[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...
Shane Bryzak
Shane_Bryzak at symantec.com
Thu Oct 19 00:09:33 EDT 2006
User: sbryzak2
Date: 06/10/19 00:09:33
Modified: src/main/org/jboss/seam/security SeamPermission.java
SeamSecurityManager.java
Log:
implemented ACL checking
Revision Changes Path
1.4 +9 -33 jboss-seam/src/main/org/jboss/seam/security/SeamPermission.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SeamPermission.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/SeamPermission.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
--- SeamPermission.java 18 Oct 2006 05:16:32 -0000 1.3
+++ SeamPermission.java 19 Oct 2006 04:09:33 -0000 1.4
@@ -1,9 +1,6 @@
package org.jboss.seam.security;
import java.security.acl.Permission;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
/**
* Represents permissions for a Seam component.
@@ -13,35 +10,20 @@
public class SeamPermission implements Permission
{
private String name;
- private String actions;
+ private String action;
- private Set<String> actionSet = new HashSet<String>();
/**
*
* @param name String
* @param actions String
*/
- public SeamPermission(String name, String actions)
+ public SeamPermission(String name, String action)
{
if (name == null || "".equals(name.trim()))
throw new IllegalArgumentException("Permission name is required");
this.name = name;
-
- String[] parts = actions.split(",");
- Arrays.sort(parts);
-
- StringBuilder sorted = new StringBuilder();
- for (String action : parts)
- {
- actionSet.add(action);
-
- if (sorted.length() > 0)
- sorted.append(',');
- sorted.append(action);
- }
-
- this.actions = sorted.toString();
+ this.action = action;
}
public String getName()
@@ -49,20 +31,14 @@
return name;
}
- public String getActions()
+ public String getAction()
{
- return actions;
+ return action;
}
- /**
- * Returns true if this permission contains the specified action.
- *
- * @param action String
- * @return boolean
- */
- public boolean containsAction(String action)
+ public String toString()
{
- return actionSet.contains(action);
+ return String.format("[name=%s,action=%s]", name, action);
}
public boolean equals(Object obj)
@@ -72,11 +48,11 @@
SeamPermission other = (SeamPermission) obj;
- return other.name.equals(name) && other.actions.equals(this.actions);
+ return other.name.equals(name) && other.action.equals(this.action);
}
public int hashCode()
{
- return (name.hashCode() * 11) ^ (actions.hashCode() * 13);
+ return (name.hashCode() * 11) ^ (action.hashCode() * 13);
}
}
1.7 +30 -23 jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SeamSecurityManager.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -b -r1.6 -r1.7
--- SeamSecurityManager.java 19 Oct 2006 03:41:52 -0000 1.6
+++ SeamSecurityManager.java 19 Oct 2006 04:09:33 -0000 1.7
@@ -1,21 +1,23 @@
package org.jboss.seam.security;
import java.security.Permissions;
+import java.security.acl.Acl;
+import java.security.acl.Permission;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
import static org.jboss.seam.ScopeType.APPLICATION;
import org.jboss.seam.Component;
+import org.jboss.seam.InterceptionType;
import org.jboss.seam.ScopeType;
+import org.jboss.seam.Seam;
+import org.jboss.seam.annotations.DefinePermissions;
+import org.jboss.seam.annotations.Intercept;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.contexts.Contexts;
-import java.util.Map;
-import java.util.Set;
-import java.util.HashMap;
-import org.jboss.seam.annotations.Intercept;
-import org.jboss.seam.InterceptionType;
-import org.jboss.seam.Seam;
-import org.jboss.seam.annotations.DefinePermissions;
-import org.jboss.seam.annotations.AclProvider;
+import org.jboss.seam.security.acl.AclProvider;
/**
* Holds configuration settings and provides functionality for the security API
@@ -38,9 +40,9 @@
private String securityErrorAction = "securityError";
/**
- * Maps roles to permissions
+ * Map roles to permissions
*/
- private Map<String,Set<SeamPermission>> rolePermissions = new HashMap<String,Set<SeamPermission>>();
+ private Map<String,Set<Permission>> rolePermissions = new HashMap<String,Set<Permission>>();
private class PermissionsMetadata {
private String name;
@@ -124,32 +126,37 @@
if (providerName != null && !"".equals(providerName))
provider = Component.getInstance(providerName, true);
- checkPermission(meta.getName(), action, obj, provider);
+ if (!AclProvider.class.isAssignableFrom(provider.getClass()))
+ throw new IllegalStateException(String.format(
+ "Provider [%s] not instance of AclProvider", provider.toString()));
+
+ checkPermission(meta.getName(), action, obj, (AclProvider) provider);
}
- private void checkPermission(String name, String action, Object obj, Object aclProvider)
+ private void checkPermission(String name, String action, Object obj, AclProvider aclProvider)
{
+ Permission required = new SeamPermission(name, action);
+
for (String role : Authentication.instance().getRoles())
{
- Set<SeamPermission> permissions = rolePermissions.get(role);
+ Set<Permission> permissions = rolePermissions.get(role);
if (permissions != null)
{
- for (SeamPermission p : permissions)
- {
- if (p.getName().equals(name) && p.containsAction(action))
+ if (permissions.contains(required))
{
if (aclProvider == null)
return;
-
- }
+ Acl acl = aclProvider.getAcls(obj, Authentication.instance());
+ if (acl.checkPermission(Authentication.instance(), new SeamPermission(name, action)))
+ return;
}
}
}
throw new SecurityException(String.format(
- "Authenticated principal does not contain required permission [name=%s,action=%s]",
- name, action));
+ "Authenticated principal does not contain required permission %s",
+ required));
}
private PermissionsMetadata getClassPermissionMetadata(Class cls)
@@ -185,7 +192,7 @@
if (def != null)
{
- for (AclProvider p : def.permissions())
+ for (org.jboss.seam.annotations.AclProvider p : def.permissions())
{
for (String action : p.actions().split("[,]"))
{
More information about the jboss-cvs-commits
mailing list