[jboss-cvs] jboss-seam/src/main/org/jboss/seam/interceptors ...
Shane Bryzak
Shane_Bryzak at symantec.com
Fri Jan 12 08:25:49 EST 2007
User: sbryzak2
Date: 07/01/12 08:25:49
Modified: src/main/org/jboss/seam/interceptors
SecurityInterceptor.java
Log:
added default permission check for empty @Restrict annotations
Revision Changes Path
1.19 +24 -1 jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SecurityInterceptor.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -b -r1.18 -r1.19
--- SecurityInterceptor.java 12 Jan 2007 05:35:11 -0000 1.18
+++ SecurityInterceptor.java 12 Jan 2007 13:25:49 -0000 1.19
@@ -2,6 +2,7 @@
import java.lang.reflect.Method;
+import org.jboss.seam.Seam;
import org.jboss.seam.annotations.AroundInvoke;
import org.jboss.seam.annotations.Interceptor;
import org.jboss.seam.annotations.security.Restrict;
@@ -39,11 +40,33 @@
if (!Identity.instance().isLoggedIn())
throw new NotLoggedInException();
- if (!SeamSecurityManager.instance().evaluateExpression(r.value()))
+ String expr = r.value() != null && !"".equals(r.value()) ? r.value() :
+ createDefaultExpr(method);
+
+ if (!SeamSecurityManager.instance().evaluateExpression(expr))
throw new AuthorizationException(String.format(
"Authorization check failed for expression [%s]", r.value()));
}
return invocation.proceed();
}
+
+ /**
+ * Creates a default security expression for a specified method. The method must
+ * be a method of a Seam component.
+ *
+ * @param method The method for which to create a default permission expression
+ * @return The generated security expression.
+ */
+ private String createDefaultExpr(Method method)
+ {
+ String name = Seam.getComponentName(method.getDeclaringClass());
+ if (name == null)
+ {
+ throw new IllegalArgumentException(String.format(
+ "Method %s is not a component method", method));
+ }
+
+ return String.format("#{s:hasPermission('%s','%s')}", name, method.getName());
+ }
}
More information about the jboss-cvs-commits
mailing list