svn commit: r805914 - in /ofbiz/branches/executionconte
Locked
svn commit: r805914 - in /ofbiz/branches/executionconte
 
|
Author: adrianc
Date: Wed Aug 19 18:27:46 2009 New Revision: 805914 URL: http://svn.apache.org/viewvc?rev=805914&view=rev Log: Implemented permission service. Added: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericParametersArtifact.java (with props) ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java (with props) ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java (with props) ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java (with props) Removed: ofbiz/branches/executioncontext20090812/framework/security/src/org/ofbiz/security/AuthorizationManagerImpl.java Modified: ofbiz/branches/executioncontext20090812/framework/api/config/api.properties ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/DelegatorImpl.java ofbiz/branches/executioncontext20090812/framework/example/script/org/ofbiz/example/ExamplePermissionServices.xml ofbiz/branches/executioncontext20090812/framework/example/servicedef/services.xml ofbiz/branches/executioncontext20090812/framework/security/src/org/ofbiz/security/SecurityFactory.java ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServiceDispatcher.java ofbiz/branches/executioncontext20090812/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Modified: ofbiz/branches/executioncontext20090812/framework/api/config/api.properties URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/config/api.properties?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/config/api.properties (original) +++ ofbiz/branches/executioncontext20090812/framework/api/config/api.properties Wed Aug 19 18:27:46 2009 @@ -35,4 +35,4 @@ authorizationManager.verbose=false # Class name of the AuthorizationManager implementation -authorizationManager.class=org.ofbiz.security.AuthorizationManagerImpl +authorizationManager.class=org.ofbiz.context.AuthorizationManagerImpl Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java Wed Aug 19 18:27:46 2009 @@ -32,7 +32,7 @@ } /** Returns <code>true</code> if all of the contained permissions - * returns <code>true</code>. + * return <code>true</code>. */ @Override public boolean implies(Permission permission) { Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContext.java Wed Aug 19 18:27:46 2009 @@ -19,6 +19,7 @@ package org.ofbiz.api.context; import java.util.Locale; +import java.util.Map; import java.util.TimeZone; import org.ofbiz.api.authorization.AccessController; @@ -39,6 +40,14 @@ */ public String getCurrencyUom(); + /** Returns the current <code>ExecutionArtifact</code> (the one + * at the top of the stack). Returns <code>null</code> if the + * stack is empty. + * + * @return The current <code>ExecutionArtifact</code> + */ + public ExecutionArtifact getCurrentArtifact(); + /** Returns the current execution path. Artifacts in the path are separated * with a slash. * @@ -52,6 +61,13 @@ */ public Locale getLocale(); + /** + * Returns the parameters associated with this context. + * + * @return The parameters associated with this context + */ + public Map<String, ? extends Object> getParameters(); + /** Returns the specified property. * * @param key property whose associated value is to be returned @@ -68,6 +84,10 @@ /** Pop an <code>ExecutionArtifact</code> off the stack. */ public void popExecutionArtifact(); + /** Pops all <code>ExecutionArtifact</code>s off the stack + * up to and including <code>artifact</code>. */ + public void popExecutionArtifacts(ExecutionArtifact artifact); + /** Push an <code>ExecutionArtifact</code> on the stack. * * @param artifact Modified: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java (original) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java Wed Aug 19 18:27:46 2009 @@ -20,9 +20,9 @@ import java.util.Locale; import java.util.Map; -import java.util.Stack; import java.util.TimeZone; +import javolution.util.FastList; import javolution.util.FastMap; import org.ofbiz.base.util.Debug; @@ -31,9 +31,9 @@ /** Implementation of the ExecutionContext interface. */ public abstract class ExecutionContextImpl implements ExecutionContext { - public static final String module = ExecutionContextImpl.class.getName(); + public static final String module = ExecutionContextImpl.class.getName(); - protected final Stack<ExecutionArtifact> artifactStack = new Stack<ExecutionArtifact>(); + protected final FastList<ExecutionArtifact> artifactStack = FastList.newInstance(); protected String currencyUom = null; protected Locale locale = Locale.getDefault(); protected TimeZone timeZone = TimeZone.getDefault(); @@ -55,7 +55,11 @@ return this.currencyUom; } - public String getExecutionPath() { + public ExecutionArtifact getCurrentArtifact() { + return this.artifactStack.size() > 0 ? this.artifactStack.getLast() : null; + } + + public String getExecutionPath() { StringBuilder sb = new StringBuilder("ofbiz"); for (ExecutionArtifact artifact : this.artifactStack) { sb.append("/"); @@ -68,6 +72,16 @@ return this.locale; } + public Map<String, ? extends Object> getParameters() { + for (int i = this.artifactStack.size() - 1; i >= 0; i--) { + try { + ParametersArtifact artifact = (ParametersArtifact) this.artifactStack.get(i); + return artifact.getParameters(); + } catch (Exception e) {} + } + return null; + } + public Object getProperty(String key) { return this.properties.get(key); } @@ -82,7 +96,26 @@ Debug.logError(new Exception("Attempt to pop an empty stack"), module); return; } - ExecutionArtifact artifact = this.artifactStack.pop(); + ExecutionArtifact artifact = this.artifactStack.removeLast(); + if (this.verbose) { + Debug.logInfo("Popping artifact [" + artifact.getClass().getName() + + "] location = " + artifact.getLocation() + + ", name = " + artifact.getName(), module); + } + } + + public void popExecutionArtifacts(ExecutionArtifact artifact) { + if (this.artifactStack.size() == 0) { + // This check is temporary - it will be removed when implementation is complete + Debug.logError(new Exception("Attempt to pop an empty stack"), module); + return; + } + if (this.artifactStack.contains(artifact)) { + ExecutionArtifact poppedArtifact = this.artifactStack.removeLast(); + while (poppedArtifact != artifact) { + poppedArtifact = this.artifactStack.removeLast(); + } + } if (this.verbose) { Debug.logInfo("Popping artifact [" + artifact.getClass().getName() + "] location = " + artifact.getLocation() + @@ -91,7 +124,7 @@ } public void pushExecutionArtifact(ExecutionArtifact artifact) { - this.artifactStack.push(artifact); + this.artifactStack.addLast(artifact); if (this.verbose) { Debug.logInfo("Pushing artifact [" + artifact.getClass().getName() + "] location = " + artifact.getLocation() + Added: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericParametersArtifact.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericParametersArtifact.java?rev=805914&view=auto ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericParametersArtifact.java (added) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericParametersArtifact.java Wed Aug 19 18:27:46 2009 @@ -0,0 +1,46 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.context; + +import java.util.Map; + +/** A basic implementation of the ParametersArtifact interface. */ +public class GenericParametersArtifact extends GenericExecutionArtifact implements ParametersArtifact { + + protected final Map<String, ? extends Object> parameters; + + public GenericParametersArtifact(String location, String name, Map<String, ? extends Object> parameters) { + super(location, name); + this.parameters = parameters; + } + + public GenericParametersArtifact(ExecutionArtifact artifact, Map<String, ? extends Object> parameters) { + super(artifact.getLocation(), artifact.getName()); + this.parameters = parameters; + } + + public Map<String, ? extends Object> getParameters() { + return this.parameters; + } + + @Override + public String toString() { + return "GenericParametersArtifact: location = " + this.location + ", name = " + this.name; + } +} Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericParametersArtifact.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericParametersArtifact.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/GenericParametersArtifact.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java?rev=805914&view=auto ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java (added) +++ ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java Wed Aug 19 18:27:46 2009 @@ -0,0 +1,33 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.context; + +import java.util.Map; + +/** ParametersArtifact interface. */ +public interface ParametersArtifact extends ExecutionArtifact { + + /** + * Returns the parameters associated with this artifact. + * + * @return The parameters associated with this artifact + */ + public Map<String, ? extends Object> getParameters(); + +} Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20090812/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java?rev=805914&view=auto ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java (added) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java Wed Aug 19 18:27:46 2009 @@ -0,0 +1,160 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.context; + +import static org.ofbiz.api.authorization.BasicPermissions.Admin; + +import java.security.AccessControlException; +import java.security.Permission; + +import org.ofbiz.api.authorization.AccessController; +import org.ofbiz.api.authorization.PermissionsIntersection; +import org.ofbiz.base.util.Debug; +import org.ofbiz.base.util.UtilMisc; +import org.ofbiz.base.util.UtilProperties; +import org.ofbiz.security.AuthorizationManager; +import org.ofbiz.security.OFBizSecurity; +import org.ofbiz.service.ExecutionContext; +import org.ofbiz.service.ServicePermission; + +/** + * An implementation of the AuthorizationManager interface that uses the OFBiz database + * for authorization data storage. + */ +public class AuthorizationManagerImpl extends OFBizSecurity implements AuthorizationManager { + + public static final String module = AuthorizationManagerImpl.class.getName(); + + protected Permission testPermission = null; + protected Permission getTestPermission(ExecutionContext executionContext) { + if (this.testPermission == null) { + // Build test permissions + this.testPermission = new PermissionsIntersection("TestPermissions", + UtilMisc.toList(new ServicePermission("securityRedesignTest", executionContext), + Admin)); + } + return this.testPermission; + } + + public AuthorizationManagerImpl() { + } + + public void assignGroupPermission(String userGroupId, String artifactId, + Permission permission) { + // TODO Auto-generated method stub + + } + + public void assignGroupToGroup(String childGroupId, String parentGroupId) { + // TODO Auto-generated method stub + + } + + public void assignUserPermission(String userLoginId, String artifactId, + Permission permission) { + // TODO Auto-generated method stub + + } + + public void assignUserToGroup(String userLoginId, String userGroupId) { + // TODO Auto-generated method stub + + } + + public void createUser(String userLoginId, String password) { + // TODO Auto-generated method stub + + } + + public String createUserGroup(String description) { + // TODO Auto-generated method stub + return null; + } + + public void deleteGroupFromGroup(String childGroupId, String parentGroupId) { + // TODO Auto-generated method stub + + } + + public void deleteGroupPermission(String userGroupId, String artifactId, + Permission permission) { + // TODO Auto-generated method stub + + } + + public void deleteUser(String userLoginId) { + // TODO Auto-generated method stub + + } + + public void deleteUserFromGroup(String userLoginId, String userGroupId) { + // TODO Auto-generated method stub + + } + + public void deleteUserGroup(String userGroupId) { + // TODO Auto-generated method stub + + } + + public void deleteUserPermission(String userLoginId, String artifactId, + Permission permission) { + // TODO Auto-generated method stub + + } + + public void updateUser(String userLoginId, String password) { + // TODO Auto-generated method stub + + } + + public void updateUserGroup(String userGroupId, String description) { + // TODO Auto-generated method stub + + } + + public AccessController getAccessController(org.ofbiz.api.context.ExecutionContext executionContext) { + return new AccessControllerImpl(executionContext.getExecutionPath(), this.getTestPermission((ExecutionContext) executionContext)); + } + + protected static class AccessControllerImpl implements AccessController { + + protected final String executionPath; + protected final Permission permission; + // Temporary - will be removed later + protected boolean verbose = false; + + protected AccessControllerImpl(String executionPath, Permission permission) { + this.executionPath = executionPath; + this.permission = permission; + this.verbose = "true".equals(UtilProperties.getPropertyValue("api.properties", "authorizationManager.verbose")); + } + + public void checkPermission(Permission permission) throws AccessControlException { + if (this.verbose) { + Debug.logInfo("Checking permission: " + this.executionPath + "[" + permission + "]", module); + } + if (!this.permission.implies(permission)) { + throw new AccessControlException(this.executionPath); + } + } + + } + +} Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java (original) +++ ofbiz/branches/executioncontext20090812/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java Wed Aug 19 18:27:46 2009 @@ -28,6 +28,7 @@ import org.ofbiz.entity.GenericValue; import org.ofbiz.security.AuthorizationManager; import org.ofbiz.security.SecurityFactory; +import org.ofbiz.service.GenericDispatcher; import org.ofbiz.service.LocalDispatcher; import org.ofbiz.service.ExecutionContext; @@ -47,6 +48,9 @@ } public LocalDispatcher getDispatcher() { + if (this.dispatcher == null) { + this.dispatcher = GenericDispatcher.getLocalDispatcher("ExecutionContext", this.getDelegator()); + } return this.dispatcher; } Modified: ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/DelegatorImpl.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/DelegatorImpl.java?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/DelegatorImpl.java (original) +++ ofbiz/branches/executioncontext20090812/framework/entity/src/org/ofbiz/entity/DelegatorImpl.java Wed Aug 19 18:27:46 2009 @@ -526,16 +526,18 @@ AccessController accessController = this.executionContext.getAccessController(); boolean beganTransaction = false; try { + GenericValue checkValue = this.findOne(value.getEntityName(), value.getPrimaryKey(), false); + if (checkValue != null) { + accessController.checkPermission(Update); + } else { + accessController.checkPermission(Create); + } if (alwaysUseTransaction) { beganTransaction = TransactionUtil.begin(); } - - GenericValue checkValue = this.findOne(value.getEntityName(), value.getPrimaryKey(), false); if (checkValue != null) { - accessController.checkPermission(Update); this.store(value, doCacheClear); } else { - accessController.checkPermission(Create); this.create(value, doCacheClear); } if (value.lockEnabled()) { @@ -2105,15 +2107,11 @@ try { for (GenericEntity value : dummyPKs) { - this.executionContext.pushExecutionArtifact(value); - AccessController accessController = this.executionContext.getAccessController(); - accessController.checkPermission(Delete); if (value.containsPrimaryKey()) { numRemoved += this.removeByPrimaryKey(value.getPrimaryKey(), doCacheClear); } else { numRemoved += this.removeByAnd(value.getEntityName(), value.getAllFields(), doCacheClear); } - this.executionContext.popExecutionArtifact(); } return numRemoved; @@ -2216,7 +2214,7 @@ } public int removeByPrimaryKey(GenericPK primaryKey, boolean doCacheClear) throws GenericEntityException { - this.executionContext.pushExecutionArtifact(new GenericExecutionArtifact("GenericDelegator.removeByPrimaryKey", primaryKey.getEntityName())); + this.executionContext.pushExecutionArtifact(primaryKey); AccessController accessController = this.executionContext.getAccessController(); boolean beganTransaction = false; try { Modified: ofbiz/branches/executioncontext20090812/framework/example/script/org/ofbiz/example/ExamplePermissionServices.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/example/script/org/ofbiz/example/ExamplePermissionServices.xml?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/example/script/org/ofbiz/example/ExamplePermissionServices.xml (original) +++ ofbiz/branches/executioncontext20090812/framework/example/script/org/ofbiz/example/ExamplePermissionServices.xml Wed Aug 19 18:27:46 2009 @@ -38,4 +38,11 @@ </else> </if-has-permission> </simple-method> + + <simple-method method-name="securityRedesignTest" short-description="Security Redesign Test"> + <log level="info" message="exampleId = ${parameters.exampleId}"/> + <set field="hasPermission" type="Boolean" value="true"/> + <field-to-result field="hasPermission"/> + </simple-method> + </simple-methods> Modified: ofbiz/branches/executioncontext20090812/framework/example/servicedef/services.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/example/servicedef/services.xml?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/example/servicedef/services.xml (original) +++ ofbiz/branches/executioncontext20090812/framework/example/servicedef/services.xml Wed Aug 19 18:27:46 2009 @@ -121,6 +121,13 @@ <implements service="permissionInterface"/> </service> + <!-- Security Redesign Test --> + <service name="securityRedesignTest" engine="simple" + location="component://example/script/org/ofbiz/example/ExamplePermissionServices.xml" invoke="securityRedesignTest"> + <implements service="permissionInterface"/> + <attribute name="exampleId" mode="IN" type="String" optional="true"/> + </service> + <!-- Example ServiceTest Service --> <service name="testCreateExampleService" engine="simple" location="component://example/script/org/ofbiz/example/example/ExampleServices.xml" invoke="testCreateExampleService"> Modified: ofbiz/branches/executioncontext20090812/framework/security/src/org/ofbiz/security/SecurityFactory.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/security/src/org/ofbiz/security/SecurityFactory.java?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/security/src/org/ofbiz/security/SecurityFactory.java (original) +++ ofbiz/branches/executioncontext20090812/framework/security/src/org/ofbiz/security/SecurityFactory.java Wed Aug 19 18:27:46 2009 @@ -37,7 +37,7 @@ public class SecurityFactory { public static final String module = SecurityFactory.class.getName(); - public static final String DEFAULT_SECURITY = "org.ofbiz.security.AuthorizationManagerImpl"; + public static final String DEFAULT_SECURITY = "org.ofbiz.security.OFBizSecurity"; private static String securityName = null; private static Element rootElement = null; @@ -112,7 +112,7 @@ if (securityInfo == null) { SecurityConfigUtil.SecurityInfo _securityInfo = SecurityConfigUtil.getSecurityInfo(securityName); - // Make sure, that the security conetxt name is defined and present + // Make sure, that the security context name is defined and present if (_securityInfo == null) { throw new SecurityConfigurationException("ERROR: no security definition was found with the name " + securityName + " in security.xml"); } @@ -121,7 +121,10 @@ // This is the default implementation and uses org.ofbiz.security.OFBizSecurity if (UtilValidate.isEmpty(securityInfo.className)) { - className = DEFAULT_SECURITY; + className = UtilProperties.getPropertyValue("api.properties", "authorizationManager.class"); + if (UtilValidate.isEmpty(className)) { + className = DEFAULT_SECURITY; + } } else { // Use a customized security className = securityInfo.className; Modified: ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServiceDispatcher.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServiceDispatcher.java?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServiceDispatcher.java (original) +++ ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServiceDispatcher.java Wed Aug 19 18:27:46 2009 @@ -31,6 +31,7 @@ import org.ofbiz.api.authorization.AccessController; import org.ofbiz.api.context.ExecutionContextFactory; +import org.ofbiz.api.context.GenericParametersArtifact; import org.ofbiz.base.config.GenericConfigException; import org.ofbiz.base.util.Debug; import org.ofbiz.base.util.GeneralRuntimeException; @@ -109,11 +110,12 @@ // job manager needs to always be running, but the poller thread does not try { - GenericDelegator origDelegator = this.delegator; - if (!this.delegator.getOriginalDelegatorName().equals(this.delegator.getDelegatorName())) { - origDelegator = DelegatorFactory.getGenericDelegator(this.delegator.getOriginalDelegatorName()); + String delegatorName = this.delegator.getDelegatorName(); + if (!this.delegator.getOriginalDelegatorName().equals(delegatorName)) { + delegatorName = this.delegator.getOriginalDelegatorName(); } - this.jm = JobManager.getInstance(origDelegator, enableJM); + GenericDelegator newDelegator = DelegatorFactory.getGenericDelegator(delegatorName); + this.jm = JobManager.getInstance(newDelegator, enableJM); } catch (GeneralRuntimeException e) { Debug.logWarning(e.getMessage(), module); } @@ -301,21 +303,32 @@ ExecutionContext executionContext = (ExecutionContext) context.get("executionContext"); if (executionContext == null) { try { - executionContext = (ExecutionContext) ExecutionContextFactory.getInstance(); + executionContext = (ExecutionContext) ExecutionContextFactory.getInstance(); } catch (Exception e) { throw new GenericServiceException(e); } context.put("executionContext", executionContext); } - executionContext.initializeContext(context); - executionContext.setDelegator(this.delegator); + GenericDelegator newDelegator = DelegatorFactory.getGenericDelegator(this.delegator.getDelegatorName()); + executionContext.setDelegator(newDelegator); + executionContext.setDispatcher(ctx.getDispatcher()); executionContext.setSecurity(this.security); - executionContext.pushExecutionArtifact(modelService); + executionContext.initializeContext(context); + executionContext.pushExecutionArtifact(new GenericParametersArtifact(modelService, context)); // start the transaction boolean beganTrans = false; try { - AccessController accessController = executionContext.getAccessController(); - accessController.checkPermission(Access); + boolean permissionService = false; + for (ModelServiceIface iface: modelService.implServices) { + if ("permissionInterface".equals(iface.getService())) { + permissionService = true; + break; + } + } + if (!permissionService) { + AccessController accessController = executionContext.getAccessController(); + accessController.checkPermission(Access); + } //Debug.logInfo("=========================== " + modelService.name + " 1 tx status =" + TransactionUtil.getStatusString() + ", modelService.requireNewTransaction=" + modelService.requireNewTransaction + ", modelService.useTransaction=" + modelService.useTransaction + ", TransactionUtil.isTransactionInPlace()=" + TransactionUtil.isTransactionInPlace(), module); if (modelService.useTransaction) { if (TransactionUtil.isTransactionInPlace()) { Added: ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java?rev=805914&view=auto ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java (added) +++ ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java Wed Aug 19 18:27:46 2009 @@ -0,0 +1,110 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.service; + +import java.security.Permission; +import java.util.Map; + +import javolution.util.FastMap; + +import org.ofbiz.base.util.Debug; + +/** + * Service permission class. Invokes a service permission that + * returns hasPermission true or false. + */ +@SuppressWarnings("serial") +public class ServicePermission extends Permission { + + protected final static String module = ServicePermission.class.getName(); + protected final String serviceName; + protected final ExecutionContext executionContext; + + public ServicePermission(String serviceName, ExecutionContext executionContext) { + super("service=" + serviceName); + this.serviceName = serviceName; + this.executionContext = executionContext; + } + + @Override + public boolean equals(Object obj) { + if (obj == this) { + return true; + } + try { + ServicePermission that = (ServicePermission) obj; + return this.serviceName.equals(that.serviceName); + } catch (Exception e) {} + return false; + } + + @Override + public String getActions() { + return null; + } + + @Override + public int hashCode() { + return this.serviceName.hashCode(); + } + + /** Invokes the permission service and returns the result. The + * <code>permission</code> parameter is not used - it has no meaning. + * + */ + @Override + public boolean implies(Permission permission) { + if (this.executionContext.getUserLogin() == null) { + // This is here for development purposes + return true; + } + try { + LocalDispatcher dispatcher = this.executionContext.getDispatcher(); + DispatchContext ctx = dispatcher.getDispatchContext(); + ModelService modelService; + modelService = ctx.getModelService(this.serviceName); + Map<String, Object> context = FastMap.newInstance(); + Map<String, ? extends Object> params = this.executionContext.getParameters(); + if (params != null) { + context.putAll(params); + } + if (!context.containsKey("userLogin")) { + context.put("userLogin", this.executionContext.getUserLogin()); + } + if (!context.containsKey("locale")) { + context.put("locale", this.executionContext.getLocale()); + } + if (!context.containsKey("timeZone")) { + context.put("timeZone", this.executionContext.getTimeZone()); + } + context = modelService.makeValid(context, ModelService.IN_PARAM); + Map<String, Object> result = dispatcher.runSync(this.serviceName, context); + Boolean hasPermission = (Boolean) result.get("hasPermission"); + return hasPermission != null && hasPermission.booleanValue(); + } catch (Exception e) { + Debug.logError(e, module); + } + return false; + } + + @Override + public String toString() { + return this.getName(); + } +} Propchange: ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20090812/framework/service/src/org/ofbiz/service/ServicePermission.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: ofbiz/branches/executioncontext20090812/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20090812/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=805914&r1=805913&r2=805914&view=diff ============================================================================== --- ofbiz/branches/executioncontext20090812/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original) +++ ofbiz/branches/executioncontext20090812/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Wed Aug 19 18:27:46 2009 @@ -36,7 +36,7 @@ import javolution.util.FastMap; -import org.ofbiz.api.context.GenericExecutionArtifact; +import org.ofbiz.api.context.GenericParametersArtifact; import org.ofbiz.base.util.Debug; import org.ofbiz.base.util.SSLUtil; import org.ofbiz.base.util.StringUtil; @@ -146,7 +146,7 @@ ExecutionContext executionContext = (ExecutionContext) request.getAttribute("executionContext"); Locale locale = executionContext.getLocale(); - executionContext.pushExecutionArtifact(new GenericExecutionArtifact(UtilHttp.getFullRequestUrl(request).toString(), cname)); + executionContext.pushExecutionArtifact(new GenericParametersArtifact(UtilHttp.getFullRequestUrl(request).toString(), cname, UtilHttp.getParameterMap(request))); String eventReturn = null; boolean interruptRequest = false; |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |