refactor!: Move access checker and @AnonymousAllowed to flow-server (#…

…10758) * Move access checker and @AnonymousAllowed to flow-server This allows them to be used for view access control also * Rename test classes from *Endpoint to *Class
vaadin · Apr 28, 2021 · 3d31b99 · 3d31b99
1 parent 9f903f8
commit 3d31b99
Show file tree

Hide file tree

Showing 18 changed files with 404 additions and 146 deletions.
diff --git a/flow-server/pom.xml b/flow-server/pom.xml
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <parent>
         <groupId>com.vaadin</groupId>
@@ -69,6 +68,12 @@
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>
+        <!-- Needed for security annotations -->
+        <dependency>
+            <groupId>javax.annotation</groupId>
+            <artifactId>javax.annotation-api</artifactId>
+            <version>${javax.annotation.api.version}</version>
+        </dependency>
 
         <!-- Library dependencies -->
 
@@ -249,7 +254,7 @@
                 <configuration>
                     <enableGeneration>true</enableGeneration>
                     <includeProjectArtifact>true</includeProjectArtifact>
-                    <excludedArtifactIds>   
+                    <excludedArtifactIds>
                         <excludedArtifactId>httpclient</excludedArtifactId>
                         <excludedArtifactId>httpcore</excludedArtifactId>
                     </excludedArtifactIds>

diff --git a/...connect/auth/AccessAnnotationChecker.java → .../server/auth/AccessAnnotationChecker.java b/...connect/auth/AccessAnnotationChecker.java → .../server/auth/AccessAnnotationChecker.java
@@ -13,8 +13,9 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-package com.vaadin.flow.server.connect.auth;
+package com.vaadin.flow.server.auth;
 
+import java.io.Serializable;
 import java.lang.reflect.AnnotatedElement;
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
@@ -49,7 +50,7 @@
  * <li>{@link DenyAll} - denies access.</li>
  * </ul>
  */
-public class AccessAnnotationChecker {
+public class AccessAnnotationChecker implements Serializable {
 
     /**
      * 

diff --git a/...server/connect/auth/AnonymousAllowed.java → ...in/flow/server/auth/AnonymousAllowed.java b/...server/connect/auth/AnonymousAllowed.java → ...in/flow/server/auth/AnonymousAllowed.java
@@ -13,7 +13,7 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-package com.vaadin.flow.server.connect.auth;
+package com.vaadin.flow.server.auth;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
@@ -41,7 +41,7 @@
  * security roles)</li>
  * </ul>
  *
- * @see VaadinConnectAccessChecker for security rules check implementation
+ * @see AccessAnnotationChecker for security rules check implementation
  */
 @Retention(RetentionPolicy.RUNTIME)
 @Target({ ElementType.METHOD, ElementType.TYPE })

diff --git a/...ect/auth/AccessAnnotationCheckerTest.java → ...ver/auth/AccessAnnotationCheckerTest.java b/...ect/auth/AccessAnnotationCheckerTest.java → ...ver/auth/AccessAnnotationCheckerTest.java
diff --git a/flow-server/src/test/java/com/vaadin/flow/server/auth/AccessControlTestClasses.java b/flow-server/src/test/java/com/vaadin/flow/server/auth/AccessControlTestClasses.java
@@ -0,0 +1,235 @@
+package com.vaadin.flow.server.auth;
+
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+
+public class AccessControlTestClasses {
+
+    public static class NoAnnotationClass {
+
+        public void noAnnotation() {
+
+        }
+
+        @AnonymousAllowed
+        public void anonymousAllowed() {
+
+        }
+
+        @PermitAll
+        public void permitAll() {
+
+        }
+
+        @DenyAll
+        public void denyAll() {
+
+        }
+
+        @RolesAllowed("user")
+        public void rolesAllowedUser() {
+
+        }
+
+        @RolesAllowed("admin")
+        public void rolesAllowedAdmin() {
+
+        }
+
+        @RolesAllowed({ "user", "admin" })
+        public void rolesAllowedUserAdmin() {
+        }
+
+    }
+
+    @AnonymousAllowed
+    public static class AnonymousAllowedClass {
+
+        public void noAnnotation() {
+
+        }
+
+        @AnonymousAllowed
+        public void anonymousAllowed() {
+
+        }
+
+        @PermitAll
+        public void permitAll() {
+
+        }
+
+        @DenyAll
+        public void denyAll() {
+
+        }
+
+        @RolesAllowed("user")
+        public void rolesAllowedUser() {
+
+        }
+
+        @RolesAllowed("admin")
+        public void rolesAllowedAdmin() {
+
+        }
+
+        @RolesAllowed({ "user", "admin" })
+        public void rolesAllowedUserAdmin() {
+        }
+
+    }
+
+    @PermitAll
+    public static class PermitAllClass {
+
+        public void noAnnotation() {
+
+        }
+
+        @AnonymousAllowed
+        public void anonymousAllowed() {
+
+        }
+
+        @PermitAll
+        public void permitAll() {
+
+        }
+
+        @DenyAll
+        public void denyAll() {
+
+        }
+
+        @RolesAllowed("user")
+        public void rolesAllowedUser() {
+
+        }
+
+        @RolesAllowed("admin")
+        public void rolesAllowedAdmin() {
+
+        }
+
+        @RolesAllowed({ "user", "admin" })
+        public void rolesAllowedUserAdmin() {
+        }
+
+    }
+
+    @DenyAll
+    public static class DenyAllClass {
+
+        public void noAnnotation() {
+
+        }
+
+        @AnonymousAllowed
+        public void anonymousAllowed() {
+
+        }
+
+        @PermitAll
+        public void permitAll() {
+
+        }
+
+        @DenyAll
+        public void denyAll() {
+
+        }
+
+        @RolesAllowed("user")
+        public void rolesAllowedUser() {
+
+        }
+
+        @RolesAllowed("admin")
+        public void rolesAllowedAdmin() {
+
+        }
+
+        @RolesAllowed({ "user", "admin" })
+        public void rolesAllowedUserAdmin() {
+        }
+
+    }
+
+    @RolesAllowed("user")
+    public static class RolesAllowedUserClass {
+
+        public void noAnnotation() {
+
+        }
+
+        @AnonymousAllowed
+        public void anonymousAllowed() {
+
+        }
+
+        @PermitAll
+        public void permitAll() {
+
+        }
+
+        @DenyAll
+        public void denyAll() {
+
+        }
+
+        @RolesAllowed("user")
+        public void rolesAllowedUser() {
+
+        }
+
+        @RolesAllowed("admin")
+        public void rolesAllowedAdmin() {
+
+        }
+
+        @RolesAllowed({ "user", "admin" })
+        public void rolesAllowedUserAdmin() {
+        }
+
+    }
+
+    @RolesAllowed("admin")
+    public static class RolesAllowedAdminClass {
+
+        public void noAnnotation() {
+
+        }
+
+        @AnonymousAllowed
+        public void anonymousAllowed() {
+
+        }
+
+        @PermitAll
+        public void permitAll() {
+
+        }
+
+        @DenyAll
+        public void denyAll() {
+
+        }
+
+        @RolesAllowed("user")
+        public void rolesAllowedUser() {
+
+        }
+
+        @RolesAllowed("admin")
+        public void rolesAllowedAdmin() {
+
+        }
+
+        @RolesAllowed({ "user", "admin" })
+        public void rolesAllowedUserAdmin() {
+        }
+
+    }
+}
diff --git a/...nt/src/main/java/com/vaadin/flow/server/connect/VaadinConnectControllerConfiguration.java b/...nt/src/main/java/com/vaadin/flow/server/connect/VaadinConnectControllerConfiguration.java
@@ -18,17 +18,17 @@
 
 import java.lang.reflect.Method;
 
+import com.vaadin.flow.server.auth.AccessAnnotationChecker;
+import com.vaadin.flow.server.connect.auth.CsrfChecker;
+import com.vaadin.flow.server.connect.auth.VaadinConnectAccessChecker;
+
 import org.springframework.boot.autoconfigure.web.servlet.WebMvcRegistrations;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.mvc.condition.PatternsRequestCondition;
 import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
 
-import com.vaadin.flow.server.connect.auth.AccessAnnotationChecker;
-import com.vaadin.flow.server.connect.auth.CsrfChecker;
-import com.vaadin.flow.server.connect.auth.VaadinConnectAccessChecker;
-
 /**
  * A configuration class for customizing the {@link VaadinConnectController}
  * class.

diff --git a/...ndpoint/src/main/java/com/vaadin/flow/server/connect/auth/VaadinConnectAccessChecker.java b/...ndpoint/src/main/java/com/vaadin/flow/server/connect/auth/VaadinConnectAccessChecker.java
@@ -24,6 +24,8 @@
 import javax.servlet.http.HttpServletRequest;
 
 import com.vaadin.flow.server.VaadinService;
+import com.vaadin.flow.server.auth.AccessAnnotationChecker;
+import com.vaadin.flow.server.auth.AnonymousAllowed;
 
 /**
  * Component used for checking role-based ACL in Vaadin Endpoints.

diff --git a/...dpoint/src/main/java/com/vaadin/flow/server/connect/generator/OpenApiObjectGenerator.java b/...dpoint/src/main/java/com/vaadin/flow/server/connect/generator/OpenApiObjectGenerator.java
@@ -15,10 +15,6 @@
  */
 package com.vaadin.flow.server.connect.generator;
 
-import javax.annotation.Nullable;
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -37,6 +33,11 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import javax.annotation.Nullable;
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+
 import com.github.javaparser.ParseResult;
 import com.github.javaparser.ParserConfiguration;
 import com.github.javaparser.ast.CompilationUnit;
@@ -65,6 +66,14 @@
 import com.github.javaparser.utils.Pair;
 import com.github.javaparser.utils.SourceRoot;
 import com.github.javaparser.utils.SourceRoot.Callback;
+import com.vaadin.flow.server.auth.AnonymousAllowed;
+import com.vaadin.flow.server.connect.Endpoint;
+import com.vaadin.flow.server.connect.EndpointExposed;
+import com.vaadin.flow.server.connect.EndpointNameChecker;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.Operation;
@@ -88,13 +97,6 @@
 import io.swagger.v3.oas.models.security.SecurityScheme;
 import io.swagger.v3.oas.models.servers.Server;
 import io.swagger.v3.oas.models.tags.Tag;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.vaadin.flow.server.connect.Endpoint;
-import com.vaadin.flow.server.connect.EndpointExposed;
-import com.vaadin.flow.server.connect.EndpointNameChecker;
-import com.vaadin.flow.server.connect.auth.AnonymousAllowed;
 
 /**
  * Java parser class which scans for all {@link Endpoint} classes and produces

diff --git a/fusion-endpoint/src/test/java/com/vaadin/flow/server/connect/AccessControlTestClasses.java b/fusion-endpoint/src/test/java/com/vaadin/flow/server/connect/AccessControlTestClasses.java
@@ -4,7 +4,7 @@
 import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 
-import com.vaadin.flow.server.connect.auth.AnonymousAllowed;
+import com.vaadin.flow.server.auth.AnonymousAllowed;
 
 public class AccessControlTestClasses {