* build.xml:
Modified to create an acegi-taglib.jar. * project.properties: Added new property to build acegi-taglib.jar. * src/net/sf/acegisecurity/taglibs/authz.tld: Declare the Acegi Security authz tag library. * test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagTests.java, test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagAttributeTests.java: A set of tests that force the creation of a javax.servlet.jsp.Tag implementation that authorizes the output of the tag's body if the request's principal has or doesn't have certain authorities. * src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java: New class. Implements AuthorizeTagTests and AuthorizeTagAttributeTests.
This commit is contained in:
parent
35fe1e7b73
commit
48b21524ed
15
build.xml
15
build.xml
|
@ -115,12 +115,27 @@
|
|||
<jar jarfile="${dist.dir}/${acegi-security.jar}">
|
||||
<fileset dir="${target.classes.dir}">
|
||||
<include name="net/sf/acegisecurity/**"/>
|
||||
<exclude name="net/sf/acegisecurity/taglibs/**"/>
|
||||
</fileset>
|
||||
<manifest>
|
||||
<attribute name="Acegi-Security-System-version" value="${acegi-security-version}"/>
|
||||
</manifest>
|
||||
</jar>
|
||||
|
||||
<!-- The Acegi Security Tag Library JAR -->
|
||||
<jar jarfile="${dist.dir}/${acegi-taglib.jar}">
|
||||
<fileset dir="${target.classes.dir}">
|
||||
<include name="net/sf/acegisecurity/taglibs/**"/>
|
||||
<exclude name="**/*.tld"/>
|
||||
</fileset>
|
||||
<zipfileset dir="${src.dir}/net/sf/acegisecurity/taglibs"
|
||||
prefix="META-INF" includes="*.tld" />
|
||||
<manifest>
|
||||
<attribute name="Acegi-Security-Taglib-version" value="${acegi-security-version}"/>
|
||||
<attribute name="Sealed" value="true"/>
|
||||
</manifest>
|
||||
</jar>
|
||||
|
||||
<!-- The class that has catalina.jar dependencies and thus belongs in
|
||||
Catalina's "Catalina" classloader ($CATALINA_HOME/server/lib directory) -->
|
||||
<jar jarfile="${dist.dir}/acegi-security-catalina-server.jar">
|
||||
|
|
|
@ -0,0 +1,132 @@
|
|||
/*
|
||||
* The Acegi Security System for Spring is published under the terms
|
||||
* of the Apache Software License.
|
||||
*
|
||||
* Visit http://acegisecurity.sourceforge.net for further details.
|
||||
*/
|
||||
|
||||
package net.sf.acegisecurity.taglibs.authz;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.context.ContextHolder;
|
||||
import net.sf.acegisecurity.context.SecureContext;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
import javax.servlet.jsp.JspException;
|
||||
import javax.servlet.jsp.tagext.Tag;
|
||||
import javax.servlet.jsp.tagext.TagSupport;
|
||||
|
||||
|
||||
/**
|
||||
* An implementation of {@link javax.servlet.jsp.tagext.Tag} that allows it's
|
||||
* body through if some authorizations are granted to the request's principal.
|
||||
*
|
||||
* @author Francois Beausoleil
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthorizeTag extends TagSupport {
|
||||
//~ Instance fields ========================================================
|
||||
|
||||
private String ifAllGranted = "";
|
||||
private String ifAnyGranted = "";
|
||||
private String ifNotGranted = "";
|
||||
|
||||
//~ Methods ================================================================
|
||||
|
||||
public void setIfAllGranted(String ifAllGranted) {
|
||||
this.ifAllGranted = ifAllGranted;
|
||||
}
|
||||
|
||||
public String getIfAllGranted() {
|
||||
return ifAllGranted;
|
||||
}
|
||||
|
||||
public void setIfAnyGranted(String ifAnyGranted) {
|
||||
this.ifAnyGranted = ifAnyGranted;
|
||||
}
|
||||
|
||||
public String getIfAnyGranted() {
|
||||
return ifAnyGranted;
|
||||
}
|
||||
|
||||
public void setIfNotGranted(String ifNotGranted) {
|
||||
this.ifNotGranted = ifNotGranted;
|
||||
}
|
||||
|
||||
public String getIfNotGranted() {
|
||||
return ifNotGranted;
|
||||
}
|
||||
|
||||
public int doStartTag() throws JspException {
|
||||
if (((null == ifAllGranted) || "".equals(ifAllGranted))
|
||||
&& ((null == ifAnyGranted) || "".equals(ifAnyGranted))
|
||||
&& ((null == ifNotGranted) || "".equals(ifNotGranted))) {
|
||||
return Tag.SKIP_BODY;
|
||||
}
|
||||
|
||||
final Collection granted = getPrincipalAuthorities();
|
||||
|
||||
if ((null != ifNotGranted) && !"".equals(ifNotGranted)) {
|
||||
Set grantedCopy = retainAll(granted,
|
||||
parseAuthoritiesString(ifNotGranted));
|
||||
|
||||
if (!grantedCopy.isEmpty()) {
|
||||
return Tag.SKIP_BODY;
|
||||
}
|
||||
}
|
||||
|
||||
if ((null != ifAllGranted) && !"".equals(ifAllGranted)) {
|
||||
if (!granted.containsAll(parseAuthoritiesString(ifAllGranted))) {
|
||||
return Tag.SKIP_BODY;
|
||||
}
|
||||
}
|
||||
|
||||
if ((null != ifAnyGranted) && !"".equals(ifAnyGranted)) {
|
||||
Set grantedCopy = retainAll(granted,
|
||||
parseAuthoritiesString(ifAnyGranted));
|
||||
|
||||
if (grantedCopy.isEmpty()) {
|
||||
return Tag.SKIP_BODY;
|
||||
}
|
||||
}
|
||||
|
||||
return Tag.EVAL_BODY_INCLUDE;
|
||||
}
|
||||
|
||||
private Collection getPrincipalAuthorities() {
|
||||
SecureContext context = ((SecureContext) ContextHolder.getContext());
|
||||
|
||||
if (null == context) {
|
||||
return Collections.EMPTY_LIST;
|
||||
}
|
||||
|
||||
Authentication currentUser = context.getAuthentication();
|
||||
|
||||
Collection granted = Arrays.asList(currentUser.getAuthorities());
|
||||
|
||||
return granted;
|
||||
}
|
||||
|
||||
private Set parseAuthoritiesString(String authorizationsString) {
|
||||
final Set requiredAuthorities = new HashSet();
|
||||
final StringTokenizer tokenizer;
|
||||
tokenizer = new StringTokenizer(authorizationsString, ",", false);
|
||||
|
||||
while (tokenizer.hasMoreTokens()) {
|
||||
String role = tokenizer.nextToken();
|
||||
requiredAuthorities.add(new GrantedAuthorityImpl(role));
|
||||
}
|
||||
|
||||
return requiredAuthorities;
|
||||
}
|
||||
|
||||
private Set retainAll(final Collection granted,
|
||||
final Set requiredAuthorities) {
|
||||
Set grantedCopy = new HashSet(granted);
|
||||
grantedCopy.retainAll(requiredAuthorities);
|
||||
|
||||
return grantedCopy;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,53 @@
|
|||
<?xml version="1.0" encoding="ISO-8859-1" ?>
|
||||
<!DOCTYPE taglib
|
||||
PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN"
|
||||
"http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
|
||||
<taglib>
|
||||
<tlib-version>1.0</tlib-version>
|
||||
<jsp-version>1.2</jsp-version>
|
||||
<short-name>authz</short-name>
|
||||
<uri>http://acegisecurity.sf.net/authz</uri>
|
||||
<description>
|
||||
Acegi Security Systems Authorization Tag Library
|
||||
$Id$
|
||||
</description>
|
||||
|
||||
<tag>
|
||||
<name>authorize</name>
|
||||
<tag-class>net.sf.acegisecurity.taglibs.authz.AuthorizeTag</tag-class>
|
||||
<description>
|
||||
A simple tag to output or not the body of the tag if the principal
|
||||
has or doesn't have certain authorities.
|
||||
</description>
|
||||
|
||||
<attribute>
|
||||
<name>ifNotGranted</name>
|
||||
<required>false</required>
|
||||
<rtexprvalue>true</rtexprvalue>
|
||||
<description>
|
||||
A comma separated list of roles which the user must not have
|
||||
for the body to be output.
|
||||
</description>
|
||||
</attribute>
|
||||
|
||||
<attribute>
|
||||
<name>ifAllGranted</name>
|
||||
<required>false</required>
|
||||
<rtexprvalue>true</rtexprvalue>
|
||||
<description>
|
||||
A comma separated list of roles which the user must all
|
||||
possess for the body to be output.
|
||||
</description>
|
||||
</attribute>
|
||||
|
||||
<attribute>
|
||||
<name>ifAnyGranted</name>
|
||||
<required>false</required>
|
||||
<rtexprvalue>true</rtexprvalue>
|
||||
<description>
|
||||
A comma separated list of roles, one of which the user must
|
||||
possess for the body to be output.
|
||||
</description>
|
||||
</attribute>
|
||||
</tag>
|
||||
</taglib>
|
|
@ -0,0 +1,71 @@
|
|||
/*
|
||||
* The Acegi Security System for Spring is published under the terms
|
||||
* of the Apache Software License.
|
||||
*
|
||||
* Visit http://acegisecurity.sourceforge.net for further details.
|
||||
*/
|
||||
|
||||
package net.sf.acegisecurity.taglibs.authz;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.context.ContextHolder;
|
||||
import net.sf.acegisecurity.context.SecureContextImpl;
|
||||
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
|
||||
|
||||
import javax.servlet.jsp.JspException;
|
||||
import javax.servlet.jsp.tagext.Tag;
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @author Francois Beausoleil
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthorizeTagAttributeTests extends TestCase {
|
||||
//~ Instance fields ========================================================
|
||||
|
||||
private final AuthorizeTag authorizeTag = new AuthorizeTag();
|
||||
private SecureContextImpl context;
|
||||
private TestingAuthenticationToken currentUser;
|
||||
|
||||
//~ Methods ================================================================
|
||||
|
||||
public void testAssertsIfAllGrantedSecond() throws JspException {
|
||||
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_SUPERTELLER");
|
||||
authorizeTag.setIfAnyGranted("ROLE_RESTRICTED");
|
||||
assertEquals("prevents request - principal is missing ROLE_SUPERTELLER",
|
||||
Tag.SKIP_BODY, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testAssertsIfAnyGrantedLast() throws JspException {
|
||||
authorizeTag.setIfAnyGranted("ROLE_BANKER");
|
||||
assertEquals("prevents request - principal is missing ROLE_BANKER",
|
||||
Tag.SKIP_BODY, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testAssertsIfNotGrantedFirst() throws JspException {
|
||||
authorizeTag.setIfNotGranted("ROLE_RESTRICTED");
|
||||
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_RESTRICTED");
|
||||
authorizeTag.setIfAnyGranted("ROLE_SUPERVISOR");
|
||||
assertEquals("prevents request - principal has ROLE_RESTRICTED",
|
||||
Tag.SKIP_BODY, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
protected void setUp() throws Exception {
|
||||
super.setUp();
|
||||
|
||||
currentUser = new TestingAuthenticationToken("abc", "123",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl(
|
||||
"ROLE_SUPERVISOR"), new GrantedAuthorityImpl(
|
||||
"ROLE_RESTRICTED"),});
|
||||
|
||||
context = new SecureContextImpl();
|
||||
context.setAuthentication(currentUser);
|
||||
|
||||
ContextHolder.setContext(context);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,112 @@
|
|||
/*
|
||||
* The Acegi Security System for Spring is published under the terms
|
||||
* of the Apache Software License.
|
||||
*
|
||||
* Visit http://acegisecurity.sourceforge.net for further details.
|
||||
*/
|
||||
|
||||
package net.sf.acegisecurity.taglibs.authz;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import net.sf.acegisecurity.GrantedAuthority;
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl;
|
||||
import net.sf.acegisecurity.context.ContextHolder;
|
||||
import net.sf.acegisecurity.context.SecureContextImpl;
|
||||
import net.sf.acegisecurity.providers.TestingAuthenticationToken;
|
||||
|
||||
import javax.servlet.jsp.JspException;
|
||||
import javax.servlet.jsp.tagext.Tag;
|
||||
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @author Francois Beausoleil
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthorizeTagTests extends TestCase {
|
||||
//~ Instance fields ========================================================
|
||||
|
||||
private final AuthorizeTag authorizeTag = new AuthorizeTag();
|
||||
private SecureContextImpl context;
|
||||
private TestingAuthenticationToken currentUser;
|
||||
|
||||
//~ Methods ================================================================
|
||||
|
||||
public void testDefaultsToNotOutputtingBodyWhenNoRequiredAuthorities()
|
||||
throws JspException {
|
||||
assertEquals("", authorizeTag.getIfAllGranted());
|
||||
assertEquals("", authorizeTag.getIfAnyGranted());
|
||||
assertEquals("", authorizeTag.getIfNotGranted());
|
||||
|
||||
assertEquals("prevents body output - no authorities granted",
|
||||
Tag.SKIP_BODY, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testOutputsBodyIfOneRolePresent() throws JspException {
|
||||
authorizeTag.setIfAnyGranted("ROLE_TELLER");
|
||||
assertEquals("authorized - ROLE_TELLER in both sets",
|
||||
Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testOutputsBodyWhenAllGranted() throws JspException {
|
||||
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_TELLER");
|
||||
assertEquals("allows request - all required roles granted on principal",
|
||||
Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testOutputsBodyWhenNotGrantedSatisfied()
|
||||
throws JspException {
|
||||
authorizeTag.setIfNotGranted("ROLE_BANKER");
|
||||
assertEquals("allows request - principal doesn't have ROLE_BANKER",
|
||||
Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testSkipsBodyIfNoAnyRolePresent() throws JspException {
|
||||
authorizeTag.setIfAnyGranted("ROLE_BANKER");
|
||||
assertEquals("unauthorized - ROLE_BANKER not in granted authorities",
|
||||
Tag.SKIP_BODY, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testSkipsBodyWhenMissingAnAllGranted()
|
||||
throws JspException {
|
||||
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_TELLER,ROLE_BANKER");
|
||||
assertEquals("prevents request - missing ROLE_BANKER on principal",
|
||||
Tag.SKIP_BODY, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testSkipsBodyWhenNotGrantedUnsatisfied()
|
||||
throws JspException {
|
||||
authorizeTag.setIfNotGranted("ROLE_TELLER");
|
||||
assertEquals("prevents request - principal has ROLE_TELLER",
|
||||
Tag.SKIP_BODY, authorizeTag.doStartTag());
|
||||
}
|
||||
|
||||
public void testUsesAllAuthoritiesToDetermineAccess() {
|
||||
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_BANKER");
|
||||
authorizeTag.setIfAnyGranted("ROLE_BANKER");
|
||||
authorizeTag.setIfNotGranted("ROLE_RESTRICTED");
|
||||
|
||||
currentUser = new TestingAuthenticationToken("abc", "123",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl(
|
||||
"ROLE_SUPERVISOR"), new GrantedAuthorityImpl(
|
||||
"ROLE_BANKER"), new GrantedAuthorityImpl(
|
||||
"ROLE_RESTRICTED"),});
|
||||
context.setAuthentication(currentUser);
|
||||
}
|
||||
|
||||
protected void setUp() throws Exception {
|
||||
super.setUp();
|
||||
|
||||
currentUser = new TestingAuthenticationToken("abc", "123",
|
||||
new GrantedAuthority[] {new GrantedAuthorityImpl(
|
||||
"ROLE_SUPERVISOR"), new GrantedAuthorityImpl(
|
||||
"ROLE_TELLER"),});
|
||||
|
||||
context = new SecureContextImpl();
|
||||
context.setAuthentication(currentUser);
|
||||
|
||||
ContextHolder.setContext(context);
|
||||
}
|
||||
}
|
|
@ -27,6 +27,9 @@ target.testclasses.dir=${target.dir}/test-classes
|
|||
# Names of distribution jar files
|
||||
acegi-security.jar=acegi-security.jar
|
||||
|
||||
# Names of distribution jar files
|
||||
acegi-taglib.jar=acegi-security-taglib.jar
|
||||
|
||||
# Name of Zip file containing all project sources
|
||||
acegi-security-src.zip=acegi-security-src.zip
|
||||
|
||||
|
|
Loading…
Reference in New Issue