INT-1408 fixed the issue with ConfigAttributes related to upgrading to Spring Security 3

This commit is contained in:
Oleg Zhurakousky
2010-09-02 18:52:59 +00:00
parent dc5800ed0d
commit 84b00a2862
5 changed files with 66 additions and 50 deletions

View File

@@ -16,6 +16,10 @@
package org.springframework.integration.security.channel;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.util.Assert;
@@ -30,9 +34,9 @@ import org.springframework.util.StringUtils;
*/
public class ChannelAccessPolicy {
private final ConfigAttribute configAttributeDefinitionForSend;
private final Collection<ConfigAttribute> configAttributeDefinitionForSend;
private final ConfigAttribute configAttributeDefinitionForReceive;
private final Collection<ConfigAttribute> configAttributeDefinitionForReceive;
/**
@@ -41,21 +45,39 @@ public class ChannelAccessPolicy {
* will be trimmed. A <code>null</code> value indicates that the policy does not
* apply for either send or receive access type. At most one of the values may be null.
*/
@SuppressWarnings("unchecked")
public ChannelAccessPolicy(String sendAccess, String receiveAccess) {
Assert.isTrue(sendAccess != null || receiveAccess != null,
boolean sendAccessDefined = StringUtils.hasText(sendAccess);
boolean recieveAccessDefined = StringUtils.hasText(receiveAccess);
Assert.isTrue(sendAccessDefined || recieveAccessDefined,
"At least one of 'sendAccess' and 'receiveAccess' must not be null.");
this.configAttributeDefinitionForSend = (StringUtils.hasText(sendAccess))
? new SecurityConfig(sendAccess) : null;
this.configAttributeDefinitionForReceive = (StringUtils.hasText(receiveAccess))
? new SecurityConfig(receiveAccess) : null;
if (sendAccessDefined){
String[] sendAccessValues = StringUtils.commaDelimitedListToStringArray(sendAccess);
configAttributeDefinitionForSend = new HashSet<ConfigAttribute>();
for (String sendAccessValue : sendAccessValues) {
configAttributeDefinitionForSend.add(new SecurityConfig(StringUtils.trimAllWhitespace(sendAccessValue)));
}
} else {
configAttributeDefinitionForSend = Collections.EMPTY_SET;
}
if (recieveAccessDefined){
String[] receiveAccessValues = StringUtils.commaDelimitedListToStringArray(receiveAccess);
configAttributeDefinitionForReceive = new HashSet<ConfigAttribute>();
for (String receiveAccessValue : receiveAccessValues) {
configAttributeDefinitionForReceive.add(new SecurityConfig(StringUtils.trimAllWhitespace(receiveAccessValue)));
}
} else {
configAttributeDefinitionForReceive = Collections.EMPTY_SET;
}
}
public ConfigAttribute getConfigAttributeDefinitionForSend() {
public Collection<ConfigAttribute> getConfigAttributeDefinitionForSend() {
return this.configAttributeDefinitionForSend;
}
public ConfigAttribute getConfigAttributeDefinitionForReceive() {
public Collection<ConfigAttribute> getConfigAttributeDefinitionForReceive() {
return this.configAttributeDefinitionForReceive;
}

View File

@@ -72,15 +72,15 @@ public class ChannelInvocationDefinitionSource implements SecurityMetadataSource
ChannelAccessPolicy accessPolicy = mapping.getValue();
if (pattern.matcher(channelName).matches()) {
if (invocation.isSend()) {
ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForSend();
Collection<ConfigAttribute> definition = accessPolicy.getConfigAttributeDefinitionForSend();
if (definition != null) {
attributes.add(definition);
attributes.addAll(definition);
}
}
else if (invocation.isReceive()) {
ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForReceive();
Collection<ConfigAttribute> definition = accessPolicy.getConfigAttributeDefinitionForReceive();
if (definition != null) {
attributes.add(definition);
attributes.addAll(definition);
}
}
}
@@ -92,14 +92,10 @@ public class ChannelInvocationDefinitionSource implements SecurityMetadataSource
Set<ConfigAttribute> allAttributes = new HashSet<ConfigAttribute>();
for (ChannelAccessPolicy policy : patternMappings.values()) {
ConfigAttribute attribute = policy.getConfigAttributeDefinitionForReceive();
if (attribute != null){
allAttributes.add(attribute);
}
attribute = policy.getConfigAttributeDefinitionForSend();
if (attribute != null){
allAttributes.add(attribute);
}
Collection<ConfigAttribute> receiveAttributes = policy.getConfigAttributeDefinitionForReceive();
allAttributes.addAll(receiveAttributes);
Collection<ConfigAttribute> sendAttributes = policy.getConfigAttributeDefinitionForSend();
allAttributes.addAll(sendAttributes);
}
return allAttributes;

View File

@@ -62,14 +62,14 @@ public class ChannelAdapterSecurityIntegrationTests extends AbstractJUnit4Spring
@Test(expected = AccessDeniedException.class)
@DirtiesContext
public void testSecuredWithNotEnoughPermission() {
login("bob", "bobspassword", "ROLE_ADMIN");
login("bob", "bobspassword", "ROLE_ADMINA");
securedChannelAdapter.send(new GenericMessage<String>("test"));
}
@Test
@DirtiesContext
public void testSecuredWithPermission() {
login("bob", "bobspassword", "ROLE_ADMIN, ROLE_PRESIDENT");
login("bob", "bobspassword", "ROLE_ADMIN", "ROLE_PRESIDENT");
securedChannelAdapter.send(new GenericMessage<String>("test"));
assertEquals("Wrong size of message list in target", 1, testConsumer.sentMessages.size());
}

View File

@@ -14,8 +14,8 @@
http://www.springframework.org/schema/integration/security
http://www.springframework.org/schema/integration/security/spring-integration-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
http://www.springframework.org/schema/context/spring-context.xsd">
<beans:import resource="classpath:org/springframework/integration/security/config/commonSecurityConfiguration.xml"/>
<si-security:secured-channels>

View File

@@ -16,11 +16,6 @@
package org.springframework.integration.security.config;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
@@ -43,10 +38,14 @@ import org.springframework.integration.core.MessageSelector;
import org.springframework.integration.security.channel.ChannelAccessPolicy;
import org.springframework.integration.security.channel.ChannelSecurityInterceptor;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
/**
* @author Jonas Partner
* @author Mark Fisher
@@ -74,10 +73,10 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
assertTrue("ROLE_ADMIN not found as send attribute", this.getRolesFromDefintion(sendDefinition).contains("ROLE_ADMIN"));
assertNull("Policy applies to receive", receiveDefinition);
assertTrue("Policy applies to receive", receiveDefinition.size() == 0);
}
@Test
@@ -92,12 +91,12 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<String> sendRoles = this.getRolesFromDefintion(sendDefinition);
assertTrue("ROLE_ADMIN not found as send attribute", sendRoles.contains("ROLE_ADMIN"));
assertTrue("ROLE_USER not found as send attribute", sendRoles.contains("ROLE_USER"));
assertNull("Policy applies to receive", receiveDefinition);
assertTrue("Policy applies to receive", receiveDefinition.size() == 0);
}
@Test
@@ -112,11 +111,11 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<String> receiveRoles = this.getRolesFromDefintion(receiveDefinition);
assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN"));
assertNull("Policy applies to send", sendDefinition);
assertTrue("Policy applies to receive", sendDefinition.size() == 0);
}
@Test
@@ -131,12 +130,12 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<String> receiveRoles = this.getRolesFromDefintion(receiveDefinition);
assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN"));
assertTrue("ROLE_USER not found as receive attribute", receiveRoles.contains("ROLE_USER"));
assertNull("Policy applies to send", sendDefinition);
assertTrue("Policy applies to receive", sendDefinition.size() == 0);
}
@Test
@@ -151,8 +150,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend();
ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributeDefinitionForSend();
Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributeDefinitionForReceive();
assertNotNull("Pattern does not apply to 'send'", sendDefinition);
assertNotNull("Pattern does not apply to 'receive'", receiveDefinition);
Collection<String> sendRoles = this.getRolesFromDefintion(sendDefinition);
@@ -174,12 +173,11 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests
return null;
}
@SuppressWarnings("unchecked")
private Collection<String> getRolesFromDefintion(ConfigAttribute definition) {
private Collection<String> getRolesFromDefintion(Collection<ConfigAttribute> definition) {
Set<String> roles = new HashSet<String>();
Collection configAttributes = SecurityConfig.createListFromCommaDelimitedString(definition.getAttribute());
for (Object next : configAttributes) {
ConfigAttribute attribute = (ConfigAttribute) next;
//Collection configAttributes = SecurityConfig.createListFromCommaDelimitedString(definition);
for (ConfigAttribute nextConfigAttribute : definition) {
ConfigAttribute attribute = nextConfigAttribute;
roles.add(attribute.getAttribute());
}
return roles;