Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch.

This commit is contained in:
Ben Alex 2005-11-03 13:08:43 +00:00
parent c5d652f6c2
commit 7faf2741f1
6 changed files with 33 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/src/main/java/org/acegisecurity/acl/basic/BasicAclEntry.java
View File

@ -123,4 +123,12 @@ public interface BasicAclEntry extends AclEntry {
* <code>null</code>) * <code>null</code>)
*/ */
public Object getRecipient(); public Object getRecipient();
/**
* Determine if the mask of this entry includes this permission or not
*
* @param permissionToCheck
* @return if the entry's mask includes this permission
*/
public boolean isPermitted(int permissionToCheck);
} }

4
core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java
View File

@ -80,11 +80,11 @@ public class GrantedAuthorityEffectiveAclsResolver
} }
for (int i = 0; i < allAcls.length; i++) { for (int i = 0; i < allAcls.length; i++) {
if (!(allAcls[i] instanceof AbstractBasicAclEntry)) { if (!(allAcls[i] instanceof BasicAclEntry)) {
continue; continue;
} }
Object recipient = ((AbstractBasicAclEntry) allAcls[i]) Object recipient = ((BasicAclEntry) allAcls[i])
.getRecipient(); .getRecipient();
// Allow the Authentication's getPrincipal to decide whether // Allow the Authentication's getPrincipal to decide whether

14
core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java
View File

@ -22,7 +22,7 @@ import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.acl.AclEntry; import net.sf.acegisecurity.acl.AclEntry;
import net.sf.acegisecurity.acl.AclManager; import net.sf.acegisecurity.acl.AclManager;
import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry; import net.sf.acegisecurity.acl.basic.BasicAclEntry;
import net.sf.acegisecurity.acl.basic.SimpleAclEntry; import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
import org.apache.commons.collections.iterators.ArrayIterator; import org.apache.commons.collections.iterators.ArrayIterator;
@ -54,7 +54,7 @@ import java.util.Set;
* (ACL) permissions associated with each <code>Collection</code> domain * (ACL) permissions associated with each <code>Collection</code> domain
* object instance element for the current <code>Authentication</code> object. * object instance element for the current <code>Authentication</code> object.
* This class is designed to process {@link AclEntry}s that are subclasses of * This class is designed to process {@link AclEntry}s that are subclasses of
* {@link net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry} only. * {@link net.sf.acegisecurity.acl.basic.BasicAclEntry} only.
* Generally these are obtained by using the {@link * Generally these are obtained by using the {@link
* net.sf.acegisecurity.acl.basic.BasicAclProvider}. * net.sf.acegisecurity.acl.basic.BasicAclProvider}.
* </p> * </p>
@ -64,7 +64,7 @@ import java.util.Set;
* ConfigAttribute#getAttribute()} matches the {@link * ConfigAttribute#getAttribute()} matches the {@link
* #processConfigAttribute}. The provider will then lookup the ACLs from the * #processConfigAttribute}. The provider will then lookup the ACLs from the
* <code>AclManager</code> and ensure the principal is {@link * <code>AclManager</code> and ensure the principal is {@link
* net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry#isPermitted(int)} for * net.sf.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for
* at least one of the {@link #requirePermission}s for each * at least one of the {@link #requirePermission}s for each
* <code>Collection</code> element. If the principal does not have at least * <code>Collection</code> element. If the principal does not have at least
* one of the permissions, that element will not be included in the returned * one of the permissions, that element will not be included in the returned
@ -81,10 +81,10 @@ import java.util.Set;
* <p> * <p>
* The <code>AclManager</code> is allowed to return any implementations of * The <code>AclManager</code> is allowed to return any implementations of
* <code>AclEntry</code> it wishes. However, this provider will only be able * <code>AclEntry</code> it wishes. However, this provider will only be able
* to validate against <code>AbstractBasicAclEntry</code>s, and thus a * to validate against <code>BasicAclEntry</code>s, and thus a
* <code>Collection</code> element will be filtered from the resulting * <code>Collection</code> element will be filtered from the resulting
* <code>Collection</code> if no <code>AclEntry</code> is of type * <code>Collection</code> if no <code>AclEntry</code> is of type
* <code>AbstractBasicAclEntry</code>. * <code>BasicAclEntry</code>.
* </p> * </p>
* *
* <p> * <p>
@ -202,8 +202,8 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider
if ((acls != null) && (acls.length != 0)) { if ((acls != null) && (acls.length != 0)) {
for (int i = 0; i < acls.length; i++) { for (int i = 0; i < acls.length; i++) {
// Locate processable AclEntrys // Locate processable AclEntrys
if (acls[i] instanceof AbstractBasicAclEntry) { if (acls[i] instanceof BasicAclEntry) {
AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i]; BasicAclEntry processableAcl = (BasicAclEntry) acls[i];
// See if principal has any of the required permissions // See if principal has any of the required permissions
for (int y = 0; y < requirePermission.length; for (int y = 0; y < requirePermission.length;

14
core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java
View File

@ -21,7 +21,7 @@ import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.acl.AclEntry; import net.sf.acegisecurity.acl.AclEntry;
import net.sf.acegisecurity.acl.AclManager; import net.sf.acegisecurity.acl.AclManager;
import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry; import net.sf.acegisecurity.acl.basic.BasicAclEntry;
import net.sf.acegisecurity.acl.basic.SimpleAclEntry; import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -45,7 +45,7 @@ import java.util.Iterator;
* (ACL) permissions associated with a domain object instance for the current * (ACL) permissions associated with a domain object instance for the current
* <code>Authentication</code> object. This class is designed to process * <code>Authentication</code> object. This class is designed to process
* {@link AclEntry}s that are subclasses of {@link * {@link AclEntry}s that are subclasses of {@link
* net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry} only. Generally these * net.sf.acegisecurity.acl.basic.BasicAclEntry} only. Generally these
* are obtained by using the {@link * are obtained by using the {@link
* net.sf.acegisecurity.acl.basic.BasicAclProvider}. * net.sf.acegisecurity.acl.basic.BasicAclProvider}.
* </p> * </p>
@ -55,7 +55,7 @@ import java.util.Iterator;
* ConfigAttribute#getAttribute()} matches the {@link * ConfigAttribute#getAttribute()} matches the {@link
* #processConfigAttribute}. The provider will then lookup the ACLs from the * #processConfigAttribute}. The provider will then lookup the ACLs from the
* <code>AclManager</code> and ensure the principal is {@link * <code>AclManager</code> and ensure the principal is {@link
* net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry#isPermitted(int)} for * net.sf.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for
* at least one of the {@link #requirePermission}s. * at least one of the {@link #requirePermission}s.
* </p> * </p>
* *
@ -74,9 +74,9 @@ import java.util.Iterator;
* <p> * <p>
* The <code>AclManager</code> is allowed to return any implementations of * The <code>AclManager</code> is allowed to return any implementations of
* <code>AclEntry</code> it wishes. However, this provider will only be able * <code>AclEntry</code> it wishes. However, this provider will only be able
* to validate against <code>AbstractBasicAclEntry</code>s, and thus access * to validate against <code>BasicAclEntry</code>s, and thus access
* will be denied if no <code>AclEntry</code> is of type * will be denied if no <code>AclEntry</code> is of type
* <code>AbstractBasicAclEntry</code>. * <code>BasicAclEntry</code>.
* </p> * </p>
* *
* <p> * <p>
@ -170,8 +170,8 @@ public class BasicAclEntryAfterInvocationProvider
for (int i = 0; i < acls.length; i++) { for (int i = 0; i < acls.length; i++) {
// Locate processable AclEntrys // Locate processable AclEntrys
if (acls[i] instanceof AbstractBasicAclEntry) { if (acls[i] instanceof BasicAclEntry) {
AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i]; BasicAclEntry processableAcl = (BasicAclEntry) acls[i];
// See if principal has any of the required permissions // See if principal has any of the required permissions
for (int y = 0; y < requirePermission.length; y++) { for (int y = 0; y < requirePermission.length; y++) {

8
core/src/main/java/org/acegisecurity/taglibs/authz/AclTag.java
View File

@ -18,7 +18,7 @@ package net.sf.acegisecurity.taglibs.authz;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.acl.AclEntry; import net.sf.acegisecurity.acl.AclEntry;
import net.sf.acegisecurity.acl.AclManager; import net.sf.acegisecurity.acl.AclManager;
import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry; import net.sf.acegisecurity.acl.basic.BasicAclEntry;
import net.sf.acegisecurity.context.SecurityContextHolder; import net.sf.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -47,7 +47,7 @@ import javax.servlet.jsp.tagext.TagSupport;
* *
* <P> * <P>
* Only works with permissions that are subclasses of {@link * Only works with permissions that are subclasses of {@link
* net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry}. * net.sf.acegisecurity.acl.basic.BasicAclEntry}.
* </p> * </p>
* *
* <p> * <p>
@ -173,8 +173,8 @@ public class AclTag extends TagSupport {
for (int i = 0; i < acls.length; i++) { for (int i = 0; i < acls.length; i++) {
// Locate processable AclEntrys // Locate processable AclEntrys
if (acls[i] instanceof AbstractBasicAclEntry) { if (acls[i] instanceof BasicAclEntry) {
AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i]; BasicAclEntry processableAcl = (BasicAclEntry) acls[i];
// See if principal has any of the required permissions // See if principal has any of the required permissions
for (int y = 0; y < requiredIntegers.length; y++) { for (int y = 0; y < requiredIntegers.length; y++) {

10
core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java
View File

@ -21,7 +21,7 @@ import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition; import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.acl.AclEntry; import net.sf.acegisecurity.acl.AclEntry;
import net.sf.acegisecurity.acl.AclManager; import net.sf.acegisecurity.acl.AclManager;
import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry; import net.sf.acegisecurity.acl.basic.BasicAclEntry;
import org.aopalliance.intercept.MethodInvocation; import org.aopalliance.intercept.MethodInvocation;
@ -49,7 +49,7 @@ import java.util.Iterator;
* (ACL) permissions associated with a domain object instance for the current * (ACL) permissions associated with a domain object instance for the current
* <code>Authentication</code> object. This class is designed to process * <code>Authentication</code> object. This class is designed to process
* {@link AclEntry}s that are subclasses of {@link * {@link AclEntry}s that are subclasses of {@link
* net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry} only. Generally these * net.sf.acegisecurity.acl.basic.BasicAclEntry} only. Generally these
* are obtained by using the {@link * are obtained by using the {@link
* net.sf.acegisecurity.acl.basic.BasicAclProvider}. * net.sf.acegisecurity.acl.basic.BasicAclProvider}.
* </p> * </p>
@ -60,7 +60,7 @@ import java.util.Iterator;
* first method argument of type {@link #processDomainObjectClass}. Assuming * first method argument of type {@link #processDomainObjectClass}. Assuming
* that method argument is non-null, the provider will then lookup the ACLs * that method argument is non-null, the provider will then lookup the ACLs
* from the <code>AclManager</code> and ensure the principal is {@link * from the <code>AclManager</code> and ensure the principal is {@link
* net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry#isPermitted(int)} for * net.sf.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for
* at least one of the {@link #requirePermission}s. * at least one of the {@link #requirePermission}s.
* </p> * </p>
* *
@ -304,8 +304,8 @@ public class BasicAclEntryVoter implements AccessDecisionVoter,
// Principal has some permissions for domain object, check them // Principal has some permissions for domain object, check them
for (int i = 0; i < acls.length; i++) { for (int i = 0; i < acls.length; i++) {
// Locate processable AclEntrys // Locate processable AclEntrys
if (acls[i] instanceof AbstractBasicAclEntry) { if (acls[i] instanceof BasicAclEntry) {
AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i]; BasicAclEntry processableAcl = (BasicAclEntry) acls[i];
// See if principal has any of the required permissions // See if principal has any of the required permissions
for (int y = 0; y < requirePermission.length; y++) { for (int y = 0; y < requirePermission.length; y++) {