SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes

This commit is contained in:
Luke Taylor 2008-12-12 12:47:42 +00:00
parent a443e55832
commit 3fcc7b5403
8 changed files with 48 additions and 53 deletions

View File

@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.afterinvocation;
package org.springframework.security.acls.afterinvocation;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
@ -29,6 +29,7 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
import org.springframework.security.acls.sid.Sid;
import org.springframework.security.acls.sid.SidRetrievalStrategy;
import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
import org.springframework.security.afterinvocation.AfterInvocationProvider;
import org.springframework.util.Assert;

View File

@ -12,7 +12,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.afterinvocation;
package org.springframework.security.acls.afterinvocation;
import java.util.Collection;
import java.util.Iterator;
@ -84,11 +84,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
return null;
}
Iterator iter = config.iterator();
while (iter.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) iter.next();
for (ConfigAttribute attr : config) {
if (!this.supports(attr)) {
continue;
}
@ -97,7 +93,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
Filterer filterer;
if (returnedObject instanceof Collection) {
filterer = new CollectionFilterer((Collection) returnedObject);
filterer = new CollectionFilterer((Collection<?>) returnedObject);
} else if (returnedObject.getClass().isArray()) {
filterer = new ArrayFilterer((Object[]) returnedObject);
} else {
@ -108,8 +104,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
// Locate unauthorised Collection elements
Iterator collectionIter = filterer.iterator();
while (collectionIter.hasNext()) {
Object domainObject = collectionIter.next();
for (Object domainObject : filterer) {
// Ignore nulls or entries which aren't instances of the configured domain object class
if (domainObject == null || !getProcessDomainObjectClass().isAssignableFrom(domainObject.getClass())) {

View File

@ -12,7 +12,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.afterinvocation;
package org.springframework.security.acls.afterinvocation;
import java.util.Iterator;
import java.util.List;

View File

@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.afterinvocation;
package org.springframework.security.acls.afterinvocation;
import org.apache.commons.collections.iterators.ArrayIterator;
import org.apache.commons.logging.Log;
@ -33,41 +33,41 @@ import java.util.Set;
* @author Paulo Neves
* @version $Id$
*/
class ArrayFilterer implements Filterer {
class ArrayFilterer<T> implements Filterer<T> {
//~ Static fields/initializers =====================================================================================
protected static final Log logger = LogFactory.getLog(ArrayFilterer.class);
//~ Instance fields ================================================================================================
private Set<Object> removeList;
private Object[] list;
private Set<T> removeList;
private T[] list;
//~ Constructors ===================================================================================================
ArrayFilterer(Object[] list) {
ArrayFilterer(T[] list) {
this.list = list;
// Collect the removed objects to a HashSet so that
// it is fast to lookup them when a filtered array
// is constructed.
removeList = new HashSet<Object>();
removeList = new HashSet<T>();
}
//~ Methods ========================================================================================================
/**
*
* @see org.springframework.security.afterinvocation.Filterer#getFilteredObject()
* @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
*/
public Object getFilteredObject() {
public T[] getFilteredObject() {
// Recreate an array of same type and filter the removed objects.
int originalSize = list.length;
int sizeOfResultingList = originalSize - removeList.size();
Object[] filtered = (Object[]) Array.newInstance(list.getClass().getComponentType(), sizeOfResultingList);
T[] filtered = (T[]) Array.newInstance(list.getClass().getComponentType(), sizeOfResultingList);
for (int i = 0, j = 0; i < list.length; i++) {
Object object = list[i];
T object = list[i];
if (!removeList.contains(object)) {
filtered[j] = object;
@ -85,17 +85,17 @@ class ArrayFilterer implements Filterer {
/**
*
* @see org.springframework.security.afterinvocation.Filterer#iterator()
* @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
*/
public Iterator<?> iterator() {
public Iterator<T> iterator() {
return new ArrayIterator(list);
}
/**
*
* @see org.springframework.security.afterinvocation.Filterer#remove(java.lang.Object)
* @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
*/
public void remove(Object object) {
public void remove(T object) {
removeList.add(object);
}
}

View File

@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.afterinvocation;
package org.springframework.security.acls.afterinvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -31,23 +31,23 @@ import java.util.Set;
* @author Paulo Neves
* @version $Id$
*/
class CollectionFilterer implements Filterer {
class CollectionFilterer<T> implements Filterer<T> {
//~ Static fields/initializers =====================================================================================
protected static final Log logger = LogFactory.getLog(CollectionFilterer.class);
//~ Instance fields ================================================================================================
private Collection<?> collection;
private Collection<T> collection;
// collectionIter offers significant performance optimisations (as
// per security-developer mailing list conversation 19/5/05)
private Iterator<?> collectionIter;
private Set<Object> removeList;
private Iterator<T> collectionIter;
private Set<T> removeList;
//~ Constructors ===================================================================================================
CollectionFilterer(Collection<?> collection) {
CollectionFilterer(Collection<T> collection) {
this.collection = collection;
// We create a Set of objects to be removed from the Collection,
@ -57,18 +57,18 @@ class CollectionFilterer implements Filterer {
// to the method may not necessarily be re-constructable (as
// the Collection(collection) constructor is not guaranteed and
// manually adding may lose sort order or other capabilities)
removeList = new HashSet<Object>();
removeList = new HashSet<T>();
}
//~ Methods ========================================================================================================
/**
*
* @see org.springframework.security.afterinvocation.Filterer#getFilteredObject()
* @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
*/
public Object getFilteredObject() {
// Now the Iterator has ended, remove Objects from Collection
Iterator<?> removeIter = removeList.iterator();
Iterator<T> removeIter = removeList.iterator();
int originalSize = collection.size();
@ -86,9 +86,9 @@ class CollectionFilterer implements Filterer {
/**
*
* @see org.springframework.security.afterinvocation.Filterer#iterator()
* @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
*/
public Iterator<?> iterator() {
public Iterator<T> iterator() {
collectionIter = collection.iterator();
return collectionIter;
@ -96,9 +96,9 @@ class CollectionFilterer implements Filterer {
/**
*
* @see org.springframework.security.afterinvocation.Filterer#remove(java.lang.Object)
* @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
*/
public void remove(Object object) {
public void remove(T object) {
removeList.add(object);
}
}

View File

@ -13,7 +13,7 @@
* limitations under the License.
*/
package org.springframework.security.afterinvocation;
package org.springframework.security.acls.afterinvocation;
import java.util.Iterator;
@ -25,7 +25,7 @@ import java.util.Iterator;
* @author Paulo Neves
* @version $Id$
*/
interface Filterer {
interface Filterer<T> extends Iterable<T> {
//~ Methods ========================================================================================================
/**
@ -40,12 +40,12 @@ interface Filterer {
*
* @return an Iterator
*/
Iterator<?> iterator();
Iterator<T> iterator();
/**
* Removes the the given object from the resulting list.
*
* @param object the object to be removed
*/
void remove(Object object);
void remove(T object);
}

View File

@ -12,13 +12,14 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.vote;
package org.springframework.security.acls.vote;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.Authentication;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttribute;
@ -32,8 +33,7 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
import org.springframework.security.acls.sid.Sid;
import org.springframework.security.acls.sid.SidRetrievalStrategy;
import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.vote.AbstractAclVoter;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
@ -167,7 +167,7 @@ public class AclEntryVoter extends AbstractAclVoter {
logger.debug("Voting to abstain - domainObject is null");
}
return AccessDecisionVoter.ACCESS_ABSTAIN;
return ACCESS_ABSTAIN;
}
// Evaluate if we are required to use an inner domain object
@ -208,7 +208,7 @@ public class AclEntryVoter extends AbstractAclVoter {
logger.debug("Voting to deny access - no ACLs apply for this principal");
}
return AccessDecisionVoter.ACCESS_DENIED;
return ACCESS_DENIED;
}
try {
@ -217,25 +217,25 @@ public class AclEntryVoter extends AbstractAclVoter {
logger.debug("Voting to grant access");
}
return AccessDecisionVoter.ACCESS_GRANTED;
return ACCESS_GRANTED;
} else {
if (logger.isDebugEnabled()) {
logger.debug(
"Voting to deny access - ACLs returned, but insufficient permissions for this principal");
}
return AccessDecisionVoter.ACCESS_DENIED;
return ACCESS_DENIED;
}
} catch (NotFoundException nfe) {
if (logger.isDebugEnabled()) {
logger.debug("Voting to deny access - no ACLs apply for this principal");
}
return AccessDecisionVoter.ACCESS_DENIED;
return ACCESS_DENIED;
}
}
// No configuration attribute matched, so abstain
return AccessDecisionVoter.ACCESS_ABSTAIN;
return ACCESS_ABSTAIN;
}
}

View File

@ -12,7 +12,6 @@ import org.junit.Test;
import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.MockJoinPoint;
import org.springframework.security.TargetObject;
import org.springframework.security.util.MethodInvocationUtils;
/**