[jboss-cvs] jboss-seam/src/main/org/jboss/seam/interceptors ...

Shane Bryzak Shane_Bryzak at symantec.com
Fri Jan 12 08:25:49 EST 2007 

  User: sbryzak2
  Date: 07/01/12 08:25:49

  Modified:    src/main/org/jboss/seam/interceptors 
                        SecurityInterceptor.java
  Log:
  added default permission check for empty @Restrict annotations
  
  Revision  Changes    Path
  1.19      +24 -1     jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: SecurityInterceptor.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -b -r1.18 -r1.19
  --- SecurityInterceptor.java	12 Jan 2007 05:35:11 -0000	1.18
  +++ SecurityInterceptor.java	12 Jan 2007 13:25:49 -0000	1.19
  @@ -2,6 +2,7 @@
   
   import java.lang.reflect.Method;
   
  +import org.jboss.seam.Seam;
   import org.jboss.seam.annotations.AroundInvoke;
   import org.jboss.seam.annotations.Interceptor;
   import org.jboss.seam.annotations.security.Restrict;
  @@ -39,11 +40,33 @@
            if (!Identity.instance().isLoggedIn())
               throw new NotLoggedInException();
            
  -         if (!SeamSecurityManager.instance().evaluateExpression(r.value()))
  +         String expr = r.value() != null && !"".equals(r.value()) ? r.value() : 
  +            createDefaultExpr(method);
  +                  
  +         if (!SeamSecurityManager.instance().evaluateExpression(expr))
               throw new AuthorizationException(String.format(
                     "Authorization check failed for expression [%s]", r.value()));
         }
   
         return invocation.proceed();
      }
  +   
  +   /**
  +    * Creates a default security expression for a specified method.  The method must
  +    * be a method of a Seam component.
  +    * 
  +    * @param method The method for which to create a default permission expression 
  +    * @return The generated security expression.
  +    */
  +   private String createDefaultExpr(Method method)
  +   {
  +      String name = Seam.getComponentName(method.getDeclaringClass());
  +      if (name == null)
  +      {
  +         throw new IllegalArgumentException(String.format(
  +                  "Method %s is not a component method", method));
  +      }
  +      
  +      return String.format("#{s:hasPermission('%s','%s')}", name, method.getName());
  +   }
   }

More information about the jboss-cvs-commits mailing list