Example 1 with ActionConfig
use of com.opensymphony.xwork2.config.entities.ActionConfig in project dhis2-core by dhis2.
the class DetectingSystemAuthoritiesProvider method getSystemAuthorities.
// -------------------------------------------------------------------------
// SystemAuthoritiesProvider implementation
// -------------------------------------------------------------------------
@Override
public Collection<String> getSystemAuthorities() {
HashSet<String> authorities = new HashSet<>();
Configuration configuration = Dispatcher.getInstance().getConfigurationManager().getConfiguration();
for (PackageConfig packageConfig : configuration.getPackageConfigs().values()) {
for (ActionConfig actionConfig : packageConfig.getActionConfigs().values()) {
authorities.addAll(requiredAuthoritiesProvider.getAllAuthorities(actionConfig));
}
}
return authorities;
}
Also used :
ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig)
Configuration(com.opensymphony.xwork2.config.Configuration)
PackageConfig(com.opensymphony.xwork2.config.entities.PackageConfig)
HashSet(java.util.HashSet)
Example 2 with ActionConfig
use of com.opensymphony.xwork2.config.entities.ActionConfig in project dhis2-core by dhis2.
the class SpringSecurityActionAccessResolver method hasAccess.
// -------------------------------------------------------------------------
// ActionAccessResolver implementation
// -------------------------------------------------------------------------
@Override
public boolean hasAccess(String module, String name) {
// ---------------------------------------------------------------------
// Get ObjectDefinitionSource
// ---------------------------------------------------------------------
Configuration config = Dispatcher.getInstance().getConfigurationManager().getConfiguration();
PackageConfig packageConfig = config.getPackageConfig(module);
if (packageConfig == null) {
throw new IllegalArgumentException("Module doesn't exist: '" + module + "'");
}
ActionConfig actionConfig = packageConfig.getActionConfigs().get(name);
if (actionConfig == null) {
throw new IllegalArgumentException("Module " + module + " doesn't have an action named: '" + name + "'");
}
SecurityMetadataSource securityMetadataSource = requiredAuthoritiesProvider.createSecurityMetadataSource(actionConfig);
// ---------------------------------------------------------------------
// Test access
// ---------------------------------------------------------------------
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
try {
if (securityMetadataSource.getAttributes(actionConfig) != null) {
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
accessDecisionManager.decide(authentication, actionConfig, securityMetadataSource.getAttributes(actionConfig));
}
log.debug("Access to [" + module + ", " + name + "]: TRUE");
return true;
} catch (AccessDeniedException e) {
log.debug("Access to [" + module + ", " + name + "]: FALSE (access denied)");
return false;
} catch (InsufficientAuthenticationException e) {
log.debug("Access to [" + module + ", " + name + "]: FALSE (insufficient authentication)");
return false;
}
}
Also used :
ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Configuration(com.opensymphony.xwork2.config.Configuration)
SecurityMetadataSource(org.springframework.security.access.SecurityMetadataSource)
Authentication(org.springframework.security.core.Authentication)
SecurityContext(org.springframework.security.core.context.SecurityContext)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
PackageConfig(com.opensymphony.xwork2.config.entities.PackageConfig)
Example 3 with ActionConfig
use of com.opensymphony.xwork2.config.entities.ActionConfig in project dhis2-core by dhis2.
the class XWorkPortalParamsInterceptor method intercept.
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
ActionConfig actionConfig = actionInvocation.getProxy().getConfig();
final Map<String, String> staticParams = actionConfig.getParams();
if (staticParams != null) {
// ---------------------------------------------------------------------
// Push the specified static parameters onto the value stack
// ---------------------------------------------------------------------
Map<String, Object> matches = new HashMap<>();
for (Map.Entry<String, String> entry : staticParams.entrySet()) {
if (standardParams.contains(entry.getKey())) {
matches.put(entry.getKey(), entry.getValue());
} else if (commaSeparatedParams.contains(entry.getKey())) {
String[] values = entry.getValue().split(",");
for (int i = 0; i < values.length; i++) {
values[i] = values[i].trim();
}
matches.put(entry.getKey(), values);
}
}
actionInvocation.getStack().push(matches);
}
// TODO: move this to its own systemInfoInterceptor?
Map<String, Object> systemInfo = new HashMap<>();
String revision = systemService.getSystemInfo().getRevision();
if (StringUtils.isEmpty(revision)) {
revision = "__dev__";
}
systemInfo.put("buildRevision", revision);
actionInvocation.getStack().push(systemInfo);
return actionInvocation.invoke();
}
Also used :
ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 4 with ActionConfig
use of com.opensymphony.xwork2.config.entities.ActionConfig in project dhis2-core by dhis2.
the class ModuleAccessVoter method vote.
/**
* Votes. Votes ACCESS_ABSTAIN if the object class is not supported. Votes
* ACCESS_GRANTED if there is a granted authority which equals attribute
* prefix + module name, or the module name is in the always accessible set.
* Otherwise votes ACCESS_DENIED.
*/
@Override
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
if (!supports(object.getClass())) {
LOG.debug("ACCESS_ABSTAIN [" + object.toString() + "]: Class not supported.");
return ACCESS_ABSTAIN;
}
ActionConfig target = (ActionConfig) object;
if (alwaysAccessible.contains(target.getPackageName())) {
LOG.debug("ACCESS_GRANTED [" + target.getPackageName() + "] by configuration.");
return ACCESS_GRANTED;
}
String requiredAuthority = attributePrefix + target.getPackageName();
for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
if (grantedAuthority.getAuthority().equals(requiredAuthority)) {
LOG.debug("ACCESS_GRANTED [" + target.getPackageName() + "]");
return ACCESS_GRANTED;
}
}
LOG.debug("ACCESS_DENIED [" + target.getPackageName() + "]");
return ACCESS_DENIED;
}
Also used :
ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
Example 5 with ActionConfig
use of com.opensymphony.xwork2.config.entities.ActionConfig in project qi4j-sdk by Qi4j.
the class Qi4jCodebehindPackageProvider method processActionClass.
/**
* Create a default action mapping for a class instance.
*
* The namespace annotation is honored, if found, otherwise
* the Java package is converted into the namespace
* by changing the dots (".") to slashes ("/").
*
* @param cls Action or POJO instance to process
* @param pkgs List of packages that were scanned for Actions
*/
protected void processActionClass(Class<?> cls, String[] pkgs) {
String name = cls.getName();
String actionPackage = cls.getPackage().getName();
String actionNamespace = null;
String actionName = null;
org.apache.struts2.config.Action actionAnn = (org.apache.struts2.config.Action) cls.getAnnotation(org.apache.struts2.config.Action.class);
if (actionAnn != null) {
actionName = actionAnn.name();
if (actionAnn.namespace().equals(org.apache.struts2.config.Action.DEFAULT_NAMESPACE)) {
actionNamespace = "";
} else {
actionNamespace = actionAnn.namespace();
}
} else {
for (String pkg : pkgs) {
if (name.startsWith(pkg)) {
if (LOG.isDebugEnabled()) {
LOG.debug("ClasspathPackageProvider: Processing class " + name);
}
name = name.substring(pkg.length() + 1);
actionNamespace = "";
actionName = name;
int pos = name.lastIndexOf('.');
if (pos > -1) {
actionNamespace = "/" + name.substring(0, pos).replace('.', '/');
actionName = name.substring(pos + 1);
}
break;
}
}
// Truncate Action suffix if found
if (actionName.endsWith(getClassSuffix())) {
actionName = actionName.substring(0, actionName.length() - getClassSuffix().length());
}
// Force initial letter of action to lowercase, if desired
if ((forceLowerCase) && (actionName.length() > 1)) {
int lowerPos = actionName.lastIndexOf('/') + 1;
StringBuilder sb = new StringBuilder();
sb.append(actionName.substring(0, lowerPos));
sb.append(Character.toLowerCase(actionName.charAt(lowerPos)));
sb.append(actionName.substring(lowerPos + 1));
actionName = sb.toString();
}
}
PackageConfig.Builder pkgConfig = loadPackageConfig(actionNamespace, actionPackage, cls);
// In case the package changed due to namespace annotation processing
if (!actionPackage.equals(pkgConfig.getName())) {
actionPackage = pkgConfig.getName();
}
Annotation annotation = cls.getAnnotation(ParentPackage.class);
if (annotation != null) {
String parent = ((ParentPackage) annotation).value()[0];
PackageConfig parentPkg = configuration.getPackageConfig(parent);
if (parentPkg == null) {
throw new ConfigurationException("ClasspathPackageProvider: Unable to locate parent package " + parent, annotation);
}
pkgConfig.addParent(parentPkg);
if (!isNotEmpty(pkgConfig.getNamespace()) && isNotEmpty(parentPkg.getNamespace())) {
pkgConfig.namespace(parentPkg.getNamespace());
}
}
ResultTypeConfig defaultResultType = packageLoader.getDefaultResultType(pkgConfig);
ActionConfig actionConfig = new ActionConfig.Builder(actionPackage, actionName, cls.getName()).addResultConfigs(new ResultMap<String, ResultConfig>(cls, actionName, defaultResultType)).build();
pkgConfig.addActionConfig(actionName, actionConfig);
}
Also used :
ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig)
PackageConfig(com.opensymphony.xwork2.config.entities.PackageConfig)
Annotation(java.lang.annotation.Annotation)
ConfigurationException(com.opensymphony.xwork2.config.ConfigurationException)
ResultTypeConfig(com.opensymphony.xwork2.config.entities.ResultTypeConfig)
org.apache.struts2.config(org.apache.struts2.config)
Aggregations
ActionConfig (com.opensymphony.xwork2.config.entities.ActionConfig)7
PackageConfig (com.opensymphony.xwork2.config.entities.PackageConfig)3
Configuration (com.opensymphony.xwork2.config.Configuration)2
ConfigurationException (com.opensymphony.xwork2.config.ConfigurationException)1
ResultTypeConfig (com.opensymphony.xwork2.config.entities.ResultTypeConfig)1
Annotation (java.lang.annotation.Annotation)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
org.apache.struts2.config (org.apache.struts2.config)1
AccessDeniedException (org.springframework.security.access.AccessDeniedException)1
ConfigAttribute (org.springframework.security.access.ConfigAttribute)1
SecurityMetadataSource (org.springframework.security.access.SecurityMetadataSource)1
InterceptorStatusToken (org.springframework.security.access.intercept.InterceptorStatusToken)1
InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1
Authentication (org.springframework.security.core.Authentication)1
GrantedAuthority (org.springframework.security.core.GrantedAuthority)1
SecurityContext (org.springframework.security.core.context.SecurityContext)1
