svn commit: r769929 - in /ofbiz/trunk/applications/securityext: ./ servicedef/ src/org/ofbiz/securityext/da/ src/org/ofbiz/securityext/test/ testdef/ testdef/da/ testdef/data/

Author: jaz
Date: Wed Apr 29 21:02:58 2009
New Revision: 769929

URL: http://svn.apache.org/viewvc?rev=769929&view=rev
Log:
Implementation of new Authz dynamic access handler using the service engine; placed in securityext to prevent cross dependencies. Implemented test cases for authz.

Added:
    ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/
    ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java
    ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/
    ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java
    ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy
    ofbiz/trunk/applications/securityext/testdef/
    ofbiz/trunk/applications/securityext/testdef/da/
    ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy
    ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml
    ofbiz/trunk/applications/securityext/testdef/data/
    ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml
    ofbiz/trunk/applications/securityext/testdef/securitytests.xml
Modified:
    ofbiz/trunk/applications/securityext/build.xml
    ofbiz/trunk/applications/securityext/ofbiz-component.xml
    ofbiz/trunk/applications/securityext/servicedef/services.xml

Modified: ofbiz/trunk/applications/securityext/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/build.xml?rev=769929&r1=769928&r2=769929&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/build.xml (original)
+++ ofbiz/trunk/applications/securityext/build.xml Wed Apr 29 21:02:58 2009
@@ -42,6 +42,7 @@
         <fileset dir="../../framework/webapp/lib" includes="*.jar"/>
         <fileset dir="../../framework/webapp/build/lib" includes="*.jar"/>
         <fileset dir="../../framework/common/build/lib" includes="*.jar"/>
+     <fileset dir="../../framework/testtools/build/lib" includes="*.jar"/>
         <fileset dir="../party/build/lib" includes="*.jar"/>
         <fileset dir="../product/build/lib" includes="*.jar"/>
         <fileset dir="../order/build/lib" includes="*.jar"/>

Modified: ofbiz/trunk/applications/securityext/ofbiz-component.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/ofbiz-component.xml?rev=769929&r1=769928&r2=769929&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/ofbiz-component.xml (original)
+++ ofbiz/trunk/applications/securityext/ofbiz-component.xml Wed Apr 29 21:02:58 2009
@@ -29,4 +29,5 @@
     <!-- NOTE: comment this line out to ensure no resetting of passwords -->
     <entity-resource type="data" reader-name="demo" loader="main" location="data/PasswordSecurityData.xml"/>
     <service-resource type="model" loader="main" location="servicedef/services.xml"/>
+    <test-suite loader="main" location="testdef/securitytests.xml"/>
 </ofbiz-component>

Modified: ofbiz/trunk/applications/securityext/servicedef/services.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/servicedef/services.xml?rev=769929&r1=769928&r2=769929&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/securityext/servicedef/services.xml Wed Apr 29 21:02:58 2009
@@ -122,4 +122,20 @@
         <implements service="permissionInterface"/>
         <attribute name="primaryPermission" type="String" mode="IN" optional="true" default-value="SECURITY"/>
     </service>
+    
+    <!--  authorization dynamic access implementation API -->
+    <service name="dynamicAccessInterface" engine="interface">
+        <description>Service interface for implementing Dynamic Access as a service</description>
+        <attribute name="userId" type="String" mode="IN" optional="false"/>
+        <attribute name="permission" type="String" mode="IN" optional="false"/>
+        <attribute name="accessString" type="String" mode="IN" optional="false"/>
+        <attribute name="permissionContext" type="Map" mode="IN" optional="true"/>
+        <attribute name="permissionGranted" type="Boolean" mode="OUT" optional="false"/>
+    </service>
+    
+    <!--  dynamic access test service -->
+    <service name="dynamicAccessTestService" engine="simple" auth="false"
+                location="component://securityext/testdef/da/DynamicAccessTest.xml" invoke="testDa">
+        <implements service="dynamicAccessInterface"/>
+    </service>
 </services>

Added: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java (added)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/da/ServiceDaHandler.java Wed Apr 29 21:02:58 2009
@@ -0,0 +1,56 @@
+package org.ofbiz.securityext.da;
+
+import java.util.Map;
+
+import javolution.util.FastMap;
+
+import org.ofbiz.base.util.Debug;
+import org.ofbiz.entity.GenericDelegator;
+import org.ofbiz.security.authz.da.DynamicAccessHandler;
+import org.ofbiz.service.GenericDispatcher;
+import org.ofbiz.service.GenericServiceException;
+import org.ofbiz.service.LocalDispatcher;
+import org.ofbiz.service.ServiceUtil;
+
+public class ServiceDaHandler implements DynamicAccessHandler {
+
+    private static final String module = ServiceDaHandler.class.getName();
+    protected LocalDispatcher dispatcher;
+    protected GenericDelegator delegator;
+    
+    public String getPattern() {        
+        return "^service:(.*)$";
+    }
+
+    public boolean handleDynamicAccess(String accessString, String userId, String permission, Map<String, ? extends Object> context) {
+        Map<String,Object> serviceContext = FastMap.newInstance();
+        serviceContext.put("userId", userId);
+        serviceContext.put("permission", permission);
+        serviceContext.put("accessString", accessString);
+        serviceContext.put("permissionContext", context);
+        
+        String serviceName = accessString.substring(8);
+        Map<String, Object> result;
+        try {
+            result = dispatcher.runSync(serviceName, serviceContext, 60, true);
+        } catch (GenericServiceException e) {
+            Debug.logError(e, module);
+            return false;
+        }
+        
+        if (result != null && !ServiceUtil.isError(result)) {
+            Boolean reply = (Boolean) result.get("permissionGranted");
+            if (reply == null) {
+                reply = Boolean.FALSE;
+            }
+            return reply;
+        } else {
+            return false;
+        }
+    }
+
+    public void setDelegator(GenericDelegator delegator) {
+        this.delegator = delegator;
+        this.dispatcher = GenericDispatcher.getLocalDispatcher("SecurityDA", delegator);
+    }
+}

Added: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java (added)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/AuthorizationTests.java Wed Apr 29 21:02:58 2009
@@ -0,0 +1,63 @@
+package org.ofbiz.securityext.test;
+
+import org.ofbiz.base.util.Debug;
+import org.ofbiz.entity.GenericDelegator;
+import org.ofbiz.security.authz.Authorization;
+import org.ofbiz.security.authz.AuthorizationFactory;
+import org.ofbiz.service.testtools.OFBizTestCase;
+
+public class AuthorizationTests extends OFBizTestCase {
+
+    private static final String module = AuthorizationTests.class.getName();
+    protected GenericDelegator delegator;
+    protected Authorization security;
+    
+    public AuthorizationTests(String name) {
+        super(name);
+        delegator = GenericDelegator.getGenericDelegator("default");
+        security = AuthorizationFactory.getInstance(delegator);
+    }
+                  
+    public void testBasicAdminPermission() throws Exception {
+        Debug.logInfo("Running testBasicAdminPermission()", module);
+        assertTrue("User was not granted permission as expected", security.hasPermission("system", "access:foo:bar", null, true));
+    }
+    
+    public void testBasePermissionFailure() throws Exception {
+        Debug.logInfo("Running testBasePermissionFailure()", module);
+        assertFalse("Permission did not fail as expected", security.hasPermission("system", "no:permission", null, true));
+    }
+            
+    public void testDynamicAccessFromClasspath() throws Exception {
+        Debug.logInfo("Running testDynamicAccessFromClasspath()", module);
+        assertTrue("User was not granted dynamic access as expected", security.hasPermission("system", "test:groovy2:2000", null, true));
+    }
+    
+    public void testDynamicAccessService() throws Exception {
+        Debug.logInfo("Running testDynamicAccessService()", module);
+        assertTrue("User was not granted dynamic access as expected", security.hasPermission("system", "test:service:2000", null, true));
+    }
+    
+    public void testDynamicAccessFailure() throws Exception {
+        Debug.logInfo("Running testDynamicAccessFailure()", module);
+        assertFalse("Dynamic access did not fail as expected", security.hasPermission("system", "test:groovy1:2000", null, true));
+    }
+    
+    public void testAutoGrantPermissions() throws Exception {
+        Debug.logInfo("Running testDynamicAccessFailure()", module);
+        
+        // first verify the user does not have the initial permission
+        assertFalse("User already has the auto-granted permission", security.hasPermission("system", "test:autogranted", null, true));
+        
+        // next run security check to setup the auto-grant
+        assertTrue("User was not granted dynamic access as expected", security.hasPermission("system", "test:groovy1:1000", null, true));
+        
+        // as long as this runs in the same thread (and it should) access should now be granted
+        assertTrue("User was not auto-granted expected permission", security.hasPermission("system", "test:autogranted", null, true));
+    }
+    
+    public void testAutoGrantCleanup() throws Exception {
+        Debug.logInfo("Running testAutoGrantCleanup()", module);
+        assertFalse("User was auto-granted an unexpected permission", security.hasPermission("user", "test:autogranted", null, true));
+    }
+}

Added: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy (added)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/test/DaTest2.groovy Wed Apr 29 21:02:58 2009
@@ -0,0 +1,12 @@
+package org.ofbiz.securityext.test;
+
+import org.ofbiz.base.util.Debug;
+
+String recordNumber = permission.substring(permission.lastIndexOf(":") + 1)
+if ("system".equals(userId) && "2000".equals(recordNumber)) {
+    Debug.log("Matched approval requirements {system} - {2000}; returning true");
+    return true;
+}
+
+Debug.logInfo("Did not match expected requirements; returning false", "groovy");
+return false;
\ No newline at end of file

Added: ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy (added)
+++ ofbiz/trunk/applications/securityext/testdef/da/DaTest1.groovy Wed Apr 29 21:02:58 2009
@@ -0,0 +1,10 @@
+import org.ofbiz.base.util.Debug;
+
+String recordNumber = permission.substring(permission.lastIndexOf(":") + 1)
+if ("system".equals(userId) && "1000".equals(recordNumber)) {
+    Debug.log("Matched approval requirements {system} - {1000}; returning true");
+    return true;
+}
+
+Debug.logInfo("Did not match expected requirements; returning false", "groovy");
+return false;
\ No newline at end of file

Added: ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml (added)
+++ ofbiz/trunk/applications/securityext/testdef/da/DynamicAccessTest.xml Wed Apr 29 21:02:58 2009
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd">
+        
+    <simple-method method-name="testDa" short-description="Dynamic Access Test Impl" login-required="false">
+        <if-compare operator="equals" value="system" field="parameters.userId">
+            <set field="permissionGranted" value="true" type="Boolean"/>
+            <log level="info" message="Permission granted (testDa service)"/>
+        <else>
+            <set field="permissionGranted" value="false" type="Boolean"/>
+            <log level="info" message="Permission NOT granted (testDa service)"/>
+        </else>
+        </if-compare>
+        <field-to-result field="permissionGranted"/>
+    </simple-method>
+</simple-methods>        
\ No newline at end of file

Added: ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml (added)
+++ ofbiz/trunk/applications/securityext/testdef/data/SecurityTestData.xml Wed Apr 29 21:02:58 2009
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<entity-engine-xml>
+    <SecurityPermission permissionId="test:groovy1" dynamicAccess="component://securityext/testdef/da/DaTest1.groovy"/>
+    <SecurityPermission permissionId="test:groovy2" dynamicAccess="org.ofbiz.securityext.test.DaTest2.groovy"/>
+    <SecurityPermission permissionId="test:service" dynamicAccess="service:dynamicAccessTestService"/>
+    <SecurityPermission permissionId="test:autogranted" dynamicAccess=""/>    
+    <SecurityPermissionAutoGrant permissionId="test:groovy1" grantPermission="test:autogranted"/>              
+</entity-engine-xml>
\ No newline at end of file

Added: ofbiz/trunk/applications/securityext/testdef/securitytests.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/testdef/securitytests.xml?rev=769929&view=auto
==============================================================================
--- ofbiz/trunk/applications/securityext/testdef/securitytests.xml (added)
+++ ofbiz/trunk/applications/securityext/testdef/securitytests.xml Wed Apr 29 21:02:58 2009
@@ -0,0 +1,29 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+  -->
+
+<test-suite suite-name="securitytests"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/test-suite.xsd">
+    <test-case case-name="load-security-test-data">
+        <entity-xml action="load" entity-xml-url="component://securityext/testdef/data/SecurityTestData.xml"/>
+    </test-case>
+    <test-case case-name="security-tests">
+        <junit-test-suite class-name="org.ofbiz.securityext.test.AuthorizationTests"/>
+    </test-case>
+</test-suite>
\ No newline at end of file