Announcement Announcement Module
Collapse
No announcement yet.
using acegi Authz(JSP tag) in velocity template (w/ sample) Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • using acegi Authz(JSP tag) in velocity template (w/ sample)

    When I try to use acegi at my recent project. I find that it's JSP tag prevent me from using velocity template in my project. After search the forum and read the JSP tag lib source code, I decided to build a POJO (Let's name it Authz) which can be usd in velocity templates.

    This POJO should wraps the JSP Tag implements because I hope the Authz can evolveup with Acegi JSP tag.

    here is the AuthenticationTag's counterpart:
    Code:
    $authz.getPrincipal()
    here is the AclTag's counterpart:
    Code:
    #if ($authz.hasPermission($domainObject, $permissions))
    #end
    here is the AuthorizeTag
    Code:
    #if ($authz.allGranted("ROLE_DIRECTOR")&&
    $authz.anyGranted("ROLE_TELLER")&&
    $authz.noneGranted("ROLE_CUSTOMER"))
    ...
    #end
    I define Authz interface for this POJO. And I also have a AuthzImpl implementation which do the actually job.

    If this post got enough support (>10) or acegi developer think this is a good idea. I will contribute my code to acegi (although I don't know how to do that.)

    Code:
    package net.sf.acegisecurity.velocitytool;
    
    import org.springframework.context.ApplicationContext;
    
    import net.sf.acegisecurity.acl.AclManager;
    
    
    /**
     * Wrapper the implementation of Acegi Security for Spring JSP tag
     * includes: {@link AuthenticationTag}, {@link AclTag},
     * {@link AuthorizeTag}
     *
     * @author tiepi
     * @version $Id: Authz,v 1.2 2005/09/22 16:09:03 wangq Exp $
     *
     */
    public interface Authz {
        /**
         * return the principal's name, supports the various type of principals that
         * can exist in the {@link Authentication} object, such as a String or
         * {@link UserDetails} instance
         *
         * @return string representation of principal's name
         */
        public String getPrincipal();
    
        /**
         * return true if the principal holds either permission specified for the provided
         * domain object
         *
        * <P>
        * Only works with permissions that are subclasses of &#123;@link
        * net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry&#125;.
        * </p>
        *
        * <p>
        * For this class to operate it must be able to access the application context
        * via the <code>WebApplicationContextUtils</code> and locate an &#123;@link
        * AclManager&#125;.
        * </p>
        * @param domainObject - domain object need acl control
        * @param permissions - comma separate integer permissions
        * @return got acl permission &#40;true|false&#41;
        */
        public boolean hasPermission&#40;Object domainObject, String permissions&#41;;
        
        /**
         * all the listed roles must be granted to return true, otherwise fasle;
         * @param roles - comma separate GrantedAuthoritys
         * @return granted &#40;true|false&#41;
         */
        public boolean allGranted&#40;String roles&#41;;
        
        /**
         * any the listed roles must be granted to return true, otherwise fasle;
         * @param roles - comma separate GrantedAuthoritys
         * @return granted &#40;true|false&#41;
         */
        public boolean anyGranted&#40;String roles&#41;;
        
        /**
         * none the listed roles must be granted to return true, otherwise fasle;
         * @param roles - comma separate GrantedAuthoritys
         * @return granted &#40;true|false&#41;
         */
        public boolean noneGranted&#40;String roles&#41;;
        
        /**
         * get Spring application context which contains acegi related bean
         */
        public void setAppCtx&#40;ApplicationContext appCtx&#41;;
        
        /**
         * set Spring application context which contains acegi related bean
         */
        public ApplicationContext getAppCtx&#40;&#41;;
    &#125;

  • #2
    Please post your contribution to JIRA at http://opensource.atlassian.com/proj....jspa?id=10040 and we'll take a closer look. People can also vote/comment on it there. Do you have unit tests? We need all code in CVS to have unit tests, otherwise it will need to be put in the sandbox.

    Comment


    • #3
      You will see it soon on JIRA. While I am a newbie for JIRA and can't find place to upload my code and unit test. I will try to post the Authz implementation first. The unit test will be post soon.

      Comment


      • #4
        Finally upload the code to JIRA. But I have to say sorry for the Issue content. Next time, it will be better.

        Please see SEC-58, within it (velocitytool.rar) is the interface/implementation and unit test.

        Comment


        • #5
          Thanks.

          Comment


          • #6
            Hi Guys,

            I'm very interested in to use this wrapper in my application. Could you please, tell me where I can find more documentantion about that?

            Other documentation about how to verify Acegi roles in the Velocity will be helpfull.

            Thanks,

            Comment


            • #7
              Franklin, have you looked in CVS? It now contains the code as well as unit tests that show how it works. Any contributions for the reference guide would be welcome.

              Comment


              • #8
                Should it do something to invoke $authz.getPrincipal() in *.vm?
                Where is the $authz initialized?

                Comment


                • #9
                  This is my vm.
                  Code:
                  ...
                  #if( $_auth.isUserInRole("ROLE_ADMIN") )
                  bla bla
                  #end
                  ...
                  You can see this file at:
                  https://jnuke.dev.java.net/source/br...34&view=markup

                  The object "_auth" is being added to the velocity context by an interceptor:
                  https://jnuke.dev.java.net/source/br....1&view=markup

                  Basically I'm intercepting all ModelAndView and in this interceptor I'm adding the needed objects to build the GUI, like follow:

                  Code:
                  public static void buildVelocityModelAndView(ModelAndView mav, HttpServletRequest request, HttpServletResponse response) {
                  	//public static void buildVelocityModelAndView(ModelAndView mav, ServletRequest request, ServletResponse response) {
                          synchronized (mav) {
                              mav.addObject("base", request.getContextPath());
                              mav.addObject("req", request);
                              mav.addObject("res", response);
                              mav.addObject("_theme", ThemesViewHelper.getInstance().getCurrentTheme());
                              mav.addObject("_auth", AuthManager.getInstance());
                              mav.addObject("contextPath", request.getContextPath());
                                                         
                              if(request.getParameter("message") != null)
                                  mav.addObject("message", request.getParameter("message"));            
                              
                          }
                      }
                  The usefull code of the AuthManager is:
                  Code:
                  public boolean isUserInRole(String role) {
                          Authentication auth = getAuthentication();
                          if (auth == null)
                              return false;
                          for (int i = 0; i < auth.getAuthorities().length; i++) {
                              if (auth.getAuthorities()[i].getAuthority().equals(role) )
                                  return true;
                          }
                          return false;
                      }
                  You can see that at:
                  https://jnuke.dev.java.net/source/br....2&view=markup

                  Probably this is not the best way to do that. If anyone has a better suggestion, please let me know.

                  Comment


                  • #10
                    No need to do all that stuff

                    Hi All,

                    I think it was not required to do all that stuff. As you can dynamically get the roles of the user logged in .Sprign and Acegi supports the dynamic loading.
                    e.g I am using the freemarker and I want to populate the roles for a user from a xml file dynamically. I have defined the Roles as key for the Data (HashMap) to be viewed in the ftl and just used the below syntex:

                    [#if Roles?exists]
                    [@auth.authorize IfAllGranted="${Roles}"]

                    to your stuff

                    [/@authz]
                    [/#if]

                    Regards
                    Mohan

                    Comment

                    Working...
                    X