Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-51 and SEC-67 related changes. Tested all functions of "filters" version in web browser OK.

This commit is contained in:
Ben Alex 2005-11-04 04:15:57 +00:00
parent 9be82a3d8f
commit 2d74db9a0c
12 changed files with 64 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
samples/contacts-tiger/src/main/java/sample/contact/annotation/ContactManagerBackend.java
View File

@ -87,7 +87,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
@Secured ({"ROLE_USER","AFTER_ACL_READ"})
@Transactional(readOnly=true)
public Contact getById(Integer id) {
public Contact getById(Long id) {
if (logger.isDebugEnabled()) {
logger.debug("Returning contact with id: " + id);
}
@ -143,7 +143,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
@Secured ({"ROLE_USER"})
public void create(Contact contact) {
// Create the Contact itself
contact.setId(new Integer(counter++));
contact.setId(new Long(counter++));
contactDao.create(contact);
// Grant the current principal access to the contact

10
samples/contacts/src/main/java/sample/contact/AddPermissionController.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -21,13 +21,14 @@ import org.springframework.beans.factory.InitializingBean;
import org.springframework.dao.DataAccessException;
import org.springframework.util.Assert;
import org.springframework.validation.BindException;
import org.springframework.web.bind.RequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.SimpleFormController;
import org.springframework.web.servlet.view.RedirectView;
import org.springframework.util.Assert;
import java.util.HashMap;
import java.util.Iterator;
@ -61,7 +62,8 @@ public class AddPermissionController extends SimpleFormController
}
public void afterPropertiesSet() throws Exception {
Assert.notNull(contactManager, "A ContactManager implementation is required");
Assert.notNull(contactManager,
"A ContactManager implementation is required");
}
protected ModelAndView disallowDuplicateFormSubmission(
@ -80,7 +82,7 @@ public class AddPermissionController extends SimpleFormController
int contactId = RequestUtils.getRequiredIntParameter(request,
"contactId");
Contact contact = contactManager.getById(new Integer(contactId));
Contact contact = contactManager.getById(new Long(contactId));
AddPermission addPermission = new AddPermission();
addPermission.setContact(contact);

10
samples/contacts/src/main/java/sample/contact/AdminPermissionController.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,10 +20,11 @@ import net.sf.acegisecurity.acl.AclManager;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import org.springframework.web.bind.RequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import org.springframework.util.Assert;
import java.io.IOException;
@ -66,7 +67,8 @@ public class AdminPermissionController implements Controller, InitializingBean {
}
public void afterPropertiesSet() throws Exception {
Assert.notNull(contactManager, "A ContactManager implementation is required");
Assert.notNull(contactManager,
"A ContactManager implementation is required");
Assert.notNull(aclManager, "An aclManager implementation is required");
}
@ -74,7 +76,7 @@ public class AdminPermissionController implements Controller, InitializingBean {
HttpServletResponse response) throws ServletException, IOException {
int id = RequestUtils.getRequiredIntParameter(request, "contactId");
Contact contact = contactManager.getById(new Integer(id));
Contact contact = contactManager.getById(new Long(id));
AclEntry[] acls = aclManager.getAcls(contact);
Map model = new HashMap();

8
samples/contacts/src/main/java/sample/contact/Contact.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,7 +27,7 @@ import java.io.Serializable;
public class Contact implements Serializable {
//~ Instance fields ========================================================
private Integer id;
private Long id;
private String email;
private String name;
@ -60,7 +60,7 @@ public class Contact implements Serializable {
return email;
}
public void setId(Integer id) {
public void setId(Long id) {
this.id = id;
}
@ -69,7 +69,7 @@ public class Contact implements Serializable {
*
* @return Returns the id.
*/
public Integer getId() {
public Long getId() {
return id;
}

6
samples/contacts/src/main/java/sample/contact/ContactDao.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -27,11 +27,11 @@ import java.util.List;
public interface ContactDao {
//~ Methods ================================================================
public Contact getById(Integer id);
public Contact getById(Long id);
public void create(Contact contact);
public void delete(Integer contactId);
public void delete(Long contactId);
public List findAll();

42
samples/contacts/src/main/java/sample/contact/ContactDaoSpring.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -48,8 +48,8 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
//~ Methods ================================================================
public Contact getById(Integer id) {
List list = contactsByIdQuery.execute(id.intValue());
public Contact getById(Long id) {
List list = contactsByIdQuery.execute(id.longValue());
if (list.size() == 0) {
return null;
@ -59,10 +59,12 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
}
public void create(Contact contact) {
System.out.println("creating contact w/ id " + contact.getId() + " "
+ contact.getEmail());
contactInsert.insert(contact);
}
public void delete(Integer contactId) {
public void delete(Long contactId) {
contactDelete.delete(contactId);
}
@ -109,14 +111,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
protected Object mapRow(ResultSet rs, int rownum)
throws SQLException {
return new Integer(rs.getInt("id"));
return new Long(rs.getLong("id"));
}
}
protected class AclObjectIdentityInsert extends SqlUpdate {
protected AclObjectIdentityInsert(DataSource ds) {
super(ds, "INSERT INTO acl_object_identity VALUES (?, ?, ?, ?)");
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.BIGINT));
declareParameter(new SqlParameter(Types.VARCHAR));
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.VARCHAR));
@ -124,7 +126,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
}
protected int insert(String objectIdentity,
Integer parentAclObjectIdentity, String aclClass) {
Long parentAclObjectIdentity, String aclClass) {
Object[] objs = new Object[] {null, objectIdentity, parentAclObjectIdentity, aclClass};
super.update(objs);
@ -135,19 +137,19 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
protected class ContactDelete extends SqlUpdate {
protected ContactDelete(DataSource ds) {
super(ds, "DELETE FROM contacts WHERE id = ?");
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.BIGINT));
compile();
}
protected void delete(Integer contactId) {
super.update(contactId.intValue());
protected void delete(Long contactId) {
super.update(contactId.longValue());
}
}
protected class ContactInsert extends SqlUpdate {
protected ContactInsert(DataSource ds) {
super(ds, "INSERT INTO contacts VALUES (?, ?, ?)");
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.BIGINT));
declareParameter(new SqlParameter(Types.VARCHAR));
declareParameter(new SqlParameter(Types.VARCHAR));
compile();
@ -166,7 +168,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
"UPDATE contacts SET contact_name = ?, address = ? WHERE id = ?");
declareParameter(new SqlParameter(Types.VARCHAR));
declareParameter(new SqlParameter(Types.VARCHAR));
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.BIGINT));
compile();
}
@ -186,7 +188,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
protected Object mapRow(ResultSet rs, int rownum)
throws SQLException {
Contact contact = new Contact();
contact.setId(new Integer(rs.getInt("id")));
contact.setId(new Long(rs.getLong("id")));
contact.setName(rs.getString("contact_name"));
contact.setEmail(rs.getString("email"));
@ -198,14 +200,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
protected ContactsByIdQuery(DataSource ds) {
super(ds,
"SELECT id, contact_name, email FROM contacts WHERE id = ? ORDER BY id");
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.BIGINT));
compile();
}
protected Object mapRow(ResultSet rs, int rownum)
throws SQLException {
Contact contact = new Contact();
contact.setId(new Integer(rs.getInt("id")));
contact.setId(new Long(rs.getLong("id")));
contact.setName(rs.getString("contact_name"));
contact.setEmail(rs.getString("email"));
@ -217,12 +219,12 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
protected PermissionDelete(DataSource ds) {
super(ds,
"DELETE FROM acl_permission WHERE ACL_OBJECT_IDENTITY = ? AND RECIPIENT = ?");
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.BIGINT));
declareParameter(new SqlParameter(Types.VARCHAR));
compile();
}
protected void delete(Integer aclObjectIdentity, String recipient) {
protected void delete(Long aclObjectIdentity, String recipient) {
super.update(new Object[] {aclObjectIdentity, recipient});
}
}
@ -230,14 +232,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao {
protected class PermissionInsert extends SqlUpdate {
protected PermissionInsert(DataSource ds) {
super(ds, "INSERT INTO acl_permission VALUES (?, ?, ?, ?);");
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.INTEGER));
declareParameter(new SqlParameter(Types.BIGINT));
declareParameter(new SqlParameter(Types.BIGINT));
declareParameter(new SqlParameter(Types.VARCHAR));
declareParameter(new SqlParameter(Types.INTEGER));
compile();
}
protected int insert(Integer aclObjectIdentity, String recipient,
protected int insert(Long aclObjectIdentity, String recipient,
Integer mask) {
Object[] objs = new Object[] {null, aclObjectIdentity, recipient, mask};
super.update(objs);

4
samples/contacts/src/main/java/sample/contact/ContactManager.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -31,7 +31,7 @@ public interface ContactManager {
public List getAllRecipients();
public Contact getById(Integer id);
public Contact getById(Long id);
public Contact getRandomContact();

6
samples/contacts/src/main/java/sample/contact/ContactManagerBackend.java
View File

@ -45,7 +45,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
private BasicAclExtendedDao basicAclExtendedDao;
private ContactDao contactDao;
private int counter = 100;
private int counter = 1000;
//~ Methods ================================================================
@ -76,7 +76,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
return basicAclExtendedDao;
}
public Contact getById(Integer id) {
public Contact getById(Long id) {
if (logger.isDebugEnabled()) {
logger.debug("Returning contact with id: " + id);
}
@ -130,7 +130,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport
public void create(Contact contact) {
// Create the Contact itself
contact.setId(new Integer(counter++));
contact.setId(new Long(counter++));
contactDao.create(contact);
// Grant the current principal access to the contact

6
samples/contacts/src/main/java/sample/contact/DataSourcePopulator.java
View File

@ -65,7 +65,7 @@ public class DataSourcePopulator implements InitializingBean {
JdbcTemplate template = new JdbcTemplate(dataSource);
template.execute(
"CREATE TABLE CONTACTS(ID INTEGER NOT NULL PRIMARY KEY, CONTACT_NAME VARCHAR_IGNORECASE(50) NOT NULL, EMAIL VARCHAR_IGNORECASE(50) NOT NULL)");
"CREATE TABLE CONTACTS(ID BIGINT NOT NULL PRIMARY KEY, CONTACT_NAME VARCHAR_IGNORECASE(50) NOT NULL, EMAIL VARCHAR_IGNORECASE(50) NOT NULL)");
template.execute(
"INSERT INTO contacts VALUES (1, 'John Smith', 'john@somewhere.com');"); // marissa
template.execute(
@ -93,7 +93,7 @@ public class DataSourcePopulator implements InitializingBean {
}
template.execute(
"CREATE TABLE ACL_OBJECT_IDENTITY(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT INTEGER,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
"CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT BIGINT,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))");
template.execute(
"INSERT INTO acl_object_identity VALUES (1, 'sample.contact.Contact:1', null, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry');");
template.execute(
@ -120,7 +120,7 @@ public class DataSourcePopulator implements InitializingBean {
}
template.execute(
"CREATE TABLE ACL_PERMISSION(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY INTEGER NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
"CREATE TABLE ACL_PERMISSION(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))");
template.execute(
"INSERT INTO acl_permission VALUES (null, 1, 'marissa', 1);"); // administer
template.execute(

10
samples/contacts/src/main/java/sample/contact/DeleteController.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -17,10 +17,11 @@ package sample.contact;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import org.springframework.web.bind.RequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import org.springframework.util.Assert;
import java.io.IOException;
@ -51,13 +52,14 @@ public class DeleteController implements Controller, InitializingBean {
}
public void afterPropertiesSet() throws Exception {
Assert.notNull(contactManager, "A ContactManager implementation is required");
Assert.notNull(contactManager,
"A ContactManager implementation is required");
}
public ModelAndView handleRequest(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
int id = RequestUtils.getRequiredIntParameter(request, "contactId");
Contact contact = contactManager.getById(new Integer(id));
Contact contact = contactManager.getById(new Long(id));
contactManager.delete(contact);
return new ModelAndView("deleted", "contact", contact);

10
samples/contacts/src/main/java/sample/contact/DeletePermissionController.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -19,10 +19,11 @@ import net.sf.acegisecurity.acl.AclManager;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
import org.springframework.web.bind.RequestUtils;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import org.springframework.util.Assert;
import java.io.IOException;
@ -65,7 +66,8 @@ public class DeletePermissionController implements Controller, InitializingBean
}
public void afterPropertiesSet() throws Exception {
Assert.notNull(contactManager, "A ContactManager implementation is required");
Assert.notNull(contactManager,
"A ContactManager implementation is required");
Assert.notNull(aclManager, "An aclManager implementation is required");
}
@ -76,7 +78,7 @@ public class DeletePermissionController implements Controller, InitializingBean
String recipient = RequestUtils.getRequiredStringParameter(request,
"recipient");
Contact contact = contactManager.getById(new Integer(contactId));
Contact contact = contactManager.getById(new Long(contactId));
contactManager.deletePermission(contact, recipient);

2
samples/contacts/src/main/webapp/common/WEB-INF/jsp/index.jsp
View File

@ -3,7 +3,7 @@
<html>
<head><title>Your Contacts</title></head>
<body>
<h1><authz:authentication operation="principal"/>'s Contacts</h1>
<h1><authz:authentication operation="username"/>'s Contacts</h1>
<P>
<table cellpadding=3 border=0>
<tr><td><b>id</b></td><td><b>Name</b></td><td><b>Email</b></td></tr>