From: Sanjay Dalal Date: Fri, 16 Apr 2010 19:17:06 +0000 (+0000) Subject: NOJIRA - added debug in base authz service and some exceptions X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=7b303fa7d3b69a3155cb21673620dbe56f7c13da;p=tmp%2Fjakarta-migration.git NOJIRA - added debug in base authz service and some exceptions test: authz service test M authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionManager.java A authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionNotFoundException.java M authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java A authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionException.java M authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java M authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java M authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java M authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionManager.java M authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionEvaluator.java M authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceAction.java --- diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java index e9e9acca5..6d33d83d6 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java @@ -20,32 +20,7 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - *//** - * This document is a part of the source code and related artifacts - * for CollectionSpace, an open source collections management system - * for museums and related institutions: - - * http://www.collectionspace.org - * http://wiki.collectionspace.org - - * Copyright 2009 University of California at Berkeley - - * Licensed under the Educational Community License (ECL), Version 2.0. - * You may not use this file except in compliance with this License. - * You may obtain a copy of the ECL 2.0 License at - - * https://source.collectionspace.org/collection-space/LICENSE.txt - - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. */ package org.collectionspace.services.authorization; @@ -105,7 +80,7 @@ public class AuthZ { */ //FIXME this method should be in the restful web service resource of authz public void addPermissions(Permission perm, - PermissionRole permRole) { + PermissionRole permRole) throws PermissionException { List principals = new ArrayList(); if (!perm.getCsid().equals(permRole.getPermissions().get(0).getPermissionId())) { throw new IllegalArgumentException("permission ids do not" @@ -130,7 +105,7 @@ public class AuthZ { * @param res * @param principals */ - public void addPermission(CSpaceResource res, String[] principals) { + public void addPermission(CSpaceResource res, String[] principals) throws PermissionException { CSpaceAction action = res.getAction(); addPermission(res, principals, action); } @@ -141,7 +116,8 @@ public class AuthZ { * @param principals * @param perm */ - public void addPermission(CSpaceResource res, String[] principals, CSpaceAction action) { + public void addPermission(CSpaceResource res, String[] principals, CSpaceAction action) + throws PermissionException { provider.getPermissionManager().addPermission(res, principals, action); if (log.isDebugEnabled()) { log.debug("added permission resource=" + res.getId() + " action=" + action.name()); @@ -154,7 +130,8 @@ public class AuthZ { * @param res * @param principals */ - public void deletePermission(CSpaceResource res, String[] principals) { + public void deletePermission(CSpaceResource res, String[] principals) + throws PermissionNotFoundException, PermissionException { CSpaceAction action = res.getAction(); deletePermission(res, principals, action); } @@ -165,7 +142,8 @@ public class AuthZ { * @param principals * @param perm */ - public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction action) { + public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction action) + throws PermissionNotFoundException, PermissionException { provider.getPermissionManager().deletePermission(res, principals, action); if (log.isDebugEnabled()) { log.debug("removed permission resource=" + res.getId() + " action=" + action.name()); diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceAction.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceAction.java index 5e800c48c..225b957f1 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceAction.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceAction.java @@ -20,32 +20,7 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - *//** - * This document is a part of the source code and related artifacts - * for CollectionSpace, an open source collections management system - * for museums and related institutions: - - * http://www.collectionspace.org - * http://wiki.collectionspace.org - - * Copyright 2009 University of California at Berkeley - - * Licensed under the Educational Community License (ECL), Version 2.0. - * You may not use this file except in compliance with this License. - * You may obtain a copy of the ECL 2.0 License at - - * https://source.collectionspace.org/collection-space/LICENSE.txt - - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. */ package org.collectionspace.services.authorization; diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java index ab06c7cd8..1cab88eba 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java @@ -20,28 +20,7 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - *//** - * This document is a part of the source code and related artifacts - * for CollectionSpace, an open source collections management system - * for museums and related institutions: - - * http://www.collectionspace.org - * http://wiki.collectionspace.org - - * Copyright 2009 University of California at Berkeley - - * Licensed under the Educational Community License (ECL), Version 2.0. - * You may not use this file except in compliance with this License. - - * You may obtain a copy of the ECL 2.0 License at - - * https://source.collectionspace.org/collection-space/LICENSE.txt - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java index 0058a984a..366ce9bf9 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java @@ -20,32 +20,6 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - *//** - * This document is a part of the source code and related artifacts - * for CollectionSpace, an open source collections management system - * for museums and related institutions: - - * http://www.collectionspace.org - * http://wiki.collectionspace.org - - * Copyright 2009 University of California at Berkeley - - * Licensed under the Educational Community License (ECL), Version 2.0. - * You may not use this file except in compliance with this License. - - * You may obtain a copy of the ECL 2.0 License at - - * https://source.collectionspace.org/collection-space/LICENSE.txt - - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. */ package org.collectionspace.services.authorization; @@ -81,4 +55,18 @@ public abstract class CSpaceResourceImpl implements CSpaceResource { @Override public abstract CSpaceAction getAction(); + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("CSpaceResourceImpl ["); + builder.append("id="); + builder.append(id); + builder.append(", type="); + builder.append(type); + builder.append("]"); + return builder.toString(); + } + + } diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionException.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionException.java new file mode 100644 index 000000000..ce282ecb8 --- /dev/null +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionException.java @@ -0,0 +1,55 @@ +/** + * This document is a part of the source code and related artifacts + * for CollectionSpace, an open source collections management system + * for museums and related institutions: + + * http://www.collectionspace.org + * http://wiki.collectionspace.org + + * Copyright 2009 University of California at Berkeley + + * Licensed under the Educational Community License (ECL), Version 2.0. + * You may not use this file except in compliance with this License. + + * You may obtain a copy of the ECL 2.0 License at + + * https://source.collectionspace.org/collection-space/LICENSE.txt + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.collectionspace.services.authorization; + +/** + * + * @author + */ +public class PermissionException extends Exception { + + /** + * Creates a new instance of PermissionException without detail message. + */ + public PermissionException() { + } + + /** + * Constructs an instance of PermissionException with the specified detail message. + * @param msg the detail message. + */ + public PermissionException(String msg) { + super(msg); + } + + public PermissionException(String msg, Throwable cause) { + super(msg, cause); + } + + + public PermissionException(Throwable cause) { + super(cause); + } +} diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionNotFoundException.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionNotFoundException.java new file mode 100644 index 000000000..a6cc3d873 --- /dev/null +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionNotFoundException.java @@ -0,0 +1,53 @@ +/** + * This document is a part of the source code and related artifacts + * for CollectionSpace, an open source collections management system + * for museums and related institutions: + + * http://www.collectionspace.org + * http://wiki.collectionspace.org + + * Copyright 2009 University of California at Berkeley + + * Licensed under the Educational Community License (ECL), Version 2.0. + * You may not use this file except in compliance with this License. + + * You may obtain a copy of the ECL 2.0 License at + + * https://source.collectionspace.org/collection-space/LICENSE.txt + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.collectionspace.services.authorization; + +/** + * + * @author sanjaydalal + */ +public class PermissionNotFoundException extends PermissionException { + + /** + * Creates a new instance of PermissionNotFoundException without detail message. + */ + public PermissionNotFoundException() { + } + + /** + * Constructs an instance of PermissionNotFoundException with the specified detail message. + * @param msg the detail message. + */ + public PermissionNotFoundException(String msg) { + super(msg); + } + + public PermissionNotFoundException(String msg, Throwable cause) { + super(msg, cause); + } + + public PermissionNotFoundException(Throwable cause) { + super(cause); + } +} diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java index cc4c12679..91c3e2853 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java @@ -168,4 +168,20 @@ public class URIResourceImpl extends CSpaceResourceImpl { } throw new IllegalArgumentException("action = " + action.toString()); } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("URIResourceImpl ["); + builder.append("action="); + builder.append(action); + builder.append(", method="); + builder.append(method); + builder.append(", uri="); + builder.append(uri); + builder.append("]"); + return builder.toString() + " " + super.toString(); + } + + } diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionEvaluator.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionEvaluator.java index dc483c859..7a0eef632 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionEvaluator.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionEvaluator.java @@ -20,28 +20,7 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - *//** - * This document is a part of the source code and related artifacts - * for CollectionSpace, an open source collections management system - * for museums and related institutions: - - * http://www.collectionspace.org - * http://wiki.collectionspace.org - - * Copyright 2009 University of California at Berkeley - - * Licensed under the Educational Community License (ECL), Version 2.0. - * You may not use this file except in compliance with this License. - - * You may obtain a copy of the ECL 2.0 License at - - * https://source.collectionspace.org/collection-space/LICENSE.txt - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionManager.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionManager.java index 2487b94bc..5133c3d65 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionManager.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spi/CSpacePermissionManager.java @@ -21,12 +21,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - package org.collectionspace.services.authorization.spi; import org.collectionspace.services.authorization.CSpaceResource; import org.collectionspace.services.authorization.CSpaceAction; +import org.collectionspace.services.authorization.PermissionException; +import org.collectionspace.services.authorization.PermissionNotFoundException; /** * Permission management interface for CSpace services @@ -34,7 +34,9 @@ import org.collectionspace.services.authorization.CSpaceAction; */ public interface CSpacePermissionManager { - public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm); + public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm) + throws PermissionException; - public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm); + public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm) + throws PermissionNotFoundException, PermissionException; } diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionManager.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionManager.java index b6ed8494c..64a14253f 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionManager.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringPermissionManager.java @@ -21,7 +21,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.collectionspace.services.authorization.spring; import java.util.List; @@ -30,6 +29,8 @@ import org.apache.commons.logging.LogFactory; import org.collectionspace.services.authorization.CSpaceAction; import org.collectionspace.services.authorization.spi.CSpacePermissionManager; import org.collectionspace.services.authorization.CSpaceResource; +import org.collectionspace.services.authorization.PermissionException; +import org.collectionspace.services.authorization.PermissionNotFoundException; import org.springframework.security.acls.model.AccessControlEntry; import org.springframework.security.acls.model.MutableAcl; import org.springframework.security.acls.model.MutableAclService; @@ -52,12 +53,22 @@ public class SpringPermissionManager implements CSpacePermissionManager { } @Override - public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm) { + public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm) + throws PermissionException { ObjectIdentity oid = SpringAuthorizationProvider.mapResource(res); Sid[] sids = SpringAuthorizationProvider.mapPrincipal(principals); Permission p = SpringAuthorizationProvider.mapPermssion(perm); for (Sid sid : sids) { addPermission(oid, sid, p); + if (log.isDebugEnabled()) { + log.debug("added permission " + + " res=" + res.toString() + + " cperm=" + perm.toString() + + convertToString(principals) + + " oid=" + oid.toString() + + " perm=" + p.toString() + + " sid=" + sids.toString()); + } } } @@ -66,33 +77,62 @@ public class SpringPermissionManager implements CSpacePermissionManager { MutableAclService mutableAclService = provider.getProviderAclService(); try { acl = (MutableAcl) mutableAclService.readAclById(oid); + if (log.isDebugEnabled()) { + log.debug("addPermission: found acl for oid=" + oid.toString()); + } } catch (NotFoundException nfe) { acl = mutableAclService.createAcl(oid); } acl.insertAce(acl.getEntries().size(), permission, recipient, true); mutableAclService.updateAcl(acl); + if (log.isDebugEnabled()) { + log.debug("addPermission: added acl for oid=" + oid.toString() + + " perm=" + permission.toString() + + " sid=" + recipient.toString()); + } } @Override - public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm) { + public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm) + throws PermissionNotFoundException, PermissionException { ObjectIdentity oid = SpringAuthorizationProvider.mapResource(res); Sid[] sids = SpringAuthorizationProvider.mapPrincipal(principals); Permission p = SpringAuthorizationProvider.mapPermssion(perm); for (Sid sid : sids) { deletePermission(oid, sid, p); + if (log.isDebugEnabled()) { + log.debug("deleted permission " + + " res=" + res.toString() + + " cperm=" + perm.toString() + + convertToString(principals) + + " oid=" + oid.toString() + + " perm=" + p.toString() + + " sid=" + sids.toString()); + } } } - private void deletePermission(ObjectIdentity oid, Sid recipient, Permission permission) { + private void deletePermission(ObjectIdentity oid, Sid recipient, Permission permission) + throws PermissionException { MutableAclService mutableAclService = provider.getProviderAclService(); MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid); - + if (log.isDebugEnabled()) { + log.debug("deletePermission: found acl for oid=" + oid.toString()); + } + if (acl == null) { + String msg = "Cound not find acl for oid=" + oid.toString(); + log.error(msg); + throw new PermissionNotFoundException(msg); + } // Remove all permissions associated with this particular recipient (string equality to KISS) List entries = acl.getEntries(); - + if (log.isDebugEnabled()) { + log.debug("deletePermission: for acl oid=" + oid.toString() + + " found " + entries.size() + " aces"); + } for (int i = 0; i < entries.size(); i++) { if (entries.get(i).getSid().equals(recipient) && entries.get(i).getPermission().equals(permission)) { @@ -100,5 +140,18 @@ public class SpringPermissionManager implements CSpacePermissionManager { } } mutableAclService.updateAcl(acl); + if (log.isDebugEnabled()) { + log.debug("deletePermission: for acl oid=" + oid.toString() + + " deleted " + entries.size() + " aces"); + } + } + + private String convertToString(String[] stra) { + StringBuilder builder = new StringBuilder(); + for (String s : stra) { + builder.append(s); + builder.append(" "); + } + return builder.toString(); } }