From 1a838c204949d94fa85f29e26b73df0a410ca4c0 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Sat, 7 Aug 2010 14:41:25 +0100 Subject: [PATCH] SEC-1533: AclAuthorizationStrategyImpl can now take either one or three GrantedAuthority arguments. If only one is supplied, it will be used for all 3 of the permissions supported by the class. --- .../domain/AclAuthorizationStrategyImpl.java | 19 +++++++++----- .../acls/jdbc/BasicLookupStrategyTests.java | 26 +++++++++---------- ...pplicationContext-common-authorization.xml | 8 ------ .../sample/contact/ContactManagerTests.java | 2 +- 4 files changed, 26 insertions(+), 29 deletions(-) diff --git a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java index e54dccf872..35ceed5c8c 100644 --- a/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java +++ b/acl/src/main/java/org/springframework/security/acls/domain/AclAuthorizationStrategyImpl.java @@ -52,16 +52,23 @@ public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy { * Constructor. The only mandatory parameter relates to the system-wide {@link GrantedAuthority} instances that * can be held to always permit ACL changes. * - * @param auths an array of GrantedAuthoritys that have + * @param auths the GrantedAuthoritys that have * special permissions (index 0 is the authority needed to change * ownership, index 1 is the authority needed to modify auditing details, * index 2 is the authority needed to change other ACL and ACE details) (required) + *

+ * Alternatively, a single value can be supplied for all three permissions. */ - public AclAuthorizationStrategyImpl(GrantedAuthority[] auths) { - Assert.isTrue(auths != null && auths.length == 3, "GrantedAuthority[] with three elements required"); - this.gaTakeOwnership = auths[0]; - this.gaModifyAuditing = auths[1]; - this.gaGeneralChanges = auths[2]; + public AclAuthorizationStrategyImpl(GrantedAuthority... auths) { + Assert.isTrue(auths != null && (auths.length == 3 || auths.length == 1), + "One or three GrantedAuthority instances required"); + if (auths.length == 3) { + gaTakeOwnership = auths[0]; + gaModifyAuditing = auths[1]; + gaGeneralChanges = auths[2]; + } else { + gaTakeOwnership = gaModifyAuditing = gaGeneralChanges = auths[0]; + } } //~ Methods ======================================================================================================== diff --git a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java index 6adfe7cac1..a24210dce6 100644 --- a/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java +++ b/acl/src/test/java/org/springframework/security/acls/jdbc/BasicLookupStrategyTests.java @@ -101,9 +101,7 @@ public class BasicLookupStrategyTests { @Before public void initializeBeans() { EhCacheBasedAclCache cache = new EhCacheBasedAclCache(getCache()); - AclAuthorizationStrategy authorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthority[] { - new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"), new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"), - new GrantedAuthorityImpl("ROLE_ADMINISTRATOR") }); + AclAuthorizationStrategy authorizationStrategy = new AclAuthorizationStrategyImpl(new GrantedAuthorityImpl("ROLE_ADMINISTRATOR")); strategy = new BasicLookupStrategy(dataSource, cache, authorizationStrategy, new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger())); strategy.setPermissionFactory(new DefaultPermissionFactory()); @@ -194,16 +192,16 @@ public class BasicLookupStrategyTests { // Check each entry Assert.assertTrue(topParent.isEntriesInheriting()); - Assert.assertEquals(topParent.getId(), new Long(1)); + Assert.assertEquals(topParent.getId(), Long.valueOf(1)); Assert.assertEquals(topParent.getOwner(), new PrincipalSid("ben")); - Assert.assertEquals(topParent.getEntries().get(0).getId(), new Long(1)); + Assert.assertEquals(topParent.getEntries().get(0).getId(), Long.valueOf(1)); Assert.assertEquals(topParent.getEntries().get(0).getPermission(), BasePermission.READ); Assert.assertEquals(topParent.getEntries().get(0).getSid(), new PrincipalSid("ben")); Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditFailure()); Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditSuccess()); Assert.assertTrue(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isGranting()); - Assert.assertEquals(topParent.getEntries().get(1).getId(), new Long(2)); + Assert.assertEquals(topParent.getEntries().get(1).getId(), Long.valueOf(2)); Assert.assertEquals(topParent.getEntries().get(1).getPermission(), BasePermission.WRITE); Assert.assertEquals(topParent.getEntries().get(1).getSid(), new PrincipalSid("ben")); Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditFailure()); @@ -211,9 +209,9 @@ public class BasicLookupStrategyTests { Assert.assertFalse(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isGranting()); Assert.assertTrue(middleParent.isEntriesInheriting()); - Assert.assertEquals(middleParent.getId(), new Long(2)); + Assert.assertEquals(middleParent.getId(), Long.valueOf(2)); Assert.assertEquals(middleParent.getOwner(), new PrincipalSid("ben")); - Assert.assertEquals(middleParent.getEntries().get(0).getId(), new Long(3)); + Assert.assertEquals(middleParent.getEntries().get(0).getId(), Long.valueOf(3)); Assert.assertEquals(middleParent.getEntries().get(0).getPermission(), BasePermission.DELETE); Assert.assertEquals(middleParent.getEntries().get(0).getSid(), new PrincipalSid("ben")); Assert.assertFalse(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditFailure()); @@ -221,9 +219,9 @@ public class BasicLookupStrategyTests { Assert.assertTrue(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isGranting()); Assert.assertTrue(child.isEntriesInheriting()); - Assert.assertEquals(child.getId(), new Long(3)); + Assert.assertEquals(child.getId(), Long.valueOf(3)); Assert.assertEquals(child.getOwner(), new PrincipalSid("ben")); - Assert.assertEquals(child.getEntries().get(0).getId(), new Long(4)); + Assert.assertEquals(child.getEntries().get(0).getId(), Long.valueOf(4)); Assert.assertEquals(child.getEntries().get(0).getPermission(), BasePermission.DELETE); Assert.assertEquals(child.getEntries().get(0).getSid(), new PrincipalSid("ben")); Assert.assertFalse(((AuditableAccessControlEntry) child.getEntries().get(0)).isAuditFailure()); @@ -236,10 +234,10 @@ public class BasicLookupStrategyTests { String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (4,2,103,1,1,1);"; jdbcTemplate.execute(query); - ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(100)); - ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, new Integer(101)); - ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, new Long(102)); - ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, new Long(103)); + ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(100)); + ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(101)); + ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(102)); + ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(103)); // Retrieve the child Map map = this.strategy.readAclsById(Arrays.asList(childOid), null); diff --git a/samples/contacts/src/main/resources/applicationContext-common-authorization.xml b/samples/contacts/src/main/resources/applicationContext-common-authorization.xml index 820a8c32b7..05a099eb96 100644 --- a/samples/contacts/src/main/resources/applicationContext-common-authorization.xml +++ b/samples/contacts/src/main/resources/applicationContext-common-authorization.xml @@ -30,17 +30,9 @@ - - - - - - - - diff --git a/samples/contacts/src/test/java/sample/contact/ContactManagerTests.java b/samples/contacts/src/test/java/sample/contact/ContactManagerTests.java index b90256fa53..7db62b024c 100644 --- a/samples/contacts/src/test/java/sample/contact/ContactManagerTests.java +++ b/samples/contacts/src/test/java/sample/contact/ContactManagerTests.java @@ -37,7 +37,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; * * @author David Leal * @author Ben Alex - * @Author Luke Taylor + * @author Luke Taylor */ @ContextConfiguration(locations={ "/applicationContext-security.xml",