Permalink
Browse files

ISIS-290: IsisPermission stuff, fixes for archetype

* missing license files for archetype
- remove AboutPageFilter from archetype
  • Loading branch information...
1 parent b09d1d2 commit ed3acebb47704dbb946c17ae0e9eff09f51e51ca @danhaywood danhaywood committed Jan 6, 2013
Showing with 475 additions and 455 deletions.
  1. +13 −0 component/security/shiro/pom.xml
  2. +0 −90 component/security/shiro/src/main/appended-resources/supplemental-models.xml
  3. +7 −10 ...t/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java
  4. +0 −3 component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroConstants.java
  5. +0 −1 .../main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticationManagerInstaller.java
  6. +120 −0 ...ent/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java
  7. +30 −0 ...rity/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java
  8. +0 −1 ...rc/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizationManagerInstaller.java
  9. +0 −44 ...main/java/org/apache/isis/security/shiro/web/IsisShiroSecurityManagerThreadLocalBinderFilter.java
  10. +0 −44 component/security/shiro/src/site/apt/index.apt
  11. +0 −24 component/security/shiro/src/site/apt/jottings.apt
  12. +0 −41 component/security/shiro/src/site/site.xml
  13. +58 −0 ...nent/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java
  14. +45 −23 ...g/apache/isis/security/shiro/{WildcardPermissionTest.java → IsisPermissionTest_typicalUsage.java}
  15. +36 −87 ...curity/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest.java
  16. +20 −3 component/security/shiro/src/test/resources/shiro.ini
  17. +17 −0 example/application/quickstart_wicket_restful_jdo/dom/log4j.properties
  18. +18 −0 example/application/quickstart_wicket_restful_jdo/dom/src/main/java/META-INF/persistence.xml
  19. +18 −0 example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditEntry.java
  20. +18 −0 example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/audit/AuditServiceDemo.java
  21. +1 −3 example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItem.java
  22. +0 −1 example/application/quickstart_wicket_restful_jdo/dom/src/main/java/dom/todo/ToDoItems.java
  23. +0 −1 ...pplication/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixture.java
  24. +0 −1 ...on/quickstart_wicket_restful_jdo/fixture/src/main/java/fixture/todo/ToDoItemsFixturesService.java
  25. +0 −1 ...tion/quickstart_wicket_restful_jdo/objstore-jdo/src/main/java/objstore/jdo/todo/ToDoItemsJdo.java
  26. +0 −35 ...le/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/AboutPageFilter.java
  27. +18 −0 ...rt_wicket_restful_jdo/viewer-webapp/src/main/java/app/ComponentFactoryRegistrarForQuickStart.java
  28. +21 −4 ...lication/quickstart_wicket_restful_jdo/viewer-webapp/src/main/java/app/QuickStartApplication.java
  29. +19 −0 example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/resources/app/welcome.html
  30. +9 −16 example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini
  31. +5 −20 example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/web.xml
  32. +2 −2 example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/about/index.html
@@ -122,6 +122,19 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ <version>1.7.2</version>
+ <scope>test</scope>
+ </dependency>
+
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
@@ -12,95 +12,5 @@
<supplementalDataModels xmlns="http://maven.apache.org/supplemental-model/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/supplemental-model/1.0.0 http://maven.apache.org/xsd/supplemental-model-1.0.0.xsd">
-
- <supplement>
- <project>
- <groupId>aopalliance</groupId>
- <artifactId>aopalliance</artifactId>
- <version>1.0</version>
- <licenses>
- <license>
- <name>Public Domain</name>
- </license>
- </licenses>
- </project>
- </supplement>
-
- <supplement>
- <!-- not quite sure why licenses:download-license flags this, since license info seems to be in its POM -->
- <project>
- <groupId>org.datanucleus</groupId>
- <artifactId>datanucleus-jodatime</artifactId>
- <version>3.1.1</version>
- <licenses>
- <license>
- <name>The Apache Software License, Version 2.0</name>
- <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
- </license>
- </licenses>
- </project>
- </supplement>
-
- <supplement>
- <project>
- <groupId>org.scannotation</groupId>
- <artifactId>scannotation</artifactId>
- <version>1.0.3</version>
- <licenses>
- <license>
- <name>The Apache Software License, Version 2.0</name>
- <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
- <distribution>repo</distribution>
- </license>
- </licenses>
- </project>
- </supplement>
-
- <supplement>
- <project>
- <groupId>dom4j</groupId>
- <artifactId>dom4j</artifactId>
- <version>1.6.1</version>
- <licenses>
- <license>
- <name>BSD License</name>
- <url>http://dom4j.sourceforge.net/dom4j-1.6.1/license.html</url>
- <distribution>repo</distribution>
- </license>
- </licenses>
- </project>
- </supplement>
-
- <supplement>
- <project>
- <groupId>net.jcip</groupId>
- <artifactId>jcip-annotations</artifactId>
- <version>1.0</version>
- <licenses>
- <license>
- <name>Creative Commons Attribution 2.5 License</name>
- <url>http://creativecommons.org/licenses/by/2.5/</url>
- <distribution>repo</distribution>
- </license>
- </licenses>
- </project>
- </supplement>
-
-
- <supplement>
- <project>
- <groupId>xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>2.7.0</version>
- <licenses>
- <license>
- <name>The Apache Software License, Version 2.0</name>
- <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
- <distribution>repo</distribution>
- </license>
- </licenses>
- </project>
- </supplement>
-
</supplementalDataModels>
@@ -16,16 +16,12 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.isis.security.shiro;
import java.util.Collection;
-import java.util.Collections;
import java.util.List;
import org.apache.isis.applib.Identifier;
-import org.apache.isis.applib.Identifier.Depth;
-import org.apache.isis.applib.Identifier.Type;
import org.apache.isis.core.commons.authentication.AuthenticationSession;
import org.apache.isis.core.commons.config.IsisConfiguration;
import org.apache.isis.core.runtime.authentication.AuthenticationManagerInstaller;
@@ -35,6 +31,7 @@
import org.apache.isis.core.runtime.authentication.standard.SimpleSession;
import org.apache.isis.core.runtime.authorization.AuthorizationManagerInstaller;
import org.apache.isis.core.runtime.authorization.standard.Authorizor;
+import org.apache.isis.security.shiro.authorization.IsisPermission;
import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.UnavailableSecurityManagerException;
@@ -47,16 +44,11 @@
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.config.IniSecurityManagerFactory;
-import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.RealmSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
-import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.Factory;
-import com.google.common.base.Splitter;
import com.google.common.collect.Lists;
/**
@@ -236,7 +228,12 @@ private boolean isPermitted(Identifier identifier, String qualifier) {
String permission = asPermissionsString(identifier) + ":" + qualifier;
Subject subject = SecurityUtils.getSubject();
- return subject.isPermitted(permission);
+
+ try {
+ return subject.isPermitted(permission);
+ } finally {
+ IsisPermission.resetVetoedPermissions();
+ }
}
private static String asPermissionsString(Identifier identifier) {
@@ -21,14 +21,11 @@
import org.apache.isis.core.commons.config.ConfigurationConstants;
import org.apache.isis.core.runtime.authentication.AuthenticationManagerInstaller;
-import org.apache.isis.core.runtime.authorization.AuthorizationManagerInstaller;
import org.apache.isis.security.shiro.authentication.ShiroAuthenticationManagerInstaller;
-import org.apache.isis.security.shiro.authorization.ShiroAuthorizationManagerInstaller;
public final class ShiroConstants {
public static final String ROOT_AUTHENTICATION = ConfigurationConstants.ROOT + AuthenticationManagerInstaller.TYPE + "." + ShiroAuthenticationManagerInstaller.NAME + ".";
- private static final String ROOT_AUTHORIZATION = ConfigurationConstants.ROOT + AuthorizationManagerInstaller.TYPE + "." + ShiroAuthorizationManagerInstaller.NAME + ".";
private ShiroConstants() {
}
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.isis.security.shiro.authentication;
import java.util.List;
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.isis.security.shiro.authorization;
+
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.WildcardPermission;
+
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+
+public class IsisPermission extends WildcardPermission {
+
+ private static final long serialVersionUID = 1L;
+ private static final Pattern PATTERN = Pattern.compile("([!]?)([^/]+)[/](.+)");
+
+ private static ThreadLocal<Map<String,List<IsisPermission>>> VETOING_PERMISSIONS = new ThreadLocal<Map<String,List<IsisPermission>>>() {
+ protected java.util.Map<String,List<IsisPermission>> initialValue() { return Maps.newTreeMap(); }
+ };
+
+ public static void resetVetoedPermissions() {
+ IsisPermission.VETOING_PERMISSIONS.get().clear();
+ }
+
+ public static boolean isVetoed(String permissionGroup, Permission p) {
+ if(permissionGroup == null) {
+ return false;
+ }
+ List<IsisPermission> vetoingPermissions = VETOING_PERMISSIONS.get().get(permissionGroup);
+ if(vetoingPermissions == null || vetoingPermissions.isEmpty()) {
+ return false;
+ }
+ for(IsisPermission vetoingPermission: vetoingPermissions) {
+ if(vetoingPermission.impliesWithoutVeto(p)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public static void addVeto(IsisPermission vetoingPermission) {
+ String permissionGroup = vetoingPermission.getPermissionGroup();
+ List<IsisPermission> vetoingPermissions = IsisPermission.VETOING_PERMISSIONS.get().get(permissionGroup);
+ if(vetoingPermissions == null) {
+ vetoingPermissions = Lists.newArrayList();
+ IsisPermission.VETOING_PERMISSIONS.get().put(permissionGroup, vetoingPermissions);
+ }
+ vetoingPermissions.add(vetoingPermission);
+ }
+
+ private boolean veto;
+ private String permissionGroup;
+
+ public IsisPermission() {
+ }
+
+ public IsisPermission(String wildcardString, boolean caseSensitive) {
+ super(wildcardString, caseSensitive);
+ }
+
+ public IsisPermission(String wildcardString) {
+ super(wildcardString);
+ }
+
+ @Override
+ protected void setParts(String wildcardString, boolean caseSensitive) {
+ Matcher matcher = PATTERN.matcher(wildcardString);
+ if(matcher.matches()) {
+ veto = matcher.group(1).length() > 0;
+ permissionGroup = matcher.group(2);
+ super.setParts(matcher.group(3), caseSensitive);
+ } else {
+ super.setParts(wildcardString, caseSensitive);
+ }
+ }
+
+ @Override
+ public boolean implies(Permission p) {
+ if(veto) {
+ IsisPermission.addVeto(this);
+ return false;
+ } else {
+ return !IsisPermission.isVetoed(this.permissionGroup, p) && super.implies(p);
+ }
+ }
+
+ boolean impliesWithoutVeto(Permission p) {
+ return super.implies(p);
+ }
+
+ String getPermissionGroup() {
+ return permissionGroup;
+ }
+
+ @Override
+ public String toString() {
+ return (veto?"!":"") + (permissionGroup != null? permissionGroup + "/": "") + super.toString();
+ }
+
+}
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.isis.security.shiro.authorization;
+
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.PermissionResolver;
+
+public class IsisPermissionResolver implements PermissionResolver {
+
+ public Permission resolvePermission(String permissionString) {
+ return new IsisPermission(permissionString);
+ }
+
+}
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.isis.security.shiro.authorization;
import org.apache.isis.core.commons.config.IsisConfiguration;
@@ -1,44 +0,0 @@
-package org.apache.isis.security.shiro.web;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.util.ThreadContext;
-import org.apache.shiro.web.env.WebEnvironment;
-import org.apache.shiro.web.util.WebUtils;
-
-public class IsisShiroSecurityManagerThreadLocalBinderFilter implements Filter {
-
- private FilterConfig filterConfig;
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- this.filterConfig = filterConfig;
- }
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- ServletContext servletContext = filterConfig.getServletContext();
- WebEnvironment webEnvironment = WebUtils.getWebEnvironment(servletContext);
- SecurityManager securityManager = webEnvironment.getSecurityManager();
- ThreadContext.bind(securityManager);
- try {
- chain.doFilter(request, response);
- } finally {
- ThreadContext.unbindSecurityManager();
- }
- }
-
- @Override
- public void destroy() {
- }
-
-}
Oops, something went wrong.

0 comments on commit ed3aceb

Please sign in to comment.