Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1049: RoleHierarchy in SidRetrievalStrategy. Added optional RoleHierarchy injection to SidRetrievalStrategyImpl

This commit is contained in:
Luke Taylor 2009-09-16 19:59:37 +00:00
parent 9374bddceb
commit 9639340fef
3 changed files with 68 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
acl/src/main/java/org/springframework/security/acls/domain/SidRetrievalStrategyImpl.java
View File

@ -18,14 +18,18 @@ package org.springframework.security.acls.domain;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.springframework.security.access.hierarchicalroles.NullRoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.acls.model.Sid; import org.springframework.security.acls.model.Sid;
import org.springframework.security.acls.model.SidRetrievalStrategy; import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.util.Assert;
/** /**
* Basic implementation of {@link SidRetrievalStrategy} that creates a {@link Sid} for the principal, as well as * Basic implementation of {@link SidRetrievalStrategy} that creates a {@link Sid} for the principal, as well as
* every granted authority the principal holds. * every granted authority the principal holds. Can optionally have a <tt>RoleHierarchy</tt> injected in order to
* determine the extended list of authorities that the principal is assigned.
* <p> * <p>
* The returned array will always contain the {@link PrincipalSid} before any {@link GrantedAuthoritySid} elements. * The returned array will always contain the {@link PrincipalSid} before any {@link GrantedAuthoritySid} elements.
* *
@ -33,10 +37,21 @@ import org.springframework.security.core.GrantedAuthority;
* @version $Id$ * @version $Id$
*/ */
public class SidRetrievalStrategyImpl implements SidRetrievalStrategy { public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
private RoleHierarchy roleHierarchy = new NullRoleHierarchy();
public SidRetrievalStrategyImpl() {
}
public SidRetrievalStrategyImpl(RoleHierarchy roleHierarchy) {
Assert.notNull(roleHierarchy, "RoleHierarchy must not be null");
this.roleHierarchy = roleHierarchy;
}
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public List<Sid> getSids(Authentication authentication) { public List<Sid> getSids(Authentication authentication) {
List<GrantedAuthority> authorities = authentication.getAuthorities(); List<GrantedAuthority> authorities = roleHierarchy.getReachableGrantedAuthorities(authentication.getAuthorities());
List<Sid> sids = new ArrayList<Sid>(authorities.size() + 1); List<Sid> sids = new ArrayList<Sid>(authorities.size() + 1);
sids.add(new PrincipalSid(authentication)); sids.add(new PrincipalSid(authentication));

42
acl/src/test/java/org/springframework/security/acls/sid/SidRetrievalStrategyTests.java
View File

@ -1,10 +1,13 @@
package org.springframework.security.acls.sid; package org.springframework.security.acls.sid;
import static org.junit.Assert.*;
import static org.mockito.Matchers.*;
import static org.mockito.Mockito.*;
import java.util.List; import java.util.List;
import junit.framework.Assert; import org.junit.Test;
import junit.framework.TestCase; import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.acls.domain.GrantedAuthoritySid; import org.springframework.security.acls.domain.GrantedAuthoritySid;
import org.springframework.security.acls.domain.PrincipalSid; import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.domain.SidRetrievalStrategyImpl; import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
@ -12,18 +15,23 @@ import org.springframework.security.acls.model.Sid;
import org.springframework.security.acls.model.SidRetrievalStrategy; import org.springframework.security.acls.model.SidRetrievalStrategy;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
/** /**
* Tests for {@link SidRetrievalStrategyImpl} * Tests for {@link SidRetrievalStrategyImpl}
* *
* @author Andrei Stefan * @author Andrei Stefan
* @author Luke Taylor
*/ */
public class SidRetrievalStrategyTests extends TestCase { @SuppressWarnings("unchecked")
public class SidRetrievalStrategyTests {
Authentication authentication = new TestingAuthenticationToken("scott", "password", "A", "B", "C");
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void testSidsRetrieval() throws Exception { @Test
Authentication authentication = new TestingAuthenticationToken("scott", "password", "ROLE_1", "ROLE_2", "ROLE_3"); public void correctSidsAreRetrieved() throws Exception {
SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl(); SidRetrievalStrategy retrStrategy = new SidRetrievalStrategyImpl();
List<Sid> sids = retrStrategy.getSids(authentication); List<Sid> sids = retrStrategy.getSids(authentication);
@ -36,9 +44,23 @@ public class SidRetrievalStrategyTests extends TestCase {
assertTrue(sids.get(i) instanceof GrantedAuthoritySid); assertTrue(sids.get(i) instanceof GrantedAuthoritySid);
} }
Assert.assertEquals("scott", ((PrincipalSid) sids.get(0)).getPrincipal()); assertEquals("scott", ((PrincipalSid) sids.get(0)).getPrincipal());
Assert.assertEquals("ROLE_1", ((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority()); assertEquals("A", ((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority());
Assert.assertEquals("ROLE_2", ((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority()); assertEquals("B", ((GrantedAuthoritySid) sids.get(2)).getGrantedAuthority());
Assert.assertEquals("ROLE_3", ((GrantedAuthoritySid) sids.get(3)).getGrantedAuthority()); assertEquals("C", ((GrantedAuthoritySid) sids.get(3)).getGrantedAuthority());
}
@Test
public void roleHierarchyIsUsedWhenSet() throws Exception {
RoleHierarchy rh = mock(RoleHierarchy.class);
List<GrantedAuthority> rhAuthorities = AuthorityUtils.createAuthorityList("D");
when(rh.getReachableGrantedAuthorities(anyList())).thenReturn(rhAuthorities);
SidRetrievalStrategy strat = new SidRetrievalStrategyImpl(rh);
List<Sid> sids = strat.getSids(authentication);
assertEquals(2, sids.size());
assertNotNull(sids.get(0));
assertTrue(sids.get(0) instanceof PrincipalSid);
assertEquals("D", ((GrantedAuthoritySid) sids.get(1)).getGrantedAuthority());
} }
} }

19
core/src/main/java/org/springframework/security/access/hierarchicalroles/NullRoleHierarchy.java Normal file
View File

@ -0,0 +1,19 @@
package org.springframework.security.access.hierarchicalroles;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
/**
*
* @author Luke Taylor
* @version $Id$
* @since 3.0
*/
public final class NullRoleHierarchy implements RoleHierarchy {
public List<GrantedAuthority> getReachableGrantedAuthorities(List<GrantedAuthority> authorities) {
return authorities;
}
}