@TestCoversMethods({"isReadable", "isWritable"}) public void testIsAccessible() throws Exception { SecurityManager securityManager = new SecurityManager(); FieldAccessController controller = new FieldAccessController(new BaseAccessRule()); securityManager.addAccessController(controller); mapper.setSecurityManager(securityManager); Object owner = new Object(); Object other = new Object(); POJO1 entity = new POJO1(owner); List<com.syncnapsis.utils.reflections.Field> fields = ReflectionsUtil.findFields(POJO1.class); assertEquals(3, fields.size()); com.syncnapsis.utils.reflections.Field xField = fields.get(0); assertEquals("x", xField.getName()); com.syncnapsis.utils.reflections.Field yField = fields.get(1); assertEquals("y", yField.getName()); com.syncnapsis.utils.reflections.Field ownersField = fields.get(2); assertEquals("owners", ownersField.getName()); // READABLE // @formatter:off Object[][] authorities = new Object[][] { new Object[] {owner}, new Object[] {other}, new Object[] {owner, other}, null, new Object[] {}, }; // @formatter:on for (int i = 0; i < authorities.length; i++) { assertEquals( controller.isAccessible(xField, AccessController.READ, entity, authorities[i]), mapper.isReadable(entity, xField, authorities[i])); assertEquals( controller.isAccessible(xField, AccessController.WRITE, entity, authorities[i]), mapper.isWritable(entity, xField, authorities[i])); assertEquals( controller.isAccessible(yField, AccessController.READ, entity, authorities[i]), mapper.isReadable(entity, yField, authorities[i])); assertEquals( controller.isAccessible(yField, AccessController.WRITE, entity, authorities[i]), mapper.isWritable(entity, yField, authorities[i])); } }
/** * Summary function for log(..., Object, ...) and log(..., Exception, ...) which handles the * forwarded (partially already serialized) objects. * * @see RPCLogManager#log(RPCCall, Object, User, HttpSession, Object...) * @see RPCLogManager#log(RPCCall, Exception, User, HttpSession, Object...) * @param rpcCall - the RPCCall performed * @param result - the result or exception returned serialized as a String * @param exceptionThrown - did the RPCCall throw an Exception * @param executionDate - the execution date * @param user - the User that performed the RPCCall * @param session - the session in which the RPCCall was executed * @param authorities - the authorities used to perform the RPCCall */ protected RPCLog log( RPCCall rpcCall, String result, boolean exceptionThrown, Date executionDate, User user, HttpSession session, Object... authorities) { com.syncnapsis.data.model.help.RPCCall call = new com.syncnapsis.data.model.help.RPCCall(); call.setObject(rpcCall.getObject()); call.setMethod(rpcCall.getMethod()); try { // filter (serialized) arguments (e.g. passwords) if (rpcCall.getInvocationInfo() != null && rpcCall.getInvocationInfo().getMethod() != null) { LogFilter filter = ReflectionsUtil.getAnnotation(rpcCall.getInvocationInfo().getMethod(), LogFilter.class); if (filter != null) { for (int filteredArg : filter.filteredArgs()) { rpcCall.getArgs()[filteredArg] = "****"; } } } call.setArgs(serializer.serialize(rpcCall.getArgs(), authorities)); } catch (SerializationException e) { logger.error("Could not serialize RPC args: " + e.getMessage()); call.setArgs(e.getClass().getName() + ": " + e.getMessage()); } String resultS = result; if (resultS.length() > Model.LENGTH_TEXT) { resultS = resultS.substring(0, Model.LENGTH_TEXT - 5) + " ..."; if (resultS.startsWith("{")) resultS += "}"; else if (resultS.startsWith("[")) resultS += "]"; } RPCLog log = new RPCLog(); log.setExecutionDate(executionDate); log.setRemoteAddr(ServletUtil.getRemoteAddr(session)); log.setResult(resultS); log.setRPCCall(call); log.setUser(user); log.setUserAgent(ServletUtil.getUserAgent(session)); if (log.getUserAgent() == null) log.setUserAgent(USER_AGENT_NULL); if (rpcLogger.isInfoEnabled()) { String d = dateFormat.get().format(executionDate); rpcLogger.info( d + " " + log.getRemoteAddr() + " -> " + call.getObject() + "." + call.getMethod() + "(" + call.getArgs() + ")" + (exceptionThrown ? " threw " : " returned ") + log.getResult()); } return save(log); }