diff --git a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java index 1000dbc815..6019ffce72 100644 --- a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java +++ b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelAccessPolicy.java @@ -16,6 +16,10 @@ package org.springframework.integration.security.channel; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; + import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; import org.springframework.util.Assert; @@ -30,9 +34,9 @@ import org.springframework.util.StringUtils; */ public class ChannelAccessPolicy { - private final ConfigAttribute configAttributeDefinitionForSend; + private final Collection configAttributeDefinitionForSend; - private final ConfigAttribute configAttributeDefinitionForReceive; + private final Collection configAttributeDefinitionForReceive; /** @@ -41,21 +45,39 @@ public class ChannelAccessPolicy { * will be trimmed. A null value indicates that the policy does not * apply for either send or receive access type. At most one of the values may be null. */ + @SuppressWarnings("unchecked") public ChannelAccessPolicy(String sendAccess, String receiveAccess) { - Assert.isTrue(sendAccess != null || receiveAccess != null, + boolean sendAccessDefined = StringUtils.hasText(sendAccess); + boolean recieveAccessDefined = StringUtils.hasText(receiveAccess); + Assert.isTrue(sendAccessDefined || recieveAccessDefined, "At least one of 'sendAccess' and 'receiveAccess' must not be null."); - this.configAttributeDefinitionForSend = (StringUtils.hasText(sendAccess)) - ? new SecurityConfig(sendAccess) : null; - this.configAttributeDefinitionForReceive = (StringUtils.hasText(receiveAccess)) - ? new SecurityConfig(receiveAccess) : null; + + if (sendAccessDefined){ + String[] sendAccessValues = StringUtils.commaDelimitedListToStringArray(sendAccess); + configAttributeDefinitionForSend = new HashSet(); + for (String sendAccessValue : sendAccessValues) { + configAttributeDefinitionForSend.add(new SecurityConfig(StringUtils.trimAllWhitespace(sendAccessValue))); + } + } else { + configAttributeDefinitionForSend = Collections.EMPTY_SET; + } + if (recieveAccessDefined){ + String[] receiveAccessValues = StringUtils.commaDelimitedListToStringArray(receiveAccess); + configAttributeDefinitionForReceive = new HashSet(); + for (String receiveAccessValue : receiveAccessValues) { + configAttributeDefinitionForReceive.add(new SecurityConfig(StringUtils.trimAllWhitespace(receiveAccessValue))); + } + } else { + configAttributeDefinitionForReceive = Collections.EMPTY_SET; + } } - public ConfigAttribute getConfigAttributeDefinitionForSend() { + public Collection getConfigAttributeDefinitionForSend() { return this.configAttributeDefinitionForSend; } - public ConfigAttribute getConfigAttributeDefinitionForReceive() { + public Collection getConfigAttributeDefinitionForReceive() { return this.configAttributeDefinitionForReceive; } diff --git a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelInvocationDefinitionSource.java b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelInvocationDefinitionSource.java index 5965173c3c..f1f92cc6f4 100644 --- a/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelInvocationDefinitionSource.java +++ b/spring-integration-security/src/main/java/org/springframework/integration/security/channel/ChannelInvocationDefinitionSource.java @@ -72,15 +72,15 @@ public class ChannelInvocationDefinitionSource implements SecurityMetadataSource ChannelAccessPolicy accessPolicy = mapping.getValue(); if (pattern.matcher(channelName).matches()) { if (invocation.isSend()) { - ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForSend(); + Collection definition = accessPolicy.getConfigAttributeDefinitionForSend(); if (definition != null) { - attributes.add(definition); + attributes.addAll(definition); } } else if (invocation.isReceive()) { - ConfigAttribute definition = accessPolicy.getConfigAttributeDefinitionForReceive(); + Collection definition = accessPolicy.getConfigAttributeDefinitionForReceive(); if (definition != null) { - attributes.add(definition); + attributes.addAll(definition); } } } @@ -92,14 +92,10 @@ public class ChannelInvocationDefinitionSource implements SecurityMetadataSource Set allAttributes = new HashSet(); for (ChannelAccessPolicy policy : patternMappings.values()) { - ConfigAttribute attribute = policy.getConfigAttributeDefinitionForReceive(); - if (attribute != null){ - allAttributes.add(attribute); - } - attribute = policy.getConfigAttributeDefinitionForSend(); - if (attribute != null){ - allAttributes.add(attribute); - } + Collection receiveAttributes = policy.getConfigAttributeDefinitionForReceive(); + allAttributes.addAll(receiveAttributes); + Collection sendAttributes = policy.getConfigAttributeDefinitionForSend(); + allAttributes.addAll(sendAttributes); } return allAttributes; diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java b/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java index 255e875876..bff1af3e41 100644 --- a/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/channel/ChannelAdapterSecurityIntegrationTests.java @@ -62,14 +62,14 @@ public class ChannelAdapterSecurityIntegrationTests extends AbstractJUnit4Spring @Test(expected = AccessDeniedException.class) @DirtiesContext public void testSecuredWithNotEnoughPermission() { - login("bob", "bobspassword", "ROLE_ADMIN"); + login("bob", "bobspassword", "ROLE_ADMINA"); securedChannelAdapter.send(new GenericMessage("test")); } @Test @DirtiesContext public void testSecuredWithPermission() { - login("bob", "bobspassword", "ROLE_ADMIN, ROLE_PRESIDENT"); + login("bob", "bobspassword", "ROLE_ADMIN", "ROLE_PRESIDENT"); securedChannelAdapter.send(new GenericMessage("test")); assertEquals("Wrong size of message list in target", 1, testConsumer.sentMessages.size()); } diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests-context.xml b/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests-context.xml index c861948b3f..1d7615ab08 100644 --- a/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests-context.xml +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests-context.xml @@ -14,8 +14,8 @@ http://www.springframework.org/schema/integration/security http://www.springframework.org/schema/integration/security/spring-integration-security.xsd http://www.springframework.org/schema/context - http://www.springframework.org/schema/context/spring-context.xsd"> - + http://www.springframework.org/schema/context/spring-context.xsd"> + diff --git a/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests.java b/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests.java index c763af1bc2..410e02ff1d 100644 --- a/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests.java +++ b/spring-integration-security/src/test/java/org/springframework/integration/security/config/SecuredChannelsParserTests.java @@ -16,11 +16,6 @@ package org.springframework.integration.security.config; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; - import java.util.ArrayList; import java.util.Collection; import java.util.HashSet; @@ -43,10 +38,14 @@ import org.springframework.integration.core.MessageSelector; import org.springframework.integration.security.channel.ChannelAccessPolicy; import org.springframework.integration.security.channel.ChannelSecurityInterceptor; import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.SecurityConfig; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.AbstractJUnit4SpringContextTests; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + /** * @author Jonas Partner * @author Mark Fisher @@ -74,10 +73,10 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + Collection sendDefinition = policy.getConfigAttributeDefinitionForSend(); + Collection receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); assertTrue("ROLE_ADMIN not found as send attribute", this.getRolesFromDefintion(sendDefinition).contains("ROLE_ADMIN")); - assertNull("Policy applies to receive", receiveDefinition); + assertTrue("Policy applies to receive", receiveDefinition.size() == 0); } @Test @@ -92,12 +91,12 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + Collection sendDefinition = policy.getConfigAttributeDefinitionForSend(); + Collection receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); Collection sendRoles = this.getRolesFromDefintion(sendDefinition); assertTrue("ROLE_ADMIN not found as send attribute", sendRoles.contains("ROLE_ADMIN")); assertTrue("ROLE_USER not found as send attribute", sendRoles.contains("ROLE_USER")); - assertNull("Policy applies to receive", receiveDefinition); + assertTrue("Policy applies to receive", receiveDefinition.size() == 0); } @Test @@ -112,11 +111,11 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + Collection sendDefinition = policy.getConfigAttributeDefinitionForSend(); + Collection receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); Collection receiveRoles = this.getRolesFromDefintion(receiveDefinition); assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN")); - assertNull("Policy applies to send", sendDefinition); + assertTrue("Policy applies to receive", sendDefinition.size() == 0); } @Test @@ -131,12 +130,12 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + Collection sendDefinition = policy.getConfigAttributeDefinitionForSend(); + Collection receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); Collection receiveRoles = this.getRolesFromDefintion(receiveDefinition); assertTrue("ROLE_ADMIN not found as receive attribute", receiveRoles.contains("ROLE_ADMIN")); assertTrue("ROLE_USER not found as receive attribute", receiveRoles.contains("ROLE_USER")); - assertNull("Policy applies to send", sendDefinition); + assertTrue("Policy applies to receive", sendDefinition.size() == 0); } @Test @@ -151,8 +150,8 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice(); ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor); assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy); - ConfigAttribute sendDefinition = policy.getConfigAttributeDefinitionForSend(); - ConfigAttribute receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); + Collection sendDefinition = policy.getConfigAttributeDefinitionForSend(); + Collection receiveDefinition = policy.getConfigAttributeDefinitionForReceive(); assertNotNull("Pattern does not apply to 'send'", sendDefinition); assertNotNull("Pattern does not apply to 'receive'", receiveDefinition); Collection sendRoles = this.getRolesFromDefintion(sendDefinition); @@ -174,12 +173,11 @@ public class SecuredChannelsParserTests extends AbstractJUnit4SpringContextTests return null; } - @SuppressWarnings("unchecked") - private Collection getRolesFromDefintion(ConfigAttribute definition) { + private Collection getRolesFromDefintion(Collection definition) { Set roles = new HashSet(); - Collection configAttributes = SecurityConfig.createListFromCommaDelimitedString(definition.getAttribute()); - for (Object next : configAttributes) { - ConfigAttribute attribute = (ConfigAttribute) next; + //Collection configAttributes = SecurityConfig.createListFromCommaDelimitedString(definition); + for (ConfigAttribute nextConfigAttribute : definition) { + ConfigAttribute attribute = nextConfigAttribute; roles.add(attribute.getAttribute()); } return roles;