From 7faf2741f1e4975dfda1e466527be35d9b3661a4 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Thu, 3 Nov 2005 13:08:43 +0000 Subject: [PATCH] SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch. --- .../org/acegisecurity/acl/basic/BasicAclEntry.java | 8 ++++++++ .../GrantedAuthorityEffectiveAclsResolver.java | 4 ++-- ...AfterInvocationCollectionFilteringProvider.java | 14 +++++++------- .../BasicAclEntryAfterInvocationProvider.java | 14 +++++++------- .../org/acegisecurity/taglibs/authz/AclTag.java | 8 ++++---- .../org/acegisecurity/vote/BasicAclEntryVoter.java | 10 +++++----- 6 files changed, 33 insertions(+), 25 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/acl/basic/BasicAclEntry.java b/core/src/main/java/org/acegisecurity/acl/basic/BasicAclEntry.java index 14e8edce3a..a5815fb764 100644 --- a/core/src/main/java/org/acegisecurity/acl/basic/BasicAclEntry.java +++ b/core/src/main/java/org/acegisecurity/acl/basic/BasicAclEntry.java @@ -123,4 +123,12 @@ public interface BasicAclEntry extends AclEntry { * null) */ public Object getRecipient(); + + /** + * Determine if the mask of this entry includes this permission or not + * + * @param permissionToCheck + * @return if the entry's mask includes this permission + */ + public boolean isPermitted(int permissionToCheck); } diff --git a/core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java b/core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java index b66276c2a1..2fd80df75c 100644 --- a/core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java +++ b/core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java @@ -80,11 +80,11 @@ public class GrantedAuthorityEffectiveAclsResolver } for (int i = 0; i < allAcls.length; i++) { - if (!(allAcls[i] instanceof AbstractBasicAclEntry)) { + if (!(allAcls[i] instanceof BasicAclEntry)) { continue; } - Object recipient = ((AbstractBasicAclEntry) allAcls[i]) + Object recipient = ((BasicAclEntry) allAcls[i]) .getRecipient(); // Allow the Authentication's getPrincipal to decide whether diff --git a/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java b/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java index 555bb41a05..ead1053ac3 100644 --- a/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java +++ b/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java @@ -22,7 +22,7 @@ import net.sf.acegisecurity.ConfigAttribute; import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.acl.AclEntry; import net.sf.acegisecurity.acl.AclManager; -import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry; +import net.sf.acegisecurity.acl.basic.BasicAclEntry; import net.sf.acegisecurity.acl.basic.SimpleAclEntry; import org.apache.commons.collections.iterators.ArrayIterator; @@ -54,7 +54,7 @@ import java.util.Set; * (ACL) permissions associated with each Collection domain * object instance element for the current Authentication object. * This class is designed to process {@link AclEntry}s that are subclasses of - * {@link net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry} only. + * {@link net.sf.acegisecurity.acl.basic.BasicAclEntry} only. * Generally these are obtained by using the {@link * net.sf.acegisecurity.acl.basic.BasicAclProvider}. *

@@ -64,7 +64,7 @@ import java.util.Set; * ConfigAttribute#getAttribute()} matches the {@link * #processConfigAttribute}. The provider will then lookup the ACLs from the * AclManager and ensure the principal is {@link - * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry#isPermitted(int)} for + * net.sf.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for * at least one of the {@link #requirePermission}s for each * Collection element. If the principal does not have at least * one of the permissions, that element will not be included in the returned @@ -81,10 +81,10 @@ import java.util.Set; *

* The AclManager is allowed to return any implementations of * AclEntry it wishes. However, this provider will only be able - * to validate against AbstractBasicAclEntrys, and thus a + * to validate against BasicAclEntrys, and thus a * Collection element will be filtered from the resulting * Collection if no AclEntry is of type - * AbstractBasicAclEntry. + * BasicAclEntry. *

* *

@@ -202,8 +202,8 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider if ((acls != null) && (acls.length != 0)) { for (int i = 0; i < acls.length; i++) { // Locate processable AclEntrys - if (acls[i] instanceof AbstractBasicAclEntry) { - AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i]; + if (acls[i] instanceof BasicAclEntry) { + BasicAclEntry processableAcl = (BasicAclEntry) acls[i]; // See if principal has any of the required permissions for (int y = 0; y < requirePermission.length; diff --git a/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java b/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java index 0eee0413ad..1d264f76c6 100644 --- a/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java +++ b/core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java @@ -21,7 +21,7 @@ import net.sf.acegisecurity.ConfigAttribute; import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.acl.AclEntry; import net.sf.acegisecurity.acl.AclManager; -import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry; +import net.sf.acegisecurity.acl.basic.BasicAclEntry; import net.sf.acegisecurity.acl.basic.SimpleAclEntry; import org.apache.commons.logging.Log; @@ -45,7 +45,7 @@ import java.util.Iterator; * (ACL) permissions associated with a domain object instance for the current * Authentication object. This class is designed to process * {@link AclEntry}s that are subclasses of {@link - * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry} only. Generally these + * net.sf.acegisecurity.acl.basic.BasicAclEntry} only. Generally these * are obtained by using the {@link * net.sf.acegisecurity.acl.basic.BasicAclProvider}. *

@@ -55,7 +55,7 @@ import java.util.Iterator; * ConfigAttribute#getAttribute()} matches the {@link * #processConfigAttribute}. The provider will then lookup the ACLs from the * AclManager and ensure the principal is {@link - * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry#isPermitted(int)} for + * net.sf.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for * at least one of the {@link #requirePermission}s. *

* @@ -74,9 +74,9 @@ import java.util.Iterator; *

* The AclManager is allowed to return any implementations of * AclEntry it wishes. However, this provider will only be able - * to validate against AbstractBasicAclEntrys, and thus access + * to validate against BasicAclEntrys, and thus access * will be denied if no AclEntry is of type - * AbstractBasicAclEntry. + * BasicAclEntry. *

* *

@@ -170,8 +170,8 @@ public class BasicAclEntryAfterInvocationProvider for (int i = 0; i < acls.length; i++) { // Locate processable AclEntrys - if (acls[i] instanceof AbstractBasicAclEntry) { - AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i]; + if (acls[i] instanceof BasicAclEntry) { + BasicAclEntry processableAcl = (BasicAclEntry) acls[i]; // See if principal has any of the required permissions for (int y = 0; y < requirePermission.length; y++) { diff --git a/core/src/main/java/org/acegisecurity/taglibs/authz/AclTag.java b/core/src/main/java/org/acegisecurity/taglibs/authz/AclTag.java index 9ebc3bf7a8..4b3a3087a7 100644 --- a/core/src/main/java/org/acegisecurity/taglibs/authz/AclTag.java +++ b/core/src/main/java/org/acegisecurity/taglibs/authz/AclTag.java @@ -18,7 +18,7 @@ package net.sf.acegisecurity.taglibs.authz; import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.acl.AclEntry; import net.sf.acegisecurity.acl.AclManager; -import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry; +import net.sf.acegisecurity.acl.basic.BasicAclEntry; import net.sf.acegisecurity.context.SecurityContextHolder; import org.apache.commons.logging.Log; @@ -47,7 +47,7 @@ import javax.servlet.jsp.tagext.TagSupport; * *

* Only works with permissions that are subclasses of {@link - * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry}. + * net.sf.acegisecurity.acl.basic.BasicAclEntry}. *

* *

@@ -173,8 +173,8 @@ public class AclTag extends TagSupport { for (int i = 0; i < acls.length; i++) { // Locate processable AclEntrys - if (acls[i] instanceof AbstractBasicAclEntry) { - AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i]; + if (acls[i] instanceof BasicAclEntry) { + BasicAclEntry processableAcl = (BasicAclEntry) acls[i]; // See if principal has any of the required permissions for (int y = 0; y < requiredIntegers.length; y++) { diff --git a/core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java b/core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java index d758337e61..7568dd457a 100644 --- a/core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java +++ b/core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java @@ -21,7 +21,7 @@ import net.sf.acegisecurity.ConfigAttribute; import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.acl.AclEntry; import net.sf.acegisecurity.acl.AclManager; -import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry; +import net.sf.acegisecurity.acl.basic.BasicAclEntry; import org.aopalliance.intercept.MethodInvocation; @@ -49,7 +49,7 @@ import java.util.Iterator; * (ACL) permissions associated with a domain object instance for the current * Authentication object. This class is designed to process * {@link AclEntry}s that are subclasses of {@link - * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry} only. Generally these + * net.sf.acegisecurity.acl.basic.BasicAclEntry} only. Generally these * are obtained by using the {@link * net.sf.acegisecurity.acl.basic.BasicAclProvider}. *

@@ -60,7 +60,7 @@ import java.util.Iterator; * first method argument of type {@link #processDomainObjectClass}. Assuming * that method argument is non-null, the provider will then lookup the ACLs * from the AclManager and ensure the principal is {@link - * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry#isPermitted(int)} for + * net.sf.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for * at least one of the {@link #requirePermission}s. *

* @@ -304,8 +304,8 @@ public class BasicAclEntryVoter implements AccessDecisionVoter, // Principal has some permissions for domain object, check them for (int i = 0; i < acls.length; i++) { // Locate processable AclEntrys - if (acls[i] instanceof AbstractBasicAclEntry) { - AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i]; + if (acls[i] instanceof BasicAclEntry) { + BasicAclEntry processableAcl = (BasicAclEntry) acls[i]; // See if principal has any of the required permissions for (int y = 0; y < requirePermission.length; y++) {