SEC-401: internalMethod handling fixes, plus correct issue with startsWith(String) usage.
This commit is contained in:
Ben Alex
parent
e79a28875f
commit
1805ab8ec4
|
|
@ -14,11 +14,14 @@
|
||||||
*/
|
*/
|
||||||
package org.acegisecurity.vote;
|
package org.acegisecurity.vote;
|
||||||
|
|
||||||
|
import java.lang.reflect.InvocationTargetException;
|
||||||
|
import java.lang.reflect.Method;
|
||||||
|
import java.util.Iterator;
|
||||||
|
|
||||||
import org.acegisecurity.Authentication;
|
import org.acegisecurity.Authentication;
|
||||||
import org.acegisecurity.AuthorizationServiceException;
|
import org.acegisecurity.AuthorizationServiceException;
|
||||||
import org.acegisecurity.ConfigAttribute;
|
import org.acegisecurity.ConfigAttribute;
|
||||||
import org.acegisecurity.ConfigAttributeDefinition;
|
import org.acegisecurity.ConfigAttributeDefinition;
|
||||||
|
|
||||||
import org.acegisecurity.acls.Acl;
|
import org.acegisecurity.acls.Acl;
|
||||||
import org.acegisecurity.acls.AclService;
|
import org.acegisecurity.acls.AclService;
|
||||||
import org.acegisecurity.acls.NotFoundException;
|
import org.acegisecurity.acls.NotFoundException;
|
||||||
|
|
@ -29,17 +32,10 @@ import org.acegisecurity.acls.objectidentity.ObjectIdentityRetrievalStrategyImpl
|
||||||
import org.acegisecurity.acls.sid.Sid;
|
import org.acegisecurity.acls.sid.Sid;
|
||||||
import org.acegisecurity.acls.sid.SidRetrievalStrategy;
|
import org.acegisecurity.acls.sid.SidRetrievalStrategy;
|
||||||
import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl;
|
import org.acegisecurity.acls.sid.SidRetrievalStrategyImpl;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
import java.lang.reflect.InvocationTargetException;
|
|
||||||
import java.lang.reflect.Method;
|
|
||||||
|
|
||||||
import java.util.Iterator;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>Given a domain object instance passed as a method argument, ensures the principal has appropriate permission
|
* <p>Given a domain object instance passed as a method argument, ensures the principal has appropriate permission
|
||||||
|
|
@ -140,7 +136,7 @@ public class AclEntryVoter extends AbstractAclVoter {
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean supports(ConfigAttribute attribute) {
|
public boolean supports(ConfigAttribute attribute) {
|
||||||
if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getProcessConfigAttribute())) {
|
if ((attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute())) {
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -158,18 +154,9 @@ public class AclEntryVoter extends AbstractAclVoter {
|
||||||
// Attempt to locate the domain object instance to process
|
// Attempt to locate the domain object instance to process
|
||||||
Object domainObject = getDomainObjectInstance(object);
|
Object domainObject = getDomainObjectInstance(object);
|
||||||
|
|
||||||
// If domain object is null, vote to abstain
|
|
||||||
if (domainObject == null) {
|
|
||||||
if (logger.isDebugEnabled()) {
|
|
||||||
logger.debug("Voting to abstain - domainObject is null");
|
|
||||||
}
|
|
||||||
|
|
||||||
return AccessDecisionVoter.ACCESS_ABSTAIN;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Evaluate if we are required to use an inner domain object
|
// Evaluate if we are required to use an inner domain object
|
||||||
if ((internalMethod != null) && !"".equals(internalMethod)) {
|
if (domainObject != null && internalMethod != null && (!"".equals(internalMethod))) {
|
||||||
try {
|
try {
|
||||||
Class clazz = domainObject.getClass();
|
Class clazz = domainObject.getClass();
|
||||||
Method method = clazz.getMethod(internalMethod, new Class[] {});
|
Method method = clazz.getMethod(internalMethod, new Class[] {});
|
||||||
domainObject = method.invoke(domainObject, new Object[] {});
|
domainObject = method.invoke(domainObject, new Object[] {});
|
||||||
|
|
@ -201,6 +188,15 @@ public class AclEntryVoter extends AbstractAclVoter {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If domain object is null, vote to abstain
|
||||||
|
if (domainObject == null) {
|
||||||
|
if (logger.isDebugEnabled()) {
|
||||||
|
logger.debug("Voting to abstain - domainObject is null");
|
||||||
|
}
|
||||||
|
|
||||||
|
return AccessDecisionVoter.ACCESS_ABSTAIN;
|
||||||
|
}
|
||||||
|
|
||||||
// Obtain the OID applicable to the domain object
|
// Obtain the OID applicable to the domain object
|
||||||
ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
|
ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy.getObjectIdentity(domainObject);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -155,7 +155,7 @@ public class BasicAclEntryVoter extends AbstractAclVoter implements Initializing
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean supports(ConfigAttribute attribute) {
|
public boolean supports(ConfigAttribute attribute) {
|
||||||
if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getProcessConfigAttribute())) {
|
if ((attribute.getAttribute() != null) && attribute.getAttribute().equals(getProcessConfigAttribute())) {
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue