shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kao...@apache.org
Subject svn commit: r979512 - in /incubator/shiro/trunk/core: ./ src/main/java/org/apache/shiro/aop/ src/main/java/org/apache/shiro/authz/annotation/ src/main/java/org/apache/shiro/authz/aop/ src/main/java/org/apache/shiro/subject/ src/test/java/org/apache/shi...
Date Tue, 27 Jul 2010 03:42:15 GMT
Author: kaosko
Date: Tue Jul 27 03:42:14 2010
New Revision: 979512

URL: http://svn.apache.org/viewvc?rev=979512&view=rev
Log:
Incomplete - issue SHIRO-175: Improve Set of permission and role checks 
https://issues.apache.org/jira/browse/SHIRO-175
- extend all core authz annotations to @Target(ElementType.TYPE) as well 
- change value parameter of RequiresPermissions and RequiresRoles annotations from String
to String[]
- Change DefaultAnnotationResolver to consider classes as well
- remove obsolete imports and code
- add test for authz annotation attached to classes
- fix the ambiguity in the javadoc for RequiresRoles semantics
- add note to authz/annotation/package-info of the slight changes in the annotation syntax
in 1.1

Added:
    incubator/shiro/trunk/core/src/test/java/org/apache/shiro/aop/
    incubator/shiro/trunk/core/src/test/java/org/apache/shiro/aop/AnnotationResolverTest.java
Modified:
    incubator/shiro/trunk/core/   (props changed)
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/AnnotationResolver.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/DefaultAnnotationResolver.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresAuthentication.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresGuest.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresPermissions.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresRoles.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresUser.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/package-info.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/RoleAnnotationHandler.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
    incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/PermissionAnnotationHandlerTest.java
    incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/RoleAnnotationHandlerTest.java

Propchange: incubator/shiro/trunk/core/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Tue Jul 27 03:42:14 2010
@@ -1,5 +1,6 @@
 *.iml
-target
-.settings
-.project
 .classpath
+.externalToolBuilders
+.project
+.settings
+target

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/AnnotationResolver.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/AnnotationResolver.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/AnnotationResolver.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/AnnotationResolver.java
Tue Jul 27 03:42:14 2010
@@ -30,7 +30,8 @@ public interface AnnotationResolver {
     /**
      * Returns an {@link Annotation} instance of the specified type based on the given
      * {@link MethodInvocation MethodInvocation} argument, or {@code null} if no annotation
-     * of that type could be found.
+     * of that type could be found. First checks the invoked method itself and if not found,

+     * then the class for the existence of the same annotation. 
      *
      * @param mi the intercepted method to be invoked.
      * @param clazz the annotation class of the annotation to find.

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/DefaultAnnotationResolver.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/DefaultAnnotationResolver.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/DefaultAnnotationResolver.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/aop/DefaultAnnotationResolver.java
Tue Jul 27 03:42:14 2010
@@ -58,6 +58,7 @@ public class DefaultAnnotationResolver i
             throw new IllegalArgumentException(msg);
 
         }
-        return m.getAnnotation(clazz);
+        Annotation annotation = m.getAnnotation(clazz);
+        return annotation == null ? mi.getThis().getClass().getAnnotation(clazz) : annotation;
     }
 }

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresAuthentication.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresAuthentication.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresAuthentication.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresAuthentication.java
Tue Jul 27 03:42:14 2010
@@ -40,7 +40,7 @@ import java.lang.annotation.Target;
  *
  * @since 0.9.0
  */
-@Target(ElementType.METHOD)
+@Target({ElementType.TYPE, ElementType.METHOD})
 @Retention(RetentionPolicy.RUNTIME)
 public @interface RequiresAuthentication {
 }

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresGuest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresGuest.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresGuest.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresGuest.java
Tue Jul 27 03:42:14 2010
@@ -37,7 +37,7 @@ import java.lang.annotation.Target;
  *
  * @since 0.9.0
  */
-@Target(ElementType.METHOD)
+@Target({ElementType.TYPE, ElementType.METHOD})
 @Retention(RetentionPolicy.RUNTIME)
 public @interface RequiresGuest {
 }

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresPermissions.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresPermissions.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresPermissions.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresPermissions.java
Tue Jul 27 03:42:14 2010
@@ -43,7 +43,7 @@ import java.lang.annotation.Target;
  * @see org.apache.shiro.subject.Subject#checkPermission
  * @since 0.1
  */
-@Target(ElementType.METHOD)
+@Target({ElementType.TYPE, ElementType.METHOD})
 @Retention(RetentionPolicy.RUNTIME)
 public @interface RequiresPermissions {
 
@@ -51,7 +51,7 @@ public @interface RequiresPermissions {
      * The permission string which will be passed to {@link org.apache.shiro.subject.Subject#isPermitted(String)}
      * to determine if the user is allowed to invoke the code protected by this annotation.
      */
-    String value();
+    String[] value();
 
 }
 

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresRoles.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresRoles.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresRoles.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresRoles.java
Tue Jul 27 03:42:14 2010
@@ -24,8 +24,8 @@ import java.lang.annotation.RetentionPol
 import java.lang.annotation.Target;
 
 /**
- * Requires the currently executing {@link org.apache.shiro.subject.Subject Subject} to have
one or more specified roles
- * in order to execute the annotated method. If they do not have the role(s), the method
will not be executed and
+ * Requires the currently executing {@link org.apache.shiro.subject.Subject Subject} to have
all of the 
+ * specified roles. If they do not have the role(s), the method will not be executed and
  * an {@link org.apache.shiro.authz.AuthorizationException AuthorizationException} is thrown.
  * <p/>
  * For example,
@@ -50,7 +50,7 @@ import java.lang.annotation.Target;
  * @see org.apache.shiro.subject.Subject#hasRole(String)
  * @since 0.1
  */
-@Target(ElementType.METHOD)
+@Target({ElementType.TYPE, ElementType.METHOD})
 @Retention(RetentionPolicy.RUNTIME)
 public @interface RequiresRoles {
 
@@ -58,6 +58,6 @@ public @interface RequiresRoles {
      * A single String role name or multiple comma-delimitted role names required in order
for the method
      * invocation to be allowed.
      */
-    String value();
+    String[] value();
 
 }

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresUser.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresUser.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresUser.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/RequiresUser.java
Tue Jul 27 03:42:14 2010
@@ -45,7 +45,7 @@ import java.lang.annotation.Target;
  *
  * @since 0.9.0
  */
-@Target(ElementType.METHOD)
+@Target({ElementType.TYPE, ElementType.METHOD})
 @Retention(RetentionPolicy.RUNTIME)
 public @interface RequiresUser {
 }

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/package-info.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/package-info.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/package-info.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/annotation/package-info.java
Tue Jul 27 03:42:14 2010
@@ -19,5 +19,10 @@
 /**
  * Annotations used to restrict which classes, instances, or methods may be accessed or invoked
depending on the
  * caller's access abilities or authentication state.
+ * 
+ * Since 1.1, all core annotations were extends to accept Target ElementType.TYPE in additon
to ElementType.METHOD 
  */
 package org.apache.shiro.authz.annotation;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Target;
+

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/PermissionAnnotationHandler.java
Tue Jul 27 03:42:14 2010
@@ -24,6 +24,7 @@ import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.PermissionUtils;
 
 import java.lang.annotation.Annotation;
+import java.util.Arrays;
 import java.util.Set;
 
 
@@ -50,7 +51,7 @@ public class PermissionAnnotationHandler
      * @param a the RequiresPermissions annotation being inspected.
      * @return the annotation's <code>value</code>, from which the Permission
will be constructed.
      */
-    protected String getAnnotationValue(Annotation a) {
+    protected String[] getAnnotationValue(Annotation a) {
         RequiresPermissions rpAnnotation = (RequiresPermissions) a;
         return rpAnnotation.value();
     }
@@ -65,20 +66,12 @@ public class PermissionAnnotationHandler
      *          continue access or execution.
      */
     public void assertAuthorized(Annotation a) throws AuthorizationException {
-        if (!(a instanceof RequiresPermissions)) {
-            return;
-        }
-        String p = getAnnotationValue(a);
-        Set<String> perms = PermissionUtils.toPermissionStrings(p);
+        if (!(a instanceof RequiresPermissions)) return;
 
+        String[] perms = getAnnotationValue(a);
         Subject subject = getSubject();
 
-        if (perms.size() == 1) {
-            subject.checkPermission(perms.iterator().next());
-        } else {
-            String[] permStrings = new String[perms.size()];
-            permStrings = perms.toArray(permStrings);
-            subject.checkPermissions(permStrings);
-        }
+        if (perms.length == 1) subject.checkPermission(perms[0]);
+        else subject.checkPermissions(perms);
     }
 }

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/RoleAnnotationHandler.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/RoleAnnotationHandler.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/RoleAnnotationHandler.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/authz/aop/RoleAnnotationHandler.java
Tue Jul 27 03:42:14 2010
@@ -23,9 +23,6 @@ import org.apache.shiro.authz.annotation
 
 import java.lang.annotation.Annotation;
 import java.util.Arrays;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
 
 /**
  * Checks to see if a @{@link org.apache.shiro.authz.annotation.RequiresRoles RequiresRoles}
annotation is declared, and if so, performs
@@ -53,21 +50,13 @@ public class RoleAnnotationHandler exten
      *          proceed.
      */
     public void assertAuthorized(Annotation a) throws AuthorizationException {
-        if (!(a instanceof RequiresRoles)) {
-            return;
-        }
-        RequiresRoles rrAnnotation = (RequiresRoles) a;
+        if (!(a instanceof RequiresRoles)) return;
 
-        String roleId = rrAnnotation.value();
-
-        String[] roles = roleId.split(",");
+        RequiresRoles rrAnnotation = (RequiresRoles) a;
+        String[] roles = rrAnnotation.value();
 
-        if (roles.length == 1) {
-            getSubject().checkRole(roles[0]);
-        } else {
-            Set<String> rolesSet = new LinkedHashSet<String>(Arrays.asList(roles));
-            getSubject().checkRoles(rolesSet);
-        }
+        if (roles.length == 1) getSubject().checkRole(roles[0]);
+        else getSubject().checkRoles(Arrays.asList(roles));
     }
 
 }

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java Tue Jul
27 03:42:14 2010
@@ -781,7 +781,6 @@ public interface Subject {
          * @throws IllegalArgumentException if the {@code attributeKey} is {@code null}.
          * @see SubjectFactory#createSubject(SubjectContext)
          */
-        @SuppressWarnings({"UnusedDeclaration"})
         public Builder contextAttribute(String attributeKey, Object attributeValue) {
             if (attributeKey == null) {
                 String msg = "Subject context map key cannot be null.";

Added: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/aop/AnnotationResolverTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/aop/AnnotationResolverTest.java?rev=979512&view=auto
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/aop/AnnotationResolverTest.java
(added)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/aop/AnnotationResolverTest.java
Tue Jul 27 03:42:14 2010
@@ -0,0 +1,46 @@
+package org.apache.shiro.aop;
+
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+
+import java.lang.reflect.Method;
+
+import org.apache.shiro.authz.annotation.RequiresRoles;
+import org.apache.shiro.authz.annotation.RequiresUser;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+
+public class AnnotationResolverTest {
+    @SuppressWarnings("unused")
+    @RequiresRoles("root")
+    private class MyFixture {
+	public void operateThis() {}
+        @RequiresUser()
+        public void operateThat() {}
+    }
+    
+    DefaultAnnotationResolver annotationResolver = new DefaultAnnotationResolver();
+
+    @Test
+    public void testAnnotationFoundFromClass() throws SecurityException, NoSuchMethodException
{
+	MyFixture myFixture = new MyFixture();
+	MethodInvocation methodInvocation = createMock(MethodInvocation.class);
+	Method method = MyFixture.class.getDeclaredMethod("operateThis");
+        expect(methodInvocation.getMethod()).andReturn(method);
+        expect(methodInvocation.getThis()).andReturn(myFixture);
+        replay(methodInvocation);
+	assertNotNull(annotationResolver.getAnnotation(methodInvocation, RequiresRoles.class));
+    }
+    
+    @Test
+    public void testAnnotationFoundFromMethod() throws SecurityException, NoSuchMethodException
{
+	MethodInvocation methodInvocation = createMock(MethodInvocation.class);
+	Method method = MyFixture.class.getDeclaredMethod("operateThat");
+        expect(methodInvocation.getMethod()).andReturn(method);
+        replay(methodInvocation);
+	assertNotNull(annotationResolver.getAnnotation(methodInvocation, RequiresUser.class));
+    }
+}
+

Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/PermissionAnnotationHandlerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/PermissionAnnotationHandlerTest.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/PermissionAnnotationHandlerTest.java
(original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/PermissionAnnotationHandlerTest.java
Tue Jul 27 03:42:14 2010
@@ -37,8 +37,8 @@ public class PermissionAnnotationHandler
         PermissionAnnotationHandler handler = new PermissionAnnotationHandler();
 
         Annotation requiresPermissionAnnotation = new RequiresPermissions() {
-            public String value() {
-                return "test:test";
+            public String[] value() {
+                return new String[]{"test:test"};
             }
 
             public Class<? extends Annotation> annotationType() {
@@ -56,8 +56,8 @@ public class PermissionAnnotationHandler
         PermissionAnnotationHandler handler = new PermissionAnnotationHandler();
 
         Annotation requiresPermissionAnnotation = new RequiresPermissions() {
-            public String value() {
-                return "test:test, test2:test2";
+            public String[] value() {
+                return new String[]{"test:test", "test2:test2"};
             }
 
             public Class<? extends Annotation> annotationType() {

Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/RoleAnnotationHandlerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/RoleAnnotationHandlerTest.java?rev=979512&r1=979511&r2=979512&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/RoleAnnotationHandlerTest.java
(original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/authz/aop/RoleAnnotationHandlerTest.java
Tue Jul 27 03:42:14 2010
@@ -37,8 +37,8 @@ public class RoleAnnotationHandlerTest e
         RoleAnnotationHandler handler = new RoleAnnotationHandler();
 
         Annotation requiresRolesAnnotation = new RequiresRoles() {
-            public String value() {
-                return "blah";
+            public String[] value() {
+                return new String[]{"blah"};
             }
 
             public Class<? extends Annotation> annotationType() {
@@ -56,8 +56,8 @@ public class RoleAnnotationHandlerTest e
         RoleAnnotationHandler handler = new RoleAnnotationHandler();
 
         Annotation requiresRolesAnnotation = new RequiresRoles() {
-            public String value() {
-                return "blah, blah2";
+            public String[] value() {
+                return new String[]{"blah", "blah2"};
             }
 
             public Class<? extends Annotation> annotationType() {



Mime
View raw message