[PAXCDI-191] Provide sample and test for DeltaSpike Security

hwellmann · hwellmann · commit 859472857e4e · 2015-06-13T10:52:53.000+02:00
diff --git a/itest/src/it/itest-standalone/pom.xml b/itest/src/it/itest-standalone/pom.xml
@@ -137,6 +137,13 @@
             <scope>provided</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.ops4j.pax.cdi.samples</groupId>
+            <artifactId>pax-cdi-sample8-security</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.ops4j.pax.cdi</groupId>
             <artifactId>pax-cdi-extension</artifactId>
diff --git a/itest/src/it/itest-standalone/src/test/java/org/ops4j/pax/cdi/test/SecurityTest.java b/itest/src/it/itest-standalone/src/test/java/org/ops4j/pax/cdi/test/SecurityTest.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2015 Harald Wellmann.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ *
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.ops4j.pax.cdi.test;
+
+import static org.ops4j.pax.cdi.test.support.TestConfiguration.cdiProviderBundles;
+import static org.ops4j.pax.cdi.test.support.TestConfiguration.paxCdiProviderAdapter;
+import static org.ops4j.pax.cdi.test.support.TestConfiguration.regressionDefaults;
+import static org.ops4j.pax.cdi.test.support.TestConfiguration.workspaceBundle;
+import static org.ops4j.pax.exam.CoreOptions.mavenBundle;
+import static org.ops4j.pax.exam.CoreOptions.options;
+
+import javax.inject.Inject;
+
+import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
+import org.junit.Ignore;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.ops4j.pax.cdi.sample8.service.SecuredClient;
+import org.ops4j.pax.exam.Configuration;
+import org.ops4j.pax.exam.Option;
+import org.ops4j.pax.exam.junit.PaxExam;
+import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
+import org.ops4j.pax.exam.spi.reactors.PerClass;
+
+@RunWith(PaxExam.class)
+@ExamReactorStrategy(PerClass.class)
+@Ignore
+public class SecurityTest {
+
+    @Rule
+    public ExpectedException thrown = ExpectedException.none();
+
+    @Inject
+    private SecuredClient securedService;
+
+    @Configuration
+    public Option[] config() {
+        return options(
+            regressionDefaults(),
+            paxCdiProviderAdapter(),
+            cdiProviderBundles(),
+
+            mavenBundle("org.osgi", "org.osgi.enterprise").versionAsInProject(),
+
+            // DeltaSpike bundles
+            mavenBundle("org.apache.deltaspike.core", "deltaspike-core-api").versionAsInProject(),
+            mavenBundle("org.apache.deltaspike.core", "deltaspike-core-impl").versionAsInProject(),
+            mavenBundle("org.apache.deltaspike.modules", "deltaspike-security-module-api").versionAsInProject(),
+            mavenBundle("org.apache.deltaspike.modules", "deltaspike-security-module-impl").versionAsInProject(),
+
+            // Sample bundles
+            workspaceBundle("org.ops4j.pax.cdi.samples", "pax-cdi-sample8"));
+    }
+
+    @Test
+    public void shouldNotInvokeBlockService() {
+        thrown.expect(AccessDeniedException.class);
+        securedService.getBlockedResult();
+    }
+}
diff --git a/pax-cdi-samples/pax-cdi-sample8/pom.xml b/pax-cdi-samples/pax-cdi-sample8/pom.xml
@@ -0,0 +1,104 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.ops4j.pax.cdi</groupId>
+        <artifactId>pax-cdi-samples</artifactId>
+        <version>1.0.0-SNAPSHOT</version>
+    </parent>
+    <groupId>org.ops4j.pax.cdi.samples</groupId>
+    <artifactId>pax-cdi-sample8</artifactId>
+    <packaging>bundle</packaging>
+    
+    <name>OPS4J Pax CDI Sample8</name>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.apache.deltaspike.modules</groupId>
+            <artifactId>deltaspike-security-module-api</artifactId>
+            <version>${deltaspike.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.deltaspike.modules</groupId>
+            <artifactId>deltaspike-security-module-impl</artifactId>
+            <version>${deltaspike.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.ops4j.pax.cdi</groupId>
+            <artifactId>pax-cdi-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.geronimo.specs</groupId>
+            <artifactId>geronimo-atinject_1.0_spec</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.enterprise</groupId>
+            <artifactId>cdi-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.core</artifactId>
+        </dependency>
+
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <configuration>
+                    <instructions>
+                        <Bundle-SymbolicName>org.ops4j.pax.cdi.sample8.service</Bundle-SymbolicName>
+                        <Import-Package>
+                            org.apache.deltaspike.security.api.authorization,
+                            org.apache.deltaspike.security.spi.authorization,
+                            org.apache.deltaspike.security.impl.extension,
+                            org.apache.deltaspike.security.impl.util,
+                            *
+                        </Import-Package>
+                        <Require-Capability>
+                            org.ops4j.pax.cdi.extension; filter:="(&amp;(extension=pax-cdi-extension)(version&gt;=${version;==;${pax.cdi.osgi.version.clean}})(!(version&gt;=${version;=+;${pax.cdi.osgi.version.clean}})))",
+                            org.ops4j.pax.cdi.extension; filter:="(&amp;(extension=deltaspike-security-module-impl))",
+                            org.ops4j.pax.cdi.extension; filter:="(&amp;(extension=deltaspike-core-impl))",
+                            org.ops4j.pax.cdi.extension; filter:="(&amp;(extension=deltaspike-core-api))",
+                            osgi.extender; filter:="(osgi.extender=pax.cdi)"
+                        </Require-Capability>
+                    </instructions>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>versions</id>
+                        <phase>validate</phase>
+                        <goals>
+                            <goal>cleanVersions</goal>
+                        </goals>
+                        <configuration>
+                            <versions>
+                                <pax.cdi.osgi.version.clean>${project.version}</pax.cdi.osgi.version.clean>
+                            </versions>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>generate-manifest</id>
+                        <phase>process-classes</phase>
+                        <goals>
+                            <goal>manifest</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/SecuredClient.java b/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/SecuredClient.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2015 Harald Wellmann.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ *
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.ops4j.pax.cdi.sample8.service;
+
+public interface SecuredClient {
+
+    String getBlockedResult();
+
+    String getResult();
+}
diff --git a/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/SecuredService.java b/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/SecuredService.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2015 Harald Wellmann.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ *
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.ops4j.pax.cdi.sample8.service;
+
+public interface SecuredService {
+
+    String getBlockedResult();
+
+    String getResult();
+}
diff --git a/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/impl/SecuredClientImpl.java b/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/impl/SecuredClientImpl.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2015 Harald Wellmann.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ *
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.ops4j.pax.cdi.sample8.service.impl;
+
+import javax.inject.Inject;
+
+import org.ops4j.pax.cdi.api.OsgiService;
+import org.ops4j.pax.cdi.api.OsgiServiceProvider;
+import org.ops4j.pax.cdi.sample8.service.SecuredClient;
+import org.ops4j.pax.cdi.sample8.service.SecuredService;
+
+@OsgiServiceProvider
+public class SecuredClientImpl implements SecuredClient {
+
+    @Inject
+    @OsgiService
+    private SecuredService service;
+
+    @Override
+    public String getBlockedResult() {
+        return service.getBlockedResult();
+    }
+
+    @Override
+    public String getResult() {
+        return service.getResult();
+    }
+}
diff --git a/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/impl/SecuredServiceImpl.java b/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/impl/SecuredServiceImpl.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2015 Harald Wellmann.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ *
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.ops4j.pax.cdi.sample8.service.impl;
+
+import org.apache.deltaspike.security.api.authorization.Secured;
+import org.ops4j.pax.cdi.api.OsgiServiceProvider;
+import org.ops4j.pax.cdi.sample8.service.SecuredService;
+
+@OsgiServiceProvider
+@Secured(TestAccessDecisionVoter.class)
+public class SecuredServiceImpl implements SecuredService {
+
+    @Override
+    public String getBlockedResult() {
+        return "blocked result";
+    }
+
+    @Override
+    public String getResult() {
+        return "result";
+    }
+}
diff --git a/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/impl/TestAccessDecisionVoter.java b/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/impl/TestAccessDecisionVoter.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2015 Harald Wellmann.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ *
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.ops4j.pax.cdi.sample8.service.impl;
+
+import java.lang.reflect.Method;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.interceptor.InvocationContext;
+
+import org.apache.deltaspike.security.api.authorization.AccessDecisionVoter;
+import org.apache.deltaspike.security.api.authorization.AccessDecisionVoterContext;
+import org.apache.deltaspike.security.api.authorization.SecurityViolation;
+
+@ApplicationScoped
+public class TestAccessDecisionVoter implements AccessDecisionVoter {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public Set<SecurityViolation> checkPermission(
+        AccessDecisionVoterContext accessDecisionVoterContext) {
+        Method method = accessDecisionVoterContext.<InvocationContext> getSource().getMethod();
+
+        if (!method.getName().contains("Blocked")) {
+            return Collections.emptySet();
+        }
+
+        Set<SecurityViolation> violations = new HashSet<>();
+        violations.add(new SecurityViolation() {
+
+            private static final long serialVersionUID = 1L;
+
+            @Override
+            public String getReason() {
+                return "blocked";
+            }
+        });
+        return violations;
+    }
+}
diff --git a/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/impl/TestAccessDecisionVoterContext.java b/pax-cdi-samples/pax-cdi-sample8/src/main/java/org/ops4j/pax/cdi/sample8/service/impl/TestAccessDecisionVoterContext.java
diff --git a/pax-cdi-samples/pax-cdi-sample8/src/main/resources/META-INF/beans.xml b/pax-cdi-samples/pax-cdi-sample8/src/main/resources/META-INF/beans.xml
diff --git a/pax-cdi-samples/pom.xml b/pax-cdi-samples/pom.xml
