inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-452: RM seurity context will break core Alfresco if Alfresco's public services change

Browse Source 
* core method security no long redefined within the rm module
 * rm method security defined in a properties file
 * can be overridden/extended by adding rm-method-security.properties to alfresco/extension



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/BRANCHES/V2.0-BUG-FIX@39590 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Roy Wetherall
2012-07-23 06:08:10 +00:00
parent 9ca6967e05
commit 4c088728b1
12 changed files with 466 additions and 537 deletions
Download Patch File Download Diff File Expand all files Collapse all files

184
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RMMethodSecurityPostProcessor.java Normal file
View File

@@ -0,0 +1,184 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.PropertyValue;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.beans.factory.config.TypedStringValue;
/**
* Records management method security post processor.
* <p>
* Combines RM method security configuration with that of the core server before the security
* bean is instantiated.
*
* @author Roy Wetherall
*/
public class RMMethodSecurityPostProcessor implements BeanFactoryPostProcessor
{
private static Log logger = LogFactory.getLog(RMMethodSecurityPostProcessor.class);
public static final String RM_BEAN_NAME_PREFIX = "RM_";
public static final String PROP_OBJECT_DEFINITION_SOURCE = "objectDefinitionSource";
/** Security bean names */
private Set<String> securityBeanNames;
private Set<String> securityBeanNameCache;
/** Configuration properties */
private Properties properties;
/**
* Set of security beans to apply RM configuration to.
* <p>
* Used in the case where the security bean does not follow the standard naming convention.
*
* @param securityBeanNames security bean names
*/
public void setSecurityBeanNames(Set<String> securityBeanNames)
{
this.securityBeanNames = securityBeanNames;
}
/**
* @param properties configuration properties
*/
public void setProperties(Properties properties)
{
this.properties = properties;
}
/**
* @see org.springframework.beans.factory.config.BeanFactoryPostProcessor#postProcessBeanFactory(org.springframework.beans.factory.config.ConfigurableListableBeanFactory)
*/
@Override
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException
{
for (String bean : getSecurityBeanNames(beanFactory))
{
if (beanFactory.containsBeanDefinition(bean) == true)
{
System.out.println("For security bean defintion: " + bean);
BeanDefinition beanDef = beanFactory.getBeanDefinition(bean);
PropertyValue beanValue = beanDef.getPropertyValues().getPropertyValue(PROP_OBJECT_DEFINITION_SOURCE);
String beanStringValue = (String)((TypedStringValue)beanValue.getValue()).getValue();
String mergedStringValue = merge(beanStringValue);
beanDef.getPropertyValues().addPropertyValue(PROP_OBJECT_DEFINITION_SOURCE, new TypedStringValue(mergedStringValue));
}
}
}
private Set<String> getSecurityBeanNames(ConfigurableListableBeanFactory beanFactory)
{
if (securityBeanNameCache == null)
{
securityBeanNameCache = new HashSet<String>(21);
if (securityBeanNames != null)
{
securityBeanNameCache.addAll(securityBeanNames);
}
for (Object key : properties.keySet())
{
String[] split = ((String)key).split("\\.");
int index = split.length - 2;
String securityBeanName = split[index] + "_security";
if (securityBeanNameCache.contains(securityBeanName) == false && beanFactory.containsBean(securityBeanName) == true)
{
securityBeanNameCache.add(securityBeanName);
}
}
}
return securityBeanNameCache;
}
/**
* @param beanStringValue
* @param rmBeanStringValue
* @return
*/
private String merge(String beanStringValue)
{
Map<String, String> map = convertToMap(beanStringValue);
for (Map.Entry<String, String> entry : map.entrySet())
{
String key = entry.getKey();
String propKey = "rm.methodsecurity." + key;
if (properties.containsKey(propKey) == true)
{
map.put(key, entry.getValue() + "," + properties.getProperty(propKey));
}
else
{
if (logger.isWarnEnabled() == true)
{
logger.warn("Missing RM security definition for method " + key);
}
System.out.println("Missing RM security definition for method " + key);
}
}
return convertToString(map);
}
/**
* @param stringValue
* @return
*/
private Map<String, String> convertToMap(String stringValue)
{
String[] values = stringValue.trim().split("\n");
Map<String, String> map = new HashMap<String, String>(values.length);
for (String value : values)
{
String[] pair = value.trim().split("=");
map.put(pair[0], pair[1]);
}
return map;
}
/**
* @param map
* @return
*/
private String convertToString(Map<String, String> map)
{
StringBuffer buffer = new StringBuffer(256);
for (Map.Entry<String, String> entry : map.entrySet())
{
buffer.append(entry.getKey()).append("=").append(entry.getValue()).append("\n");
}
return buffer.toString();
}
}

2
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityService.java
View File

@@ -18,12 +18,10 @@
*/
package org.alfresco.module.org_alfresco_module_rm.security;
import java.util.Map;
import java.util.Set;
import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
/**

3
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
@@ -39,7 +39,6 @@ import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;