Commit 551d23d3 authored by Matija Obreza's avatar Matija Obreza
Browse files

ACL service updates for temporary SID

- Javadoc updates
- CurrentPermissionsWriter fixed to use Authentication from SecurityContextHolder
parent 4fb8a6fc
......@@ -24,7 +24,7 @@ import com.fasterxml.jackson.databind.introspect.BeanPropertyDefinition;
import com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter;
import com.fasterxml.jackson.databind.util.Annotations;
import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.blocks.security.model.AclAwareModel;
import org.genesys.blocks.util.CurrentApplicationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -33,12 +33,29 @@ import org.springframework.context.ApplicationContext;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
/**
* The Class CurrentPermissionsWriter.
* The CurrentPermissionsWriter is applied to {@link AclAwareModel} and it
* instructs Jackson to to include {@link CurrentPermissions} for current SID
* for every ACL aware entity.
*
* Serialization is enabled <code>@JsonAppend</code> annotation on
* <code>AclAwareModel</code>:
*
* <pre>
* &#64;JsonAppend(props = { @JsonAppend.Prop(name="_permissions", value = CurrentPermissionsWriter.class, type=CurrentPermissions.class) })
* public interface AclAwareModel...
* </pre>
*
* To be able to access the current permissions of the current SID, this code
* relies on an instance of
* <code>org.genesys.blocks.util.CurrentApplicationContext</code> to be
* registered in the Spring application context.
*
*/
public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
/** The Constant LOG. */
private static final Logger LOG = LoggerFactory.getLogger(CurrentPermissionsWriter.class);
......@@ -81,13 +98,17 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
LOG.trace("CurrentPermissionsWriter");
}
/* (non-Javadoc)
* @see com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter#value(java.lang.Object, com.fasterxml.jackson.core.JsonGenerator, com.fasterxml.jackson.databind.SerializerProvider)
/*
* (non-Javadoc)
* @see
* com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter#value(java.lang.
* Object, com.fasterxml.jackson.core.JsonGenerator,
* com.fasterxml.jackson.databind.SerializerProvider)
*/
@Override
protected Object value(Object bean, JsonGenerator gen, SerializerProvider prov) throws Exception {
if (permissionEvaluator != null) {
Authentication authentication = SecurityContextUtil.getCurrentUser();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null) {
CurrentPermissions perms = new CurrentPermissions();
perms.create = permissionEvaluator.hasPermission(authentication, bean, BasePermission.CREATE);
......@@ -101,8 +122,14 @@ public class CurrentPermissionsWriter extends VirtualBeanPropertyWriter {
return null;
}
/* (non-Javadoc)
* @see com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter#withConfig(com.fasterxml.jackson.databind.cfg.MapperConfig, com.fasterxml.jackson.databind.introspect.AnnotatedClass, com.fasterxml.jackson.databind.introspect.BeanPropertyDefinition, com.fasterxml.jackson.databind.JavaType)
/*
* (non-Javadoc)
* @see
* com.fasterxml.jackson.databind.ser.VirtualBeanPropertyWriter#withConfig(com.
* fasterxml.jackson.databind.cfg.MapperConfig,
* com.fasterxml.jackson.databind.introspect.AnnotatedClass,
* com.fasterxml.jackson.databind.introspect.BeanPropertyDefinition,
* com.fasterxml.jackson.databind.JavaType)
*/
@Override
public VirtualBeanPropertyWriter withConfig(MapperConfig<?> config, AnnotatedClass declaringClass, BeanPropertyDefinition propDef, JavaType type) {
......
......@@ -92,9 +92,9 @@ public class CustomAclServiceImpl implements CustomAclService {
}
return map;
}
@Override
@Transactional(readOnly=true)
@Transactional(readOnly = true)
public AclSid getSid(Long id) {
return aclSidPersistence.findOne(id);
}
......@@ -103,7 +103,7 @@ public class CustomAclServiceImpl implements CustomAclService {
public AclSid getAuthoritySid(String authority) {
return ensureSidForAuthority(authority);
}
/*
* (non-Javadoc)
* @see
......@@ -120,7 +120,10 @@ public class CustomAclServiceImpl implements CustomAclService {
final AclSid ownerSid = SecurityContextUtil.getCurrentUser();
if (ownerSid == null) {
LOG.warn("No SID in security context, not doing ACL");
LOG.warn("No SID in security context, not assigning creator permissions");
return;
} else if (!ownerSid.isPersisted()) {
LOG.warn("Owner SID not persisted, not assigning creator permissions");
return;
}
......
......@@ -21,7 +21,31 @@ import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
/**
* https://stackoverflow.com/questions/28005761/how-to-access-a-method-a-spring-bean-from-a-class-not-in-the-spring-container/28005923#28005923
* Based on this <a href=
* "https://stackoverflow.com/questions/28005761/how-to-access-a-method-a-spring-bean-from-a-class-not-in-the-spring-container/28005923#28005923">Stackoveflow
* comment</a>.
*
* The bean exposes the current Spring application context to static methods.
* Register it as
*
* <pre>
* &#64;Bean
* public CurrentApplicationContext currentAppContext() {
* return new CurrentApplicationContext();
* }
* </pre>
*
* Once registered, static methods can obtain bean references:
*
* <pre>
* static {
* SomeService myService = CurrentApplicationComntext.getContext().getBean(...);
* }
*
* public static void foo() {
* SomeBean bean = CurrentApplicationComntext.getContext().getBean(...);
* }
* </pre>
*/
public class CurrentApplicationContext implements ApplicationContextAware {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment