This is an automated email from the ASF dual-hosted git repository.
dixitdeepak pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 406f20b3a3 Added security provider in application securityext
component (OFBIZ-13418) (#1265)
406f20b3a3 is described below
commit 406f20b3a32907c9903540b27cd1e3361f6b62cc
Author: Deepak Dixit <[email protected]>
AuthorDate: Tue May 26 10:12:22 2026 +0530
Added security provider in application securityext component (OFBIZ-13418)
(#1265)
Added OFBizApplicationSecurity in the securityext component as an
application-level copy of the existing OFBizSecurity implementation.
Registers it with Java ServiceLoader so SecurityFactory.getInstance()
can discover it without adding a direct framework dependency on
application.
Removed application layer code from framework OFBizSecurity inner class
---
.../security/OFBizApplicationSecurity.java | 248 +++++++++++++++++++++
.../services/org.apache.ofbiz.security.Security | 1 +
.../org/apache/ofbiz/security/SecurityFactory.java | 29 +--
3 files changed, 250 insertions(+), 28 deletions(-)
diff --git
a/applications/securityext/src/main/java/org/apache/ofbiz/securityext/security/OFBizApplicationSecurity.java
b/applications/securityext/src/main/java/org/apache/ofbiz/securityext/security/OFBizApplicationSecurity.java
new file mode 100644
index 0000000000..f47f8d48a3
--- /dev/null
+++
b/applications/securityext/src/main/java/org/apache/ofbiz/securityext/security/OFBizApplicationSecurity.java
@@ -0,0 +1,248 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+
*******************************************************************************/
+package org.apache.ofbiz.securityext.security;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import jakarta.servlet.http.HttpSession;
+
+import org.apache.ofbiz.base.util.Assert;
+import org.apache.ofbiz.base.util.Debug;
+import org.apache.ofbiz.base.util.UtilMisc;
+import org.apache.ofbiz.entity.Delegator;
+import org.apache.ofbiz.entity.GenericEntityException;
+import org.apache.ofbiz.entity.GenericValue;
+import org.apache.ofbiz.entity.condition.EntityCondition;
+import org.apache.ofbiz.entity.condition.EntityConditionList;
+import org.apache.ofbiz.entity.condition.EntityExpr;
+import org.apache.ofbiz.entity.condition.EntityOperator;
+import org.apache.ofbiz.entity.util.EntityQuery;
+import org.apache.ofbiz.entity.util.EntityUtil;
+import org.apache.ofbiz.security.Security;
+
+public class OFBizApplicationSecurity implements Security {
+
+ private static final String MODULE =
OFBizApplicationSecurity.class.getName();
+
+ private Delegator delegator = null;
+
+ private static final Map<String, Map<String, String>> SIMPLE_ROLE_ENT =
UtilMisc.toMap(
+ "ORDERMGR", UtilMisc.<String, String>toMap("name", "OrderRole",
"pkey", "orderId"),
+ "FACILITY", UtilMisc.<String, String>toMap("name",
"FacilityParty", "pkey", "facilityId"),
+ "MARKETING", UtilMisc.<String, String>toMap("name",
"MarketingCampaignRole", "pkey", "marketingCampaignId"));
+
+ public OFBizApplicationSecurity() { }
+
+ @Override
+ public void clearUserData(GenericValue userLogin) {
+ if (userLogin != null) {
+ delegator.getCache().remove("UserLoginSecurityGroup",
EntityCondition.makeCondition("userLoginId", EntityOperator.EQUALS,
+ userLogin.getString("userLoginId")));
+ }
+ }
+
+ @Override
+ @Deprecated
+ public Iterator<GenericValue>
findUserLoginSecurityGroupByUserLoginId(String userLoginId) {
+ try {
+ List<GenericValue> collection =
EntityUtil.filterByDate(EntityQuery.use(delegator).from("UserLoginSecurityGroup")
+ .where("userLoginId",
userLoginId).cache(true).queryList());
+ return collection.iterator();
+ } catch (GenericEntityException e) {
+ Debug.logWarning(e, MODULE);
+ return Collections.<GenericValue>emptyList().iterator();
+ }
+ }
+
+ @Override
+ @Deprecated
+ public Delegator getDelegator() {
+ return this.delegator;
+ }
+
+ @Override
+ public boolean hasEntityPermission(String entity, String action,
GenericValue userLogin) {
+ if (userLogin == null || entity == null || action == null) return
false;
+ String permission = entity.concat(action);
+ String adminPermission = entity.concat("_ADMIN");
+ Iterator<GenericValue> iterator =
findUserLoginSecurityGroupByUserLoginId(userLogin.getString("userLoginId"));
+ while (iterator.hasNext()) {
+ GenericValue userLoginSecurityGroup = iterator.next();
+ if
(securityGroupPermissionExists(userLoginSecurityGroup.getString("groupId"),
permission)) {
+ return true;
+ }
+ if
(securityGroupPermissionExists(userLoginSecurityGroup.getString("groupId"),
adminPermission)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ @Override
+ public boolean hasEntityPermission(String entity, String action,
HttpSession session) {
+ if (session == null) {
+ return false;
+ }
+ GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
+ if (userLogin == null) {
+ return false;
+ }
+ return hasEntityPermission(entity, action, userLogin);
+ }
+
+ @Override
+ public boolean hasPermission(String permission, GenericValue userLogin) {
+ if (userLogin == null) {
+ return false;
+ }
+ Iterator<GenericValue> iterator =
findUserLoginSecurityGroupByUserLoginId(userLogin.getString("userLoginId"));
+ GenericValue userLoginSecurityGroup = null;
+ while (iterator.hasNext()) {
+ userLoginSecurityGroup = iterator.next();
+ if
(securityGroupPermissionExists(userLoginSecurityGroup.getString("groupId"),
permission)) return true;
+ }
+ return false;
+ }
+
+ @Override
+ public boolean hasPermission(String permission, HttpSession session) {
+ GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
+ if (userLogin == null) {
+ return false;
+ }
+ return hasPermission(permission, userLogin);
+ }
+
+ /**
+ * Like hasEntityPermission above, this checks the specified action, as
well as for "_ADMIN" to allow for simplified
+ * general administration permission, but also checks action_ROLE and
validates the user is a member for the
+ * application.
+ * @param application The name of the application corresponding to the
desired permission.
+ * @param action The action on the application corresponding to the
desired permission.
+ * @param entityName The name of the role entity to use for validation.
+ * @param condition EntityCondition used to query the entityName.
+ * @param userLogin The userLogin object for user to check against.
+ * @return Returns true if the currently logged in userLogin has the
specified permission, otherwise returns false.
+ */
+ private boolean hasRolePermission(String application, String action,
String entityName, EntityCondition condition, GenericValue userLogin) {
+ if (userLogin == null) {
+ return false;
+ }
+ // first check the standard permission
+ if (hasEntityPermission(application, action, userLogin)) {
+ return true;
+ }
+ // make sure we have what's needed for role security
+ if (entityName == null || condition == null) {
+ return false;
+ }
+ // now check the user for the role permission
+ if (hasEntityPermission(application + "_ROLE", action, userLogin)) {
+ // we have the permission now, we check to make sure we are
allowed access
+ try {
+ List<GenericValue> roleTest =
EntityQuery.use(delegator).from(entityName).where(condition).queryList();
+ if (!roleTest.isEmpty()) {
+ return true;
+ }
+ } catch (GenericEntityException e) {
+ Debug.logError(e, "Problems doing role security lookup on
entity [" + entityName + "] using [" + condition + "]", MODULE);
+ return false;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public boolean hasRolePermission(String application, String action, String
primaryKey, List<String> roles, GenericValue userLogin) {
+ if (userLogin == null) {
+ return false;
+ }
+ if ("".equals(primaryKey) && roles == null) {
+ if (hasEntityPermission(application, action, userLogin)) return
true;
+ if (hasEntityPermission(application + "_ROLE", action, userLogin))
return true;
+ }
+ String entityName = null;
+ EntityCondition condition = null;
+ Map<String, String> simpleRoleMap = SIMPLE_ROLE_ENT.get(application);
+ if (simpleRoleMap != null && roles != null) {
+ entityName = simpleRoleMap.get("name");
+ String pkey = simpleRoleMap.get("pkey");
+ if (pkey != null) {
+ List<EntityExpr> expressions = new ArrayList<>();
+ for (String role: roles) {
+
expressions.add(EntityCondition.makeCondition("roleTypeId",
EntityOperator.EQUALS, role));
+ }
+ EntityConditionList<EntityExpr> exprList =
EntityCondition.makeCondition(expressions, EntityOperator.OR);
+ EntityExpr keyExpr = EntityCondition.makeCondition(pkey,
primaryKey);
+ EntityExpr partyExpr =
EntityCondition.makeCondition("partyId", userLogin.getString("partyId"));
+ condition = EntityCondition.makeCondition(exprList, keyExpr,
partyExpr);
+ }
+
+ }
+ return hasRolePermission(application, action, entityName, condition,
userLogin);
+ }
+
+ @Override
+ public boolean hasRolePermission(String application, String action, String
primaryKey, List<String> roles, HttpSession session) {
+ GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
+ return hasRolePermission(application, action, primaryKey, roles,
userLogin);
+ }
+
+ @Override
+ public boolean hasRolePermission(String application, String action, String
primaryKey, String role, GenericValue userLogin) {
+ List<String> roles = null;
+ if (role != null && !"".equals(role)) {
+ roles = UtilMisc.toList(role);
+ }
+ return hasRolePermission(application, action, primaryKey, roles,
userLogin);
+ }
+
+ @Override
+ public boolean hasRolePermission(String application, String action, String
primaryKey, String role, HttpSession session) {
+ GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
+ return hasRolePermission(application, action, primaryKey, role,
userLogin);
+ }
+
+ @Override
+ @Deprecated
+ public boolean securityGroupPermissionExists(String groupId, String
permission) {
+ try {
+ return EntityQuery.use(delegator).from("SecurityGroupPermission")
+ .where("groupId", groupId, "permissionId",
permission).cache(true).filterByDate().queryFirst() != null;
+ } catch (GenericEntityException e) {
+ Debug.logWarning(e, MODULE);
+ return false;
+ }
+ }
+
+ @Override
+ @Deprecated
+ public void setDelegator(Delegator delegator) {
+ if (this.delegator != null) {
+ throw new IllegalStateException("This object has been initialized
already.");
+ }
+ Assert.notNull("delegator", delegator);
+ this.delegator = delegator;
+ }
+}
diff --git
a/applications/securityext/src/main/resources/META-INF/services/org.apache.ofbiz.security.Security
b/applications/securityext/src/main/resources/META-INF/services/org.apache.ofbiz.security.Security
new file mode 100644
index 0000000000..21f0d45241
--- /dev/null
+++
b/applications/securityext/src/main/resources/META-INF/services/org.apache.ofbiz.security.Security
@@ -0,0 +1 @@
+org.apache.ofbiz.securityext.security.OFBizApplicationSecurity
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecurityFactory.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecurityFactory.java
index 64e14b3781..6544059f26 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecurityFactory.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecurityFactory.java
@@ -18,11 +18,9 @@
*******************************************************************************/
package org.apache.ofbiz.security;
-import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
-import java.util.Map;
import java.util.ServiceLoader;
import jakarta.servlet.http.HttpSession;
@@ -35,8 +33,6 @@ import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.entity.GenericEntityException;
import org.apache.ofbiz.entity.GenericValue;
import org.apache.ofbiz.entity.condition.EntityCondition;
-import org.apache.ofbiz.entity.condition.EntityConditionList;
-import org.apache.ofbiz.entity.condition.EntityExpr;
import org.apache.ofbiz.entity.condition.EntityOperator;
import org.apache.ofbiz.entity.util.EntityQuery;
import org.apache.ofbiz.entity.util.EntityUtil;
@@ -87,11 +83,6 @@ public final class SecurityFactory {
private Delegator delegator = null;
- private static final Map<String, Map<String, String>> SIMPLE_ROLE_ENT
= UtilMisc.toMap(
- "ORDERMGR", UtilMisc.<String, String>toMap("name",
"OrderRole", "pkey", "orderId"),
- "FACILITY", UtilMisc.<String, String>toMap("name",
"FacilityParty", "pkey", "facilityId"),
- "MARKETING", UtilMisc.<String, String>toMap("name",
"MarketingCampaignRole", "pkey", "marketingCampaignId"));
-
private OFBizSecurity() { }
@Override
@@ -223,25 +214,7 @@ public final class SecurityFactory {
if (hasEntityPermission(application, action, userLogin))
return true;
if (hasEntityPermission(application + "_ROLE", action,
userLogin)) return true;
}
- String entityName = null;
- EntityCondition condition = null;
- Map<String, String> simpleRoleMap =
OFBizSecurity.SIMPLE_ROLE_ENT.get(application);
- if (simpleRoleMap != null && roles != null) {
- entityName = simpleRoleMap.get("name");
- String pkey = simpleRoleMap.get("pkey");
- if (pkey != null) {
- List<EntityExpr> expressions = new ArrayList<>();
- for (String role: roles) {
-
expressions.add(EntityCondition.makeCondition("roleTypeId",
EntityOperator.EQUALS, role));
- }
- EntityConditionList<EntityExpr> exprList =
EntityCondition.makeCondition(expressions, EntityOperator.OR);
- EntityExpr keyExpr = EntityCondition.makeCondition(pkey,
primaryKey);
- EntityExpr partyExpr =
EntityCondition.makeCondition("partyId", userLogin.getString("partyId"));
- condition = EntityCondition.makeCondition(exprList,
keyExpr, partyExpr);
- }
-
- }
- return hasRolePermission(application, action, entityName,
condition, userLogin);
+ return false;
}
@Override
