From 1805ab8ec445d7b7d8dd163936037e55c0e2c5ff Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Sun, 26 Nov 2006 04:47:43 +0000 Subject: [PATCH] SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage. --- .../org/acegisecurity/vote/AclEntryVoter.java | 36 +++++++++---------- .../vote/BasicAclEntryVoter.java | 2 +- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/vote/AclEntryVoter.java b/core/src/main/java/org/acegisecurity/vote/AclEntryVoter.java index 4217a91426..89c178cb83 100644 --- a/core/src/main/java/org/acegisecurity/vote/AclEntryVoter.java +++ b/core/src/main/java/org/acegisecurity/vote/AclEntryVoter.java @@ -14,11 +14,14 @@ */ package org.acegisecurity.vote; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.Iterator; + import org.acegisecurity.Authentication; import org.acegisecurity.AuthorizationServiceException; import org.acegisecurity.ConfigAttribute; import org.acegisecurity.ConfigAttributeDefinition; - import org.acegisecurity.acls.Acl; import org.acegisecurity.acls.AclService; import org.acegisecurity.acls.NotFoundException; @@ -29,17 +32,10 @@ import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategyImpl import org.acegisecurity.acls.sid.Sid; import org.acegisecurity.acls.sid.SidRetrievalStrategy; import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; - import org.springframework.util.Assert; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; - -import java.util.Iterator; - /** *

Given a domain object instance passed as a method argument, ensures the principal has appropriate permission @@ -140,7 +136,7 @@ public class AclEntryVoter extends AbstractAclVoter { } public boolean supports(ConfigAttribute attribute) { - if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getProcessConfigAttribute())) { + if ((attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute())) { return true; } else { return false; @@ -158,18 +154,9 @@ public class AclEntryVoter extends AbstractAclVoter { // Attempt to locate the domain object instance to process Object domainObject = getDomainObjectInstance(object); - // If domain object is null, vote to abstain - if (domainObject == null) { - if (logger.isDebugEnabled()) { - logger.debug("Voting to abstain - domainObject is null"); - } - - return AccessDecisionVoter.ACCESS_ABSTAIN; - } - // Evaluate if we are required to use an inner domain object - if ((internalMethod != null) && !"".equals(internalMethod)) { - try { + if (domainObject != null && internalMethod != null && (!"".equals(internalMethod))) { + try { Class clazz = domainObject.getClass(); Method method = clazz.getMethod(internalMethod, new Class[] {}); domainObject = method.invoke(domainObject, new Object[] {}); @@ -201,6 +188,15 @@ public class AclEntryVoter extends AbstractAclVoter { } } + // If domain object is null, vote to abstain + if (domainObject == null) { + if (logger.isDebugEnabled()) { + logger.debug("Voting to abstain - domainObject is null"); + } + + return AccessDecisionVoter.ACCESS_ABSTAIN; + } + // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject); diff --git a/core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java b/core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java index bb74894b07..d89b3d7e7e 100644 --- a/core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java +++ b/core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java @@ -155,7 +155,7 @@ public class BasicAclEntryVoter extends AbstractAclVoter implements Initializing } public boolean supports(ConfigAttribute attribute) { - if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getProcessConfigAttribute())) { + if ((attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute())) { return true; } else { return false;