svn commit: r894961 [1/4] - in /ofbiz/branches/executionconte
Locked
svn commit: r894961 [1/4] - in /ofbiz/branches/executionconte
 
|
Author: adrianc
Date: Fri Jan 1 00:38:52 2010 New Revision: 894961 URL: http://svn.apache.org/viewvc?rev=894961&view=rev Log: Ported over the security-aware artifacts code from the executioncontext20090812 branch. Added: ofbiz/branches/executioncontext20091231/BranchReadMe.txt (with props) ofbiz/branches/executioncontext20091231/framework/api/ ofbiz/branches/executioncontext20091231/framework/api/build.xml ofbiz/branches/executioncontext20091231/framework/api/ofbiz-component.xml (with props) ofbiz/branches/executioncontext20091231/framework/api/src/ ofbiz/branches/executioncontext20091231/framework/api/src/org/ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/NullAuthorizationManager.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionContext.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionContextImpl.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/GenericExecutionArtifact.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/GenericParametersArtifact.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ParametersArtifact.java (with props) ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ThreadContext.java (with props) ofbiz/branches/executioncontext20091231/framework/context/ ofbiz/branches/executioncontext20091231/framework/context/build.xml ofbiz/branches/executioncontext20091231/framework/context/lib/ ofbiz/branches/executioncontext20091231/framework/context/ofbiz-component.xml ofbiz/branches/executioncontext20091231/framework/context/src/ ofbiz/branches/executioncontext20091231/framework/context/src/org/ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AccessControllerImpl.java (with props) ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java (with props) ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/ExecutionContextImpl.java (with props) ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/OFBizPermission.java (with props) ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/PathNode.java (with props) ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareEli.java (with props) ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareIterator.java (with props) ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareList.java (with props) ofbiz/branches/executioncontext20091231/framework/context/src/org/ofbiz/context/SecurityAwareListIterator.java (with props) ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ExecutionContext.java (with props) ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/ThreadContext.java (with props) ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ExecutionContext.java (with props) ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ThreadContext.java (with props) ofbiz/branches/executioncontext20091231/specialpurpose/hhfacility/data/ ofbiz/branches/executioncontext20091231/specialpurpose/hhfacility/data/HhFacilitySecurityData.xml (with props) Modified: ofbiz/branches/executioncontext20091231/.classpath ofbiz/branches/executioncontext20091231/applications/accounting/build.xml ofbiz/branches/executioncontext20091231/applications/accounting/data/AccountingSecurityData.xml ofbiz/branches/executioncontext20091231/applications/content/build.xml ofbiz/branches/executioncontext20091231/applications/content/data/ContentSecurityData.xml ofbiz/branches/executioncontext20091231/applications/humanres/data/HumanResSecurityData.xml ofbiz/branches/executioncontext20091231/applications/manufacturing/build.xml ofbiz/branches/executioncontext20091231/applications/manufacturing/data/ManufacturingSecurityData.xml ofbiz/branches/executioncontext20091231/applications/marketing/build.xml ofbiz/branches/executioncontext20091231/applications/marketing/data/MarketingSecurityData.xml ofbiz/branches/executioncontext20091231/applications/order/build.xml ofbiz/branches/executioncontext20091231/applications/order/data/OrderSecurityData.xml ofbiz/branches/executioncontext20091231/applications/party/build.xml ofbiz/branches/executioncontext20091231/applications/party/data/PartySecurityData.xml ofbiz/branches/executioncontext20091231/applications/product/build.xml ofbiz/branches/executioncontext20091231/applications/product/data/ProductSecurityData.xml ofbiz/branches/executioncontext20091231/applications/securityext/data/UserDemoData.xml ofbiz/branches/executioncontext20091231/applications/workeffort/build.xml ofbiz/branches/executioncontext20091231/applications/workeffort/data/WorkEffortSecurityData.xml ofbiz/branches/executioncontext20091231/framework/bi/build.xml ofbiz/branches/executioncontext20091231/framework/build.xml ofbiz/branches/executioncontext20091231/framework/common/build.xml ofbiz/branches/executioncontext20091231/framework/common/src/org/ofbiz/common/login/LoginServices.java ofbiz/branches/executioncontext20091231/framework/component-load.xml ofbiz/branches/executioncontext20091231/framework/entity/build.xml ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericDelegator.java ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/GenericEntity.java ofbiz/branches/executioncontext20091231/framework/entity/src/org/ofbiz/entity/model/ModelEntity.java ofbiz/branches/executioncontext20091231/framework/entityext/build.xml ofbiz/branches/executioncontext20091231/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java ofbiz/branches/executioncontext20091231/framework/example/data/ExampleSecurityData.xml ofbiz/branches/executioncontext20091231/framework/minilang/build.xml ofbiz/branches/executioncontext20091231/framework/security/build.xml ofbiz/branches/executioncontext20091231/framework/security/config/security.xml ofbiz/branches/executioncontext20091231/framework/security/data/SecurityData.xml ofbiz/branches/executioncontext20091231/framework/security/entitydef/entitymodel.xml ofbiz/branches/executioncontext20091231/framework/security/src/org/ofbiz/security/authz/AuthorizationFactory.java ofbiz/branches/executioncontext20091231/framework/service/build.xml ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ModelService.java ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/ServiceDispatcher.java ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/GenericServiceJob.java ofbiz/branches/executioncontext20091231/framework/service/src/org/ofbiz/service/job/JobPoller.java ofbiz/branches/executioncontext20091231/framework/webapp/build.xml ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java ofbiz/branches/executioncontext20091231/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java ofbiz/branches/executioncontext20091231/framework/webtools/build.xml ofbiz/branches/executioncontext20091231/framework/webtools/data/WebtoolsSecurityData.xml ofbiz/branches/executioncontext20091231/framework/widget/build.xml ofbiz/branches/executioncontext20091231/framework/widget/src/org/ofbiz/widget/form/ModelForm.java ofbiz/branches/executioncontext20091231/framework/widget/src/org/ofbiz/widget/form/ModelFormField.java ofbiz/branches/executioncontext20091231/framework/widget/src/org/ofbiz/widget/screen/ModelScreen.java ofbiz/branches/executioncontext20091231/framework/widget/src/org/ofbiz/widget/screen/ScreenRenderer.java ofbiz/branches/executioncontext20091231/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml ofbiz/branches/executioncontext20091231/specialpurpose/cmssite/data/CmsSiteDemoData.xml ofbiz/branches/executioncontext20091231/specialpurpose/ebay/build.xml ofbiz/branches/executioncontext20091231/specialpurpose/ebay/data/EbaySecurityData.xml ofbiz/branches/executioncontext20091231/specialpurpose/ecommerce/data/DemoOrderPeopleData.xml ofbiz/branches/executioncontext20091231/specialpurpose/ecommerce/data/DemoPurchasing.xml ofbiz/branches/executioncontext20091231/specialpurpose/ecommerce/data/EcommerceTypeData.xml ofbiz/branches/executioncontext20091231/specialpurpose/googlebase/build.xml ofbiz/branches/executioncontext20091231/specialpurpose/googlebase/data/GoogleBaseSecurityData.xml ofbiz/branches/executioncontext20091231/specialpurpose/googlecheckout/build.xml ofbiz/branches/executioncontext20091231/specialpurpose/googlecheckout/data/GoogleCheckoutSecurityData.xml ofbiz/branches/executioncontext20091231/specialpurpose/hhfacility/build.xml ofbiz/branches/executioncontext20091231/specialpurpose/hhfacility/ofbiz-component.xml ofbiz/branches/executioncontext20091231/specialpurpose/myportal/data/MyPortalSecurityData.xml ofbiz/branches/executioncontext20091231/specialpurpose/oagis/build.xml ofbiz/branches/executioncontext20091231/specialpurpose/oagis/data/OagisSecurityData.xml ofbiz/branches/executioncontext20091231/specialpurpose/pos/build.xml ofbiz/branches/executioncontext20091231/specialpurpose/pos/data/DemoRetail.xml ofbiz/branches/executioncontext20091231/specialpurpose/projectmgr/data/ProjectMgrDemoData.xml ofbiz/branches/executioncontext20091231/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml ofbiz/branches/executioncontext20091231/specialpurpose/webpos/build.xml ofbiz/branches/executioncontext20091231/specialpurpose/webpos/data/DemoPosData.xml ofbiz/branches/executioncontext20091231/themes/bizznesstime/data/BizznessTimeThemeData.xml ofbiz/branches/executioncontext20091231/themes/bluelight/data/BlueLightThemeData.xml ofbiz/branches/executioncontext20091231/themes/droppingcrumbs/data/DroppingCrumbsThemeData.xml ofbiz/branches/executioncontext20091231/themes/flatgrey/data/FlatGreyThemeData.xml ofbiz/branches/executioncontext20091231/themes/multiflex/data/MultiflexThemeData.xml Modified: ofbiz/branches/executioncontext20091231/.classpath URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/.classpath?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/.classpath (original) +++ ofbiz/branches/executioncontext20091231/.classpath Fri Jan 1 00:38:52 2010 @@ -180,11 +180,13 @@ <classpathentry kind="src" path="applications/product/src" excluding="ShipmentScaleApplet.java"/> <classpathentry kind="src" path="applications/securityext/src" excluding="org/ofbiz/securityext/thirdparty/truition/TruitionCoReg.java"/> <classpathentry kind="src" path="applications/workeffort/src"/> + <classpathentry kind="src" path="framework/api/src"/> <classpathentry kind="src" path="framework/appserver/src"/> <classpathentry kind="src" path="framework/base/src" excluding="org/ofbiz/base/config/CoberturaInstrumenter.java"/> <classpathentry kind="src" path="framework/bi/src"/> <classpathentry kind="src" path="framework/catalina/src"/> <classpathentry kind="src" path="framework/common/src"/> + <classpathentry kind="src" path="framework/context/src"/> <classpathentry kind="src" path="framework/datafile/src"/> <classpathentry kind="src" path="framework/entity/src" excluding="org/ofbiz/entity/connection/XaPoolConnectionFactory.java"/> <classpathentry kind="src" path="framework/entityext/src"/> Added: ofbiz/branches/executioncontext20091231/BranchReadMe.txt URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/BranchReadMe.txt?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/BranchReadMe.txt (added) +++ ofbiz/branches/executioncontext20091231/BranchReadMe.txt Fri Jan 1 00:38:52 2010 @@ -0,0 +1,65 @@ +ExecutionContext and Security-Aware Artifacts Notes +--------------------------------------------------- + +2009-12-31: I put this text file in the branch as a means +of keeping anyone who is interested updated on the progress +of the branch. + +This branch is an implementation of the Security-Aware Artifacts +design document - + +http://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+Security+Redesign + +and it is a work in progress. + +The ExecutionContext interface is +scattered across several components due to the cross-dependency +or circular-dependency issue. Cross-dependency is when Class +A references Class B, and Class B references Class A, and both +classes are in separate components. There is no way to get them +to compile. The problem is compounded in ExecutionContext because +it references 3 or 4 components. + +The workaround I came up with was to have the lowest level methods +declared in the api component, then have each component extend +the interface and add their methods. It's not pretty, but it works. + +This is where you can find the interfaces: + +org.ofbiz.api.context.ExecutionContext + org.ofbiz.entity.ExecutionContext + org.ofbiz.service.ExecutionContext + +When the cross-dependency issues are solved, all of the extended +interfaces will be consolidated into one. + +The interface implementations can be found in the context component. + +The ultimate goal of ExecutionContext is to have all client code +get the contained objects from ExecutionContext only - instead of +getting them from the various classes now in use. This initial +implementation focuses more on the ExecutionContext's role as +a means of tracking the execution path - which is needed for the +security-aware artifacts. + +The AuthorizationManager and AccessController interfaces are based +on the java.security.* classes, and they are intended to be +implementation-agnostic. OFBiz will have an implementation based +on the entity engine, but the goal is to be able to swap out that +implementation with another. + +If you want to see the ExecutionContext and AccessController in +action, change the settings in api.properties. You will see info +messages in the console log. + +I added a security-aware Freemarker transform. Template +sections can be controlled with: + +<@ofbizSecurity permission="view" artifactId="thisTemplate">Some text</@ofbizSecurity> + +If the user has permission to view the artifact, then "Some text" +will be rendered. + +The Authorization Manager is mostly working. Filtering +EntityListIterator values is not implemented due to architectural +problems. Propchange: ofbiz/branches/executioncontext20091231/BranchReadMe.txt ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/BranchReadMe.txt ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/BranchReadMe.txt ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: ofbiz/branches/executioncontext20091231/applications/accounting/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/accounting/build.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/accounting/build.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/accounting/build.xml Fri Jan 1 00:38:52 2010 @@ -30,6 +30,7 @@ <property name="ofbiz.home.dir" value="../.."/> <path id="local.class.path"> + <fileset dir="../../framework/api/build/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib/commons" includes="*.jar"/> <fileset dir="../../framework/base/lib/j2eespecs" includes="*.jar"/> Modified: ofbiz/branches/executioncontext20091231/applications/accounting/data/AccountingSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/accounting/data/AccountingSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/accounting/data/AccountingSecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/accounting/data/AccountingSecurityData.xml Fri Jan 1 00:38:52 2010 @@ -130,4 +130,16 @@ <SecurityGroupPermission groupId="ACCTG_FUNCTNL_ADMIN" permissionId="ACCOUNTING_UPDATE"/> <SecurityGroupPermission groupId="ACCTG_FUNCTNL_ADMIN" permissionId="ACCOUNTING_VIEW"/> + <ArtifactPath artifactPath="ofbiz/accounting" description="Accounting Application"/> + <ArtifactPath artifactPath="ofbiz/ap" description="Accounts Payable Application"/> + <ArtifactPath artifactPath="ofbiz/ar" description="Accounts Receivable Application"/> + + <!-- Data needed for the transition to security-aware artifacts. As each webapp + is converted over to the new security design, the corresponding admin + permission should be removed. --> + + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/accounting" permissionValue="admin=true"/> + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ap" permissionValue="admin=true"/> + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ar" permissionValue="admin=true"/> + </entity-engine-xml> Modified: ofbiz/branches/executioncontext20091231/applications/content/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/content/build.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/content/build.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/content/build.xml Fri Jan 1 00:38:52 2010 @@ -32,6 +32,7 @@ <path id="local.class.path"> <fileset dir="${lib.dir}" includes="*.jar"/> <fileset dir="${lib.dir}/uno" includes="*.jar"/> + <fileset dir="../../framework/api/build/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib/commons" includes="*.jar"/> <fileset dir="../../framework/base/lib/j2eespecs" includes="*.jar"/> Modified: ofbiz/branches/executioncontext20091231/applications/content/data/ContentSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/content/data/ContentSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/content/data/ContentSecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/content/data/ContentSecurityData.xml Fri Jan 1 00:38:52 2010 @@ -47,4 +47,13 @@ <SecurityPermission description="Send to the Control Applet." permissionId="SEND_CONTROL_APPLET"/> <SecurityGroupPermission groupId="FULLADMIN" permissionId="SEND_CONTROL_APPLET"/> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SEND_CONTROL_APPLET"/> + + <ArtifactPath artifactPath="ofbiz/content" description="Content Manager Application"/> + + <!-- Data needed for the transition to security-aware artifacts. As each webapp + is converted over to the new security design, the corresponding admin + permission should be removed. --> + + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/content" permissionValue="admin=true"/> + </entity-engine-xml> Modified: ofbiz/branches/executioncontext20091231/applications/humanres/data/HumanResSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/humanres/data/HumanResSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/humanres/data/HumanResSecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/humanres/data/HumanResSecurityData.xml Fri Jan 1 00:38:52 2010 @@ -30,4 +30,13 @@ <SecurityGroupPermission groupId="FLEXADMIN" permissionId="HUMANRES_VIEW"/> <SecurityGroupPermission groupId="VIEWADMIN" permissionId="HUMANRES_VIEW"/> <SecurityGroupPermission groupId="BIZADMIN" permissionId="HUMANRES_ADMIN"/> + + <ArtifactPath artifactPath="ofbiz/humanres" description="Human Resources Application"/> + + <!-- Data needed for the transition to security-aware artifacts. As each webapp + is converted over to the new security design, the corresponding admin + permission should be removed. --> + + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/humanres" permissionValue="admin=true"/> + </entity-engine-xml> Modified: ofbiz/branches/executioncontext20091231/applications/manufacturing/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/manufacturing/build.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/manufacturing/build.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/manufacturing/build.xml Fri Jan 1 00:38:52 2010 @@ -31,6 +31,7 @@ <path id="local.class.path"> <!-- <fileset dir="${lib.dir}" includes="*.jar"/> --> + <fileset dir="../../framework/api/build/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib/j2eespecs" includes="*.jar"/> <fileset dir="../../framework/base/build/lib" includes="*.jar"/> Modified: ofbiz/branches/executioncontext20091231/applications/manufacturing/data/ManufacturingSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/manufacturing/data/ManufacturingSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/manufacturing/data/ManufacturingSecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/manufacturing/data/ManufacturingSecurityData.xml Fri Jan 1 00:38:52 2010 @@ -32,4 +32,13 @@ <SecurityGroupPermission groupId="FLEXADMIN" permissionId="MANUFACTURING_VIEW"/> <SecurityGroupPermission groupId="VIEWADMIN" permissionId="MANUFACTURING_VIEW"/> <SecurityGroupPermission groupId="BIZADMIN" permissionId="MANUFACTURING_ADMIN"/> + + <ArtifactPath artifactPath="ofbiz/manufacturing" description="Manufacturing Application"/> + + <!-- Data needed for the transition to security-aware artifacts. As each webapp + is converted over to the new security design, the corresponding admin + permission should be removed. --> + + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/manufacturing" permissionValue="admin=true"/> + </entity-engine-xml> Modified: ofbiz/branches/executioncontext20091231/applications/marketing/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/marketing/build.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/marketing/build.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/marketing/build.xml Fri Jan 1 00:38:52 2010 @@ -30,6 +30,7 @@ <property name="ofbiz.home.dir" value="../.."/> <path id="local.class.path"> + <fileset dir="../../framework/api/build/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib/j2eespecs" includes="*.jar"/> <fileset dir="../../framework/base/build/lib" includes="*.jar"/> Modified: ofbiz/branches/executioncontext20091231/applications/marketing/data/MarketingSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/marketing/data/MarketingSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/marketing/data/MarketingSecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/marketing/data/MarketingSecurityData.xml Fri Jan 1 00:38:52 2010 @@ -50,6 +50,15 @@ <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SFA_VIEW"/> <SecurityGroupPermission groupId="VIEWADMIN" permissionId="SFA_VIEW"/> <SecurityGroupPermission groupId="BIZADMIN" permissionId="SFA_ADMIN"/> - + + <ArtifactPath artifactPath="ofbiz/marketing" description="Marketing Application"/> + <ArtifactPath artifactPath="ofbiz/SalesForceAutomation" description="Sales Force Automation Application"/> + + <!-- Data needed for the transition to security-aware artifacts. As each webapp + is converted over to the new security design, the corresponding admin + permission should be removed. --> + + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/marketing" permissionValue="admin=true"/> + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/SalesForceAutomation" permissionValue="admin=true"/> </entity-engine-xml> Modified: ofbiz/branches/executioncontext20091231/applications/order/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/order/build.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/order/build.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/order/build.xml Fri Jan 1 00:38:52 2010 @@ -31,6 +31,7 @@ <path id="local.class.path"> <!--<fileset dir="${lib.dir}" includes="*.jar"/>--> + <fileset dir="../../framework/api/build/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib/commons" includes="*.jar"/> <fileset dir="../../framework/base/lib/j2eespecs" includes="*.jar"/> Modified: ofbiz/branches/executioncontext20091231/applications/order/data/OrderSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/order/data/OrderSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/order/data/OrderSecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/order/data/OrderSecurityData.xml Fri Jan 1 00:38:52 2010 @@ -146,4 +146,13 @@ <SecurityGroupPermission groupId="ORDERENTRY_ALL" permissionId="ORDERMGR_SEND_CONFIRMATION"/> <SecurityGroupPermission groupId="ORDERENTRY_ALL" permissionId="OFBTOOLS_VIEW"/> <SecurityGroupPermission groupId="ORDERENTRY_ALL" permissionId="ORDERMGR_CRQ_CREATE"/> + + <ArtifactPath artifactPath="ofbiz/order" description="Order Application"/> + + <!-- Data needed for the transition to security-aware artifacts. As each webapp + is converted over to the new security design, the corresponding admin + permission should be removed. --> + + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/order" permissionValue="admin=true"/> + </entity-engine-xml> Modified: ofbiz/branches/executioncontext20091231/applications/party/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/party/build.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/party/build.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/party/build.xml Fri Jan 1 00:38:52 2010 @@ -31,6 +31,7 @@ <path id="local.class.path"> <!--<fileset dir="${lib.dir}" includes="*.jar"/>--> + <fileset dir="../../framework/api/build/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib/j2eespecs" includes="*.jar"/> <fileset dir="../../framework/base/build/lib" includes="*.jar"/> Modified: ofbiz/branches/executioncontext20091231/applications/party/data/PartySecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/party/data/PartySecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/party/data/PartySecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/party/data/PartySecurityData.xml Fri Jan 1 00:38:52 2010 @@ -92,4 +92,12 @@ <SecurityGroup description="Security Admin group, has all permissions to modify security settings in party manager." groupId="SECURITYADMIN"/> <SecurityGroupPermission groupId="SECURITYADMIN" permissionId="SECURITY_ADMIN"/> + <ArtifactPath artifactPath="ofbiz/party" description="Party Manager Application"/> + + <!-- Data needed for the transition to security-aware artifacts. As each webapp + is converted over to the new security design, the corresponding admin + permission should be removed. --> + + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/party" permissionValue="admin=true"/> + </entity-engine-xml> Modified: ofbiz/branches/executioncontext20091231/applications/product/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/product/build.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/product/build.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/product/build.xml Fri Jan 1 00:38:52 2010 @@ -31,6 +31,7 @@ <path id="local.class.path"> <!--<fileset dir="${lib.dir}" includes="*.jar"/>--> + <fileset dir="../../framework/api/build/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib/commons" includes="*.jar"/> <fileset dir="../../framework/base/lib/j2eespecs" includes="*.jar"/> Modified: ofbiz/branches/executioncontext20091231/applications/product/data/ProductSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/product/data/ProductSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/product/data/ProductSecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/product/data/ProductSecurityData.xml Fri Jan 1 00:38:52 2010 @@ -92,4 +92,15 @@ <SecurityGroupPermission groupId="FLEXADMIN" permissionId="FACILITY_VIEW"/> <SecurityGroupPermission groupId="VIEWADMIN" permissionId="FACILITY_VIEW"/> <SecurityGroupPermission groupId="BIZADMIN" permissionId="FACILITY_ADMIN"/> + + <ArtifactPath artifactPath="ofbiz/catalog" description="Catalog Manager Application"/> + <ArtifactPath artifactPath="ofbiz/facility" description="Facility Manager Application"/> + + <!-- Data needed for the transition to security-aware artifacts. As each webapp + is converted over to the new security design, the corresponding admin + permission should be removed. --> + + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/catalog" permissionValue="admin=true"/> + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/facility" permissionValue="admin=true"/> + </entity-engine-xml> Modified: ofbiz/branches/executioncontext20091231/applications/securityext/data/UserDemoData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/securityext/data/UserDemoData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/securityext/data/UserDemoData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/securityext/data/UserDemoData.xml Fri Jan 1 00:38:52 2010 @@ -86,4 +86,15 @@ <UserLoginSecurityGroup groupId="VIEWADMIN" userLoginId="ltdadmin1" fromDate="2001-01-01 12:00:00.0"/> <UserLoginSecurityGroup groupId="BIZADMIN" userLoginId="bizadmin" fromDate="2001-01-01 12:00:00.0"/> + <UserToUserGroupRel userLoginId="anonymous" groupId="OFBIZ_USERS"/> + <UserToUserGroupRel userLoginId="system" groupId="OFBIZ_USERS"/> + <UserToUserGroupRel userLoginId="admin" groupId="OFBIZ_USERS"/> + <UserToUserGroupRel userLoginId="flexadmin" groupId="OFBIZ_USERS"/> + <UserToUserGroupRel userLoginId="demoadmin" groupId="OFBIZ_USERS"/> + <UserToUserGroupRel userLoginId="ltdadmin" groupId="OFBIZ_USERS"/> + <UserToUserGroupRel userLoginId="ltdadmin1" groupId="OFBIZ_USERS"/> + <UserToUserGroupRel userLoginId="bizadmin" groupId="OFBIZ_USERS"/> + + <UserToArtifactPermRel userLoginId="admin" artifactPath="ofbiz" permissionValue="admin=true"/> + </entity-engine-xml> Modified: ofbiz/branches/executioncontext20091231/applications/workeffort/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/workeffort/build.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/workeffort/build.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/workeffort/build.xml Fri Jan 1 00:38:52 2010 @@ -31,6 +31,7 @@ <path id="local.class.path"> <!--<fileset dir="${lib.dir}" includes="*.jar"/>--> + <fileset dir="../../framework/api/build/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib" includes="*.jar"/> <fileset dir="../../framework/base/lib/j2eespecs" includes="*.jar"/> <fileset dir="../../framework/base/lib/scripting" includes="*.jar"/> Modified: ofbiz/branches/executioncontext20091231/applications/workeffort/data/WorkEffortSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/applications/workeffort/data/WorkEffortSecurityData.xml?rev=894961&r1=894960&r2=894961&view=diff ============================================================================== --- ofbiz/branches/executioncontext20091231/applications/workeffort/data/WorkEffortSecurityData.xml (original) +++ ofbiz/branches/executioncontext20091231/applications/workeffort/data/WorkEffortSecurityData.xml Fri Jan 1 00:38:52 2010 @@ -48,4 +48,15 @@ <SecurityGroupPermission groupId="WORKEFFORT_USER" permissionId="WORKEFFORTMGR_ROLE_UPDATE"/> <SecurityGroupPermission groupId="WORKEFFORT_USER" permissionId="WORKEFFORTMGR_ROLE_DELETE"/> + <ArtifactPath artifactPath="ofbiz/workeffort" description="Work Effort Application"/> + <ArtifactPath artifactPath="ofbiz/ical" description="iCalendar Public URL"/> + <UserToArtifactPermRel userLoginId="NOT_LOGGED_IN" artifactPath="ofbiz/ical" permissionValue="view=true"/> + + <!-- Data needed for the transition to security-aware artifacts. As each webapp + is converted over to the new security design, the corresponding admin + permission should be removed. --> + + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/workeffort" permissionValue="admin=true"/> + <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ical" permissionValue="admin=true"/> + </entity-engine-xml> Added: ofbiz/branches/executioncontext20091231/framework/api/build.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/build.xml?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/build.xml (added) +++ ofbiz/branches/executioncontext20091231/framework/api/build.xml Fri Jan 1 00:38:52 2010 @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> + +<project name="OFBiz - Framework API" default="jar" basedir="."> + <import file="../../common.xml"/> + + <!-- ================================================================== --> + <!-- Initialization of all property settings --> + <!-- ================================================================== --> + + <property name="name" value="ofbiz-api"/> + <property name="ofbiz.home.dir" value="../.."/> + + <path id="local.class.path"> + <fileset dir="${lib.dir}" includes="*.jar"/> + <fileset dir="../base/lib" includes="*.jar"/> + <fileset dir="../base/lib/commons" includes="*.jar"/> + <fileset dir="../base/lib/j2eespecs" includes="*.jar"/> + <fileset dir="../base/lib/scripting" includes="*.jar"/> + <fileset dir="../base/build/lib" includes="*.jar"/> + </path> + + <!-- ================================================================== --> + <!-- Compilation of the source files --> + <!-- ================================================================== --> + + <target name="jar" depends="classes"> + <jar jarfile="${build.dir}/lib/${name}.jar"> + <fileset dir="${build.dir}/classes"/> + <fileset dir="${src.dir}"> + <include name="**/*.properties,**/*.xml,**/*.bsh,**/*.logic,**/*.js,**/*.jacl,**/*.py"/> + <include name="META-INF/**"/> + </fileset> + <!-- now add the NOTICE and LICENSE files to allow the jar file to be distributed alone --> + <zipfileset dir="${ofbiz.home.dir}" prefix="META-INF" includes="NOTICE,LICENSE"/> + </jar> + </target> + + <!-- ================================================================== --> + <!-- Build JavaDoc --> + <!-- ================================================================== --> + + <target name="docs" depends="prepare-docs"> + <javadoc packagenames="org.ofbiz.base.*" + classpathref="local.class.path" + destdir="${build.dir}/javadocs" + Windowtitle="Open for Business - Framework API"> + <sourcepath path="${src.dir}"/> + </javadoc> + </target> +</project> Added: ofbiz/branches/executioncontext20091231/framework/api/ofbiz-component.xml URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/ofbiz-component.xml?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/ofbiz-component.xml (added) +++ ofbiz/branches/executioncontext20091231/framework/api/ofbiz-component.xml Fri Jan 1 00:38:52 2010 @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> + +<ofbiz-component name="api" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/ofbiz-component.xsd"> + <resource-loader name="main" type="component"/> + <classpath type="jar" location="build/lib/*"/> + <classpath type="dir" location="config"/> + <classpath type="jar" location="lib/*"/> +</ofbiz-component> Propchange: ofbiz/branches/executioncontext20091231/framework/api/ofbiz-component.xml ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/ofbiz-component.xml ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/ofbiz-component.xml ------------------------------------------------------------------------------ svn:mime-type = text/xml Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,68 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.AccessControlException; +import java.security.Permission; +import java.util.List; +import java.util.ListIterator; + +/** AccessController interface. This interface is intended to + * separate the permissions-checking logic from the artifacts + * that use it. + */ +public interface AccessController { + + /** Returns silently if the user has been granted <code>permission</code> + * access for the current artifact, throws <code>AccessControlException</code> + * otherwise.<p>Security-aware artifacts call this + * method with the desired permission. If access is granted the + * method returns, otherwise it throws an unchecked exception. + * Higher level code can catch the exception and handle it accordingly.</p> + * + * @param permission The permission to check + * @throws AccessControlException + */ + public void checkPermission(Permission permission) throws AccessControlException; + + /** Applies permission filters to a <code>List</code>. The + * returned <code>List</code> is security-aware, so methods + * that return an <code>Object</code> will return only the + * objects the user has permission to access. + * + * @param list The <code>List</code> to apply filters to + * @return A security-aware <code>List</code> if filters + * were specified for the current artifact, or the original + * <code>List</code> otherwise + */ + public <E> List<E> applyFilters(List<E> list); + + /** Applies permission filters to a <code>ListIterator</code>. The + * returned <code>ListIterator</code> is security-aware, so methods + * that return an <code>Object</code> will return only the + * objects the user has permission to access. + * + * @param list The <code>ListIterator</code> to apply filters to + * @return A security-aware <code>ListIterator</code> if filters + * were specified for the current artifact, or the original + * <code>ListIterator</code> otherwise + */ + public <E> ListIterator<E> applyFilters(ListIterator<E> list); + +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AccessController.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,68 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.Permission; + +/** + * Admin permission class. Extends BasicPermission. + */ +@SuppressWarnings("serial") +public class AdminPermission extends BasicPermission { + + public AdminPermission() { + super("admin=true"); + } + + @Override + public boolean equals(Object obj) { + if (obj == this) { + return true; + } + try { + AdminPermission that = (AdminPermission) obj; + return this.permissionString.equals(that.permissionString); + } catch (Exception e) {} + return false; + } + + @Override + public String getActions() { + return null; + } + + @Override + public int hashCode() { + return this.permissionString.hashCode(); + } + + /** Returns <code>true</code> - the admin permission has + * no restrictions. + * + */ + @Override + public boolean implies(Permission permission) { + return true; + } + + @Override + public String toString() { + return this.permissionString; + } +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AdminPermission.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,55 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.AccessControlException; +import java.security.Permission; + +/** + * AuthorizationManager interface. + */ +public interface AuthorizationManager { + + // Get the access controller for an artifact/user combination + public AccessController getAccessController () throws AccessControlException; + + // User methods + public void createUser(String userLoginId, String password); + public void updateUser(String userLoginId, String password); + public void deleteUser(String userLoginId); + + // User Group methods + public String createUserGroup(String description); + public void updateUserGroup(String userGroupId, String description); + public void deleteUserGroup(String userGroupId); + + // User Group Assignment methods + public void assignUserToGroup(String userLoginId, String userGroupId); + public void deleteUserFromGroup(String userLoginId, String userGroupId); + public void assignGroupToGroup(String childGroupId, String parentGroupId); + public void deleteGroupFromGroup(String childGroupId, String parentGroupId); + + // Permission Assignment methods + public void assignUserPermission(String userLoginId, String artifactId, Permission permission); + public void deleteUserPermission(String userLoginId, String artifactId, Permission permission); + public void assignGroupPermission(String userGroupId, String artifactId, Permission permission); + public void deleteGroupPermission(String userGroupId, String artifactId, Permission permission); + + +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/AuthorizationManager.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,85 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.Permission; + +/** + * Generic permission class. Similar to java.security.BasicPermission. + */ +@SuppressWarnings("serial") +public class BasicPermission extends Permission { + + protected final String permissionString; + + public BasicPermission(String permissionString) { + super(permissionString); + this.permissionString = permissionString; + } + + @Override + public boolean equals(Object obj) { + if (obj == this) { + return true; + } + try { + BasicPermission that = (BasicPermission) obj; + return this.permissionString.equals(that.permissionString); + } catch (Exception e) {} + return false; + } + + @Override + public String getActions() { + return null; + } + + @Override + public int hashCode() { + return this.permissionString.hashCode(); + } + + @Override + public boolean implies(Permission permission) { + try { + PermissionsUnion permissionsUnion = (PermissionsUnion) permission; + for (Permission perm : permissionsUnion.getPermissionsSet()) { + if (this.implies(perm)) { + return true; + } + } + return false; + } catch (Exception e) {} + try { + PermissionsIntersection permissionsIntersection = (PermissionsIntersection) permission; + for (Permission perm : permissionsIntersection.getPermissionsSet()) { + if (!this.implies(perm)) { + return false; + } + } + return true; + } catch (Exception e) {} + return this.equals(permission); + } + + @Override + public String toString() { + return this.permissionString; + } +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermission.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,49 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.Permission; +import java.util.Map; + +import javolution.util.FastMap; + +/** + * A collection of basic permissions. + */ +public class BasicPermissions { + + public static final Permission Access = new BasicPermission("access=true"); + public static final Permission Admin = new AdminPermission(); + public static final Permission Create = new BasicPermission("create=true"); + public static final Permission Delete = new BasicPermission("delete=true"); + public static final Permission Update = new BasicPermission("update=true"); + public static final Permission View = new BasicPermission("view=true"); + public static final Map<String, Permission> ConversionMap = createConversionMap(); + + protected static Map<String, Permission> createConversionMap() { + Map<String, Permission> conversionMap = FastMap.newInstance(); + conversionMap.put("ACCESS", Access); + conversionMap.put("ADMIN", Admin); + conversionMap.put("CREATE", Create); + conversionMap.put("DELETE", Delete); + conversionMap.put("UPDATE", Update); + conversionMap.put("VIEW", View); + return conversionMap; + } +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/BasicPermissions.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/NullAuthorizationManager.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/NullAuthorizationManager.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/NullAuthorizationManager.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/NullAuthorizationManager.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,132 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.AccessControlException; +import java.security.Permission; +import java.util.List; +import java.util.ListIterator; + +import org.ofbiz.api.context.ThreadContext; +import org.ofbiz.base.util.Debug; +import org.ofbiz.base.util.UtilProperties; + +/** An implementation of <code>AuthorizationManager</code> that allows + * unrestricted access to all security-aware artifacts. This class + * is intended to be used in situations where user permissions are + * not available or accessible (the initial data load for example). + * <p>Extreme care should be taken when using this class so that + * security holes are not introduced. A recommended strategy is:<br><br> + * <ul> + * <li>Save the current <code>AuthorizationManager</code> instance in + * a local variable - using <code>ExecutionContext.getSecurity()</code>.</li> + * <li>Call <code>ExecutionContext.setSecurity(...)</code> with a + * <code>NullAuthorizationManager</code> instance.</li> + * <li>Perform the unrestricted tasks.</li> + * <li>Restore the original <code>AuthorizationManager</code> by + * calling <code>ExecutionContext.setSecurity(...)</code> with the + * saved <code>AuthorizationManager</code> instance.</li> + * </ul></p> + * + */ +public class NullAuthorizationManager implements AuthorizationManager { + + protected static final String module = NullAuthorizationManager.class.getName(); + protected static final AccessController nullAccessController = new NullAccessController(); + + public void assignGroupPermission(String userGroupId, String artifactId, + Permission permission) { + } + + public void assignGroupToGroup(String childGroupId, String parentGroupId) { + } + + public void assignUserPermission(String userLoginId, String artifactId, + Permission permission) { + } + + public void assignUserToGroup(String userLoginId, String userGroupId) { + } + + public void createUser(String userLoginId, String password) { + } + + public String createUserGroup(String description) { + return null; + } + + public void deleteGroupFromGroup(String childGroupId, String parentGroupId) { + } + + public void deleteGroupPermission(String userGroupId, String artifactId, + Permission permission) { + } + + public void deleteUser(String userLoginId) { + } + + public void deleteUserFromGroup(String userLoginId, String userGroupId) { + } + + public void deleteUserGroup(String userGroupId) { + } + + public void deleteUserPermission(String userLoginId, String artifactId, + Permission permission) { + } + + public void updateUser(String userLoginId, String password) { + } + + public void updateUserGroup(String userGroupId, String description) { + } + + public AccessController getAccessController() throws AccessControlException { + return nullAccessController; + } + + /** An implementation of the <code>AccessController</code> interface + * that allows unrestricted access to all security-aware artifacts. + */ + protected static class NullAccessController implements AccessController { + + // Temporary - will be removed later + protected boolean verbose = false; + protected NullAccessController() { + this.verbose = "true".equals(UtilProperties.getPropertyValue("api.properties", "authorizationManager.verbose")); + } + + public <E> List<E> applyFilters(List<E> list) { + return list; + } + + public <E> ListIterator<E> applyFilters(ListIterator<E> list) { + return list; + } + + public void checkPermission(Permission permission) throws AccessControlException { + if (this.verbose) { + Debug.logInfo("Checking permission: " + ThreadContext.getExecutionPath() + "[" + permission + "]", module); + Debug.logInfo("Found permission(s): " + + "null-access-controller@" + ThreadContext.getExecutionPath() + "[admin=true]", module); + } + } + } + +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/NullAuthorizationManager.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/NullAuthorizationManager.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/NullAuthorizationManager.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,82 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.io.IOException; +import java.security.AccessControlException; +import java.security.Permission; +import java.util.Map; + +import org.ofbiz.api.context.ThreadContext; +import org.ofbiz.base.util.Debug; + +import freemarker.core.Environment; +import freemarker.ext.beans.BeanModel; +import freemarker.template.SimpleScalar; +import freemarker.template.Template; +import freemarker.template.TemplateDirectiveBody; +import freemarker.template.TemplateException; +import freemarker.template.TemplateModel; +import freemarker.template.TemplateDirectiveModel; + +/** + * OfbizSecurityTransform - Security-aware Freemarker transform. + */ +public class OfbizSecurityTransform implements TemplateDirectiveModel { + + public final static String module = OfbizSecurityTransform.class.getName(); + + @SuppressWarnings("unchecked") + public void execute(Environment env, Map params, TemplateModel[] loopVars, TemplateDirectiveBody body) throws TemplateException, IOException { + if (body == null) { + return; + } + SimpleScalar obj = (SimpleScalar) params.get("artifactId"); + if (obj == null) { + Debug.logError("artifactId parameter not found, unable to execute transform", module); + return; + } + String artifactId = obj.getAsString(); + obj = (SimpleScalar) params.get("permission"); + if (obj == null) { + Debug.logError("permission parameter not found, unable to execute transform", module); + return; + } + String permStr = obj.getAsString(); + Permission permission = BasicPermissions.ConversionMap.get(permStr.toUpperCase()); + if (permission == null) { + Debug.logError("Unknown permission \"" + permStr + "\", unable to execute transform", module); + return; + } + BeanModel contextBean = (BeanModel)env.getVariable("executionContext"); + if (contextBean == null) { + Debug.logError("ExecutionContext not found, unable to execute transform", module); + return; + } + Template template = env.getTemplate(); + String location = template.getName(); + ThreadContext.pushExecutionArtifact(location, artifactId); + AccessController accessController = ThreadContext.getAccessController(); + try { + accessController.checkPermission(permission); + body.render(env.getOut()); + } catch (AccessControlException e) {} + ThreadContext.popExecutionArtifact(); + } +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,68 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.Permission; +import java.util.List; + +/** + * A <code>Set</code> of permissions that represents an intersection. + */ +@SuppressWarnings("serial") +public class PermissionsIntersection extends PermissionsSet { + + public PermissionsIntersection(String listName) { + super(listName); + } + + public PermissionsIntersection(String listName, List<Permission> permissionsList) { + super(listName, permissionsList); + } + + /** Returns <code>true</code> if all of the contained permissions + * return <code>true</code>. + */ + @Override + public boolean implies(Permission permission) { + try { + PermissionsUnion permissionsUnion = (PermissionsUnion) permission; + for (Permission perm : permissionsUnion.getPermissionsSet()) { + if (this.implies(perm)) { + return true; + } + } + return false; + } catch (Exception e) {} + try { + PermissionsIntersection permissionsIntersection = (PermissionsIntersection) permission; + for (Permission perm : permissionsIntersection.getPermissionsSet()) { + if (!this.implies(perm)) { + return false; + } + } + return true; + } catch (Exception e) {} + for (Permission perm : this.permissionsSet) { + if (!perm.implies(permission)) { + return false; + } + } + return true; + } +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsIntersection.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,79 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.Permission; +import java.util.List; +import java.util.Set; + +import javolution.util.FastSet; + +/** + * A <code>Set</code> of permissions. + */ +@SuppressWarnings("serial") +public abstract class PermissionsSet extends BasicPermission { + + protected final Set<Permission> permissionsSet = FastSet.newInstance(); + + public PermissionsSet(String setName) { + super(setName); + } + + public PermissionsSet(String setName, List<Permission> permissionsList) { + super(setName); + this.permissionsSet.addAll(permissionsList); + } + + @Override + public boolean equals(Object obj) { + if (obj == this) { + return true; + } + try { + PermissionsSet that = (PermissionsSet) obj; + return this.permissionsSet.equals(that.permissionsSet); + } catch (Exception e) {} + return false; + } + + @Override + public String getActions() { + return null; + } + + @Override + public int hashCode() { + return permissionsSet.hashCode(); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + for (Permission perm : this.permissionsSet) { + sb.append(perm); + sb.append(" "); + } + return sb.toString().trim(); + } + + public Set<Permission> getPermissionsSet() { + return this.permissionsSet; + } +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsSet.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,68 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.authorization; + +import java.security.Permission; +import java.util.List; + +/** + * A <code>Set</code> of permissions that represent a union. + */ +@SuppressWarnings("serial") +public class PermissionsUnion extends PermissionsSet { + + public PermissionsUnion(String listName) { + super(listName); + } + + public PermissionsUnion(String listName, List<Permission> permissionsList) { + super(listName, permissionsList); + } + + /** Returns <code>true</code> if any of the contained permissions + * returns <code>true</code>. + */ + @Override + public boolean implies(Permission permission) { + try { + PermissionsUnion permissionsUnion = (PermissionsUnion) permission; + for (Permission perm : permissionsUnion.getPermissionsSet()) { + if (this.implies(perm)) { + return true; + } + } + return false; + } catch (Exception e) {} + try { + PermissionsIntersection permissionsIntersection = (PermissionsIntersection) permission; + for (Permission perm : permissionsIntersection.getPermissionsSet()) { + if (!this.implies(perm)) { + return false; + } + } + return true; + } catch (Exception e) {} + for (Permission perm : this.permissionsSet) { + if (perm.implies(permission)) { + return true; + } + } + return false; + } +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/authorization/PermissionsUnion.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java URL: http://svn.apache.org/viewvc/ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java?rev=894961&view=auto ============================================================================== --- ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java (added) +++ ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java Fri Jan 1 00:38:52 2010 @@ -0,0 +1,40 @@ +/******************************************************************************* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + *******************************************************************************/ +package org.ofbiz.api.context; + +/** ExecutionArtifact interface. Artifacts in the program's execution + * path (services, screen widgets, form widgets, entities) should implement + * this interface. + */ +public interface ExecutionArtifact { + + /** + * Returns the location of this artifact. + * + * @return Location of this artifact + */ + public String getLocation(); + + /** + * Returns the name of this artifact. + * + * @return Name of this artifact + */ + public String getName(); +} Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java ------------------------------------------------------------------------------ svn:keywords = "Date Rev Author URL Id" Propchange: ofbiz/branches/executioncontext20091231/framework/api/src/org/ofbiz/api/context/ExecutionArtifact.java ------------------------------------------------------------------------------ svn:mime-type = text/plain |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |