Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
github
/
spring-security
şunun yansıması https://github.com/spring-projects/spring-security
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

SEC-32: Patches to move isPermissable(int) method to the BasicAclEntry interface. Thanks to Andres March for this patch.

Ben Alex 20 yıl önce
ebeveyn
c5d652f6c2
işleme
7faf2741f1
6 değiştirilmiş dosya ile 33 ekleme ve 25 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 8 0
      core/src/main/java/org/acegisecurity/acl/basic/BasicAclEntry.java
  2. 2 2
      core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java
  3. 7 7
      core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java
  4. 7 7
      core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java
  5. 4 4
      core/src/main/java/org/acegisecurity/taglibs/authz/AclTag.java
  6. 5 5
      core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java

+ 8 - 0
core/src/main/java/org/acegisecurity/acl/basic/BasicAclEntry.java
Dosyayı Görüntüle 

@@ -123,4 +123,12 @@ public interface BasicAclEntry extends AclEntry {
 
      *         <code>null</code>)
 
      */
 
     public Object getRecipient();
 
+    
+    /**
 
+     * Determine if the mask of this entry includes this permission or not
 
+     * 
+     * @param permissionToCheck
 
+     * @return if the entry's mask includes this permission
 
+     */
 
+    public boolean isPermitted(int permissionToCheck);
 
 }

+ 2 - 2
core/src/main/java/org/acegisecurity/acl/basic/GrantedAuthorityEffectiveAclsResolver.java
Dosyayı Görüntüle 

@@ -80,11 +80,11 @@ public class GrantedAuthorityEffectiveAclsResolver
 
         }
 
 
         for (int i = 0; i < allAcls.length; i++) {
 
-            if (!(allAcls[i] instanceof AbstractBasicAclEntry)) {
 
+            if (!(allAcls[i] instanceof BasicAclEntry)) {
 
                 continue;
 
             }
 
 
-            Object recipient = ((AbstractBasicAclEntry) allAcls[i])
 
+            Object recipient = ((BasicAclEntry) allAcls[i])
 
                 .getRecipient();
 
 
             // Allow the Authentication's getPrincipal to decide whether

+ 7 - 7
core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java
Dosyayı Görüntüle 

@@ -22,7 +22,7 @@ import net.sf.acegisecurity.ConfigAttribute;
 
 import net.sf.acegisecurity.ConfigAttributeDefinition;
 
 import net.sf.acegisecurity.acl.AclEntry;
 
 import net.sf.acegisecurity.acl.AclManager;
 
-import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry;
 
+import net.sf.acegisecurity.acl.basic.BasicAclEntry;
 
 import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
 
 
 import org.apache.commons.collections.iterators.ArrayIterator;
 
@@ -54,7 +54,7 @@ import java.util.Set;
 
  * (ACL) permissions associated with each <code>Collection</code>  domain
 
  * object instance element for the current <code>Authentication</code> object.
 
  * This class is designed to process {@link AclEntry}s that are subclasses of
 
- * {@link net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry} only.
 
+ * {@link net.sf.acegisecurity.acl.basic.BasicAclEntry} only.
 
  * Generally these are obtained by using the {@link
 
  * net.sf.acegisecurity.acl.basic.BasicAclProvider}.
 
  * </p>
 
@@ -64,7 +64,7 @@ import java.util.Set;
 
  * ConfigAttribute#getAttribute()} matches the {@link
 
  * #processConfigAttribute}. The provider will then lookup the ACLs from the
 
  * <code>AclManager</code> and ensure the principal is {@link
 
- * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry#isPermitted(int)} for
 
+ * net.sf.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for
 
  * at least one of the {@link #requirePermission}s for each
 
  * <code>Collection</code> element. If the principal does not have at least
 
  * one of the permissions, that element will not be included in the returned
 
@@ -81,10 +81,10 @@ import java.util.Set;
 
  * <p>
 
  * The <code>AclManager</code> is allowed to return any implementations of
 
  * <code>AclEntry</code> it wishes. However, this provider will only be able
 
- * to validate against <code>AbstractBasicAclEntry</code>s, and thus a
 
+ * to validate against <code>BasicAclEntry</code>s, and thus a
 
  * <code>Collection</code> element will be filtered from the resulting
 
  * <code>Collection</code> if no <code>AclEntry</code> is of type
 
- * <code>AbstractBasicAclEntry</code>.
 
+ * <code>BasicAclEntry</code>.
 
  * </p>
 
  * 
  * <p>
 
@@ -202,8 +202,8 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider
 
                     if ((acls != null) && (acls.length != 0)) {
 
                         for (int i = 0; i < acls.length; i++) {
 
                             // Locate processable AclEntrys
 
-                            if (acls[i] instanceof AbstractBasicAclEntry) {
 
-                                AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i];
 
+                            if (acls[i] instanceof BasicAclEntry) {
 
+                            	BasicAclEntry processableAcl = (BasicAclEntry) acls[i];
 
 
                                 // See if principal has any of the required permissions
 
                                 for (int y = 0; y < requirePermission.length;

+ 7 - 7
core/src/main/java/org/acegisecurity/afterinvocation/BasicAclEntryAfterInvocationProvider.java
Dosyayı Görüntüle 

@@ -21,7 +21,7 @@ import net.sf.acegisecurity.ConfigAttribute;
 
 import net.sf.acegisecurity.ConfigAttributeDefinition;
 
 import net.sf.acegisecurity.acl.AclEntry;
 
 import net.sf.acegisecurity.acl.AclManager;
 
-import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry;
 
+import net.sf.acegisecurity.acl.basic.BasicAclEntry;
 
 import net.sf.acegisecurity.acl.basic.SimpleAclEntry;
 
 
 import org.apache.commons.logging.Log;
 
@@ -45,7 +45,7 @@ import java.util.Iterator;
 
  * (ACL) permissions associated with a domain object instance for the current
 
  * <code>Authentication</code> object. This class is designed to process
 
  * {@link AclEntry}s that are subclasses of {@link
 
- * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry} only. Generally these
 
+ * net.sf.acegisecurity.acl.basic.BasicAclEntry} only. Generally these
 
  * are obtained by using the {@link
 
  * net.sf.acegisecurity.acl.basic.BasicAclProvider}.
 
  * </p>
 
@@ -55,7 +55,7 @@ import java.util.Iterator;
 
  * ConfigAttribute#getAttribute()} matches the {@link
 
  * #processConfigAttribute}. The provider will then lookup the ACLs from the
 
  * <code>AclManager</code> and ensure the principal is {@link
 
- * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry#isPermitted(int)} for
 
+ * net.sf.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for
 
  * at least one of the {@link #requirePermission}s.
 
  * </p>
 
  * 
@@ -74,9 +74,9 @@ import java.util.Iterator;
 
  * <p>
 
  * The <code>AclManager</code> is allowed to return any implementations of
 
  * <code>AclEntry</code> it wishes. However, this provider will only be able
 
- * to validate against <code>AbstractBasicAclEntry</code>s, and thus access
 
+ * to validate against <code>BasicAclEntry</code>s, and thus access
 
  * will be denied if no <code>AclEntry</code> is of type
 
- * <code>AbstractBasicAclEntry</code>.
 
+ * <code>BasicAclEntry</code>.
 
  * </p>
 
  * 
  * <p>
 
@@ -170,8 +170,8 @@ public class BasicAclEntryAfterInvocationProvider
 
 
                 for (int i = 0; i < acls.length; i++) {
 
                     // Locate processable AclEntrys
 
-                    if (acls[i] instanceof AbstractBasicAclEntry) {
 
-                        AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i];
 
+                    if (acls[i] instanceof BasicAclEntry) {
 
+                    	BasicAclEntry processableAcl = (BasicAclEntry) acls[i];
 
 
                         // See if principal has any of the required permissions
 
                         for (int y = 0; y < requirePermission.length; y++) {

+ 4 - 4
core/src/main/java/org/acegisecurity/taglibs/authz/AclTag.java
Dosyayı Görüntüle 

@@ -18,7 +18,7 @@ package net.sf.acegisecurity.taglibs.authz;
 
 import net.sf.acegisecurity.Authentication;
 
 import net.sf.acegisecurity.acl.AclEntry;
 
 import net.sf.acegisecurity.acl.AclManager;
 
-import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry;
 
+import net.sf.acegisecurity.acl.basic.BasicAclEntry;
 
 import net.sf.acegisecurity.context.SecurityContextHolder;
 
 
 import org.apache.commons.logging.Log;
 
@@ -47,7 +47,7 @@ import javax.servlet.jsp.tagext.TagSupport;
 
  * 
  * <P>
 
  * Only works with permissions that are subclasses of {@link
 
- * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry}.
 
+ * net.sf.acegisecurity.acl.basic.BasicAclEntry}.
 
  * </p>
 
  * 
  * <p>
 
@@ -173,8 +173,8 @@ public class AclTag extends TagSupport {
 
 
         for (int i = 0; i < acls.length; i++) {
 
             // Locate processable AclEntrys
 
-            if (acls[i] instanceof AbstractBasicAclEntry) {
 
-                AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i];
 
+            if (acls[i] instanceof BasicAclEntry) {
 
+            	BasicAclEntry processableAcl = (BasicAclEntry) acls[i];
 
 
                 // See if principal has any of the required permissions
 
                 for (int y = 0; y < requiredIntegers.length; y++) {

+ 5 - 5
core/src/main/java/org/acegisecurity/vote/BasicAclEntryVoter.java
Dosyayı Görüntüle 

@@ -21,7 +21,7 @@ import net.sf.acegisecurity.ConfigAttribute;
 
 import net.sf.acegisecurity.ConfigAttributeDefinition;
 
 import net.sf.acegisecurity.acl.AclEntry;
 
 import net.sf.acegisecurity.acl.AclManager;
 
-import net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry;
 
+import net.sf.acegisecurity.acl.basic.BasicAclEntry;
 
 
 import org.aopalliance.intercept.MethodInvocation;
 
 
@@ -49,7 +49,7 @@ import java.util.Iterator;
 
  * (ACL) permissions associated with a domain object instance for the current
 
  * <code>Authentication</code> object. This class is designed to process
 
  * {@link AclEntry}s that are subclasses of {@link
 
- * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry} only. Generally these
 
+ * net.sf.acegisecurity.acl.basic.BasicAclEntry} only. Generally these
 
  * are obtained by using the {@link
 
  * net.sf.acegisecurity.acl.basic.BasicAclProvider}.
 
  * </p>
 
@@ -60,7 +60,7 @@ import java.util.Iterator;
 
  * first method argument of type {@link #processDomainObjectClass}. Assuming
 
  * that method argument is non-null, the provider will then lookup the ACLs
 
  * from the <code>AclManager</code> and ensure the principal is {@link
 
- * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry#isPermitted(int)} for
 
+ * net.sf.acegisecurity.acl.basic.BasicAclEntry#isPermitted(int)} for
 
  * at least one of the {@link #requirePermission}s.
 
  * </p>
 
  * 
@@ -304,8 +304,8 @@ public class BasicAclEntryVoter implements AccessDecisionVoter,
 
                 // Principal has some permissions for domain object, check them
 
                 for (int i = 0; i < acls.length; i++) {
 
                     // Locate processable AclEntrys
 
-                    if (acls[i] instanceof AbstractBasicAclEntry) {
 
-                        AbstractBasicAclEntry processableAcl = (AbstractBasicAclEntry) acls[i];
 
+                    if (acls[i] instanceof BasicAclEntry) {
 
+                    	BasicAclEntry processableAcl = (BasicAclEntry) acls[i];
 
 
                         // See if principal has any of the required permissions
 
                         for (int y = 0; y < requirePermission.length; y++) {