CSPACE-1346 refactored permission-config to permissions.xsd, removed parent-child relationship between perm and role...made it association, permission-action has parent child rel added id, etc., added list
CSPACE-1347 refactored users_roles into users_roles.xsd, added list
cleaned up persistence.xml, removed list classes if not used in persistence
test: authz gen_ddl, create_db, gentest, seedtest, mvn test at the service level
M services/JaxRsServiceProvider/src/main/resources/META-INF/persistence.xml
M services/account/pstore/src/test/resources/META-INF/persistence.xml
_M services/authorization
M services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java
A services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AbstractAuthorizationTestImpl.java
A services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java
M services/authorization/service/src/test/resources/test-data/test-permissions.xml
A services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml
M services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java
D services/authorization/jaxb/src/test/resources/META-INF/persistence.xml
D services/authorization/jaxb/src/test/resources/hibernate.cfg.xml
A + services/authorization/jaxb/src/main/resources/roles.xsd
A services/authorization/jaxb/src/main/resources/users_roles.xsd
D services/authorization/jaxb/src/main/resources/authorization_provider.xsd
A services/authorization/jaxb/src/main/resources/permissions.xsd
A services/authorization/jaxb/src/main/resources/permissions_roles.xsd
M services/authorization/pstore/src/test/resources/META-INF/persistence.xml
M services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql
M services/authorization/pstore/src/main/resources/db/mysql/authorization.sql
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<non-jta-data-source>CspaceDS</non-jta-data-source>
<class>org.collectionspace.services.account.AccountsCommon</class>
- <class>org.collectionspace.services.account.AccountsCommonList$AccountListItem</class>
<class>org.collectionspace.services.account.Tenant</class>
<class>org.collectionspace.services.account.AccountTenant</class>
<class>org.collectionspace.services.account.Status</class>
<class>org.collectionspace.services.authentication.User</class>
<class>org.collectionspace.services.authorization.Role</class>
<class>org.collectionspace.services.authorization.UserRole</class>
-
<properties>
<property name="hibernate.dialect" value="org.hibernate.dialect.MySQLDialect"/>
<property name="hibernate.max_fetch_depth" value="3"/>
http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<persistence-unit name="org.collectionspace.services.account">
<class>org.collectionspace.services.account.AccountsCommon</class>
- <class>org.collectionspace.services.account.AccountsCommonList</class>
- <class>org.collectionspace.services.account.AccountsCommonList$AccountListItem</class>
<class>org.collectionspace.services.account.Tenant</class>
<class>org.collectionspace.services.account.AccountTenant</class>
<class>org.collectionspace.services.account.Status</class>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-
-<!--
- CollectionSpace default (security) authorization provider schema (XSD)
-
- Entity(s) : roles, users_roles
- Used for:
-
- $LastChangedRevision: 916 $
- $LastChangedDate: 2009-11-05 16:59:20 -0800 (Thu, 05 Nov 2009) $
--->
-
-<xs:schema
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
- xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations"
- xmlns:orm="http://java.sun.com/xml/ns/persistence/orm"
- xmlns:ns="http://collectionspace.org/services/authorization"
- xmlns="http://collectionspace.org/services/authorization"
- targetNamespace="http://collectionspace.org/services/authorization"
- version="0.1"
- jaxb:extensionBindingPrefixes="hj orm"
- >
-
- <!--
- Avoid XmlRootElement nightmare:
- See http://weblogs.java.net/blog/kohsuke/archive/2006/03/why_does_jaxb_p.html
--->
-<!--
- Notes for MySQL
- MySQL puts key length limit of 1000 bytes
- username - rolename constraint should be within 1000 bytes
- hbm2ddl makes column length >= 256 as long text, such as column cannot be used
- in defining a key (pk, fk or constraint)
--->
- <xs:element name="role">
- <xs:complexType>
- <xs:annotation>
- <xs:documentation>Role definition in CollectionSpace</xs:documentation>
- <xs:appinfo>
- <hj:entity>
- <orm:table name="roles"/>
- </hj:entity>
- </xs:appinfo>
- </xs:annotation>
- <xs:sequence>
- <xs:element name="rolename" type="xs:string" minOccurs="1" maxOccurs="1">
- <xs:annotation>
- <xs:appinfo>
- <hj:id>
- <orm:column name="rolename" length="200" nullable="false"/>
- </hj:id>
- </xs:appinfo>
- </xs:annotation>
- </xs:element>
- <xs:element name="rolegroup" type="xs:string" minOccurs="1" maxOccurs="1">
- <xs:annotation>
- <xs:appinfo>
- <hj:basic>
- <orm:column name="rolegroup" nullable="false"/>
- </hj:basic>
- </xs:appinfo>
- </xs:annotation>
- </xs:element>
- <xs:element name="createdAt" type="xs:dateTime">
- <xs:annotation>
- <xs:appinfo>
- <hj:basic>
- <orm:column name="created_at" nullable="false"/>
- </hj:basic>
- </xs:appinfo>
- </xs:annotation>
- </xs:element>
- <xs:element name="updatedAt" type="xs:dateTime">
- <xs:annotation>
- <xs:appinfo>
- <hj:basic>
- <orm:column name="updated_at" />
- </hj:basic>
- </xs:appinfo>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="user_role">
- <xs:complexType>
- <xs:annotation>
- <xs:documentation>UserRole defines association between user and role in CollectionSpace</xs:documentation>
- <xs:appinfo>
- <hj:entity>
- <orm:table name="users_roles">
- <orm:unique-constraint>
- <!-- combined length should be < 1000 bytes -->
- <orm:column-name>username</orm:column-name>
- <orm:column-name>rolename</orm:column-name>
- </orm:unique-constraint>
- </orm:table>
- </hj:entity>
- </xs:appinfo>
- </xs:annotation>
- <xs:sequence>
- <xs:element name="username" type="xs:string" minOccurs="1" maxOccurs="1">
- <xs:annotation>
- <xs:appinfo>
- <hj:basic>
- <orm:column name="username" length="128" nullable="false"/>
- </hj:basic>
- </xs:appinfo>
- </xs:annotation>
- </xs:element>
- <xs:element name="rolename" type="xs:string" minOccurs="1" maxOccurs="1">
- <xs:annotation>
- <xs:appinfo>
- <hj:basic>
- <orm:column name="rolename" length="200" nullable="false"/>
- </hj:basic>
- </xs:appinfo>
- </xs:annotation>
- </xs:element>
- <xs:element name="createdAt" type="xs:dateTime">
- <xs:annotation>
- <xs:appinfo>
- <hj:basic>
- <orm:column name="created_at" nullable="false"/>
- </hj:basic>
- </xs:appinfo>
- </xs:annotation>
- </xs:element>
- <xs:element name="updatedAt" type="xs:dateTime">
- <xs:annotation>
- <xs:appinfo>
- <hj:basic>
- <orm:column name="updated_at" />
- </hj:basic>
- </xs:appinfo>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="permission_config_list">
- <xs:complexType>
- <xs:sequence>
- <xs:annotation>
- <xs:documentation>permission configuration list</xs:documentation>
- </xs:annotation>
- <xs:element name="permission" type="permission_config" minOccurs="1" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-
- <xs:complexType name="permission_config">
- <xs:annotation>
- <xs:documentation>CspacePermissionConfig describes permission in CollectionSpace</xs:documentation>
- <xs:appinfo>
- <hj:ignored/>
- </xs:appinfo>
- </xs:annotation>
- <xs:sequence>
- <xs:annotation>
- <xs:documentation>
- resourceName could be a servicename or a servicename#attribute
- </xs:documentation>
- </xs:annotation>
- <xs:element name="resourceName" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="action" type="ActionType" minOccurs="1" maxOccurs="unbounded"/>
- <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
- <xs:element name="user" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="effect" type="EffectType" minOccurs="1" maxOccurs="1"/>
- </xs:sequence>
- </xs:complexType>
-
-
- <xs:simpleType name = "ActionType">
- <xs:annotation>
- <xs:documentation>Action describes the actions that coudl be taken</xs:documentation>
- </xs:annotation>
- <xs:restriction base = "xs:string">
- <xs:enumeration value = "CREATE"/>
- <xs:enumeration value = "READ"/>
- <xs:enumeration value = "UPDATE"/>
- <xs:enumeration value = "DELETE"/>
- <xs:enumeration value = "SEARCH"/>
- <xs:enumeration value = "START"/>
- <xs:enumeration value = "STOP"/>
- <xs:enumeration value = "RUN"/>
- <xs:enumeration value = "ADMIN"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:simpleType name = "EffectType">
- <xs:annotation>
- <xs:documentation>EffectType describes the effect of access control</xs:documentation>
- </xs:annotation>
- <xs:restriction base = "xs:string">
- <xs:enumeration value = "PERMIT"/>
- <xs:enumeration value = "DENY"/>
- </xs:restriction>
- </xs:simpleType>
-
-</xs:schema>
-
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+
+<!--
+ CollectionSpace default (security) authorization provider schema (XSD)
+
+ Entity(s) : roles, users_roles
+ Used for:
+
+ $LastChangedRevision: 916 $
+ $LastChangedDate: 2009-11-05 16:59:20 -0800 (Thu, 05 Nov 2009) $
+-->
+
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+ xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations"
+ xmlns:orm="http://java.sun.com/xml/ns/persistence/orm"
+ xmlns:ns="http://collectionspace.org/services/authorization"
+ xmlns="http://collectionspace.org/services/authorization"
+ targetNamespace="http://collectionspace.org/services/authorization"
+ version="0.1"
+ jaxb:extensionBindingPrefixes="hj orm"
+ >
+
+ <!--
+ Avoid XmlRootElement nightmare:
+ See http://weblogs.java.net/blog/kohsuke/archive/2006/03/why_does_jaxb_p.html
+-->
+
+
+ <xs:element name="permissions_list">
+ <xs:complexType>
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:ignored/>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:annotation>
+ <xs:documentation>permission configuration list</xs:documentation>
+ </xs:annotation>
+ <xs:element name="permission" type="permission" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="permission">
+ <xs:annotation>
+ <xs:documentation>
+ CspacePermissionConfig describes permission in CollectionSpace
+ - resourceName could be a service path, e.g. collectionobjects or intakes
+ no need to give slash at the beginning or end
+ - attributeName could be an attribute of the service schema
+ e.g. otherNumber from collectionobjects_common
+ - action describes the actions that could be taken on given resource (and attribute)
+ - effect describes the effect of the access control for the action
+ performed on the given resource (and attribute)
+ </xs:documentation>
+ <xs:appinfo>
+ <hj:entity>
+ <orm:table name="permissions"/>
+ </hj:entity>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="description" />
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="resourceName" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="resource_name" length="128" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="attributeName" type="xs:string" minOccurs="0" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="attribute_name" length="128" nullable="true"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="action" type="permission_action" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="effect" type="EffectType" minOccurs="1" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="effect" length="32" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="createdAt" type="xs:dateTime">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="created_at" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="updatedAt" type="xs:dateTime">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="updated_at" />
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="csid" type="xs:string">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:id>
+ <orm:column name="csid" length="128" nullable="false"/>
+ </hj:id>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
+
+ <xs:complexType name="permission_action">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:entity>
+ <orm:table name="permissions_actions">
+ </orm:table>
+ </hj:entity>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:element name="name" type="ActionType" minOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="name" length="128" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:simpleType name = "ActionType">
+ <xs:restriction base = "xs:string">
+ <xs:enumeration value = "CREATE"/>
+ <xs:enumeration value = "READ"/>
+ <xs:enumeration value = "UPDATE"/>
+ <xs:enumeration value = "DELETE"/>
+ <xs:enumeration value = "SEARCH"/>
+ <xs:enumeration value = "START"/>
+ <xs:enumeration value = "STOP"/>
+ <xs:enumeration value = "RUN"/>
+ <xs:enumeration value = "ADMIN"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name = "EffectType">
+ <xs:restriction base = "xs:string">
+ <xs:enumeration value = "PERMIT"/>
+ <xs:enumeration value = "DENY"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+</xs:schema>
+
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+
+<!--
+ CollectionSpace default (security) authorization provider schema (XSD)
+
+ Entity(s) : permissions_roles
+ Used for:
+
+ $LastChangedRevision: 916 $
+ $LastChangedDate: 2009-11-05 16:59:20 -0800 (Thu, 05 Nov 2009) $
+-->
+
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+ xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations"
+ xmlns:orm="http://java.sun.com/xml/ns/persistence/orm"
+ xmlns:ns="http://collectionspace.org/services/authorization"
+ xmlns="http://collectionspace.org/services/authorization"
+ targetNamespace="http://collectionspace.org/services/authorization"
+ version="0.1"
+ jaxb:extensionBindingPrefixes="hj orm"
+ >
+
+ <!--
+ Avoid XmlRootElement nightmare:
+ See http://weblogs.java.net/blog/kohsuke/archive/2006/03/why_does_jaxb_p.html
+-->
+<!--
+ Notes for MySQL
+ MySQL puts key length limit of 1000 bytes
+ username - rolename constraint should be within 1000 bytes
+ hbm2ddl makes column length >= 256 as long text, such as column cannot be used
+ in defining a key (pk, fk or constraint)
+ -->
+ <xs:element name="permissions_roles_list">
+ <xs:complexType>
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:ignored/>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:annotation>
+ <xs:documentation>permission role list</xs:documentation>
+ </xs:annotation>
+ <xs:element name="permissionRole" type="permission_role" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="permission_role">
+ <xs:annotation>
+ <xs:documentation>PermissionRole defines association between permission and role in CollectionSpace</xs:documentation>
+ <xs:appinfo>
+ <hj:entity>
+ <orm:table name="permissions_roles">
+ <orm:unique-constraint>
+ <!-- combined length should be < 1000 bytes -->
+ <orm:column-name>permission_id</orm:column-name>
+ <orm:column-name>rolename</orm:column-name>
+ </orm:unique-constraint>
+ </orm:table>
+ </hj:entity>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:element name="permissionId" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="permission_id" length="128" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="roleName" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="rolename" length="200" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="createdAt" type="xs:dateTime">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="created_at" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="updatedAt" type="xs:dateTime">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="updated_at" />
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+
+
+</xs:schema>
+
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+
+<!--
+ CollectionSpace default (security) authorization provider schema (XSD)
+
+ Entity(s) : roles, users_roles
+ Used for:
+
+ $LastChangedRevision: 916 $
+ $LastChangedDate: 2009-11-05 16:59:20 -0800 (Thu, 05 Nov 2009) $
+-->
+
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+ xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations"
+ xmlns:orm="http://java.sun.com/xml/ns/persistence/orm"
+ xmlns:ns="http://collectionspace.org/services/authorization"
+ xmlns="http://collectionspace.org/services/authorization"
+ targetNamespace="http://collectionspace.org/services/authorization"
+ version="0.1"
+ jaxb:extensionBindingPrefixes="hj orm"
+ >
+
+ <!--
+ Avoid XmlRootElement nightmare:
+ See http://weblogs.java.net/blog/kohsuke/archive/2006/03/why_does_jaxb_p.html
+-->
+<!--
+ Notes for MySQL
+ MySQL puts key length limit of 1000 bytes
+ username - rolename constraint should be within 1000 bytes
+ hbm2ddl makes column length >= 256 as long text, such as column cannot be used
+ in defining a key (pk, fk or constraint)
+ -->
+ <xs:element name="roles_list">
+ <xs:complexType>
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:ignored/>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:annotation>
+ <xs:documentation>role list</xs:documentation>
+ </xs:annotation>
+ <xs:element name="role" type="role" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="role">
+ <xs:annotation>
+ <xs:documentation>Role definition in CollectionSpace</xs:documentation>
+ <xs:appinfo>
+ <hj:entity>
+ <orm:table name="roles"/>
+ </hj:entity>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:element name="roleName" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:id>
+ <orm:column name="rolename" length="200" nullable="false"/>
+ </hj:id>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="description" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="description" />
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="roleGroup" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="rolegroup" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="createdAt" type="xs:dateTime">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="created_at" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="updatedAt" type="xs:dateTime">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="updated_at" />
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+
+
+</xs:schema>
+
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+
+<!--
+ CollectionSpace default (security) authorization provider schema (XSD)
+
+ Entity(s) : roles, users_roles
+ Used for:
+
+ $LastChangedRevision: 916 $
+ $LastChangedDate: 2009-11-05 16:59:20 -0800 (Thu, 05 Nov 2009) $
+-->
+
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+ xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations"
+ xmlns:orm="http://java.sun.com/xml/ns/persistence/orm"
+ xmlns:ns="http://collectionspace.org/services/authorization"
+ xmlns="http://collectionspace.org/services/authorization"
+ targetNamespace="http://collectionspace.org/services/authorization"
+ version="0.1"
+ jaxb:extensionBindingPrefixes="hj orm"
+ >
+
+ <!--
+ Avoid XmlRootElement nightmare:
+ See http://weblogs.java.net/blog/kohsuke/archive/2006/03/why_does_jaxb_p.html
+-->
+<!--
+ Notes for MySQL
+ MySQL puts key length limit of 1000 bytes
+ username - rolename constraint should be within 1000 bytes
+ hbm2ddl makes column length >= 256 as long text, such as column cannot be used
+ in defining a key (pk, fk or constraint)
+ -->
+ <xs:element name="users_roles_list" >
+ <xs:complexType>
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:ignored/>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:annotation>
+ <xs:documentation>user role list</xs:documentation>
+ </xs:annotation>
+ <xs:element name="userRole" type="user_role" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="user_role">
+ <xs:annotation>
+ <xs:documentation>UserRole defines association between user and role in CollectionSpace</xs:documentation>
+ <xs:appinfo>
+ <hj:entity>
+ <orm:table name="users_roles">
+ <orm:unique-constraint>
+ <!-- combined length should be < 1000 bytes -->
+ <orm:column-name>username</orm:column-name>
+ <orm:column-name>rolename</orm:column-name>
+ </orm:unique-constraint>
+ </orm:table>
+ </hj:entity>
+ </xs:appinfo>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:element name="userName" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="username" length="128" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="roleName" type="xs:string" minOccurs="1" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="rolename" length="200" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="createdAt" type="xs:dateTime">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="created_at" nullable="false"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="updatedAt" type="xs:dateTime">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="updated_at" />
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+
+
+
+</xs:schema>
+
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<persistence version="1.0" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd
-http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <persistence-unit name="org.collectionspace.services.authorization">
- <class>org.collectionspace.services.authorization.Role</class>
- <class>org.collectionspace.services.authorization.UserRole</class>
- <properties>
- <property name="hibernate.ejb.cfgfile" value="hibernate.cfg.xml"/>
-
- <!--property name="hibernate.dialect" value="org.hibernate.dialect.MySQLDialect"/>
- <property name="hibernate.max_fetch_depth" value="3"/>
- <property name="hibernate.connection.driver_class" value="com.mysql.jdbc.Driver"/>
- <property name="hibernate.connection.username" value="test"/>
- <property name="hibernate.connection.password" value="test"/>
- <property name="hibernate.connection.url" value="jdbc:mysql://localhost:3306/cspace"/-->
- </properties>
- </persistence-unit>
-</persistence>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- Document : hibernate.cfg.xml.xml
- Created on : November 12, 2009, 12:02 PM
- Author : sanjaydalal
- Description:
- Purpose of the document follows.
--->
-<!DOCTYPE hibernate-configuration PUBLIC
- "-//Hibernate/Hibernate Configuration DTD 3.0//EN"
- "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
-<hibernate-configuration>
- <session-factory>
- <property name="connection.url">jdbc:mysql://localhost:3306/cspace</property>
- <property name="connection.driver_class">com.mysql.jdbc.Driver</property>
- <property name="connection.username">test</property>
- <property name="connection.password">test</property>
- <property name="dialect">org.hibernate.dialect.MySQLDialect</property>
- <property name="transaction.factory_class">org.hibernate.transaction.JDBCTransactionFactory</property>
- <property name="current_session_context_class">thread</property>
- <property name="hibernate.show_sql">true</property>
- </session-factory>
-</hibernate-configuration>
+alter table permissions_actions drop foreign key FK85F8204295972CE9;
+drop table if exists permissions;
+drop table if exists permissions_actions;
+drop table if exists permissions_roles;
drop table if exists roles;
drop table if exists users_roles;
-create table roles (rolename varchar(200) not null, created_at datetime not null, rolegroup varchar(255) not null, updated_at datetime, primary key (rolename));
+create table permissions (csid varchar(128) not null, attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, updated_at datetime, primary key (csid));
+create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, ACTION__PERMISSION_CSID varchar(128), primary key (HJID));
+create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, rolename varchar(200) not null, updated_at datetime, primary key (HJID), unique (permission_id, rolename));
+create table roles (rolename varchar(200) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255) not null, updated_at datetime, primary key (rolename));
create table users_roles (HJID bigint not null auto_increment, created_at datetime not null, rolename varchar(200) not null, updated_at datetime, username varchar(128) not null, primary key (HJID), unique (username, rolename));
+alter table permissions_actions add index FK85F8204295972CE9 (ACTION__PERMISSION_CSID), add constraint FK85F8204295972CE9 foreign key (ACTION__PERMISSION_CSID) references permissions (csid);
CREATE INDEX index_rolename ON roles (rolegroup);
CREATE INDEX index_username ON users_roles (username);
CREATE INDEX index_rolename ON users_roles (rolename);
+CREATE INDEX index_permission_id ON permissions_roles (permission_id);
+CREATE INDEX index_rolename ON permissions_roles (rolename);
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<persistence version="1.0" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd
-http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<persistence-unit name="org.collectionspace.services.authorization">
+ <class>org.collectionspace.services.authorization.Permission</class>
+ <class>org.collectionspace.services.authorization.PermissionAction</class>
+ <class>org.collectionspace.services.authorization.PermissionsList</class>
+ <class>org.collectionspace.services.authorization.PermissionRole</class>
+ <class>org.collectionspace.services.authorization.PermissionsRolesList</class>
<class>org.collectionspace.services.authorization.Role</class>
+ <class>org.collectionspace.services.authorization.RolesList</class>
<class>org.collectionspace.services.authorization.UserRole</class>
+ <class>org.collectionspace.services.authorization.UsersRolesList</class>
<properties>
<property name="hibernate.ejb.cfgfile" value="hibernate.cfg.xml"/>
*/
package org.collectionspace.services.authorization;
+import java.util.ArrayList;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
* addPermissions add permissions from given permission configuration
* @param permission configuration
*/
- public void addPermissions(PermissionConfig pConfig) {
- List<String> principals = pConfig.getRole();
- List<String> users = pConfig.getUser();
- principals.addAll(users);
- List<ActionType> actions = pConfig.getAction();
- for (ActionType action : actions) {
- URIResourceImpl uriRes = new URIResourceImpl(pConfig.getResourceName(),
- action);
+ public void addPermissions(Permission perm,
+ List<PermissionRole> permRoles) {
+ List<String> principals = new ArrayList<String>();
+ for (PermissionRole permRole : permRoles) {
+ if (!perm.getCsid().equals(permRole.getPermissionId())) {
+ throw new IllegalArgumentException("permission ids do not"
+ + " match role=" + permRole.getRoleName()
+ + " permission=" + perm.getCsid());
+ }
+ //assuming permrole belongs to the same perm
+ principals.add(permRole.getRoleName());
+ }
+ List<PermissionAction> permActions = perm.getAction();
+ for (PermissionAction permAction : permActions) {
+ URIResourceImpl uriRes = new URIResourceImpl(perm.getResourceName(),
+ permAction.getName());
addPermission(uriRes, principals.toArray(new String[0]));
}
}
--- /dev/null
+/**
+ * This document is a part of the source code and related artifacts
+ * for CollectionSpace, an open source collections management system
+ * for museums and related institutions:
+
+ * http://www.collectionspace.org
+ * http://wiki.collectionspace.org
+
+ * Copyright 2009 University of California at Berkeley
+
+ * Licensed under the Educational Community License (ECL), Version 2.0.
+ * You may not use this file except in compliance with this License.
+
+ * You may obtain a copy of the ECL 2.0 License at
+
+ * https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *//**
+ * This document is a part of the source code and related artifacts
+ * for CollectionSpace, an open source collections management system
+ * for museums and related institutions:
+
+ * http://www.collectionspace.org
+ * http://wiki.collectionspace.org
+
+ * Copyright 2009 University of California at Berkeley
+
+ * Licensed under the Educational Community License (ECL), Version 2.0.
+ * You may not use this file except in compliance with this License.
+
+ * You may obtain a copy of the ECL 2.0 License at
+
+ * https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.collectionspace.services.authorization.test;
+
+import java.io.File;
+import java.io.InputStream;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.HashSet;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import org.collectionspace.services.authorization.ActionType;
+import org.collectionspace.services.authorization.AuthZ;
+import org.collectionspace.services.authorization.Permission;
+import org.collectionspace.services.authorization.EffectType;
+import org.collectionspace.services.authorization.PermissionAction;
+import org.collectionspace.services.authorization.PermissionsList;
+import org.collectionspace.services.authorization.PermissionRole;
+import org.collectionspace.services.authorization.PermissionsList;
+import org.collectionspace.services.authorization.PermissionsRolesList;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.DefaultTransactionDefinition;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+/**
+ *
+ * @author
+ */
+public abstract class AbstractAuthorizationTestImpl {
+
+ final Logger logger = LoggerFactory.getLogger(AbstractAuthorizationTestImpl.class);
+ private org.springframework.jdbc.datasource.DataSourceTransactionManager txManager;
+
+ /**
+ * Returns the name of the currently running test.
+ *
+ * Note: although the return type is listed as Object[][],
+ * this method instead returns a String.
+ *
+ * @param m The currently running test method.
+ *
+ * @return The name of the currently running test method.
+ */
+ @DataProvider(name = "testName")
+ protected static Object[][] testName(Method m) {
+ return new Object[][]{
+ new Object[]{m.getName()}
+ };
+ }
+
+
+ protected void setup() {
+ ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext(
+ new String[]{"applicationContext-authorization-test.xml"});
+ login();
+ AuthZ authZ = AuthZ.get();
+ txManager = (org.springframework.jdbc.datasource.DataSourceTransactionManager) appContext.getBean("transactionManager");
+ }
+
+ protected void login() {
+ GrantedAuthority gauth = new GrantedAuthorityImpl("ROLE_ADMINISTRATOR");
+ HashSet<GrantedAuthority> gauths = new HashSet<GrantedAuthority>();
+ gauths.add(gauth);
+ Authentication authRequest = new UsernamePasswordAuthenticationToken("test", "test", gauths);
+ SecurityContextHolder.getContext().setAuthentication(authRequest);
+ }
+
+ protected void logout() {
+ SecurityContextHolder.getContext().setAuthentication(null);
+ }
+
+ protected TransactionStatus beginTransaction(String name) {
+ DefaultTransactionDefinition def = new DefaultTransactionDefinition();
+ // explicitly setting the transaction name is something that can only be done programmatically
+ def.setName(name);
+ def.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED);
+ return txManager.getTransaction(def);
+ }
+
+ protected void rollbackTransaction(TransactionStatus status) {
+ txManager.rollback(status);
+ }
+
+ protected void commitTransaction(TransactionStatus status) {
+ txManager.commit(status);
+ }
+
+
+ protected void toFile(Object o, Class jaxbClass, String fileName) {
+ File f = new File(fileName);
+ try {
+ JAXBContext jc = JAXBContext.newInstance(jaxbClass);
+ Marshaller m = jc.createMarshaller();
+ m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT,
+ Boolean.TRUE);
+ m.marshal(o, f);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ protected Object fromFile(Class jaxbClass, String fileName) throws Exception {
+ ClassLoader tccl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tccl.getResourceAsStream(fileName);
+ JAXBContext context = JAXBContext.newInstance(jaxbClass);
+ Unmarshaller unmarshaller = context.createUnmarshaller();
+ //note: setting schema to null will turn validator off
+ unmarshaller.setSchema(null);
+ return jaxbClass.cast(unmarshaller.unmarshal(is));
+ }
+
+ @Test(dataProvider = "testName", dataProviderClass = AbstractAuthorizationTestImpl.class)
+ public void test(String testName) {
+ if (logger.isDebugEnabled()) {
+ logger.debug(testName);
+ }
+ }
+}
--- /dev/null
+/**
+ * This document is a part of the source code and related artifacts
+ * for CollectionSpace, an open source collections management system
+ * for museums and related institutions:
+
+ * http://www.collectionspace.org
+ * http://wiki.collectionspace.org
+
+ * Copyright 2009 University of California at Berkeley
+
+ * Licensed under the Educational Community License (ECL), Version 2.0.
+ * You may not use this file except in compliance with this License.
+
+ * You may obtain a copy of the ECL 2.0 License at
+
+ * https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *//**
+ * This document is a part of the source code and related artifacts
+ * for CollectionSpace, an open source collections management system
+ * for museums and related institutions:
+
+ * http://www.collectionspace.org
+ * http://wiki.collectionspace.org
+
+ * Copyright 2009 University of California at Berkeley
+
+ * Licensed under the Educational Community License (ECL), Version 2.0.
+ * You may not use this file except in compliance with this License.
+
+ * You may obtain a copy of the ECL 2.0 License at
+
+ * https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.collectionspace.services.authorization.test;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import java.util.ArrayList;
+import org.collectionspace.services.authorization.ActionType;
+import org.collectionspace.services.authorization.Permission;
+import org.collectionspace.services.authorization.EffectType;
+import org.collectionspace.services.authorization.PermissionAction;
+import org.collectionspace.services.authorization.PermissionRole;
+import org.collectionspace.services.authorization.PermissionsList;
+import org.collectionspace.services.authorization.PermissionsRolesList;
+import org.testng.annotations.Test;
+
+/**
+ *
+ * @author
+ */
+public class AuthorizationGenTest extends AbstractAuthorizationTestImpl {
+
+ final Logger logger = LoggerFactory.getLogger(AuthorizationGenTest.class);
+
+ @Test
+ public void genPermissions() {
+ PermissionsList pcList = new PermissionsList();
+ ArrayList<Permission> apcList = new ArrayList<Permission>();
+ pcList.setPermission(apcList);
+
+ Permission accPerm = buildCommonPermission("1", "accounts");
+ apcList.add(accPerm);
+ Permission coPerm = buildCommonPermission("2", "collectionobjects");
+ apcList.add(coPerm);
+ toFile(pcList, PermissionsList.class, "./target/test-permissions.xml");
+
+ }
+
+ private Permission buildCommonPermission(String id, String resourceName) {
+ Permission perm = new Permission();
+ perm.setCsid(id);
+ perm.setResourceName(resourceName);
+ perm.setEffect(EffectType.PERMIT);
+
+ ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
+ perm.setAction(pas);
+
+ PermissionAction pa = new PermissionAction();
+ pa.setName(ActionType.CREATE);
+ pas.add(pa);
+ PermissionAction pa1 = new PermissionAction();
+ pa1.setName(ActionType.READ);
+ pas.add(pa1);
+ PermissionAction pa2 = new PermissionAction();
+ pa2.setName(ActionType.UPDATE);
+ pas.add(pa2);
+ PermissionAction pa3 = new PermissionAction();
+ pa3.setName(ActionType.DELETE);
+ pas.add(pa3);
+ return perm;
+ }
+
+ @Test
+ public void genPermissionsRoles() {
+ PermissionsRolesList psrsl = new PermissionsRolesList();
+ ArrayList<PermissionRole> prl = buildCommonPermissionRoles("1");
+ prl.addAll(buildCommonPermissionRoles("2"));
+ psrsl.setPermissionRole(prl);
+ toFile(psrsl, PermissionsRolesList.class, "./target/test-permissions-roles.xml");
+ }
+
+ private ArrayList<PermissionRole> buildCommonPermissionRoles(String id) {
+ ArrayList<PermissionRole> prl = new ArrayList<PermissionRole>();
+ PermissionRole pr = new PermissionRole();
+ pr.setPermissionId(id);
+ pr.setRoleName("ROLE_USERS");
+ prl.add(pr);
+ PermissionRole pr1 = new PermissionRole();
+ pr1.setPermissionId(id);
+ pr1.setRoleName("ROLE_ADMINISTRATOR");
+ prl.add(pr1);
+ return prl;
+ }
+}
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
+
package org.collectionspace.services.authorization.test;
-import java.io.File;
-import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.HashSet;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import org.collectionspace.services.authorization.ActionType;
import org.collectionspace.services.authorization.AuthZ;
-import org.collectionspace.services.authorization.PermissionConfig;
-import org.collectionspace.services.authorization.EffectType;
-import org.collectionspace.services.authorization.PermissionConfigList;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.GrantedAuthorityImpl;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.transaction.TransactionDefinition;
+import org.collectionspace.services.authorization.Permission;
+import org.collectionspace.services.authorization.PermissionRole;
+import org.collectionspace.services.authorization.PermissionsList;
+import org.collectionspace.services.authorization.PermissionsRolesList;
import org.springframework.transaction.TransactionStatus;
-import org.springframework.transaction.support.DefaultTransactionDefinition;
import org.testng.annotations.BeforeClass;
-import org.testng.annotations.DataProvider;
-import org.testng.annotations.Test;
/**
*
* @author
*/
-public class AuthorizationSeedTest {
+public class AuthorizationSeedTest extends AbstractAuthorizationTestImpl {
final Logger logger = LoggerFactory.getLogger(AuthorizationSeedTest.class);
- /**
- * Returns the name of the currently running test.
- *
- * Note: although the return type is listed as Object[][],
- * this method instead returns a String.
- *
- * @param m The currently running test method.
- *
- * @return The name of the currently running test method.
- */
- @DataProvider(name = "testName")
- public static Object[][] testName(Method m) {
- return new Object[][]{
- new Object[]{m.getName()}
- };
- }
-
@BeforeClass(alwaysRun = true)
public void seedData() {
- ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext(
- new String[]{"applicationContext-authorization-test.xml"});
- GrantedAuthority gauth = new GrantedAuthorityImpl("ROLE_ADMINISTRATOR");
- HashSet<GrantedAuthority> gauths = new HashSet<GrantedAuthority>();
- gauths.add(gauth);
- Authentication authRequest = new UsernamePasswordAuthenticationToken("test", "test", gauths);
-
- SecurityContextHolder.getContext().setAuthentication(authRequest);
- AuthZ authZ = AuthZ.get();
-
- org.springframework.jdbc.datasource.DataSourceTransactionManager txManager =
- (org.springframework.jdbc.datasource.DataSourceTransactionManager) appContext.getBean("transactionManager");
- DefaultTransactionDefinition def = new DefaultTransactionDefinition();
- // explicitly setting the transaction name is something that can only be done programmatically
- def.setName("seedData");
- def.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED);
-
- TransactionStatus status = txManager.getTransaction(def);
+ setup();
+ TransactionStatus status = beginTransaction("seedData");
try {
seedRoles();
seedPermissions();
} catch (Exception ex) {
- txManager.rollback(status);
+ rollbackTransaction(status);
ex.printStackTrace();
throw new RuntimeException(ex);
}
- txManager.commit(status);
-
+ commitTransaction(status);
}
public void seedRoles() throws Exception {
public void seedPermissions() throws Exception {
- PermissionConfigList pcList =
- (PermissionConfigList) fromFile(PermissionConfigList.class,
+ PermissionsList pcList =
+ (PermissionsList) fromFile(PermissionsList.class,
"./test-data/test-permissions.xml");
- AuthZ authZ = AuthZ.get();
- for (PermissionConfig pc : pcList.getPermission()) {
- if(logger.isDebugEnabled()) {
- logger.debug("adding permission for res=" + pc.getResourceName());
- }
- authZ.addPermissions(pc);
- }
- }
- private void genPermissions() {
- PermissionConfigList pcList = new PermissionConfigList();
- ArrayList<PermissionConfig> apcList = new ArrayList<PermissionConfig>();
- pcList.setPermission(apcList);
- PermissionConfig pc = new PermissionConfig();
- pc.setResourceName("accounts");
- pc.setEffect(EffectType.PERMIT);
- ArrayList<String> roles = new ArrayList<String>();
- roles.add("ROLE_USERS");
- roles.add("ROLE_ADMINISTRATOR");
- pc.setRole(roles);
- ArrayList<ActionType> actions = new ArrayList<ActionType>();
- actions.add(ActionType.CREATE);
- actions.add(ActionType.READ);
- actions.add(ActionType.UPDATE);
- actions.add(ActionType.DELETE);
- pc.setAction(actions);
- apcList.add(pc);
- toFile(pcList, PermissionConfigList.class, "./target/test-permissions.xml");
+ PermissionsRolesList pcrList =
+ (PermissionsRolesList) fromFile(PermissionsRolesList.class,
+ "./test-data/test-permissions-roles.xml");
- }
-
- private void toFile(Object o, Class jaxbClass, String fileName) {
- File f = new File(fileName);
- try {
- JAXBContext jc = JAXBContext.newInstance(jaxbClass);
- Marshaller m = jc.createMarshaller();
- m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT,
- Boolean.TRUE);
- m.marshal(o, f);
- } catch (Exception e) {
- e.printStackTrace();
+ AuthZ authZ = AuthZ.get();
+ for (Permission p : pcList.getPermission()) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("adding permission for res=" + p.getResourceName());
+ }
+ List<PermissionRole> prl = getPermissionRoles(pcrList, p.getCsid());
+ authZ.addPermissions(p, prl);
}
}
- private Object fromFile(Class jaxbClass, String fileName) throws Exception {
- ClassLoader tccl = Thread.currentThread().getContextClassLoader();
- InputStream is = tccl.getResourceAsStream(fileName);
- JAXBContext context = JAXBContext.newInstance(jaxbClass);
- Unmarshaller unmarshaller = context.createUnmarshaller();
- //note: setting schema to null will turn validator off
- unmarshaller.setSchema(null);
- return jaxbClass.cast(unmarshaller.unmarshal(is));
- }
-
- @Test(dataProvider = "testName", dataProviderClass = AuthorizationSeedTest.class)
- public void test(String testName) {
- if (logger.isDebugEnabled()) {
- logger.debug(testName);
+ private List<PermissionRole> getPermissionRoles(PermissionsRolesList pcrList, String permId) {
+ List<PermissionRole> prList = new ArrayList<PermissionRole>();
+ for (PermissionRole pr : pcrList.getPermissionRole()) {
+ if (pr.getPermissionId().equals(permId)) {
+ prList.add(pr);
+ }
}
+ return prList;
}
}
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:permissions_roles_list xmlns:ns2="http://collectionspace.org/services/authorization">
+ <permissionRole>
+ <permissionId>1</permissionId>
+ <roleName>ROLE_USERS</roleName>
+ </permissionRole>
+ <permissionRole>
+ <permissionId>1</permissionId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </permissionRole>
+ <permissionRole>
+ <permissionId>2</permissionId>
+ <roleName>ROLE_USERS</roleName>
+ </permissionRole>
+ <permissionRole>
+ <permissionId>2</permissionId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </permissionRole>
+</ns2:permissions_roles_list>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<ns2:permission_config_list xmlns:ns2="http://collectionspace.org/services/authorization">
- <permission>
+<ns2:permissions_list xmlns:ns2="http://collectionspace.org/services/authorization">
+ <permission csid="1">
<resourceName>accounts</resourceName>
- <action>CREATE</action>
- <action>READ</action>
- <action>UPDATE</action>
- <action>DELETE</action>
- <role>ROLE_ADMINISTRATOR</role>
+ <action>
+ <name>CREATE</name>
+ </action>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>UPDATE</name>
+ </action>
+ <action>
+ <name>DELETE</name>
+ </action>
<effect>PERMIT</effect>
</permission>
- <permission>
+ <permission csid="2">
<resourceName>collectionobjects</resourceName>
- <action>CREATE</action>
- <action>READ</action>
- <action>UPDATE</action>
- <action>DELETE</action>
- <role>ROLE_USERS</role>
- <role>ROLE_ADMINISTRATOR</role>
+ <action>
+ <name>CREATE</name>
+ </action>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>UPDATE</name>
+ </action>
+ <action>
+ <name>DELETE</name>
+ </action>
<effect>PERMIT</effect>
</permission>
-</ns2:permission_config_list>
+</ns2:permissions_list>
projects / tmp / jakarta-migration.git / commitdiff