From 2d74db9a0c263ec7dfd035b365927f079373f96e Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Fri, 4 Nov 2005 04:15:57 +0000 Subject: [PATCH] SEC-51 and SEC-67 related changes. Tested all functions of "filters" version in web browser OK. --- .../annotation/ContactManagerBackend.java | 4 +- .../contact/AddPermissionController.java | 10 +++-- .../contact/AdminPermissionController.java | 10 +++-- .../src/main/java/sample/contact/Contact.java | 8 ++-- .../main/java/sample/contact/ContactDao.java | 6 +-- .../java/sample/contact/ContactDaoSpring.java | 42 ++++++++++--------- .../java/sample/contact/ContactManager.java | 4 +- .../sample/contact/ContactManagerBackend.java | 6 +-- .../sample/contact/DataSourcePopulator.java | 6 +-- .../java/sample/contact/DeleteController.java | 10 +++-- .../contact/DeletePermissionController.java | 10 +++-- .../main/webapp/common/WEB-INF/jsp/index.jsp | 2 +- 12 files changed, 64 insertions(+), 54 deletions(-) diff --git a/samples/contacts-tiger/src/main/java/sample/contact/annotation/ContactManagerBackend.java b/samples/contacts-tiger/src/main/java/sample/contact/annotation/ContactManagerBackend.java index 3e1ff7a8e2..6a55652cfd 100644 --- a/samples/contacts-tiger/src/main/java/sample/contact/annotation/ContactManagerBackend.java +++ b/samples/contacts-tiger/src/main/java/sample/contact/annotation/ContactManagerBackend.java @@ -87,7 +87,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport @Secured ({"ROLE_USER","AFTER_ACL_READ"}) @Transactional(readOnly=true) - public Contact getById(Integer id) { + public Contact getById(Long id) { if (logger.isDebugEnabled()) { logger.debug("Returning contact with id: " + id); } @@ -143,7 +143,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport @Secured ({"ROLE_USER"}) public void create(Contact contact) { // Create the Contact itself - contact.setId(new Integer(counter++)); + contact.setId(new Long(counter++)); contactDao.create(contact); // Grant the current principal access to the contact diff --git a/samples/contacts/src/main/java/sample/contact/AddPermissionController.java b/samples/contacts/src/main/java/sample/contact/AddPermissionController.java index 84f5607138..e0a487daef 100644 --- a/samples/contacts/src/main/java/sample/contact/AddPermissionController.java +++ b/samples/contacts/src/main/java/sample/contact/AddPermissionController.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,13 +21,14 @@ import org.springframework.beans.factory.InitializingBean; import org.springframework.dao.DataAccessException; +import org.springframework.util.Assert; + import org.springframework.validation.BindException; import org.springframework.web.bind.RequestUtils; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.SimpleFormController; import org.springframework.web.servlet.view.RedirectView; -import org.springframework.util.Assert; import java.util.HashMap; import java.util.Iterator; @@ -61,7 +62,8 @@ public class AddPermissionController extends SimpleFormController } public void afterPropertiesSet() throws Exception { - Assert.notNull(contactManager, "A ContactManager implementation is required"); + Assert.notNull(contactManager, + "A ContactManager implementation is required"); } protected ModelAndView disallowDuplicateFormSubmission( @@ -80,7 +82,7 @@ public class AddPermissionController extends SimpleFormController int contactId = RequestUtils.getRequiredIntParameter(request, "contactId"); - Contact contact = contactManager.getById(new Integer(contactId)); + Contact contact = contactManager.getById(new Long(contactId)); AddPermission addPermission = new AddPermission(); addPermission.setContact(contact); diff --git a/samples/contacts/src/main/java/sample/contact/AdminPermissionController.java b/samples/contacts/src/main/java/sample/contact/AdminPermissionController.java index 2651f2f32d..7c7bf361b1 100644 --- a/samples/contacts/src/main/java/sample/contact/AdminPermissionController.java +++ b/samples/contacts/src/main/java/sample/contact/AdminPermissionController.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,10 +20,11 @@ import net.sf.acegisecurity.acl.AclManager; import org.springframework.beans.factory.InitializingBean; +import org.springframework.util.Assert; + import org.springframework.web.bind.RequestUtils; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.Controller; -import org.springframework.util.Assert; import java.io.IOException; @@ -66,7 +67,8 @@ public class AdminPermissionController implements Controller, InitializingBean { } public void afterPropertiesSet() throws Exception { - Assert.notNull(contactManager, "A ContactManager implementation is required"); + Assert.notNull(contactManager, + "A ContactManager implementation is required"); Assert.notNull(aclManager, "An aclManager implementation is required"); } @@ -74,7 +76,7 @@ public class AdminPermissionController implements Controller, InitializingBean { HttpServletResponse response) throws ServletException, IOException { int id = RequestUtils.getRequiredIntParameter(request, "contactId"); - Contact contact = contactManager.getById(new Integer(id)); + Contact contact = contactManager.getById(new Long(id)); AclEntry[] acls = aclManager.getAcls(contact); Map model = new HashMap(); diff --git a/samples/contacts/src/main/java/sample/contact/Contact.java b/samples/contacts/src/main/java/sample/contact/Contact.java index 1041dbe53d..908f831723 100644 --- a/samples/contacts/src/main/java/sample/contact/Contact.java +++ b/samples/contacts/src/main/java/sample/contact/Contact.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,7 @@ import java.io.Serializable; public class Contact implements Serializable { //~ Instance fields ======================================================== - private Integer id; + private Long id; private String email; private String name; @@ -60,7 +60,7 @@ public class Contact implements Serializable { return email; } - public void setId(Integer id) { + public void setId(Long id) { this.id = id; } @@ -69,7 +69,7 @@ public class Contact implements Serializable { * * @return Returns the id. */ - public Integer getId() { + public Long getId() { return id; } diff --git a/samples/contacts/src/main/java/sample/contact/ContactDao.java b/samples/contacts/src/main/java/sample/contact/ContactDao.java index 38519281b6..b72b33b9e7 100644 --- a/samples/contacts/src/main/java/sample/contact/ContactDao.java +++ b/samples/contacts/src/main/java/sample/contact/ContactDao.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,11 +27,11 @@ import java.util.List; public interface ContactDao { //~ Methods ================================================================ - public Contact getById(Integer id); + public Contact getById(Long id); public void create(Contact contact); - public void delete(Integer contactId); + public void delete(Long contactId); public List findAll(); diff --git a/samples/contacts/src/main/java/sample/contact/ContactDaoSpring.java b/samples/contacts/src/main/java/sample/contact/ContactDaoSpring.java index da5df230a4..1f178743f0 100644 --- a/samples/contacts/src/main/java/sample/contact/ContactDaoSpring.java +++ b/samples/contacts/src/main/java/sample/contact/ContactDaoSpring.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -48,8 +48,8 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { //~ Methods ================================================================ - public Contact getById(Integer id) { - List list = contactsByIdQuery.execute(id.intValue()); + public Contact getById(Long id) { + List list = contactsByIdQuery.execute(id.longValue()); if (list.size() == 0) { return null; @@ -59,10 +59,12 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { } public void create(Contact contact) { + System.out.println("creating contact w/ id " + contact.getId() + " " + + contact.getEmail()); contactInsert.insert(contact); } - public void delete(Integer contactId) { + public void delete(Long contactId) { contactDelete.delete(contactId); } @@ -109,14 +111,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { protected Object mapRow(ResultSet rs, int rownum) throws SQLException { - return new Integer(rs.getInt("id")); + return new Long(rs.getLong("id")); } } protected class AclObjectIdentityInsert extends SqlUpdate { protected AclObjectIdentityInsert(DataSource ds) { super(ds, "INSERT INTO acl_object_identity VALUES (?, ?, ?, ?)"); - declareParameter(new SqlParameter(Types.INTEGER)); + declareParameter(new SqlParameter(Types.BIGINT)); declareParameter(new SqlParameter(Types.VARCHAR)); declareParameter(new SqlParameter(Types.INTEGER)); declareParameter(new SqlParameter(Types.VARCHAR)); @@ -124,7 +126,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { } protected int insert(String objectIdentity, - Integer parentAclObjectIdentity, String aclClass) { + Long parentAclObjectIdentity, String aclClass) { Object[] objs = new Object[] {null, objectIdentity, parentAclObjectIdentity, aclClass}; super.update(objs); @@ -135,19 +137,19 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { protected class ContactDelete extends SqlUpdate { protected ContactDelete(DataSource ds) { super(ds, "DELETE FROM contacts WHERE id = ?"); - declareParameter(new SqlParameter(Types.INTEGER)); + declareParameter(new SqlParameter(Types.BIGINT)); compile(); } - protected void delete(Integer contactId) { - super.update(contactId.intValue()); + protected void delete(Long contactId) { + super.update(contactId.longValue()); } } protected class ContactInsert extends SqlUpdate { protected ContactInsert(DataSource ds) { super(ds, "INSERT INTO contacts VALUES (?, ?, ?)"); - declareParameter(new SqlParameter(Types.INTEGER)); + declareParameter(new SqlParameter(Types.BIGINT)); declareParameter(new SqlParameter(Types.VARCHAR)); declareParameter(new SqlParameter(Types.VARCHAR)); compile(); @@ -166,7 +168,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { "UPDATE contacts SET contact_name = ?, address = ? WHERE id = ?"); declareParameter(new SqlParameter(Types.VARCHAR)); declareParameter(new SqlParameter(Types.VARCHAR)); - declareParameter(new SqlParameter(Types.INTEGER)); + declareParameter(new SqlParameter(Types.BIGINT)); compile(); } @@ -186,7 +188,7 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { protected Object mapRow(ResultSet rs, int rownum) throws SQLException { Contact contact = new Contact(); - contact.setId(new Integer(rs.getInt("id"))); + contact.setId(new Long(rs.getLong("id"))); contact.setName(rs.getString("contact_name")); contact.setEmail(rs.getString("email")); @@ -198,14 +200,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { protected ContactsByIdQuery(DataSource ds) { super(ds, "SELECT id, contact_name, email FROM contacts WHERE id = ? ORDER BY id"); - declareParameter(new SqlParameter(Types.INTEGER)); + declareParameter(new SqlParameter(Types.BIGINT)); compile(); } protected Object mapRow(ResultSet rs, int rownum) throws SQLException { Contact contact = new Contact(); - contact.setId(new Integer(rs.getInt("id"))); + contact.setId(new Long(rs.getLong("id"))); contact.setName(rs.getString("contact_name")); contact.setEmail(rs.getString("email")); @@ -217,12 +219,12 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { protected PermissionDelete(DataSource ds) { super(ds, "DELETE FROM acl_permission WHERE ACL_OBJECT_IDENTITY = ? AND RECIPIENT = ?"); - declareParameter(new SqlParameter(Types.INTEGER)); + declareParameter(new SqlParameter(Types.BIGINT)); declareParameter(new SqlParameter(Types.VARCHAR)); compile(); } - protected void delete(Integer aclObjectIdentity, String recipient) { + protected void delete(Long aclObjectIdentity, String recipient) { super.update(new Object[] {aclObjectIdentity, recipient}); } } @@ -230,14 +232,14 @@ public class ContactDaoSpring extends JdbcDaoSupport implements ContactDao { protected class PermissionInsert extends SqlUpdate { protected PermissionInsert(DataSource ds) { super(ds, "INSERT INTO acl_permission VALUES (?, ?, ?, ?);"); - declareParameter(new SqlParameter(Types.INTEGER)); - declareParameter(new SqlParameter(Types.INTEGER)); + declareParameter(new SqlParameter(Types.BIGINT)); + declareParameter(new SqlParameter(Types.BIGINT)); declareParameter(new SqlParameter(Types.VARCHAR)); declareParameter(new SqlParameter(Types.INTEGER)); compile(); } - protected int insert(Integer aclObjectIdentity, String recipient, + protected int insert(Long aclObjectIdentity, String recipient, Integer mask) { Object[] objs = new Object[] {null, aclObjectIdentity, recipient, mask}; super.update(objs); diff --git a/samples/contacts/src/main/java/sample/contact/ContactManager.java b/samples/contacts/src/main/java/sample/contact/ContactManager.java index b5cfff6c4e..1092add997 100644 --- a/samples/contacts/src/main/java/sample/contact/ContactManager.java +++ b/samples/contacts/src/main/java/sample/contact/ContactManager.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,7 +31,7 @@ public interface ContactManager { public List getAllRecipients(); - public Contact getById(Integer id); + public Contact getById(Long id); public Contact getRandomContact(); diff --git a/samples/contacts/src/main/java/sample/contact/ContactManagerBackend.java b/samples/contacts/src/main/java/sample/contact/ContactManagerBackend.java index 802d038eea..b110e140b4 100644 --- a/samples/contacts/src/main/java/sample/contact/ContactManagerBackend.java +++ b/samples/contacts/src/main/java/sample/contact/ContactManagerBackend.java @@ -45,7 +45,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport private BasicAclExtendedDao basicAclExtendedDao; private ContactDao contactDao; - private int counter = 100; + private int counter = 1000; //~ Methods ================================================================ @@ -76,7 +76,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport return basicAclExtendedDao; } - public Contact getById(Integer id) { + public Contact getById(Long id) { if (logger.isDebugEnabled()) { logger.debug("Returning contact with id: " + id); } @@ -130,7 +130,7 @@ public class ContactManagerBackend extends ApplicationObjectSupport public void create(Contact contact) { // Create the Contact itself - contact.setId(new Integer(counter++)); + contact.setId(new Long(counter++)); contactDao.create(contact); // Grant the current principal access to the contact diff --git a/samples/contacts/src/main/java/sample/contact/DataSourcePopulator.java b/samples/contacts/src/main/java/sample/contact/DataSourcePopulator.java index ad90913291..1c85a3bd79 100644 --- a/samples/contacts/src/main/java/sample/contact/DataSourcePopulator.java +++ b/samples/contacts/src/main/java/sample/contact/DataSourcePopulator.java @@ -65,7 +65,7 @@ public class DataSourcePopulator implements InitializingBean { JdbcTemplate template = new JdbcTemplate(dataSource); template.execute( - "CREATE TABLE CONTACTS(ID INTEGER NOT NULL PRIMARY KEY, CONTACT_NAME VARCHAR_IGNORECASE(50) NOT NULL, EMAIL VARCHAR_IGNORECASE(50) NOT NULL)"); + "CREATE TABLE CONTACTS(ID BIGINT NOT NULL PRIMARY KEY, CONTACT_NAME VARCHAR_IGNORECASE(50) NOT NULL, EMAIL VARCHAR_IGNORECASE(50) NOT NULL)"); template.execute( "INSERT INTO contacts VALUES (1, 'John Smith', 'john@somewhere.com');"); // marissa template.execute( @@ -93,7 +93,7 @@ public class DataSourcePopulator implements InitializingBean { } template.execute( - "CREATE TABLE ACL_OBJECT_IDENTITY(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT INTEGER,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))"); + "CREATE TABLE ACL_OBJECT_IDENTITY(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,OBJECT_IDENTITY VARCHAR_IGNORECASE(250) NOT NULL,PARENT_OBJECT BIGINT,ACL_CLASS VARCHAR_IGNORECASE(250) NOT NULL,CONSTRAINT UNIQUE_OBJECT_IDENTITY UNIQUE(OBJECT_IDENTITY),CONSTRAINT SYS_FK_3 FOREIGN KEY(PARENT_OBJECT) REFERENCES ACL_OBJECT_IDENTITY(ID))"); template.execute( "INSERT INTO acl_object_identity VALUES (1, 'sample.contact.Contact:1', null, 'net.sf.acegisecurity.acl.basic.SimpleAclEntry');"); template.execute( @@ -120,7 +120,7 @@ public class DataSourcePopulator implements InitializingBean { } template.execute( - "CREATE TABLE ACL_PERMISSION(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY INTEGER NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))"); + "CREATE TABLE ACL_PERMISSION(ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 100) NOT NULL PRIMARY KEY,ACL_OBJECT_IDENTITY BIGINT NOT NULL,RECIPIENT VARCHAR_IGNORECASE(100) NOT NULL,MASK INTEGER NOT NULL,CONSTRAINT UNIQUE_RECIPIENT UNIQUE(ACL_OBJECT_IDENTITY,RECIPIENT),CONSTRAINT SYS_FK_7 FOREIGN KEY(ACL_OBJECT_IDENTITY) REFERENCES ACL_OBJECT_IDENTITY(ID))"); template.execute( "INSERT INTO acl_permission VALUES (null, 1, 'marissa', 1);"); // administer template.execute( diff --git a/samples/contacts/src/main/java/sample/contact/DeleteController.java b/samples/contacts/src/main/java/sample/contact/DeleteController.java index 0bc120eed9..0959bdc65a 100644 --- a/samples/contacts/src/main/java/sample/contact/DeleteController.java +++ b/samples/contacts/src/main/java/sample/contact/DeleteController.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,10 +17,11 @@ package sample.contact; import org.springframework.beans.factory.InitializingBean; +import org.springframework.util.Assert; + import org.springframework.web.bind.RequestUtils; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.Controller; -import org.springframework.util.Assert; import java.io.IOException; @@ -51,13 +52,14 @@ public class DeleteController implements Controller, InitializingBean { } public void afterPropertiesSet() throws Exception { - Assert.notNull(contactManager, "A ContactManager implementation is required"); + Assert.notNull(contactManager, + "A ContactManager implementation is required"); } public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { int id = RequestUtils.getRequiredIntParameter(request, "contactId"); - Contact contact = contactManager.getById(new Integer(id)); + Contact contact = contactManager.getById(new Long(id)); contactManager.delete(contact); return new ModelAndView("deleted", "contact", contact); diff --git a/samples/contacts/src/main/java/sample/contact/DeletePermissionController.java b/samples/contacts/src/main/java/sample/contact/DeletePermissionController.java index 4183f82f3f..164a56b3d0 100644 --- a/samples/contacts/src/main/java/sample/contact/DeletePermissionController.java +++ b/samples/contacts/src/main/java/sample/contact/DeletePermissionController.java @@ -1,4 +1,4 @@ -/* Copyright 2004 Acegi Technology Pty Limited +/* Copyright 2004, 2005 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,10 +19,11 @@ import net.sf.acegisecurity.acl.AclManager; import org.springframework.beans.factory.InitializingBean; +import org.springframework.util.Assert; + import org.springframework.web.bind.RequestUtils; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.Controller; -import org.springframework.util.Assert; import java.io.IOException; @@ -65,7 +66,8 @@ public class DeletePermissionController implements Controller, InitializingBean } public void afterPropertiesSet() throws Exception { - Assert.notNull(contactManager, "A ContactManager implementation is required"); + Assert.notNull(contactManager, + "A ContactManager implementation is required"); Assert.notNull(aclManager, "An aclManager implementation is required"); } @@ -76,7 +78,7 @@ public class DeletePermissionController implements Controller, InitializingBean String recipient = RequestUtils.getRequiredStringParameter(request, "recipient"); - Contact contact = contactManager.getById(new Integer(contactId)); + Contact contact = contactManager.getById(new Long(contactId)); contactManager.deletePermission(contact, recipient); diff --git a/samples/contacts/src/main/webapp/common/WEB-INF/jsp/index.jsp b/samples/contacts/src/main/webapp/common/WEB-INF/jsp/index.jsp index 12a96138ed..2c2ddc28a7 100644 --- a/samples/contacts/src/main/webapp/common/WEB-INF/jsp/index.jsp +++ b/samples/contacts/src/main/webapp/common/WEB-INF/jsp/index.jsp @@ -3,7 +3,7 @@ Your Contacts -

's Contacts

+

's Contacts

idNameEmail