[jboss-cvs] jboss-seam/src/main/org/jboss/seam/interceptors ...
Shane Bryzak
Shane_Bryzak at symantec.com
Sun Dec 3 20:06:50 EST 2006
User: sbryzak2
Date: 06/12/03 20:06:50
Modified: src/main/org/jboss/seam/interceptors
SecurityInterceptor.java
Log:
bye bye old security design
Revision Changes Path
1.12 +15 -81 jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SecurityInterceptor.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- SecurityInterceptor.java 9 Nov 2006 03:26:15 -0000 1.11
+++ SecurityInterceptor.java 4 Dec 2006 01:06:50 -0000 1.12
@@ -6,13 +6,9 @@
import org.apache.commons.logging.LogFactory;
import org.jboss.seam.annotations.AroundInvoke;
import org.jboss.seam.annotations.Interceptor;
-import org.jboss.seam.annotations.security.Permission;
-import org.jboss.seam.annotations.security.Secure;
-import org.jboss.seam.core.FacesMessages;
+import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.intercept.InvocationContext;
-import org.jboss.seam.security.Authentication;
-import org.jboss.seam.security.AuthenticationException;
-import org.jboss.seam.security.SeamSecurityManager;
+import org.jboss.seam.security.Identity;
/**
* Provides authorization services for component invocations.
@@ -30,86 +26,24 @@
public Object checkSecurity(InvocationContext invocation)
throws Exception
{
- Secure sec = null;
+ Restrict r = null;
- try
- {
Method method = invocation.getMethod();
- if (method.isAnnotationPresent(Secure.class))
- sec = method.getAnnotation(Secure.class);
- else if (method.getDeclaringClass().isAnnotationPresent(Secure.class))
- sec = method.getDeclaringClass().getAnnotation(Secure.class);
-
- if (sec != null)
- {
- boolean redirectToLogin = false;
- Authentication auth = null;
+ if (method.isAnnotationPresent(Restrict.class))
+ r = method.getAnnotation(Restrict.class);
+ else if (method.getDeclaringClass().isAnnotationPresent(Restrict.class))
+ r = method.getDeclaringClass().getAnnotation(Restrict.class);
+
+ if (r != null)
+ {
+ Identity identity = Identity.instance();
+ if (!identity.isValid())
+ throw new SecurityException("Invalid identity");
- try
- {
- auth = Authentication.instance();
- if (!auth.isValid())
- redirectToLogin = true;
- }
- catch (AuthenticationException ex)
- {
- if (String.class.equals(method.getReturnType()))
- redirectToLogin = true;
- else
- throw ex;
- }
-
- if (redirectToLogin)
- {
- return SeamSecurityManager.instance().getLoginAction();
+ /** todo perform restriction check here */
}
- // If roles() are specified check them first
- if (sec.roles().length > 0)
- {
- for (String role : sec.roles())
- {
- if (auth.isUserInRole(role))
return invocation.proceed();
}
- }
-
- // No roles match, check permissions
- try
- {
- if (sec.permissions().length > 0)
- {
- for (Permission p : sec.permissions())
- {
- SeamSecurityManager.instance().checkPermission(p.name(), p.action());
- }
- }
- }
- catch (SecurityException ex)
- {
- log.info(ex.getMessage());
- FacesMessages.instance().add(ex.getMessage());
- // Fall through to error page
- }
-
- return forwardToErrorPage(sec);
- }
-
- return invocation.proceed();
- }
- catch (SecurityException ex)
- {
- return forwardToErrorPage(sec);
- }
- }
-
- private String forwardToErrorPage(Secure sec)
- {
- // Authorization has failed.. redirect the user to an error page
- if (sec != null && sec.onfail() != null && !"".equals(sec.onfail()))
- return sec.onfail();
-
- return SeamSecurityManager.instance().getSecurityErrorAction();
- }
}
More information about the jboss-cvs-commits
mailing list