* build.xml:

Modified to create an acegi-taglib.jar.

* project.properties:
  Added new property to build acegi-taglib.jar.

* src/net/sf/acegisecurity/taglibs/authz.tld:
  Declare the Acegi Security authz tag library.

* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java,
  test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java:
  A set of tests that force the creation of a javax.servlet.jsp.Tag
  implementation that authorizes the output of the tag's body if the
  request's principal has or doesn't have certain authorities.

* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
  New class.  Implements AuthorizeTagTests and
  AuthorizeTagAttributeTests.
This commit is contained in:
Francois Beausoleil 2004-03-22 16:42:53 +00:00
parent 35fe1e7b73
commit 48b21524ed
6 changed files with 393 additions and 7 deletions

View File

@ -115,12 +115,27 @@
<jar jarfile="${dist.dir}/${acegi-security.jar}"> <jar jarfile="${dist.dir}/${acegi-security.jar}">
<fileset dir="${target.classes.dir}"> <fileset dir="${target.classes.dir}">
<include name="net/sf/acegisecurity/**"/> <include name="net/sf/acegisecurity/**"/>
<exclude name="net/sf/acegisecurity/taglibs/**"/>
</fileset> </fileset>
<manifest> <manifest>
<attribute name="Acegi-Security-System-version" value="${acegi-security-version}"/> <attribute name="Acegi-Security-System-version" value="${acegi-security-version}"/>
</manifest> </manifest>
</jar> </jar>
<!-- The Acegi Security Tag Library JAR -->
<jar jarfile="${dist.dir}/${acegi-taglib.jar}">
<fileset dir="${target.classes.dir}">
<include name="net/sf/acegisecurity/taglibs/**"/>
<exclude name="**/*.tld"/>
</fileset>
<zipfileset dir="${src.dir}/net/sf/acegisecurity/taglibs"
prefix="META-INF" includes="*.tld" />
<manifest>
<attribute name="Acegi-Security-Taglib-version" value="${acegi-security-version}"/>
<attribute name="Sealed" value="true"/>
</manifest>
</jar>
<!-- The class that has catalina.jar dependencies and thus belongs in <!-- The class that has catalina.jar dependencies and thus belongs in
Catalina's "Catalina" classloader ($CATALINA_HOME/server/lib directory) --> Catalina's "Catalina" classloader ($CATALINA_HOME/server/lib directory) -->
<jar jarfile="${dist.dir}/acegi-security-catalina-server.jar"> <jar jarfile="${dist.dir}/acegi-security-catalina-server.jar">

View File

@ -0,0 +1,132 @@
/*
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
*
* Visit http://acegisecurity.sourceforge.net for further details.
*/
package net.sf.acegisecurity.taglibs.authz;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContext;
import java.util.*;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;
/**
* An implementation of {@link javax.servlet.jsp.tagext.Tag} that allows it's
* body through if some authorizations are granted to the request's principal.
*
* @author Francois Beausoleil
* @version $Id$
*/
public class AuthorizeTag extends TagSupport {
//~ Instance fields ========================================================
private String ifAllGranted = "";
private String ifAnyGranted = "";
private String ifNotGranted = "";
//~ Methods ================================================================
public void setIfAllGranted(String ifAllGranted) {
this.ifAllGranted = ifAllGranted;
}
public String getIfAllGranted() {
return ifAllGranted;
}
public void setIfAnyGranted(String ifAnyGranted) {
this.ifAnyGranted = ifAnyGranted;
}
public String getIfAnyGranted() {
return ifAnyGranted;
}
public void setIfNotGranted(String ifNotGranted) {
this.ifNotGranted = ifNotGranted;
}
public String getIfNotGranted() {
return ifNotGranted;
}
public int doStartTag() throws JspException {
if (((null == ifAllGranted) || "".equals(ifAllGranted))
&& ((null == ifAnyGranted) || "".equals(ifAnyGranted))
&& ((null == ifNotGranted) || "".equals(ifNotGranted))) {
return Tag.SKIP_BODY;
}
final Collection granted = getPrincipalAuthorities();
if ((null != ifNotGranted) && !"".equals(ifNotGranted)) {
Set grantedCopy = retainAll(granted,
parseAuthoritiesString(ifNotGranted));
if (!grantedCopy.isEmpty()) {
return Tag.SKIP_BODY;
}
}
if ((null != ifAllGranted) && !"".equals(ifAllGranted)) {
if (!granted.containsAll(parseAuthoritiesString(ifAllGranted))) {
return Tag.SKIP_BODY;
}
}
if ((null != ifAnyGranted) && !"".equals(ifAnyGranted)) {
Set grantedCopy = retainAll(granted,
parseAuthoritiesString(ifAnyGranted));
if (grantedCopy.isEmpty()) {
return Tag.SKIP_BODY;
}
}
return Tag.EVAL_BODY_INCLUDE;
}
private Collection getPrincipalAuthorities() {
SecureContext context = ((SecureContext) ContextHolder.getContext());
if (null == context) {
return Collections.EMPTY_LIST;
}
Authentication currentUser = context.getAuthentication();
Collection granted = Arrays.asList(currentUser.getAuthorities());
return granted;
}
private Set parseAuthoritiesString(String authorizationsString) {
final Set requiredAuthorities = new HashSet();
final StringTokenizer tokenizer;
tokenizer = new StringTokenizer(authorizationsString, ",", false);
while (tokenizer.hasMoreTokens()) {
String role = tokenizer.nextToken();
requiredAuthorities.add(new GrantedAuthorityImpl(role));
}
return requiredAuthorities;
}
private Set retainAll(final Collection granted,
final Set requiredAuthorities) {
Set grantedCopy = new HashSet(granted);
grantedCopy.retainAll(requiredAuthorities);
return grantedCopy;
}
}

View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE taglib
PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN"
"http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
<taglib>
<tlib-version>1.0</tlib-version>
<jsp-version>1.2</jsp-version>
<short-name>authz</short-name>
<uri>http://acegisecurity.sf.net/authz</uri>
<description>
Acegi Security Systems Authorization Tag Library
$Id$
</description>
<tag>
<name>authorize</name>
<tag-class>net.sf.acegisecurity.taglibs.authz.AuthorizeTag</tag-class>
<description>
A simple tag to output or not the body of the tag if the principal
has or doesn't have certain authorities.
</description>
<attribute>
<name>ifNotGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of roles which the user must not have
for the body to be output.
</description>
</attribute>
<attribute>
<name>ifAllGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of roles which the user must all
possess for the body to be output.
</description>
</attribute>
<attribute>
<name>ifAnyGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of roles, one of which the user must
possess for the body to be output.
</description>
</attribute>
</tag>
</taglib>

View File

@ -0,0 +1,71 @@
/*
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
*
* Visit http://acegisecurity.sourceforge.net for further details.
*/
package net.sf.acegisecurity.taglibs.authz;
import junit.framework.TestCase;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
/**
* DOCUMENT ME!
*
* @author Francois Beausoleil
* @version $Id$
*/
public class AuthorizeTagAttributeTests extends TestCase {
//~ Instance fields ========================================================
private final AuthorizeTag authorizeTag = new AuthorizeTag();
private SecureContextImpl context;
private TestingAuthenticationToken currentUser;
//~ Methods ================================================================
public void testAssertsIfAllGrantedSecond() throws JspException {
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_SUPERTELLER");
authorizeTag.setIfAnyGranted("ROLE_RESTRICTED");
assertEquals("prevents request - principal is missing ROLE_SUPERTELLER",
Tag.SKIP_BODY, authorizeTag.doStartTag());
}
public void testAssertsIfAnyGrantedLast() throws JspException {
authorizeTag.setIfAnyGranted("ROLE_BANKER");
assertEquals("prevents request - principal is missing ROLE_BANKER",
Tag.SKIP_BODY, authorizeTag.doStartTag());
}
public void testAssertsIfNotGrantedFirst() throws JspException {
authorizeTag.setIfNotGranted("ROLE_RESTRICTED");
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_RESTRICTED");
authorizeTag.setIfAnyGranted("ROLE_SUPERVISOR");
assertEquals("prevents request - principal has ROLE_RESTRICTED",
Tag.SKIP_BODY, authorizeTag.doStartTag());
}
protected void setUp() throws Exception {
super.setUp();
currentUser = new TestingAuthenticationToken("abc", "123",
new GrantedAuthority[] {new GrantedAuthorityImpl(
"ROLE_SUPERVISOR"), new GrantedAuthorityImpl(
"ROLE_RESTRICTED"),});
context = new SecureContextImpl();
context.setAuthentication(currentUser);
ContextHolder.setContext(context);
}
}

View File

@ -0,0 +1,112 @@
/*
* The Acegi Security System for Spring is published under the terms
* of the Apache Software License.
*
* Visit http://acegisecurity.sourceforge.net for further details.
*/
package net.sf.acegisecurity.taglibs.authz;
import junit.framework.TestCase;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.context.ContextHolder;
import net.sf.acegisecurity.context.SecureContextImpl;
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
/**
* DOCUMENT ME!
*
* @author Francois Beausoleil
* @version $Id$
*/
public class AuthorizeTagTests extends TestCase {
//~ Instance fields ========================================================
private final AuthorizeTag authorizeTag = new AuthorizeTag();
private SecureContextImpl context;
private TestingAuthenticationToken currentUser;
//~ Methods ================================================================
public void testDefaultsToNotOutputtingBodyWhenNoRequiredAuthorities()
throws JspException {
assertEquals("", authorizeTag.getIfAllGranted());
assertEquals("", authorizeTag.getIfAnyGranted());
assertEquals("", authorizeTag.getIfNotGranted());
assertEquals("prevents body output - no authorities granted",
Tag.SKIP_BODY, authorizeTag.doStartTag());
}
public void testOutputsBodyIfOneRolePresent() throws JspException {
authorizeTag.setIfAnyGranted("ROLE_TELLER");
assertEquals("authorized - ROLE_TELLER in both sets",
Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
}
public void testOutputsBodyWhenAllGranted() throws JspException {
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_TELLER");
assertEquals("allows request - all required roles granted on principal",
Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
}
public void testOutputsBodyWhenNotGrantedSatisfied()
throws JspException {
authorizeTag.setIfNotGranted("ROLE_BANKER");
assertEquals("allows request - principal doesn't have ROLE_BANKER",
Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
}
public void testSkipsBodyIfNoAnyRolePresent() throws JspException {
authorizeTag.setIfAnyGranted("ROLE_BANKER");
assertEquals("unauthorized - ROLE_BANKER not in granted authorities",
Tag.SKIP_BODY, authorizeTag.doStartTag());
}
public void testSkipsBodyWhenMissingAnAllGranted()
throws JspException {
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_TELLER,ROLE_BANKER");
assertEquals("prevents request - missing ROLE_BANKER on principal",
Tag.SKIP_BODY, authorizeTag.doStartTag());
}
public void testSkipsBodyWhenNotGrantedUnsatisfied()
throws JspException {
authorizeTag.setIfNotGranted("ROLE_TELLER");
assertEquals("prevents request - principal has ROLE_TELLER",
Tag.SKIP_BODY, authorizeTag.doStartTag());
}
public void testUsesAllAuthoritiesToDetermineAccess() {
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_BANKER");
authorizeTag.setIfAnyGranted("ROLE_BANKER");
authorizeTag.setIfNotGranted("ROLE_RESTRICTED");
currentUser = new TestingAuthenticationToken("abc", "123",
new GrantedAuthority[] {new GrantedAuthorityImpl(
"ROLE_SUPERVISOR"), new GrantedAuthorityImpl(
"ROLE_BANKER"), new GrantedAuthorityImpl(
"ROLE_RESTRICTED"),});
context.setAuthentication(currentUser);
}
protected void setUp() throws Exception {
super.setUp();
currentUser = new TestingAuthenticationToken("abc", "123",
new GrantedAuthority[] {new GrantedAuthorityImpl(
"ROLE_SUPERVISOR"), new GrantedAuthorityImpl(
"ROLE_TELLER"),});
context = new SecureContextImpl();
context.setAuthentication(currentUser);
ContextHolder.setContext(context);
}
}

View File

@ -27,6 +27,9 @@ target.testclasses.dir=${target.dir}/test-classes
# Names of distribution jar files # Names of distribution jar files
acegi-security.jar=acegi-security.jar acegi-security.jar=acegi-security.jar
# Names of distribution jar files
acegi-taglib.jar=acegi-security-taglib.jar
# Name of Zip file containing all project sources # Name of Zip file containing all project sources
acegi-security-src.zip=acegi-security-src.zip acegi-security-src.zip=acegi-security-src.zip