Upgrade to Spring Security 4 and Spring Framework 4.1
Issue: SWF-1657, SWF-1663
This commit is contained in:
@@ -71,8 +71,8 @@ configure(subprojects.findAll {
|
||||
}
|
||||
|
||||
subproject.ext {
|
||||
springVersion = "4.0.6.RELEASE"
|
||||
springSecurityVersion = "3.2.4.RELEASE"
|
||||
springVersion = "4.1.6.RELEASE"
|
||||
springSecurityVersion = "4.0.1.RELEASE"
|
||||
slf4jVersion = "1.7.5"
|
||||
log4jVersion = "1.2.17"
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2004-2013 the original author or authors.
|
||||
* Copyright 2004-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -25,6 +25,8 @@ import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
|
||||
import org.springframework.security.taglibs.authz.AbstractAuthorizeTag;
|
||||
import org.springframework.util.ObjectUtils;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
/**
|
||||
* A concrete implementation of {@link AbstractAuthorizeTag} for use with standard Facelets rendering technology.
|
||||
@@ -76,7 +78,53 @@ public class FaceletsAuthorizeTag extends AbstractAuthorizeTag {
|
||||
return (ServletContext) FacesContext.getCurrentInstance().getExternalContext().getContext();
|
||||
}
|
||||
|
||||
/*---- Pirvate helper methods ----*/
|
||||
void setIfAllGranted(String ifAllGranted) {
|
||||
String[] roles = StringUtils.tokenizeToStringArray(ifAllGranted, ",");
|
||||
if (!ObjectUtils.isEmpty(roles)) {
|
||||
String expression = toHasRoleExpression(roles);
|
||||
setAccess(getAccess() != null ? getAccess() + " and " + expression: expression);
|
||||
}
|
||||
}
|
||||
|
||||
void setIfAnyGranted(String ifAnyGranted) {
|
||||
String[] roles = StringUtils.tokenizeToStringArray(ifAnyGranted, ",");
|
||||
if (!ObjectUtils.isEmpty(roles)) {
|
||||
String expression = toHasAnyRoleExpression(roles, false);
|
||||
setAccess(getAccess() != null ? getAccess() + " and " + expression: expression);
|
||||
}
|
||||
}
|
||||
|
||||
void setIfNotGranted(String ifNotGranted) {
|
||||
String[] roles = StringUtils.tokenizeToStringArray(ifNotGranted, ",");
|
||||
if (!ObjectUtils.isEmpty(roles)) {
|
||||
String expression = toHasAnyRoleExpression(roles, true);
|
||||
setAccess(getAccess() != null ? getAccess() + " and " + expression: expression);
|
||||
}
|
||||
}
|
||||
|
||||
private static String toHasRoleExpression(String[] roles) {
|
||||
StringBuilder expression = new StringBuilder();
|
||||
boolean insertSeparator = false;
|
||||
for (String role : roles) {
|
||||
expression.append(insertSeparator ? " and " : "");
|
||||
expression.append("hasRole('").append(role).append("')");
|
||||
insertSeparator = true;
|
||||
}
|
||||
return expression.toString();
|
||||
}
|
||||
|
||||
private static String toHasAnyRoleExpression(String[] roles, boolean negate) {
|
||||
StringBuilder expression = new StringBuilder();
|
||||
expression.append(negate ? "!" : "");
|
||||
expression.append("hasAnyRole(");
|
||||
boolean insertSeparator = false;
|
||||
for (String role : roles) {
|
||||
expression.append(insertSeparator ? "," : "");
|
||||
expression.append("'").append(role).append("'");
|
||||
insertSeparator = true;
|
||||
}
|
||||
return expression.append(")").toString();
|
||||
}
|
||||
|
||||
private String getAttributeValue(FaceletContext faceletContext, TagAttribute tagAttribute, boolean evaluate) {
|
||||
String value = null;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2004-2010 the original author or authors.
|
||||
* Copyright 2004-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -34,7 +34,7 @@ public abstract class FaceletsAuthorizeTagUtils {
|
||||
public static boolean areAllGranted(String authorities) throws IOException {
|
||||
FaceletsAuthorizeTag authorizeTag = new FaceletsAuthorizeTag();
|
||||
authorizeTag.setIfAllGranted(authorities);
|
||||
return authorizeTag.authorizeUsingGrantedAuthorities();
|
||||
return authorizeTag.authorize();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -45,7 +45,7 @@ public abstract class FaceletsAuthorizeTagUtils {
|
||||
public static boolean areAnyGranted(String authorities) throws IOException {
|
||||
FaceletsAuthorizeTag authorizeTag = new FaceletsAuthorizeTag();
|
||||
authorizeTag.setIfAnyGranted(authorities);
|
||||
return authorizeTag.authorizeUsingGrantedAuthorities();
|
||||
return authorizeTag.authorize();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -56,7 +56,7 @@ public abstract class FaceletsAuthorizeTagUtils {
|
||||
public static boolean areNotGranted(String authorities) throws IOException {
|
||||
FaceletsAuthorizeTag authorizeTag = new FaceletsAuthorizeTag();
|
||||
authorizeTag.setIfNotGranted(authorities);
|
||||
return authorizeTag.authorizeUsingGrantedAuthorities();
|
||||
return authorizeTag.authorize();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -0,0 +1,70 @@
|
||||
/*
|
||||
* Copyright 2002-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.faces.security;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link FaceletsAuthorizeTag}.
|
||||
* @author Rossen Stoyanchev
|
||||
*/
|
||||
public class FaceletsAuthorizeTagTests extends TestCase {
|
||||
|
||||
public void testIfAllGrantedWithOneRole() throws Exception {
|
||||
FaceletsAuthorizeTag tag = new FaceletsAuthorizeTag();
|
||||
tag.setIfAllGranted("ROLE_A");
|
||||
assertEquals("hasRole('ROLE_A')", tag.getAccess());
|
||||
}
|
||||
|
||||
public void testIfAllGrantedWithMultipleRoles() throws Exception {
|
||||
FaceletsAuthorizeTag tag = new FaceletsAuthorizeTag();
|
||||
tag.setIfAllGranted("ROLE_A, ROLE_B, ROLE_C");
|
||||
assertEquals("hasRole('ROLE_A') and hasRole('ROLE_B') and hasRole('ROLE_C')", tag.getAccess());
|
||||
}
|
||||
|
||||
public void testIfAnyGrantedWithOneRole() throws Exception {
|
||||
FaceletsAuthorizeTag tag = new FaceletsAuthorizeTag();
|
||||
tag.setIfAnyGranted("ROLE_A");
|
||||
assertEquals("hasAnyRole('ROLE_A')", tag.getAccess());
|
||||
}
|
||||
|
||||
public void testIfAnyGrantedWithMultipleRole() throws Exception {
|
||||
FaceletsAuthorizeTag tag = new FaceletsAuthorizeTag();
|
||||
tag.setIfAnyGranted("ROLE_A, ROLE_B, ROLE_C");
|
||||
assertEquals("hasAnyRole('ROLE_A','ROLE_B','ROLE_C')", tag.getAccess());
|
||||
}
|
||||
|
||||
public void testIfNoneGrantedWithOneRole() throws Exception {
|
||||
FaceletsAuthorizeTag tag = new FaceletsAuthorizeTag();
|
||||
tag.setIfNotGranted("ROLE_A");
|
||||
assertEquals("!hasAnyRole('ROLE_A')", tag.getAccess());
|
||||
}
|
||||
|
||||
public void testIfNoneGrantedWithMultipleRole() throws Exception {
|
||||
FaceletsAuthorizeTag tag = new FaceletsAuthorizeTag();
|
||||
tag.setIfNotGranted("ROLE_A, ROLE_B, ROLE_C");
|
||||
assertEquals("!hasAnyRole('ROLE_A','ROLE_B','ROLE_C')", tag.getAccess());
|
||||
}
|
||||
|
||||
public void testIfAllAnyNotGranted() throws Exception {
|
||||
FaceletsAuthorizeTag tag = new FaceletsAuthorizeTag();
|
||||
tag.setIfAllGranted("ROLE_A");
|
||||
tag.setIfAnyGranted("ROLE_B");
|
||||
tag.setIfNotGranted("ROLE_C");
|
||||
assertEquals("hasRole('ROLE_A') and hasAnyRole('ROLE_B') and !hasAnyRole('ROLE_C')", tag.getAccess());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2004-2012 the original author or authors.
|
||||
* Copyright 2004-2015 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -15,10 +15,12 @@
|
||||
*/
|
||||
package org.springframework.webflow.security;
|
||||
|
||||
import java.lang.reflect.Constructor;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.beans.DirectFieldAccessor;
|
||||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
@@ -29,6 +31,7 @@ import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.access.vote.UnanimousBased;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.util.ClassUtils;
|
||||
import org.springframework.webflow.definition.FlowDefinition;
|
||||
import org.springframework.webflow.definition.StateDefinition;
|
||||
import org.springframework.webflow.definition.TransitionDefinition;
|
||||
@@ -43,6 +46,8 @@ import org.springframework.webflow.execution.RequestContext;
|
||||
*/
|
||||
public class SecurityFlowExecutionListener extends FlowExecutionListenerAdapter {
|
||||
|
||||
private static final boolean SPRING_SECURITY_3_PRESENT = ClassUtils.hasConstructor(AffirmativeBased.class);
|
||||
|
||||
private AccessDecisionManager accessDecisionManager;
|
||||
|
||||
/**
|
||||
@@ -50,7 +55,7 @@ public class SecurityFlowExecutionListener extends FlowExecutionListenerAdapter
|
||||
* @return the decision manager
|
||||
*/
|
||||
public AccessDecisionManager getAccessDecisionManager() {
|
||||
return accessDecisionManager;
|
||||
return this.accessDecisionManager;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -95,18 +100,43 @@ public class SecurityFlowExecutionListener extends FlowExecutionListenerAdapter
|
||||
if (accessDecisionManager != null) {
|
||||
accessDecisionManager.decide(authentication, object, configAttributes);
|
||||
} else {
|
||||
AbstractAccessDecisionManager abstractAccessDecisionManager;
|
||||
List<AccessDecisionVoter> voters = new ArrayList<AccessDecisionVoter>();
|
||||
voters.add(new RoleVoter());
|
||||
if (rule.getComparisonType() == SecurityRule.COMPARISON_ANY) {
|
||||
abstractAccessDecisionManager = new AffirmativeBased();
|
||||
} else if (rule.getComparisonType() == SecurityRule.COMPARISON_ALL) {
|
||||
abstractAccessDecisionManager = new UnanimousBased();
|
||||
} else {
|
||||
throw new IllegalStateException("Unknown SecurityRule match type: " + rule.getComparisonType());
|
||||
}
|
||||
abstractAccessDecisionManager.setDecisionVoters(voters);
|
||||
abstractAccessDecisionManager.decide(authentication, object, configAttributes);
|
||||
AccessDecisionManager manager = (SPRING_SECURITY_3_PRESENT ?
|
||||
createManagerWithSpringSecurity3(rule) : createManager(rule));
|
||||
manager.decide(authentication, object, configAttributes);
|
||||
}
|
||||
}
|
||||
|
||||
private AbstractAccessDecisionManager createManager(SecurityRule rule) {
|
||||
List<AccessDecisionVoter<? extends Object>> voters = new ArrayList<AccessDecisionVoter<? extends Object>>();
|
||||
voters.add(new RoleVoter());
|
||||
if (rule.getComparisonType() == SecurityRule.COMPARISON_ANY) {
|
||||
return new AffirmativeBased(voters);
|
||||
} else if (rule.getComparisonType() == SecurityRule.COMPARISON_ALL) {
|
||||
return new UnanimousBased(voters);
|
||||
} else {
|
||||
throw new IllegalStateException("Unknown SecurityRule match type: " + rule.getComparisonType());
|
||||
}
|
||||
}
|
||||
|
||||
private AbstractAccessDecisionManager createManagerWithSpringSecurity3(SecurityRule rule) {
|
||||
List<AccessDecisionVoter> voters = new ArrayList<AccessDecisionVoter>();
|
||||
voters.add(new RoleVoter());
|
||||
Class<?> managerType;
|
||||
if (rule.getComparisonType() == SecurityRule.COMPARISON_ANY) {
|
||||
managerType = AffirmativeBased.class;
|
||||
} else if (rule.getComparisonType() == SecurityRule.COMPARISON_ALL) {
|
||||
managerType = UnanimousBased.class;
|
||||
} else {
|
||||
throw new IllegalStateException("Unknown SecurityRule match type: " + rule.getComparisonType());
|
||||
}
|
||||
try {
|
||||
Constructor<?> constructor = managerType.getConstructor();
|
||||
AbstractAccessDecisionManager manager = (AbstractAccessDecisionManager) constructor.newInstance();
|
||||
new DirectFieldAccessor(manager).setPropertyValue("decisionVoters", voters);
|
||||
return manager;
|
||||
}
|
||||
catch (Throwable ex) {
|
||||
throw new IllegalStateException("Failed to initialize AccessDecisionManager", ex);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.GrantedAuthorityImpl;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
@@ -156,8 +156,8 @@ public class SecurityFlowExecutionListenerTests extends TestCase {
|
||||
}
|
||||
|
||||
private Authentication getAuthentication() {
|
||||
List<GrantedAuthority> authorities = Arrays.<GrantedAuthority> asList(new GrantedAuthorityImpl("ROLE_1"),
|
||||
new GrantedAuthorityImpl("ROLE_2"), new GrantedAuthorityImpl("ROLE_3"));
|
||||
List<GrantedAuthority> authorities = Arrays.<GrantedAuthority> asList(new SimpleGrantedAuthority("ROLE_1"),
|
||||
new SimpleGrantedAuthority("ROLE_2"), new SimpleGrantedAuthority("ROLE_3"));
|
||||
return new UsernamePasswordAuthenticationToken("test", "", authorities);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user