From 3fcc7b54034cafd55c4851e71f899da729b7e7e1 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Fri, 12 Dec 2008 12:47:42 +0000 Subject: [PATCH] SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes --- .../afterinvocation/AbstractAclProvider.java | 3 +- ...InvocationCollectionFilteringProvider.java | 13 +++------ .../AclEntryAfterInvocationProvider.java | 2 +- .../acls}/afterinvocation/ArrayFilterer.java | 28 +++++++++---------- .../afterinvocation/CollectionFilterer.java | 26 ++++++++--------- .../acls}/afterinvocation/Filterer.java | 8 +++--- .../{ => acls}/vote/AclEntryVoter.java | 20 ++++++------- .../security/vote/AbstractAclVoterTests.java | 1 - 8 files changed, 48 insertions(+), 53 deletions(-) rename acl/src/main/java/org/springframework/security/{ => acls}/afterinvocation/AbstractAclProvider.java (97%) rename acl/src/main/java/org/springframework/security/{ => acls}/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java (93%) rename acl/src/main/java/org/springframework/security/{ => acls}/afterinvocation/AclEntryAfterInvocationProvider.java (98%) rename {core/src/main/java/org/springframework/security => acl/src/main/java/org/springframework/security/acls}/afterinvocation/ArrayFilterer.java (76%) rename {core/src/main/java/org/springframework/security => acl/src/main/java/org/springframework/security/acls}/afterinvocation/CollectionFilterer.java (80%) rename {core/src/main/java/org/springframework/security => acl/src/main/java/org/springframework/security/acls}/afterinvocation/Filterer.java (88%) rename acl/src/main/java/org/springframework/security/{ => acls}/vote/AclEntryVoter.java (96%) diff --git a/acl/src/main/java/org/springframework/security/afterinvocation/AbstractAclProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java similarity index 97% rename from acl/src/main/java/org/springframework/security/afterinvocation/AbstractAclProvider.java rename to acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java index 1a05997406..d21246f644 100644 --- a/acl/src/main/java/org/springframework/security/afterinvocation/AbstractAclProvider.java +++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java @@ -13,7 +13,7 @@ * limitations under the License. */ -package org.springframework.security.afterinvocation; +package org.springframework.security.acls.afterinvocation; import org.springframework.security.Authentication; import org.springframework.security.ConfigAttribute; @@ -29,6 +29,7 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS import org.springframework.security.acls.sid.Sid; import org.springframework.security.acls.sid.SidRetrievalStrategy; import org.springframework.security.acls.sid.SidRetrievalStrategyImpl; +import org.springframework.security.afterinvocation.AfterInvocationProvider; import org.springframework.util.Assert; diff --git a/acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java similarity index 93% rename from acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java rename to acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java index fb9141f3da..cf9f368a2a 100644 --- a/acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java +++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java @@ -12,7 +12,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.afterinvocation; +package org.springframework.security.acls.afterinvocation; import java.util.Collection; import java.util.Iterator; @@ -84,11 +84,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract return null; } - Iterator iter = config.iterator(); - - while (iter.hasNext()) { - ConfigAttribute attr = (ConfigAttribute) iter.next(); - + for (ConfigAttribute attr : config) { if (!this.supports(attr)) { continue; } @@ -97,7 +93,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract Filterer filterer; if (returnedObject instanceof Collection) { - filterer = new CollectionFilterer((Collection) returnedObject); + filterer = new CollectionFilterer((Collection) returnedObject); } else if (returnedObject.getClass().isArray()) { filterer = new ArrayFilterer((Object[]) returnedObject); } else { @@ -108,8 +104,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract // Locate unauthorised Collection elements Iterator collectionIter = filterer.iterator(); - while (collectionIter.hasNext()) { - Object domainObject = collectionIter.next(); + for (Object domainObject : filterer) { // Ignore nulls or entries which aren't instances of the configured domain object class if (domainObject == null || !getProcessDomainObjectClass().isAssignableFrom(domainObject.getClass())) { diff --git a/acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java similarity index 98% rename from acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java rename to acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java index b28ad7e5d9..17a028d7bd 100644 --- a/acl/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java +++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java @@ -12,7 +12,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.afterinvocation; +package org.springframework.security.acls.afterinvocation; import java.util.Iterator; import java.util.List; diff --git a/core/src/main/java/org/springframework/security/afterinvocation/ArrayFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java similarity index 76% rename from core/src/main/java/org/springframework/security/afterinvocation/ArrayFilterer.java rename to acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java index 94972141d2..b6427e509e 100644 --- a/core/src/main/java/org/springframework/security/afterinvocation/ArrayFilterer.java +++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java @@ -13,7 +13,7 @@ * limitations under the License. */ -package org.springframework.security.afterinvocation; +package org.springframework.security.acls.afterinvocation; import org.apache.commons.collections.iterators.ArrayIterator; import org.apache.commons.logging.Log; @@ -33,41 +33,41 @@ import java.util.Set; * @author Paulo Neves * @version $Id$ */ -class ArrayFilterer implements Filterer { +class ArrayFilterer implements Filterer { //~ Static fields/initializers ===================================================================================== protected static final Log logger = LogFactory.getLog(ArrayFilterer.class); //~ Instance fields ================================================================================================ - private Set removeList; - private Object[] list; + private Set removeList; + private T[] list; //~ Constructors =================================================================================================== - ArrayFilterer(Object[] list) { + ArrayFilterer(T[] list) { this.list = list; // Collect the removed objects to a HashSet so that // it is fast to lookup them when a filtered array // is constructed. - removeList = new HashSet(); + removeList = new HashSet(); } //~ Methods ======================================================================================================== /** * - * @see org.springframework.security.afterinvocation.Filterer#getFilteredObject() + * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject() */ - public Object getFilteredObject() { + public T[] getFilteredObject() { // Recreate an array of same type and filter the removed objects. int originalSize = list.length; int sizeOfResultingList = originalSize - removeList.size(); - Object[] filtered = (Object[]) Array.newInstance(list.getClass().getComponentType(), sizeOfResultingList); + T[] filtered = (T[]) Array.newInstance(list.getClass().getComponentType(), sizeOfResultingList); for (int i = 0, j = 0; i < list.length; i++) { - Object object = list[i]; + T object = list[i]; if (!removeList.contains(object)) { filtered[j] = object; @@ -85,17 +85,17 @@ class ArrayFilterer implements Filterer { /** * - * @see org.springframework.security.afterinvocation.Filterer#iterator() + * @see org.springframework.security.acls.afterinvocation.Filterer#iterator() */ - public Iterator iterator() { + public Iterator iterator() { return new ArrayIterator(list); } /** * - * @see org.springframework.security.afterinvocation.Filterer#remove(java.lang.Object) + * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object) */ - public void remove(Object object) { + public void remove(T object) { removeList.add(object); } } diff --git a/core/src/main/java/org/springframework/security/afterinvocation/CollectionFilterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java similarity index 80% rename from core/src/main/java/org/springframework/security/afterinvocation/CollectionFilterer.java rename to acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java index c689c9d07f..db0474b4f5 100644 --- a/core/src/main/java/org/springframework/security/afterinvocation/CollectionFilterer.java +++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java @@ -13,7 +13,7 @@ * limitations under the License. */ -package org.springframework.security.afterinvocation; +package org.springframework.security.acls.afterinvocation; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -31,23 +31,23 @@ import java.util.Set; * @author Paulo Neves * @version $Id$ */ -class CollectionFilterer implements Filterer { +class CollectionFilterer implements Filterer { //~ Static fields/initializers ===================================================================================== protected static final Log logger = LogFactory.getLog(CollectionFilterer.class); //~ Instance fields ================================================================================================ - private Collection collection; + private Collection collection; // collectionIter offers significant performance optimisations (as // per security-developer mailing list conversation 19/5/05) - private Iterator collectionIter; - private Set removeList; + private Iterator collectionIter; + private Set removeList; //~ Constructors =================================================================================================== - CollectionFilterer(Collection collection) { + CollectionFilterer(Collection collection) { this.collection = collection; // We create a Set of objects to be removed from the Collection, @@ -57,18 +57,18 @@ class CollectionFilterer implements Filterer { // to the method may not necessarily be re-constructable (as // the Collection(collection) constructor is not guaranteed and // manually adding may lose sort order or other capabilities) - removeList = new HashSet(); + removeList = new HashSet(); } //~ Methods ======================================================================================================== /** * - * @see org.springframework.security.afterinvocation.Filterer#getFilteredObject() + * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject() */ public Object getFilteredObject() { // Now the Iterator has ended, remove Objects from Collection - Iterator removeIter = removeList.iterator(); + Iterator removeIter = removeList.iterator(); int originalSize = collection.size(); @@ -86,9 +86,9 @@ class CollectionFilterer implements Filterer { /** * - * @see org.springframework.security.afterinvocation.Filterer#iterator() + * @see org.springframework.security.acls.afterinvocation.Filterer#iterator() */ - public Iterator iterator() { + public Iterator iterator() { collectionIter = collection.iterator(); return collectionIter; @@ -96,9 +96,9 @@ class CollectionFilterer implements Filterer { /** * - * @see org.springframework.security.afterinvocation.Filterer#remove(java.lang.Object) + * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object) */ - public void remove(Object object) { + public void remove(T object) { removeList.add(object); } } diff --git a/core/src/main/java/org/springframework/security/afterinvocation/Filterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java similarity index 88% rename from core/src/main/java/org/springframework/security/afterinvocation/Filterer.java rename to acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java index a36ee3f371..ae7f3f107e 100644 --- a/core/src/main/java/org/springframework/security/afterinvocation/Filterer.java +++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java @@ -13,7 +13,7 @@ * limitations under the License. */ -package org.springframework.security.afterinvocation; +package org.springframework.security.acls.afterinvocation; import java.util.Iterator; @@ -25,7 +25,7 @@ import java.util.Iterator; * @author Paulo Neves * @version $Id$ */ -interface Filterer { +interface Filterer extends Iterable { //~ Methods ======================================================================================================== /** @@ -40,12 +40,12 @@ interface Filterer { * * @return an Iterator */ - Iterator iterator(); + Iterator iterator(); /** * Removes the the given object from the resulting list. * * @param object the object to be removed */ - void remove(Object object); + void remove(T object); } diff --git a/acl/src/main/java/org/springframework/security/vote/AclEntryVoter.java b/acl/src/main/java/org/springframework/security/acls/vote/AclEntryVoter.java similarity index 96% rename from acl/src/main/java/org/springframework/security/vote/AclEntryVoter.java rename to acl/src/main/java/org/springframework/security/acls/vote/AclEntryVoter.java index 512c448908..2a94f291f6 100644 --- a/acl/src/main/java/org/springframework/security/vote/AclEntryVoter.java +++ b/acl/src/main/java/org/springframework/security/acls/vote/AclEntryVoter.java @@ -12,13 +12,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.vote; +package org.springframework.security.acls.vote; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; -import java.util.Iterator; import java.util.List; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.springframework.security.Authentication; import org.springframework.security.AuthorizationServiceException; import org.springframework.security.ConfigAttribute; @@ -32,8 +33,7 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS import org.springframework.security.acls.sid.Sid; import org.springframework.security.acls.sid.SidRetrievalStrategy; import org.springframework.security.acls.sid.SidRetrievalStrategyImpl; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; +import org.springframework.security.vote.AbstractAclVoter; import org.springframework.util.Assert; import org.springframework.util.StringUtils; @@ -167,7 +167,7 @@ public class AclEntryVoter extends AbstractAclVoter { logger.debug("Voting to abstain - domainObject is null"); } - return AccessDecisionVoter.ACCESS_ABSTAIN; + return ACCESS_ABSTAIN; } // Evaluate if we are required to use an inner domain object @@ -208,7 +208,7 @@ public class AclEntryVoter extends AbstractAclVoter { logger.debug("Voting to deny access - no ACLs apply for this principal"); } - return AccessDecisionVoter.ACCESS_DENIED; + return ACCESS_DENIED; } try { @@ -217,25 +217,25 @@ public class AclEntryVoter extends AbstractAclVoter { logger.debug("Voting to grant access"); } - return AccessDecisionVoter.ACCESS_GRANTED; + return ACCESS_GRANTED; } else { if (logger.isDebugEnabled()) { logger.debug( "Voting to deny access - ACLs returned, but insufficient permissions for this principal"); } - return AccessDecisionVoter.ACCESS_DENIED; + return ACCESS_DENIED; } } catch (NotFoundException nfe) { if (logger.isDebugEnabled()) { logger.debug("Voting to deny access - no ACLs apply for this principal"); } - return AccessDecisionVoter.ACCESS_DENIED; + return ACCESS_DENIED; } } // No configuration attribute matched, so abstain - return AccessDecisionVoter.ACCESS_ABSTAIN; + return ACCESS_ABSTAIN; } } diff --git a/core/src/test/java/org/springframework/security/vote/AbstractAclVoterTests.java b/core/src/test/java/org/springframework/security/vote/AbstractAclVoterTests.java index bc9ed4f338..7a7526d451 100644 --- a/core/src/test/java/org/springframework/security/vote/AbstractAclVoterTests.java +++ b/core/src/test/java/org/springframework/security/vote/AbstractAclVoterTests.java @@ -12,7 +12,6 @@ import org.junit.Test; import org.springframework.security.Authentication; import org.springframework.security.ConfigAttribute; import org.springframework.security.MockJoinPoint; -import org.springframework.security.TargetObject; import org.springframework.security.util.MethodInvocationUtils; /**