Examples with ActionConfig - com.opensymphony.xwork2.config.entities.ActionConfig

Example 6 with ActionConfig

use of com.opensymphony.xwork2.config.entities.ActionConfig in project dhis2-core by dhis2.

the class XWorkSecurityInterceptor method intercept.

@Override
public String intercept(ActionInvocation invocation) throws Exception {
    ActionConfig actionConfig = invocation.getProxy().getConfig();
    definitionSourceTag.set(requiredAuthoritiesProvider.createSecurityMetadataSource(actionConfig));
    InterceptorStatusToken token = beforeInvocation(actionConfig);
    addActionAccessResolver(invocation);
    Object result = null;
    try {
        result = invocation.invoke();
    } finally {
        result = afterInvocation(token, result);
        definitionSourceTag.remove();
    }
    if (result != null) {
        return result.toString();
    }
    return null;
}

Also used : ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig) InterceptorStatusToken(org.springframework.security.access.intercept.InterceptorStatusToken)

Example 7 with ActionConfig

use of com.opensymphony.xwork2.config.entities.ActionConfig in project dhis2-core by dhis2.

the class ActionAccessVoter method vote.

@Override
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
    if (!supports(object.getClass())) {
        LOG.debug("ACCESS_ABSTAIN [" + object.toString() + "]: Class not supported.");
        return ACCESS_ABSTAIN;
    }
    ActionConfig actionConfig = (ActionConfig) object;
    Collection<ConfigAttribute> requiredAuthorities = StrutsAuthorityUtils.getConfigAttributes(actionConfig, requiredAuthoritiesKey);
    Collection<ConfigAttribute> anyAuthorities = StrutsAuthorityUtils.getConfigAttributes(actionConfig, anyAuthoritiesKey);
    int allStatus = allAuthorities(authentication, object, requiredAuthorities);
    if (allStatus == ACCESS_DENIED) {
        return ACCESS_DENIED;
    }
    int anyStatus = anyAuthority(authentication, object, anyAuthorities);
    if (anyStatus == ACCESS_DENIED) {
        return ACCESS_DENIED;
    }
    if (allStatus == ACCESS_GRANTED || anyStatus == ACCESS_GRANTED) {
        return ACCESS_GRANTED;
    }
    return ACCESS_ABSTAIN;
}

Also used : ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig) ConfigAttribute(org.springframework.security.access.ConfigAttribute)

Aggregations

ActionConfig (com.opensymphony.xwork2.config.entities.ActionConfig)7 PackageConfig (com.opensymphony.xwork2.config.entities.PackageConfig)3 Configuration (com.opensymphony.xwork2.config.Configuration)2 ConfigurationException (com.opensymphony.xwork2.config.ConfigurationException)1 ResultTypeConfig (com.opensymphony.xwork2.config.entities.ResultTypeConfig)1 Annotation (java.lang.annotation.Annotation)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1 org.apache.struts2.config (org.apache.struts2.config)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 ConfigAttribute (org.springframework.security.access.ConfigAttribute)1 SecurityMetadataSource (org.springframework.security.access.SecurityMetadataSource)1 InterceptorStatusToken (org.springframework.security.access.intercept.InterceptorStatusToken)1 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1 Authentication (org.springframework.security.core.Authentication)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SecurityContext (org.springframework.security.core.context.SecurityContext)1