mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
PRODENG-276: Resolved PMD issues.
This commit is contained in:
Jamal Kaabi-Mofrad
@@ -81,25 +81,24 @@ public interface PermissionService
|
||||
/**
|
||||
* The dynamic authority for the Admin service account.
|
||||
*/
|
||||
String ADMIN_SERVICE_ACCOUNT_AUTHORITY = "ROLE_ADMIN_SERVICE_ACCOUNT";
|
||||
String ADMIN_SVC_AUTHORITY = "ROLE_ADMIN_SERVICE_ACCOUNT";
|
||||
|
||||
/**
|
||||
* The dynamic authority for the Collaborator service account.
|
||||
*/
|
||||
String COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY = "ROLE_COLLABORATOR_SERVICE_ACCOUNT";
|
||||
String COLLABORATOR_SVC_AUTHORITY = "ROLE_COLLABORATOR_SERVICE_ACCOUNT";
|
||||
|
||||
/**
|
||||
* The dynamic authority for the Editor service account.
|
||||
*/
|
||||
String EDITOR_SERVICE_ACCOUNT_AUTHORITY = "ROLE_EDITOR_SERVICE_ACCOUNT";
|
||||
String EDITOR_SVC_AUTHORITY = "ROLE_EDITOR_SERVICE_ACCOUNT";
|
||||
|
||||
/**
|
||||
* A convenient set of service account authorities to simplify checks
|
||||
* for whether a given authority is a service account authority or not.
|
||||
*/
|
||||
Set<String> SERVICE_ACCOUNT_AUTHORITIES_SET = Set.of(ADMIN_SERVICE_ACCOUNT_AUTHORITY,
|
||||
COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY,
|
||||
EDITOR_SERVICE_ACCOUNT_AUTHORITY);
|
||||
Set<String> SVC_AUTHORITIES_SET = Set.of(ADMIN_SVC_AUTHORITY, COLLABORATOR_SVC_AUTHORITY,
|
||||
EDITOR_SVC_AUTHORITY);
|
||||
|
||||
/**
|
||||
* The permission for all - not defined in the model. Repsected in the code.
|
||||
|
||||
@@ -25,6 +25,7 @@
|
||||
*/
|
||||
package org.alfresco.repo.sa;
|
||||
|
||||
import java.util.Locale;
|
||||
import java.util.Optional;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
@@ -114,9 +115,9 @@ public class ServiceAccountRegistryImpl implements ServiceAccountRegistry, Initi
|
||||
return;
|
||||
}
|
||||
// Ensure the role is in uppercase and has the prefix
|
||||
role = role.toUpperCase();
|
||||
role = role.toUpperCase(Locale.ENGLISH);
|
||||
role = getRoleWithPrefix(role);
|
||||
if (!PermissionService.SERVICE_ACCOUNT_AUTHORITIES_SET.contains(role))
|
||||
if (!PermissionService.SVC_AUTHORITIES_SET.contains(role))
|
||||
{
|
||||
LOGGER.warn("Invalid service account role '{}'. The role is not recognized.", role);
|
||||
return;
|
||||
|
||||
@@ -156,15 +156,15 @@
|
||||
</bean>
|
||||
<bean id="adminServiceAccountAuthority" class="org.alfresco.repo.security.permissions.dynamic.ServiceAccountAuthority"
|
||||
parent="baseServiceAccountAuthority">
|
||||
<property name="authority" value="#{T(org.alfresco.service.cmr.security.PermissionService).ADMIN_SERVICE_ACCOUNT_AUTHORITY}"/>
|
||||
<property name="authority" value="#{T(org.alfresco.service.cmr.security.PermissionService).ADMIN_SVC_AUTHORITY}"/>
|
||||
</bean>
|
||||
<bean id="collaboratorServiceAccountAuthority" class="org.alfresco.repo.security.permissions.dynamic.ServiceAccountAuthority"
|
||||
parent="baseServiceAccountAuthority">
|
||||
<property name="authority" value="#{T(org.alfresco.service.cmr.security.PermissionService).COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY}"/>
|
||||
<property name="authority" value="#{T(org.alfresco.service.cmr.security.PermissionService).COLLABORATOR_SVC_AUTHORITY}"/>
|
||||
</bean>
|
||||
<bean id="editorServiceAccountAuthority" class="org.alfresco.repo.security.permissions.dynamic.ServiceAccountAuthority"
|
||||
parent="baseServiceAccountAuthority">
|
||||
<property name="authority" value="#{T(org.alfresco.service.cmr.security.PermissionService).EDITOR_SERVICE_ACCOUNT_AUTHORITY}"/>
|
||||
<property name="authority" value="#{T(org.alfresco.service.cmr.security.PermissionService).EDITOR_SVC_AUTHORITY}"/>
|
||||
</bean>
|
||||
|
||||
<!-- =========================== -->
|
||||
|
||||
@@ -25,9 +25,9 @@
|
||||
*/
|
||||
package org.alfresco.repo.sa;
|
||||
|
||||
import static org.alfresco.service.cmr.security.PermissionService.ADMIN_SERVICE_ACCOUNT_AUTHORITY;
|
||||
import static org.alfresco.service.cmr.security.PermissionService.COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY;
|
||||
import static org.alfresco.service.cmr.security.PermissionService.EDITOR_SERVICE_ACCOUNT_AUTHORITY;
|
||||
import static org.alfresco.service.cmr.security.PermissionService.ADMIN_SVC_AUTHORITY;
|
||||
import static org.alfresco.service.cmr.security.PermissionService.COLLABORATOR_SVC_AUTHORITY;
|
||||
import static org.alfresco.service.cmr.security.PermissionService.EDITOR_SVC_AUTHORITY;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
@@ -71,7 +71,7 @@ public class ServiceAccountRegistryImplTest
|
||||
@Test
|
||||
public void testInvalidServiceAccountName()
|
||||
{
|
||||
globalProperties.put("serviceaccount.role. ", ADMIN_SERVICE_ACCOUNT_AUTHORITY);
|
||||
globalProperties.put("serviceaccount.role. ", ADMIN_SVC_AUTHORITY);
|
||||
assertTrue("Invalid service account name.", serviceAccountService.getServiceAccountNames().isEmpty());
|
||||
}
|
||||
|
||||
@@ -100,43 +100,43 @@ public class ServiceAccountRegistryImplTest
|
||||
@Test
|
||||
public void testValidServiceAccount() throws Exception
|
||||
{
|
||||
globalProperties.put("serviceaccount.role.testServiceAccount", ADMIN_SERVICE_ACCOUNT_AUTHORITY);
|
||||
globalProperties.put("serviceaccount.role.testServiceAccount", ADMIN_SVC_AUTHORITY);
|
||||
serviceAccountService.afterPropertiesSet();
|
||||
|
||||
Optional<String> testServiceAccount = serviceAccountService.getServiceAccountRole("testServiceAccount");
|
||||
assertFalse("The service account role is not empty.", testServiceAccount.isEmpty());
|
||||
assertEquals(ADMIN_SERVICE_ACCOUNT_AUTHORITY, testServiceAccount.get());
|
||||
assertEquals(ADMIN_SVC_AUTHORITY, testServiceAccount.get());
|
||||
assertEquals(1, serviceAccountService.getServiceAccountNames().size());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testManyServiceAccounts() throws Exception
|
||||
{
|
||||
globalProperties.put("serviceaccount.role.testEditorSA", EDITOR_SERVICE_ACCOUNT_AUTHORITY);
|
||||
globalProperties.put("serviceaccount.role.testCollaboratorSA", COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY);
|
||||
globalProperties.put("serviceaccount.role.testAdminSA", ADMIN_SERVICE_ACCOUNT_AUTHORITY);
|
||||
globalProperties.put("serviceaccount.role.testEditorSA", EDITOR_SVC_AUTHORITY);
|
||||
globalProperties.put("serviceaccount.role.testCollaboratorSA", COLLABORATOR_SVC_AUTHORITY);
|
||||
globalProperties.put("serviceaccount.role.testAdminSA", ADMIN_SVC_AUTHORITY);
|
||||
serviceAccountService.afterPropertiesSet();
|
||||
|
||||
assertEquals(3, serviceAccountService.getServiceAccountNames().size());
|
||||
|
||||
Optional<String> editorSA = serviceAccountService.getServiceAccountRole("testEditorSA");
|
||||
assertFalse("The service account role is not empty.", editorSA.isEmpty());
|
||||
assertEquals(EDITOR_SERVICE_ACCOUNT_AUTHORITY, editorSA.get());
|
||||
assertEquals(EDITOR_SVC_AUTHORITY, editorSA.get());
|
||||
|
||||
Optional<String> collaboratorSA = serviceAccountService.getServiceAccountRole("testCollaboratorSA");
|
||||
assertFalse("The service account role is not empty.", collaboratorSA.isEmpty());
|
||||
assertEquals(COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY, collaboratorSA.get());
|
||||
assertEquals(COLLABORATOR_SVC_AUTHORITY, collaboratorSA.get());
|
||||
|
||||
Optional<String> adminSA = serviceAccountService.getServiceAccountRole("testAdminSA");
|
||||
assertFalse("The service account role is not empty.", adminSA.isEmpty());
|
||||
assertEquals(ADMIN_SERVICE_ACCOUNT_AUTHORITY, adminSA.get());
|
||||
assertEquals(ADMIN_SVC_AUTHORITY, adminSA.get());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testValidServiceAccountRoleValues() throws Exception
|
||||
{
|
||||
globalProperties.put("serviceaccount.role.testEditorSA", "EDITOR_SERVICE_ACCOUNT");
|
||||
globalProperties.put("serviceaccount.role.testCollaboratorSA", COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY);
|
||||
globalProperties.put("serviceaccount.role.testCollaboratorSA", COLLABORATOR_SVC_AUTHORITY);
|
||||
globalProperties.put("serviceaccount.role.testAdminSA", "ADMIN_SERVICE_ACCOUNT");
|
||||
serviceAccountService.afterPropertiesSet();
|
||||
|
||||
@@ -144,14 +144,14 @@ public class ServiceAccountRegistryImplTest
|
||||
|
||||
Optional<String> editorSA = serviceAccountService.getServiceAccountRole("testEditorSA");
|
||||
assertFalse("The service account role is not empty.", editorSA.isEmpty());
|
||||
assertEquals(EDITOR_SERVICE_ACCOUNT_AUTHORITY, editorSA.get());
|
||||
assertEquals(EDITOR_SVC_AUTHORITY, editorSA.get());
|
||||
|
||||
Optional<String> collaboratorSA = serviceAccountService.getServiceAccountRole("testCollaboratorSA");
|
||||
assertFalse("The service account role is not empty.", collaboratorSA.isEmpty());
|
||||
assertEquals(COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY, collaboratorSA.get());
|
||||
assertEquals(COLLABORATOR_SVC_AUTHORITY, collaboratorSA.get());
|
||||
|
||||
Optional<String> adminSA = serviceAccountService.getServiceAccountRole("testAdminSA");
|
||||
assertFalse("The service account role is not empty.", adminSA.isEmpty());
|
||||
assertEquals(ADMIN_SERVICE_ACCOUNT_AUTHORITY, adminSA.get());
|
||||
assertEquals(ADMIN_SVC_AUTHORITY, adminSA.get());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -66,9 +66,9 @@ import org.springframework.context.ApplicationContext;
|
||||
* </pre>
|
||||
* The service account roles that currently supported are:
|
||||
* <ul>
|
||||
* <li>{@link PermissionService#EDITOR_SERVICE_ACCOUNT_AUTHORITY}</li>
|
||||
* <li>{@link PermissionService#COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY}</li>
|
||||
* <li>{@link PermissionService#ADMIN_SERVICE_ACCOUNT_AUTHORITY}</li>
|
||||
* <li>{@link PermissionService#EDITOR_SVC_AUTHORITY}</li>
|
||||
* <li>{@link PermissionService#COLLABORATOR_SVC_AUTHORITY}</li>
|
||||
* <li>{@link PermissionService#ADMIN_SVC_AUTHORITY}</li>
|
||||
* </ul>
|
||||
* The test class relies on the following service accounts defined in the <i>alfresco-global.properties</i> file:
|
||||
* <ul>
|
||||
@@ -173,9 +173,9 @@ public class ServiceAccountRoleTest
|
||||
|
||||
private static void serviceAccountsShouldExistInGlobalProperties()
|
||||
{
|
||||
assertServiceAccountIsDefined(PermissionService.EDITOR_SERVICE_ACCOUNT_AUTHORITY, EDITOR_SA.getUsername());
|
||||
assertServiceAccountIsDefined(PermissionService.COLLABORATOR_SERVICE_ACCOUNT_AUTHORITY, COLLABORATOR_SA.getUsername());
|
||||
assertServiceAccountIsDefined(PermissionService.ADMIN_SERVICE_ACCOUNT_AUTHORITY, ADMIN_SA.getUsername());
|
||||
assertServiceAccountIsDefined(PermissionService.EDITOR_SVC_AUTHORITY, EDITOR_SA.getUsername());
|
||||
assertServiceAccountIsDefined(PermissionService.COLLABORATOR_SVC_AUTHORITY, COLLABORATOR_SA.getUsername());
|
||||
assertServiceAccountIsDefined(PermissionService.ADMIN_SVC_AUTHORITY, ADMIN_SA.getUsername());
|
||||
}
|
||||
|
||||
private static void assertServiceAccountIsDefined(String expectedRole, String username)
|
||||
|
||||
Reference in New Issue
Block a user