionGroups.iterator(); while (i.hasNext()) { ModelPermGroup group = (ModelPermGroup) i.next(); - if (!group.evalPermissions(security, userLogin)) { + if (!group.evalPermissions(dctx, context)) { return false; } } Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java?view=diff&rev=493185&r1=493184&r2=493185 ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ModelServiceReader.java Fri Jan 5 12:42:51 2007 @@ -30,11 +30,7 @@ import org.ofbiz.base.config.GenericConfigException; import org.ofbiz.base.config.ResourceHandler; -import org.ofbiz.base.util.Debug; -import org.ofbiz.base.util.GeneralException; -import org.ofbiz.base.util.UtilTimer; -import org.ofbiz.base.util.UtilValidate; -import org.ofbiz.base.util.UtilXml; +import org.ofbiz.base.util.*; import org.ofbiz.base.util.cache.UtilCache; import org.ofbiz.entity.GenericDelegator; import org.ofbiz.entity.GenericEntityException; @@ -377,6 +373,7 @@ protected void createPermissions(Element baseElement, ModelPermGroup group, ModelService service) { List permElements = UtilXml.childElementList(baseElement, "check-permission"); List rolePermElements = UtilXml.childElementList(baseElement, "check-role-member"); + List serviceSecurity = UtilXml.childElementList(baseElement, "service-security"); // create the simple permissions Iterator si = permElements.iterator(); @@ -404,6 +401,18 @@ perm.serviceModel = service; group.permissions.add(perm); } + + // create the custom permissions + Iterator ci = serviceSecurity.iterator(); + while (ci.hasNext()) { + Element element = (Element) ci.next(); + ModelPermission perm = new ModelPermission(); + perm.permissionType = ModelPermission.CUSTOM; + perm.nameOrRole = element.getAttribute("name"); + perm.clazz = element.getAttribute("class"); + perm.serviceModel = service; + group.permissions.add(perm); + } } protected void createImplDefs(Element baseElement, ModelService service) { @@ -525,6 +534,13 @@ param.formLabel = attribute.hasAttribute("form-label")?attribute.getAttribute("form-label"):null; param.optional = "true".equalsIgnoreCase(attribute.getAttribute("optional")); // default to true param.formDisplay = !"false".equalsIgnoreCase(attribute.getAttribute("form-display")); // default to false + + // default value + String defValue = attribute.getAttribute("default-value"); + if (UtilValidate.isNotEmpty(defValue)) { + param.defaultValue = this.convertDefaultValue(service.name, param.name, param.type, defValue); + param.optional = true; + } // set the entity name to the default if not specified if (param.entityName.length() == 0) { @@ -644,9 +660,16 @@ param.optional = "true".equalsIgnoreCase(attribute.getAttribute("optional")); // default to true param.overrideOptional = true; } - if (attribute.getAttribute("form-display") != null && attribute.getAttribute("form-display").length() > 0) { + if (attribute.getAttribute("form-display") != null && attribute.getAttribute("form-display").length() > 0) { param.formDisplay = !"false".equalsIgnoreCase(attribute.getAttribute("form-display")); // default to false param.overrideFormDisplay = true; + } + + // default value + String defValue = attribute.getAttribute("default-value"); + if (UtilValidate.isNotEmpty(defValue)) { + param.defaultValue = this.convertDefaultValue(service.name, param.name, param.type, defValue); + param.optional = true; } // override validators @@ -709,5 +732,17 @@ } return document; + } + + protected Object convertDefaultValue(String serviceName, String name, String type, String value) { + Object converted; + try { + converted = ObjectType.simpleTypeConvert(value, type, null, null, false); + } catch (Exception e) { + Debug.logWarning("Service [" + serviceName + "] attribute [" + name + "] default value could not be converted to type [" + type + "]", module); + return value; + } + + return converted; } } Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java?view=diff&rev=493185&r1=493184&r2=493185 ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ServiceDispatcher.java Fri Jan 5 12:42:51 2007 @@ -135,13 +135,13 @@ * @return A reference to this global ServiceDispatcher */ public static ServiceDispatcher getInstance(String name, DispatchContext context, GenericDelegator delegator) { - ServiceDispatcher sd = null; + ServiceDispatcher sd; String dispatcherKey = delegator != null ? delegator.getDelegatorName() : "null"; sd = (ServiceDispatcher) dispatchers.get(dispatcherKey); if (sd == null) { synchronized (ServiceDispatcher.class) { - if (Debug.verboseOn()) Debug.logVerbose("[ServiceDispatcher.getInstance] : No instance found (" + delegator.getDelegatorName() + ").", module); + if (Debug.verboseOn()) Debug.logVerbose("[ServiceDispatcher.getInstance] : No instance found (" + dispatcherKey + ").", module); sd = (ServiceDispatcher) dispatchers.get(dispatcherKey); if (sd == null) { sd = new ServiceDispatcher(delegator); @@ -262,6 +262,9 @@ DispatchContext ctx = (DispatchContext) localContext.get(localName); GenericEngine engine = this.getGenericEngine(modelService.engineName); + // setup default IN values + modelService.updateDefaultValues(context, ModelService.IN_PARAM); + Map ecaContext = null; // for isolated transactions @@ -351,6 +354,9 @@ // copy all results: don't worry parameters that aren't allowed won't be passed to the ECA services ecaContext.putAll(result); + // setup default OUT values + modelService.updateDefaultValues(context, ModelService.OUT_PARAM); + // validate the result if (modelService.validate && validateOut) { // pre-out-validate ECA @@ -692,7 +698,7 @@ // shutdown JMS listeners jlf.closeListeners(); // shutdown the job scheduler - jm.finalize(); + jm.shutdown(); } // checks if parameters were passed for authentication @@ -751,8 +757,7 @@ // evaluate permissions for the service or throw exception if fail. DispatchContext dctx = this.getLocalContext(localName); - GenericValue userLogin = (GenericValue) context.get("userLogin"); - if (!origService.evalPermissions(dctx.getSecurity(), userLogin)) { + if (!origService.evalPermissions(dctx, context)) { throw new ServiceAuthException("You do not have permission to invoke this service"); } @@ -774,9 +779,7 @@ // invoke the service and get the UserLogin value object Map result = engine.runSync(localName, model, context); - GenericValue value = (GenericValue) result.get("userLogin"); - - return value; + return (GenericValue) result.get("userLogin"); } // checks the locale object in the context @@ -830,7 +833,7 @@ private synchronized int runStartupServices() { if (jm == null) return 0; - Element root = null; + Element root; try { root = ServiceConfigUtil.getXmlRootElement(); } catch (GenericConfigException e) { @@ -852,7 +855,7 @@ sendToPool = ServiceConfigUtil.getSendPool(); } - long runtimeDelay = 0; + long runtimeDelay; try { runtimeDelay = Long.parseLong(delayStr); } catch (Exception e) { Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/job/JobManager.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/job/JobManager.java?view=diff&rev=493185&r1=493184&r2=493185 ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/job/JobManager.java (original) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/job/JobManager.java Fri Jan 5 12:42:51 2007 @@ -440,12 +440,17 @@ } /** Close out the scheduler thread. */ - public void finalize() { + public void shutdown() { if (jp != null) { jp.stop(); jp = null; Debug.logInfo("JobManager: Stopped Scheduler Thread.", module); } + } + + public void finalize() throws Throwable { + this.shutdown(); + super.finalize(); } /** gets the recurrence info object for a job. */ Added: ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ServiceSecurity.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ServiceSecurity.java?view=auto&rev=493185 ============================================================================== --- ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ServiceSecurity.java (added) +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ServiceSecurity.java Fri Jan 5 12:42:51 2007 @@ -0,0 +1,30 @@ +/* + * Copyright 2001-2007 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ + +package org.ofbiz.service.security; + +import org.ofbiz.service.DispatchContext; +import org.ofbiz.service.GenericServiceException; + +import java.util.Map; + +/** + * ServiceSecurity + */ +public interface ServiceSecurity { + + public boolean hasPermission(DispatchContext dctx, Map context); +} Propchange: ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ServiceSecurity.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ServiceSecurity.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ServiceSecurity.java ------------------------------------------------------------------------------ svn:mime-type = text/plain |
Ummm... maybe we should discuss some of these design ideas before too many more go into SVN... Some of the ones from the last few days have been on the border as to whether I like them or not in the form implemented, but this one is over the line. Requiring a java method for custom service security isn't so cool IMO. In general too slowing the pace a little bit and discussing things would be really helpful to keep things flowing smoothly. Unfortunately these are the good ol' days of OFBiz framework development where there weren't that many consequences for making these sorts of changes, or side stepping and changing things that weren't so pretty on the first pass. -David On Jan 5, 2007, at 1:42 PM, [hidden email] wrote: > Author: jaz > Date: Fri Jan 5 12:42:51 2007 > New Revision: 493185 > > URL: http://svn.apache.org/viewvc?view=rev&rev=493185 > Log: > implemeted: > > 1) default values for service parameters; when default-value is > set, it becomes optional, if no value is passed, the defined > default value is used. > > 2) implemented new interface for custom service security > > Changed JobManager finalize() method to shutdown() since calling > finalize() is not recommended in java > > Added: > ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ > ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ > ServiceSecurity.java (with props) > Modified: > ofbiz/trunk/framework/service/dtd/services.xsd > ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelParam.java > ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelPermGroup.java > ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelPermission.java > ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelService.java > ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelServiceReader.java > ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ServiceDispatcher.java > ofbiz/trunk/framework/service/src/org/ofbiz/service/job/ > JobManager.java > > Modified: ofbiz/trunk/framework/service/dtd/services.xsd > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/dtd/ > services.xsd?view=diff&rev=493185&r1=493184&r2=493185 > ====================================================================== > ======== > --- ofbiz/trunk/framework/service/dtd/services.xsd (original) > +++ ofbiz/trunk/framework/service/dtd/services.xsd Fri Jan 5 > 12:42:51 2007 > @@ -113,6 +113,7 @@ > <xs:sequence> > <xs:element minOccurs="0" maxOccurs="unbounded" > ref="check-permission"/> > <xs:element minOccurs="0" maxOccurs="unbounded" > ref="check-role-member"/> > + <xs:element minOccurs="0" maxOccurs="unbounded" > ref="service-security"/> > </xs:sequence> > <xs:attributeGroup ref="attlist.required-permissions"/> > </xs:complexType> > @@ -144,6 +145,15 @@ > <xs:attributeGroup name="attlist.check-role-member"> > <xs:attribute type="xs:string" name="role-type" > use="required"/> > </xs:attributeGroup> > + <xs:element name="service-security"> > + <xs:complexType> > + <xs:attributeGroup ref="attlist.service-security"/> > + </xs:complexType> > + </xs:element> > + <xs:attributeGroup name="attlist.service-security"> > + <xs:attribute type="xs:string" name="name" use="required"/> > + <xs:attribute type="xs:string" name="class" use="required"/> > + </xs:attributeGroup> > <xs:element name="implements"> > <xs:complexType> > <xs:attributeGroup ref="attlist.implements"/> > @@ -242,6 +252,7 @@ > </xs:restriction> > </xs:simpleType> > </xs:attribute> > + <xs:attribute type="xs:string" name="default-value"/> > <xs:attribute type="xs:string" name="form-label"/> > <xs:attribute type="xs:string" name="entity-name"/> > <xs:attribute type="xs:string" name="field-name"/> > @@ -286,6 +297,7 @@ > </xs:restriction> > </xs:simpleType> > </xs:attribute> > + <xs:attribute type="xs:string" name="default-value"/> > <xs:attribute type="xs:string" name="form-label"/> > <xs:attribute name="form-display"> > <xs:simpleType> > > Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelParam.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/ > org/ofbiz/service/ModelParam.java? > view=diff&rev=493185&r1=493184&r2=493185 > ====================================================================== > ======== > --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelParam.java (original) > +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelParam.java Fri Jan 5 12:42:51 2007 > @@ -59,6 +59,9 @@ > /** Validation methods */ > public List validators; > > + /** Default value */ > + public Object defaultValue; > + > /** Is this Parameter required or optional? Default to false, > or required */ > public boolean optional = false; > public boolean overrideOptional = false; > @@ -82,6 +85,7 @@ > this.stringMapPrefix = param.stringMapPrefix; > this.stringListSuffix = param.stringListSuffix; > this.validators = param.validators; > + this.defaultValue = param.defaultValue; > this.optional = param.optional; > this.overrideOptional = param.overrideOptional; > this.formDisplay = param.formDisplay; > @@ -106,26 +110,25 @@ > } > > public boolean equals(ModelParam model) { > - if (model.name.equals(this.name)) > - return true; > - return false; > + return model.name.equals(this.name); > } > > public String toString() { > StringBuffer buf = new StringBuffer(); > - buf.append(name + "::"); > - buf.append(type + "::"); > - buf.append(mode + "::"); > - buf.append(formLabel + "::"); > - buf.append(entityName + "::"); > - buf.append(fieldName + "::"); > - buf.append(stringMapPrefix + "::"); > - buf.append(stringListSuffix + "::"); > - buf.append(validators.toString() + "::"); > - buf.append(optional + "::"); > - buf.append(overrideOptional + "::"); > - buf.append(formDisplay + "::"); > - buf.append(overrideFormDisplay + "::"); > + buf.append(name).append("::"); > + buf.append(type).append("::"); > + buf.append(mode).append("::"); > + buf.append(formLabel).append("::"); > + buf.append(entityName).append("::"); > + buf.append(fieldName).append("::"); > + buf.append(stringMapPrefix).append("::"); > + buf.append(stringListSuffix).append("::"); > + buf.append(validators.toString()).append("::"); > + buf.append(optional).append("::"); > + buf.append(overrideOptional).append("::"); > + buf.append(formDisplay).append("::"); > + buf.append(overrideFormDisplay).append("::"); > + buf.append(defaultValue).append("::"); > buf.append(internal); > return buf.toString(); > } > > Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelPermGroup.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/ > org/ofbiz/service/ModelPermGroup.java? > view=diff&rev=493185&r1=493184&r2=493185 > ====================================================================== > ======== > --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelPermGroup.java (original) > +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelPermGroup.java Fri Jan 5 12:42:51 2007 > @@ -21,6 +21,7 @@ > import java.util.List; > import java.util.Iterator; > import java.util.LinkedList; > +import java.util.Map; > import java.io.Serializable; > > /** > @@ -36,13 +37,13 @@ > public List permissions = new LinkedList(); > public String joinType; > > - public boolean evalPermissions(Security security, GenericValue > userLogin) { > + public boolean evalPermissions(DispatchContext dctx, Map > context) { > if (permissions != null && permissions.size() > 0) { > boolean foundOne = false; > Iterator i = permissions.iterator(); > while (i.hasNext()) { > ModelPermission perm = (ModelPermission) i.next(); > - if (perm.evalPermission(security, userLogin)) { > + if (perm.evalPermission(dctx, context)) { > foundOne = true; > } else { > if (joinType.equals(PERM_JOIN_AND)) { > > Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelPermission.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/ > org/ofbiz/service/ModelPermission.java? > view=diff&rev=493185&r1=493184&r2=493185 > ====================================================================== > ======== > --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelPermission.java (original) > +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelPermission.java Fri Jan 5 12:42:51 2007 > @@ -22,8 +22,11 @@ > import org.ofbiz.security.Security; > import org.ofbiz.base.util.UtilMisc; > import org.ofbiz.base.util.Debug; > +import org.ofbiz.base.util.ObjectType; > +import org.ofbiz.service.security.ServiceSecurity; > > import java.util.List; > +import java.util.Map; > import java.io.Serializable; > > /** > @@ -36,24 +39,30 @@ > public static final int PERMISSION = 1; > public static final int ENTITY_PERMISSION = 2; > public static final int ROLE_MEMBER = 3; > + public static final int CUSTOM = 4; > > public ModelService serviceModel = null; > public int permissionType = 0; > public String nameOrRole = null; > public String action = null; > + public String clazz = null; > > - public boolean evalPermission(Security security, GenericValue > userLogin) { > + public boolean evalPermission(DispatchContext dctx, Map > context) { > + GenericValue userLogin = (GenericValue) context.get > ("userLogin"); > + Security security = dctx.getSecurity(); > if (userLogin == null) { > Debug.logInfo("Secure service requested with no > userLogin object", module); > return false; > } > switch (permissionType) { > - case 1: > + case PERMISSION: > return evalSimplePermission(security, userLogin); > - case 2: > + case ENTITY_PERMISSION: > return evalEntityPermission(security, userLogin); > - case 3: > + case ROLE_MEMBER: > return evalRoleMember(userLogin); > + case CUSTOM: > + return evalCustomPermission(dctx, context); > default: > Debug.logWarning("Invalid permission type [" + > permissionType + "] for permission named : " + nameOrRole + " on > service : " + serviceModel.name, module); > return false; > @@ -99,5 +108,22 @@ > } > } > return false; > + } > + > + private boolean evalCustomPermission(DispatchContext dctx, Map > context) { > + Object obj; > + try { > + obj = ObjectType.getInstance(clazz); > + } catch (Exception e) { > + Debug.logError(e, module); > + return false; > + } > + > + if (obj != null && (obj instanceof ServiceSecurity)) { > + ServiceSecurity sec = (ServiceSecurity) obj; > + return sec.hasPermission(dctx, context); > + } else { > + return false; > + } > } > } > > Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelService.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/ > org/ofbiz/service/ModelService.java? > view=diff&rev=493185&r1=493184&r2=493185 > ====================================================================== > ======== > --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelService.java (original) > +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelService.java Fri Jan 5 12:42:51 2007 > @@ -171,23 +171,23 @@ > public String toString() { > StringBuffer buf = new StringBuffer(); > buf.append(name).append("::"); > - buf.append(description + "::"); > - buf.append(engineName + "::"); > - buf.append(nameSpace + "::"); > - buf.append(location + "::"); > - buf.append(invoke + "::"); > - buf.append(defaultEntityName + "::"); > - buf.append(auth + "::"); > - buf.append(export + "::"); > - buf.append(validate + "::"); > - buf.append(useTransaction + "::"); > - buf.append(requireNewTransaction + "::"); > - buf.append(transactionTimeout + "::"); > - buf.append(implServices + "::"); > - buf.append(overrideParameters + "::"); > - buf.append(contextInfo + "::"); > - buf.append(contextParamList + "::"); > - buf.append(inheritedParameters + "::"); > + buf.append(description).append("::"); > + buf.append(engineName).append("::"); > + buf.append(nameSpace).append("::"); > + buf.append(location).append("::"); > + buf.append(invoke).append("::"); > + buf.append(defaultEntityName).append("::"); > + buf.append(auth).append("::"); > + buf.append(export).append("::"); > + buf.append(validate).append("::"); > + buf.append(useTransaction).append("::"); > + buf.append(requireNewTransaction).append("::"); > + buf.append(transactionTimeout).append("::"); > + buf.append(implServices).append("::"); > + buf.append(overrideParameters).append("::"); > + buf.append(contextInfo).append("::"); > + buf.append(contextParamList).append("::"); > + buf.append(inheritedParameters).append("::"); > return buf.toString(); > } > > @@ -285,6 +285,22 @@ > return nameList; > } > > + public void updateDefaultValues(Map context, String mode) { > + List params = this.getModelParamList(); > + if (params != null) { > + Iterator i = params.iterator(); > + while (i.hasNext()) { > + ModelParam param = (ModelParam) i.next(); > + if ("INOUT".equals(param.mode) || mode.equals > (param.mode)) { > + if (param.defaultValue != null && context.get > (param.name) == null) { > + context.put(param.name, param.defaultValue); > + Debug.log("Set default value for > parameter: " + param.name, module); > + } > + } > + } > + } > + } > + > /** > * Validates a Map against the IN or OUT parameter information > * @param test The Map object to test > @@ -729,16 +745,16 @@ > > /** > * Evaluates permissions for a service. > - * @param security The security object to use for permission > checking > - * @param userLogin The logged in user's value object > + * @param dctx DispatchContext from the invoked service > + * @param context Map containing userLogin infromation > * @return true if all permissions evaluate true. > */ > - public boolean evalPermissions(Security security, GenericValue > userLogin) { > + public boolean evalPermissions(DispatchContext dctx, Map > context) { > if (this.containsPermissions()) { > Iterator i = this.permissionGroups.iterator(); > while (i.hasNext()) { > ModelPermGroup group = (ModelPermGroup) i.next(); > - if (!group.evalPermissions(security, userLogin)) { > + if (!group.evalPermissions(dctx, context)) { > return false; > } > } > > Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelServiceReader.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/ > org/ofbiz/service/ModelServiceReader.java? > view=diff&rev=493185&r1=493184&r2=493185 > ====================================================================== > ======== > --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelServiceReader.java (original) > +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ModelServiceReader.java Fri Jan 5 12:42:51 2007 > @@ -30,11 +30,7 @@ > > import org.ofbiz.base.config.GenericConfigException; > import org.ofbiz.base.config.ResourceHandler; > -import org.ofbiz.base.util.Debug; > -import org.ofbiz.base.util.GeneralException; > -import org.ofbiz.base.util.UtilTimer; > -import org.ofbiz.base.util.UtilValidate; > -import org.ofbiz.base.util.UtilXml; > +import org.ofbiz.base.util.*; > import org.ofbiz.base.util.cache.UtilCache; > import org.ofbiz.entity.GenericDelegator; > import org.ofbiz.entity.GenericEntityException; > @@ -377,6 +373,7 @@ > protected void createPermissions(Element baseElement, > ModelPermGroup group, ModelService service) { > List permElements = UtilXml.childElementList(baseElement, > "check-permission"); > List rolePermElements = UtilXml.childElementList > (baseElement, "check-role-member"); > + List serviceSecurity = UtilXml.childElementList > (baseElement, "service-security"); > > // create the simple permissions > Iterator si = permElements.iterator(); > @@ -404,6 +401,18 @@ > perm.serviceModel = service; > group.permissions.add(perm); > } > + > + // create the custom permissions > + Iterator ci = serviceSecurity.iterator(); > + while (ci.hasNext()) { > + Element element = (Element) ci.next(); > + ModelPermission perm = new ModelPermission(); > + perm.permissionType = ModelPermission.CUSTOM; > + perm.nameOrRole = element.getAttribute("name"); > + perm.clazz = element.getAttribute("class"); > + perm.serviceModel = service; > + group.permissions.add(perm); > + } > } > > protected void createImplDefs(Element baseElement, > ModelService service) { > @@ -525,6 +534,13 @@ > param.formLabel = attribute.hasAttribute("form-label")? > attribute.getAttribute("form-label"):null; > param.optional = "true".equalsIgnoreCase > (attribute.getAttribute("optional")); // default to true > param.formDisplay = !"false".equalsIgnoreCase > (attribute.getAttribute("form-display")); // default to false > + > + // default value > + String defValue = attribute.getAttribute("default- > value"); > + if (UtilValidate.isNotEmpty(defValue)) { > + param.defaultValue = this.convertDefaultValue > (service.name, param.name, param.type, defValue); > + param.optional = true; > + } > > // set the entity name to the default if not specified > if (param.entityName.length() == 0) { > @@ -644,9 +660,16 @@ > param.optional = "true".equalsIgnoreCase > (attribute.getAttribute("optional")); // default to true > param.overrideOptional = true; > } > - if (attribute.getAttribute("form-display") != null > && attribute.getAttribute("form-display").length() > 0) { > + if (attribute.getAttribute("form-display") != null > && attribute.getAttribute("form-display").length() > 0) { > param.formDisplay = !"false".equalsIgnoreCase > (attribute.getAttribute("form-display")); // default to false > param.overrideFormDisplay = true; > + } > + > + // default value > + String defValue = attribute.getAttribute("default- > value"); > + if (UtilValidate.isNotEmpty(defValue)) { > + param.defaultValue = this.convertDefaultValue > (service.name, param.name, param.type, defValue); > + param.optional = true; > } > > // override validators > @@ -709,5 +732,17 @@ > } > > return document; > + } > + > + protected Object convertDefaultValue(String serviceName, > String name, String type, String value) { > + Object converted; > + try { > + converted = ObjectType.simpleTypeConvert(value, type, > null, null, false); > + } catch (Exception e) { > + Debug.logWarning("Service [" + serviceName + "] > attribute [" + name + "] default value could not be converted to > type [" + type + "]", module); > + return value; > + } > + > + return converted; > } > } > > Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ServiceDispatcher.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/ > org/ofbiz/service/ServiceDispatcher.java? > view=diff&rev=493185&r1=493184&r2=493185 > ====================================================================== > ======== > --- ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ServiceDispatcher.java (original) > +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/ > ServiceDispatcher.java Fri Jan 5 12:42:51 2007 > @@ -135,13 +135,13 @@ > * @return A reference to this global ServiceDispatcher > */ > public static ServiceDispatcher getInstance(String name, > DispatchContext context, GenericDelegator delegator) { > - ServiceDispatcher sd = null; > + ServiceDispatcher sd; > > String dispatcherKey = delegator != null ? > delegator.getDelegatorName() : "null"; > sd = (ServiceDispatcher) dispatchers.get(dispatcherKey); > if (sd == null) { > synchronized (ServiceDispatcher.class) { > - if (Debug.verboseOn()) Debug.logVerbose > ("[ServiceDispatcher.getInstance] : No instance found (" + > delegator.getDelegatorName() + ").", module); > + if (Debug.verboseOn()) Debug.logVerbose > ("[ServiceDispatcher.getInstance] : No instance found (" + > dispatcherKey + ").", module); > sd = (ServiceDispatcher) dispatchers.get > (dispatcherKey); > if (sd == null) { > sd = new ServiceDispatcher(delegator); > @@ -262,6 +262,9 @@ > DispatchContext ctx = (DispatchContext) localContext.get > (localName); > GenericEngine engine = this.getGenericEngine > (modelService.engineName); > > + // setup default IN values > + modelService.updateDefaultValues(context, > ModelService.IN_PARAM); > + > Map ecaContext = null; > > // for isolated transactions > @@ -351,6 +354,9 @@ > // copy all results: don't worry parameters that > aren't allowed won't be passed to the ECA services > ecaContext.putAll(result); > > + // setup default OUT values > + modelService.updateDefaultValues(context, > ModelService.OUT_PARAM); > + > // validate the result > if (modelService.validate && validateOut) { > // pre-out-validate ECA > @@ -692,7 +698,7 @@ > // shutdown JMS listeners > jlf.closeListeners(); > // shutdown the job scheduler > - jm.finalize(); > + jm.shutdown(); > } > > // checks if parameters were passed for authentication > @@ -751,8 +757,7 @@ > > // evaluate permissions for the service or throw exception > if fail. > DispatchContext dctx = this.getLocalContext(localName); > - GenericValue userLogin = (GenericValue) context.get > ("userLogin"); > - if (!origService.evalPermissions(dctx.getSecurity(), > userLogin)) { > + if (!origService.evalPermissions(dctx, context)) { > throw new ServiceAuthException("You do not have > permission to invoke this service"); > } > > @@ -774,9 +779,7 @@ > > // invoke the service and get the UserLogin value object > Map result = engine.runSync(localName, model, context); > - GenericValue value = (GenericValue) result.get("userLogin"); > - > - return value; > + return (GenericValue) result.get("userLogin"); > } > > // checks the locale object in the context > @@ -830,7 +833,7 @@ > private synchronized int runStartupServices() { > if (jm == null) return 0; > > - Element root = null; > + Element root; > try { > root = ServiceConfigUtil.getXmlRootElement(); > } catch (GenericConfigException e) { > @@ -852,7 +855,7 @@ > sendToPool = ServiceConfigUtil.getSendPool(); > } > > - long runtimeDelay = 0; > + long runtimeDelay; > try { > runtimeDelay = Long.parseLong(delayStr); > } catch (Exception e) { > > Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/job/ > JobManager.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/ > org/ofbiz/service/job/JobManager.java? > view=diff&rev=493185&r1=493184&r2=493185 > ====================================================================== > ======== > --- ofbiz/trunk/framework/service/src/org/ofbiz/service/job/ > JobManager.java (original) > +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/job/ > JobManager.java Fri Jan 5 12:42:51 2007 > @@ -440,12 +440,17 @@ > } > > /** Close out the scheduler thread. */ > - public void finalize() { > + public void shutdown() { > if (jp != null) { > jp.stop(); > jp = null; > Debug.logInfo("JobManager: Stopped Scheduler Thread.", > module); > } > + } > + > + public void finalize() throws Throwable { > + this.shutdown(); > + super.finalize(); > } > > /** gets the recurrence info object for a job. */ > > Added: ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ > ServiceSecurity.java > URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/ > org/ofbiz/service/security/ServiceSecurity.java?view=auto&rev=493185 > ====================================================================== > ======== > --- ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ > ServiceSecurity.java (added) > +++ ofbiz/trunk/framework/service/src/org/ofbiz/service/security/ > ServiceSecurity.java Fri Jan 5 12:42:51 2007 > @@ -0,0 +1,30 @@ > +/* > + * Copyright 2001-2007 The Apache Software Foundation > + * > + * Licensed under the Apache License, Version 2.0 (the "License"); > you may not > + * use this file except in compliance with the License. You may > obtain a copy of > + * the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, > software > + * distributed under the License is distributed on an "AS IS" > BASIS, WITHOUT > + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. See the > + * License for the specific language governing permissions and > limitations > + * under the License. > + */ > + > +package org.ofbiz.service.security; > + > +import org.ofbiz.service.DispatchContext; > +import org.ofbiz.service.GenericServiceException; > + > +import java.util.Map; > + > +/** > + * ServiceSecurity > + */ > +public interface ServiceSecurity { > + > + public boolean hasPermission(DispatchContext dctx, Map context); > +} > > Propchange: ofbiz/trunk/framework/service/src/org/ofbiz/service/ > security/ServiceSecurity.java > ---------------------------------------------------------------------- > -------- > svn:eol-style = native > > Propchange: ofbiz/trunk/framework/service/src/org/ofbiz/service/ > security/ServiceSecurity.java > ---------------------------------------------------------------------- > -------- > svn:keywords = "Date Rev Author URL Id" > > Propchange: ofbiz/trunk/framework/service/src/org/ofbiz/service/ > security/ServiceSecurity.java > ---------------------------------------------------------------------- > -------- > svn:mime-type = text/plain > > smime.p7s (3K) Download Attachment |
Free forum by Nabble | Edit this page |