SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage.

This commit is contained in:
Ben Alex 2006-11-26 04:47:43 +00:00
parent e79a28875f
commit 1805ab8ec4
2 changed files with 17 additions and 21 deletions

View File

@ -14,11 +14,14 @@
*/ */
package org.acegisecurity.vote; package org.acegisecurity.vote;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Iterator;
import org.acegisecurity.Authentication; import org.acegisecurity.Authentication;
import org.acegisecurity.AuthorizationServiceException; import org.acegisecurity.AuthorizationServiceException;
import org.acegisecurity.ConfigAttribute; import org.acegisecurity.ConfigAttribute;
import org.acegisecurity.ConfigAttributeDefinition; import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.acls.Acl; import org.acegisecurity.acls.Acl;
import org.acegisecurity.acls.AclService; import org.acegisecurity.acls.AclService;
import org.acegisecurity.acls.NotFoundException; import org.acegisecurity.acls.NotFoundException;
@ -29,17 +32,10 @@ import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategyImpl
import org.acegisecurity.acls.sid.Sid; import org.acegisecurity.acls.sid.Sid;
import org.acegisecurity.acls.sid.SidRetrievalStrategy; import org.acegisecurity.acls.sid.SidRetrievalStrategy;
import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl; import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Iterator;
/** /**
* <p>Given a domain object instance passed as a method argument, ensures the principal has appropriate permission * <p>Given a domain object instance passed as a method argument, ensures the principal has appropriate permission
@ -140,7 +136,7 @@ public class AclEntryVoter extends AbstractAclVoter {
} }
public boolean supports(ConfigAttribute attribute) { public boolean supports(ConfigAttribute attribute) {
if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getProcessConfigAttribute())) { if ((attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute())) {
return true; return true;
} else { } else {
return false; return false;
@ -158,17 +154,8 @@ public class AclEntryVoter extends AbstractAclVoter {
// Attempt to locate the domain object instance to process // Attempt to locate the domain object instance to process
Object domainObject = getDomainObjectInstance(object); Object domainObject = getDomainObjectInstance(object);
// If domain object is null, vote to abstain
if (domainObject == null) {
if (logger.isDebugEnabled()) {
logger.debug("Voting to abstain - domainObject is null");
}
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
// Evaluate if we are required to use an inner domain object // Evaluate if we are required to use an inner domain object
if ((internalMethod != null) && !"".equals(internalMethod)) { if (domainObject != null && internalMethod != null && (!"".equals(internalMethod))) {
try { try {
Class clazz = domainObject.getClass(); Class clazz = domainObject.getClass();
Method method = clazz.getMethod(internalMethod, new Class[] {}); Method method = clazz.getMethod(internalMethod, new Class[] {});
@ -201,6 +188,15 @@ public class AclEntryVoter extends AbstractAclVoter {
} }
} }
// If domain object is null, vote to abstain
if (domainObject == null) {
if (logger.isDebugEnabled()) {
logger.debug("Voting to abstain - domainObject is null");
}
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
// Obtain the OID applicable to the domain object // Obtain the OID applicable to the domain object
ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject); ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);

View File

@ -155,7 +155,7 @@ public class BasicAclEntryVoter extends AbstractAclVoter implements Initializing
} }
public boolean supports(ConfigAttribute attribute) { public boolean supports(ConfigAttribute attribute) {
if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getProcessConfigAttribute())) { if ((attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute())) {
return true; return true;
} else { } else {
return false; return false;