Merge pull request #390 from CJSCommonPlatform/setup-1-war

Allow access control to be component-specific

Author: purple52

CHANGELOG.md

@@ -5,6 +5,12 @@ on [Keep a CHANGELOG](http://keepachangelog.com/). This project adheres to
 
 ## [Unreleased]
 
+### Changed
+- Interceptor chain now adds the component name to the context so it can be used by the access control interceptor or anything else that needs it
+
+### Removed
+- Access control Provider annotation and annotation scanning; this functionality has moved to the access control library
+
 ## [2.0.0-rc1]
 
 ### Changed

core/src/main/java/uk/gov/justice/services/core/accesscontrol/AllowAllPolicyEvaluator.java

@@ -16,7 +16,8 @@
 public class AllowAllPolicyEvaluator implements PolicyEvaluator {
 
     @Override
-    public Optional<AccessControlViolation> checkAccessPolicyFor(@SuppressWarnings("unused") final JsonEnvelope jsonEnvelope) {
+    public Optional<AccessControlViolation> checkAccessPolicyFor(final String component,
+                                                                 @SuppressWarnings("unused") final JsonEnvelope jsonEnvelope) {
         return empty();
     }
 }

core/src/main/java/uk/gov/justice/services/core/accesscontrol/DefaultAccessControlService.java

@@ -21,15 +21,15 @@ public class DefaultAccessControlService implements AccessControlService {
     @Inject
     PolicyEvaluator policyEvaluator;
 
-    public Optional<AccessControlViolation> checkAccessControl(final JsonEnvelope jsonEnvelope) {
+    public Optional<AccessControlViolation> checkAccessControl(final String component, final JsonEnvelope jsonEnvelope) {
 
         if (accessControlDisabled()) {
             logger.trace("Skipping access control due to configuration");
             return empty();
         }
 
         logger.trace("Performing access control for action: {}", jsonEnvelope.metadata().name());
-        return policyEvaluator.checkAccessPolicyFor(jsonEnvelope);
+        return policyEvaluator.checkAccessPolicyFor(component, jsonEnvelope);
     }
 
     private boolean accessControlDisabled() {

core/src/main/java/uk/gov/justice/services/core/accesscontrol/LocalAccessControlInterceptor.java

@@ -23,13 +23,14 @@ public class LocalAccessControlInterceptor implements Interceptor {
     @Override
     public InterceptorContext process(final InterceptorContext interceptorContext, final InterceptorChain interceptorChain) {
 
-        checkAccessControl(interceptorContext.inputEnvelope());
+        final String component = interceptorContext.getInputParameter("component").get().toString();
+        checkAccessControl(component, interceptorContext.inputEnvelope());
 
         return interceptorChain.processNext(interceptorContext);
     }
 
-    private void checkAccessControl(final JsonEnvelope jsonEnvelope) {
-        final Optional<AccessControlViolation> accessControlViolation = accessControlService.checkAccessControl(jsonEnvelope);
+    private void checkAccessControl(final String component, final JsonEnvelope jsonEnvelope) {
+        final Optional<AccessControlViolation> accessControlViolation = accessControlService.checkAccessControl(component,jsonEnvelope);
 
         if (accessControlViolation.isPresent()) {
             final String errorMessage = accessControlFailureMessageGenerator.errorMessageFrom(

core/src/main/java/uk/gov/justice/services/core/extension/AnnotationScanner.java

@@ -12,7 +12,6 @@
 import uk.gov.justice.services.core.annotation.Direct;
 import uk.gov.justice.services.core.annotation.DirectAdapter;
 import uk.gov.justice.services.core.annotation.FrameworkComponent;
-import uk.gov.justice.services.core.annotation.Provider;
 import uk.gov.justice.services.core.annotation.ServiceComponent;
 import uk.gov.justice.services.core.handler.registry.HandlerRegistry;
 
@@ -51,16 +50,13 @@ <T> void processAnnotatedType(@Observes final ProcessAnnotatedType<T> pat) {
 
     @SuppressWarnings("unused")
     void afterDeploymentValidation(@Observes final AfterDeploymentValidation event, final BeanManager beanManager) {
+
         final Set<Bean<?>> directAdapters = beanManager.getBeans(SynchronousDirectAdapter.class);
         allBeansFrom(beanManager)
                 .filter(this::isServiceComponent)
                 .filter(bean -> isNotDirectComponentWithoutAdapter(bean, directAdapters))
                 .forEach(this::processServiceComponentsForEvents);
 
-        allBeansFrom(beanManager)
-                .filter(this::isFrameworkProvider)
-                .forEach(this::processProviderForEvents);
-
         fireAllCollectedEvents(beanManager);
     }
 
@@ -72,12 +68,6 @@ private boolean isServiceComponent(final Bean<?> bean) {
         return isServiceComponent(bean.getBeanClass());
     }
 
-
-    private boolean isFrameworkProvider(final Bean<?> bean) {
-        final Class<?> beanClass = bean.getBeanClass();
-        return beanClass.isAnnotationPresent(Provider.class);
-    }
-
     private boolean isServiceComponent(final Class<?> beanClass) {
         return beanClass.isAnnotationPresent(ServiceComponent.class)
                 || beanClass.isAnnotationPresent(FrameworkComponent.class)
@@ -110,11 +100,6 @@ private boolean isNotDirectComponentWithoutAdapter(final Bean<?> bean, final Set
         return true;
     }
 
-    private void processProviderForEvents(final Bean<?> bean) {
-        events.add(new ProviderFoundEvent(bean));
-        LOGGER.info("Identified Access Control Provider {}", bean.getBeanClass().getSimpleName());
-    }
-
     private void fireAllCollectedEvents(final BeanManager beanManager) {
         events.forEach(beanManager::fireEvent);
     }

core/src/main/java/uk/gov/justice/services/core/extension/ProviderFoundEvent.java

@@ -21,6 +21,8 @@ public class DefaultInterceptorChainProcessor implements InterceptorChainProcess
 
     @Override
     public Optional<JsonEnvelope> process(final InterceptorContext interceptorContext) {
+        interceptorContext.setInputParameter("component", component);
+
         return new DefaultInterceptorChain(interceptorCache.getInterceptors(component), targetOf(dispatch))
                 .processNext(interceptorContext)
                 .outputEnvelope();
@@ -29,10 +31,12 @@ public Optional<JsonEnvelope> process(final InterceptorContext interceptorContex
     @Override
     @Deprecated
     public Optional<JsonEnvelope> process(final JsonEnvelope jsonEnvelope) {
-        return process(interceptorContextWithInput(jsonEnvelope));
+        final InterceptorContext context = interceptorContextWithInput(jsonEnvelope);
+        context.setInputParameter("component", component);
+        return process(context);
     }
 
     private Target targetOf(final Function<JsonEnvelope, JsonEnvelope> dispatch) {
         return interceptorContext -> interceptorContext.copyWithOutput(dispatch.apply(interceptorContext.inputEnvelope()));
     }
-}
+}

core/src/main/java/uk/gov/justice/services/core/interceptor/DefaultInterceptorChainProcessor.java

@@ -22,6 +22,6 @@ public void shouldAllowAllAccess() throws Exception {
 
         final JsonEnvelope jsonEnvelope = mock(JsonEnvelope.class);
 
-        assertThat(allowAllAccessController.checkAccessPolicyFor(jsonEnvelope).isPresent(), is(false));
+        assertThat(allowAllAccessController.checkAccessPolicyFor("command", jsonEnvelope).isPresent(), is(false));
     }
 }

core/src/test/java/uk/gov/justice/services/core/accesscontrol/AllowAllPolicyEvaluatorTest.java

@@ -62,9 +62,9 @@ public void shouldDelegateTheAccessControlLogicToTheAccessController() throws Ex
         final Optional<AccessControlViolation> accessControlViolation =
                 of(mock(AccessControlViolation.class));
 
-        when(policyEvaluator.checkAccessPolicyFor(jsonEnvelope)).thenReturn(accessControlViolation);
+        when(policyEvaluator.checkAccessPolicyFor("command", jsonEnvelope)).thenReturn(accessControlViolation);
 
-        assertThat(accessControlService.checkAccessControl(jsonEnvelope),
+        assertThat(accessControlService.checkAccessControl("command", jsonEnvelope),
                 is(sameInstance(accessControlViolation)));
 
         assertLogStatement();
@@ -76,7 +76,7 @@ public void shouldIgnoreAccessControlIfTheAccessControlDisabledPropertyIsTrue()
         System.setProperty(ACCESS_CONTROL_DISABLED_PROPERTY, "true");
 
         final Optional<AccessControlViolation> accessControlViolation =
-                accessControlService.checkAccessControl(jsonEnvelope);
+                accessControlService.checkAccessControl("command", jsonEnvelope);
 
         assertThat(accessControlViolation.isPresent(), is(false));
 
@@ -93,9 +93,9 @@ public void shouldUseAccessControlIfTheAccessControlDisabledPropertyIsFalse() th
         final Optional<AccessControlViolation> accessControlViolation =
                 of(mock(AccessControlViolation.class));
 
-        when(policyEvaluator.checkAccessPolicyFor(jsonEnvelope)).thenReturn(accessControlViolation);
+        when(policyEvaluator.checkAccessPolicyFor("command", jsonEnvelope)).thenReturn(accessControlViolation);
 
-        assertThat(accessControlService.checkAccessControl(jsonEnvelope),
+        assertThat(accessControlService.checkAccessControl("command", jsonEnvelope),
                 is(sameInstance(accessControlViolation)));
 
         assertLogStatement();

core/src/test/java/uk/gov/justice/services/core/accesscontrol/DefaultAccessControlServiceTest.java

@@ -64,18 +64,21 @@ public void setup() throws Exception {
     @Test
     public void shouldApplyAccessControlToInputIfLocalComponent() throws Exception {
         final InterceptorContext inputContext = interceptorContextWithInput(envelope);
-        when(accessControlService.checkAccessControl(envelope)).thenReturn(Optional.empty());
+        inputContext.setInputParameter("component", "command");
+
+        when(accessControlService.checkAccessControl("command", envelope)).thenReturn(Optional.empty());
 
         interceptorChain.processNext(inputContext);
-        verify(accessControlService).checkAccessControl(envelope);
+        verify(accessControlService).checkAccessControl("command", envelope);
     }
 
     @Test
     public void shouldThrowAccessControlViolationExceptionIfAccessControlFailsForInput() throws Exception {
         final InterceptorContext inputContext = interceptorContextWithInput(envelope);
+        inputContext.setInputParameter("component", "command");
         final AccessControlViolation accessControlViolation = new AccessControlViolation("reason");
 
-        when(accessControlService.checkAccessControl(envelope)).thenReturn(Optional.of(accessControlViolation));
+        when(accessControlService.checkAccessControl("command", envelope)).thenReturn(Optional.of(accessControlViolation));
         when(accessControlFailureMessageGenerator.errorMessageFrom(envelope, accessControlViolation)).thenReturn("Error message");
 
         exception.expect(AccessControlViolationException.class);
@@ -102,4 +105,4 @@ public void dummyMethod() {
 
         }
     }
-}
+}