SEC-271: added AuthorizationManagerBeanDefinitionParser

sandbox/spring-security-config/src/main/java/org/acegisecurity/config/AuthorizationManagerBeanDefinitionParser.java

@@ -0,0 +1,84 @@
+package org.acegisecurity.config;
+
+import org.acegisecurity.AccessDecisionManager;
+import org.acegisecurity.vote.AffirmativeBased;
+import org.acegisecurity.vote.AuthenticatedVoter;
+import org.acegisecurity.vote.ConsensusBased;
+import org.acegisecurity.vote.RoleVoter;
+import org.acegisecurity.vote.UnanimousBased;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
+import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
+import org.springframework.beans.factory.xml.BeanDefinitionParser;
+import org.springframework.beans.factory.xml.ParserContext;
+import org.springframework.util.StringUtils;
+import org.springframework.util.xml.DomUtils;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+public class AuthorizationManagerBeanDefinitionParser extends AbstractBeanDefinitionParser implements
+		BeanDefinitionParser {
+	// ~ static initializers
+	// ================================================================================================
+
+	public static final String ROLE_VOTER_ELE = "role-voter";
+
+	public static final String AUTHENTICATED_VOTER_ELE = "authenticated-voter";
+
+	public static final String STRATEGY_ATTRIBUTE = "strategy";
+
+	// ~ Method
+	// ================================================================================================
+
+	protected AbstractBeanDefinition parseInternal(Element element, ParserContext parserContext) {
+		return createBeanDefinition(element, parserContext);
+	}
+
+	private RootBeanDefinition createBeanDefinition(Element element, ParserContext parserContext) {
+		ManagedList decisionVoters = new ManagedList();
+
+		Element roleVoterEle = DomUtils.getChildElementByTagName(element, ROLE_VOTER_ELE);
+		Element authVoterEle = DomUtils.getChildElementByTagName(element, AUTHENTICATED_VOTER_ELE);
+		
+		if(roleVoterEle!=null && roleVoterEle.getLocalName().equals(ROLE_VOTER_ELE)) {
+			decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
+		} 
+		if (authVoterEle!=null && authVoterEle.getLocalName().equals(AUTHENTICATED_VOTER_ELE)) {
+			decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
+		}
+		
+		String strategy = element.getAttribute(STRATEGY_ATTRIBUTE);
+		if (StringUtils.hasLength(strategy)) {
+			if (strategy.equals("affirmative")) {
+				return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
+			}
+			else if (strategy.equals("consensus")) {
+				return createAccessDecisionManager(ConsensusBased.class, decisionVoters);
+			}
+			else if (strategy.equals("unanimous")) {
+				return createAccessDecisionManager(UnanimousBased.class, decisionVoters);
+			}
+		}
+		else {
+			return createAccessDecisionManagerAffirmativeBased();
+		}
+		return null;
+	}
+
+	protected static RootBeanDefinition createAccessDecisionManagerAffirmativeBased() {
+		ManagedList decisionVoters = new ManagedList();
+		decisionVoters.add(new RootBeanDefinition(AuthenticatedVoter.class));
+		decisionVoters.add(new RootBeanDefinition(RoleVoter.class));
+		return createAccessDecisionManager(AffirmativeBased.class, decisionVoters);
+	}
+
+	protected static RootBeanDefinition createAccessDecisionManager(Class clazz, ManagedList decisionVoters) {
+		RootBeanDefinition accessDecisionManager = new RootBeanDefinition(clazz);
+		accessDecisionManager.getPropertyValues().addPropertyValue("allowIfAllAbstainDecisions", Boolean.FALSE);
+		accessDecisionManager.getPropertyValues().addPropertyValue("decisionVoters", decisionVoters);
+		return accessDecisionManager;
+	}
+
+}

sandbox/spring-security-config/src/test/java/org/acegisecurity/config/AuthorizationManagerBeanDefinitionParserTests.java

@@ -0,0 +1,31 @@
+package org.acegisecurity.config;
+
+import java.util.List;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.AccessDecisionManager;
+import org.acegisecurity.vote.AuthenticatedVoter;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+public class AuthorizationManagerBeanDefinitionParserTests extends TestCase {
+
+	public void testParsingBeanDefinition() {
+		ApplicationContext context = new ClassPathXmlApplicationContext(
+				"org/acegisecurity/config/authorization-manager.xml");
+		ConfigurableListableBeanFactory bf = (ConfigurableListableBeanFactory) context.getAutowireCapableBeanFactory();
+		String[] beanNames = bf.getBeanNamesForType(AccessDecisionManager.class);
+		assertEquals(1, beanNames.length);
+		BeanDefinition def = (RootBeanDefinition) bf.getBeanDefinition(beanNames[0]);
+		assertNotNull(def);
+		List decisionVoters = (ManagedList) def.getPropertyValues().getPropertyValue("decisionVoters").getValue();
+		assertEquals(2, decisionVoters.size());
+		assertEquals("org.acegisecurity.vote.RoleVoter", ((BeanDefinition) decisionVoters.get(0)).getBeanClassName());
+		assertEquals("org.acegisecurity.vote.AuthenticatedVoter", ((BeanDefinition) decisionVoters.get(1)).getBeanClassName());
+	}
+}

sandbox/spring-security-config/src/test/resources/org/acegisecurity/config/authorization-manager.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd 
+	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+
+	<!-- 
+		creates a bean definition for an AccessDecisionManager; strategy defaults to 
+		AffirmativeBased; superclass AbstractAccessDecisionManager requires refactoring 
+		so if no setProvider(List) given, it introspects app ctx for all AccessDecisionVoters
+		and uses their Ordered interface to apply them; if one doesn't implement Ordered, 
+		assume it is Integer.MAX_VALUE 
+	-->
+	<security:authorization-manager id="id" strategy="affirmative">
+		<security:role-voter />
+		<security:authenticated-voter />
+	</security:authorization-manager>
+</beans>