[seam-commits] Seam SVN: r7881 - in trunk/src/main/org/jboss/seam/security/permission: acl and 1 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Tue Apr 8 21:59:10 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-04-08 21:59:09 -0400 (Tue, 08 Apr 2008)
New Revision: 7881
Added:
trunk/src/main/org/jboss/seam/security/permission/acl/
trunk/src/main/org/jboss/seam/security/permission/acl/AclPermission.java
trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/acl/JpaAclPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/dynamic/
trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermission.java
trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaAccountPermissionStore.java
Removed:
trunk/src/main/org/jboss/seam/security/permission/AccountPermission.java
trunk/src/main/org/jboss/seam/security/permission/AccountPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/AclPermission.java
trunk/src/main/org/jboss/seam/security/permission/AclPermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/AclPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/DynamicPermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/JpaAccountPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/JpaAclPermissionStore.java
Modified:
trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/ResolverChain.java
trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
Log:
refactored
Deleted: trunk/src/main/org/jboss/seam/security/permission/AccountPermission.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/AccountPermission.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/AccountPermission.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -1,22 +0,0 @@
-package org.jboss.seam.security.permission;
-
-/**
- * Abstract base class for persistence of user/role permissions. This class should be extended
- * to create a concrete JPA/Hibernate implementation.
- *
- * @author Shane Bryzak
- */
-public abstract class AccountPermission
-{
- public abstract String getTarget();
- public abstract void setTarget(String target);
-
- public abstract String getAction();
- public abstract void setAction(String action);
-
- public abstract String getAccount();
- public abstract void setAccount(String account);
-
- public abstract AccountType getAccountType();
- public abstract void setAccountType(AccountType accountType);
-}
Deleted: trunk/src/main/org/jboss/seam/security/permission/AccountPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/AccountPermissionStore.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/AccountPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -1,17 +0,0 @@
-package org.jboss.seam.security.permission;
-
-import java.util.List;
-
-/**
- * Persistent store for account-based (user/role) permissions
- *
- * @author Shane Bryzak
- */
-public interface AccountPermissionStore
-{
- List<AccountPermission> listPermissions(String target, String action);
- List<AccountPermission> listPermissions(String target);
-
- boolean grantPermission(String target, String action, String account, AccountType accountType);
- boolean revokePermission(String target, String action, String account, AccountType accountType);
-}
Deleted: trunk/src/main/org/jboss/seam/security/permission/AclPermission.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/AclPermission.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/AclPermission.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -1,19 +0,0 @@
-package org.jboss.seam.security.permission;
-
-public abstract class AclPermission
-{
- public abstract String getObjectId();
- public abstract void setObjectId(String objectId);
-
- public abstract String getIdentifier();
- public abstract void setIdentifier(String identifier);
-
- public abstract String getAccount();
- public abstract void setAccount(String account);
-
- public abstract AccountType getAccountType();
- public abstract void setAccountType(AccountType accountType);
-
- public abstract long getPermissions();
- public abstract void setPermissions(long permissions);
-}
Deleted: trunk/src/main/org/jboss/seam/security/permission/AclPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/AclPermissionResolver.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/AclPermissionResolver.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -1,87 +0,0 @@
-package org.jboss.seam.security.permission;
-
-import static org.jboss.seam.ScopeType.APPLICATION;
-import static org.jboss.seam.annotations.Install.FRAMEWORK;
-
-import java.io.Serializable;
-import java.util.List;
-
-import org.jboss.seam.Component;
-import org.jboss.seam.annotations.Create;
-import org.jboss.seam.annotations.Install;
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.Startup;
-import org.jboss.seam.annotations.intercept.BypassInterceptors;
-import org.jboss.seam.log.LogProvider;
-import org.jboss.seam.log.Logging;
-import org.jboss.seam.security.Identity;
-
- at Name("org.jboss.seam.security.aclPermissionResolver")
- at Scope(APPLICATION)
- at BypassInterceptors
- at Install(precedence=FRAMEWORK)
- at Startup
-public class AclPermissionResolver implements PermissionResolver, Serializable
-{
- private static final String DEFAULT_PERMISSION_STORE_NAME = "aclPermissionStore";
-
- private AclPermissionStore permissionStore;
-
- private static final LogProvider log = Logging.getLogProvider(AclPermissionResolver.class);
-
- @Create
- public void create()
- {
- initPermissionStore();
- }
-
- protected void initPermissionStore()
- {
- if (permissionStore == null)
- {
- permissionStore = (AclPermissionStore) Component.getInstance(DEFAULT_PERMISSION_STORE_NAME, true);
- }
-
- if (permissionStore == null)
- {
- log.warn("no permission store available - please install a PermissionStore with the name '" +
- DEFAULT_PERMISSION_STORE_NAME + "' if acl-based permissions are required.");
- }
- }
-
- public boolean hasPermission(Object target, String action)
- {
- if (permissionStore == null) return false;
-
- List<AclPermission> permissions = permissionStore.listPermissions(target);
-
- Identity identity = Identity.instance();
-
- if (!identity.isLoggedIn()) return false;
-
- String username = identity.getPrincipal().getName();
-
- for (AclPermission permission : permissions)
- {
- if ((username.equals(permission.getAccount()) && permission.getAccountType().equals(AccountType.user)) ||
- (permission.getAccountType().equals(AccountType.role) && identity.hasRole(permission.getAccount())))
- {
- if (hasPermissionFlag(target, action, permission.getPermissions()))
- {
- return true;
- }
- }
- }
-
- return false;
- }
-
- protected boolean hasPermissionFlag(Object target, String action, long permissions)
- {
- // TODO
-
- return false;
- }
-
-}
Deleted: trunk/src/main/org/jboss/seam/security/permission/AclPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/AclPermissionStore.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/AclPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -1,15 +0,0 @@
-package org.jboss.seam.security.permission;
-
-import java.util.List;
-
-/**
- * Persistent storage for ACL (instance-based) permissions
- *
- * @author Shane Bryzak
- */
-public interface AclPermissionStore
-{
- List<AclPermission> listPermissions(Object target);
- boolean grantPermission(Object target, String action, String account, AccountType accountType);
- boolean revokePermission(Object target, String action, String account, AccountType accountType);
-}
Deleted: trunk/src/main/org/jboss/seam/security/permission/DynamicPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/DynamicPermissionResolver.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/DynamicPermissionResolver.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -1,103 +0,0 @@
-package org.jboss.seam.security.permission;
-
-import static org.jboss.seam.ScopeType.APPLICATION;
-import static org.jboss.seam.annotations.Install.FRAMEWORK;
-
-import java.io.Serializable;
-import java.util.List;
-
-import org.jboss.seam.Component;
-import org.jboss.seam.Seam;
-import org.jboss.seam.annotations.Create;
-import org.jboss.seam.annotations.Install;
-import org.jboss.seam.annotations.Name;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.Startup;
-import org.jboss.seam.annotations.intercept.BypassInterceptors;
-import org.jboss.seam.log.LogProvider;
-import org.jboss.seam.log.Logging;
-import org.jboss.seam.security.Identity;
-
-/**
- * Resolves dynamically-assigned permissions kept in a persistent store, such as a
- * database.
- *
- * @author Shane Bryzak
- */
- at Name("org.jboss.seam.security.dynamicPermissionResolver")
- at Scope(APPLICATION)
- at BypassInterceptors
- at Install(precedence=FRAMEWORK)
- at Startup
-public class DynamicPermissionResolver implements PermissionResolver, Serializable
-{
- private static final String DEFAULT_PERMISSION_STORE_NAME = "accountPermissionStore";
-
- private AccountPermissionStore permissionStore;
-
- private static final LogProvider log = Logging.getLogProvider(DynamicPermissionResolver.class);
-
- @Create
- public void create()
- {
- initPermissionStore();
- }
-
- protected void initPermissionStore()
- {
- if (permissionStore == null)
- {
- permissionStore = (AccountPermissionStore) Component.getInstance(DEFAULT_PERMISSION_STORE_NAME, true);
- }
-
- if (permissionStore == null)
- {
- log.warn("no permission store available - please install a PermissionStore with the name '" +
- DEFAULT_PERMISSION_STORE_NAME + "' if dynamic permissions are required.");
- }
- }
-
- public AccountPermissionStore getPermissionStore()
- {
- return permissionStore;
- }
-
- public void setPermissionStore(AccountPermissionStore permissionStore)
- {
- this.permissionStore = permissionStore;
- }
-
- public boolean hasPermission(Object target, String action)
- {
- if (permissionStore == null) return false;
-
- Identity identity = Identity.instance();
-
- if (!identity.isLoggedIn()) return false;
-
- String targetName = Seam.getComponentName(target.getClass());
- if (targetName == null)
- {
- targetName = target.getClass().getName();
- }
-
- List<AccountPermission> permissions = permissionStore.listPermissions(targetName, action);
-
- String username = identity.getPrincipal().getName();
-
- for (AccountPermission permission : permissions)
- {
- if (username.equals(permission.getAccount()) && permission.getAccountType().equals(AccountType.user))
- {
- return true;
- }
-
- if (permission.getAccountType().equals(AccountType.role) && identity.hasRole(permission.getAccount()))
- {
- return true;
- }
- }
-
- return false;
- }
-}
Deleted: trunk/src/main/org/jboss/seam/security/permission/JpaAccountPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/JpaAccountPermissionStore.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/JpaAccountPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -1,122 +0,0 @@
-package org.jboss.seam.security.permission;
-
-import static org.jboss.seam.ScopeType.APPLICATION;
-
-import java.io.Serializable;
-import java.util.List;
-
-import javax.persistence.EntityManager;
-import javax.persistence.NoResultException;
-
-import org.jboss.seam.Component;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.intercept.BypassInterceptors;
-
-/**
- * A permission store implementation that uses JPA as its persistence mechanism.
- *
- * @author Shane Bryzak
- */
- at Scope(APPLICATION)
- at BypassInterceptors
-public class JpaAccountPermissionStore implements AccountPermissionStore, Serializable
-{
- private String entityManagerName = "entityManager";
-
- private Class<? extends AccountPermission> permissionClass;
-
- public boolean grantPermission(String target, String action, String account,
- AccountType accountType)
- {
- try
- {
- if (permissionClass == null)
- {
- throw new RuntimeException("Could not grant permission, permissionClass not set");
- }
-
- AccountPermission permission = permissionClass.newInstance();
- permission.setTarget(target);
- permission.setAction(action);
- permission.setAccount(account);
- permission.setAccountType(accountType);
-
- getEntityManager().persist(permission);
-
- return true;
- }
- catch (Exception ex)
- {
- throw new RuntimeException("Could not grant permission", ex);
- }
- }
-
- public boolean revokePermission(String target, String action,
- String account, AccountType accountType)
- {
- try
- {
- EntityManager em = getEntityManager();
-
- AccountPermission permission = (AccountPermission) em.createQuery(
- "from " + permissionClass.getName() +
- " where target = :target and action = :action and account = :account " +
- " and accountType = :accountType")
- .setParameter("target", target)
- .setParameter("action", "action")
- .setParameter("account", account)
- .setParameter("accountType", accountType)
- .getSingleResult();
-
- em.remove(permission);
- return true;
- }
- catch (NoResultException ex)
- {
- return false;
- }
- }
-
- public List<AccountPermission> listPermissions(String target, String action)
- {
- return getEntityManager().createQuery(
- "from " + permissionClass.getName() +
- " where target = :target and action = :action")
- .setParameter("target", target)
- .setParameter("action", action)
- .getResultList();
- }
-
- public List<AccountPermission> listPermissions(String target)
- {
- return getEntityManager().createQuery(
- "from " + permissionClass.getName() + " where target = :target")
- .setParameter("target", target)
- .getResultList();
- }
-
- private EntityManager getEntityManager()
- {
- return (EntityManager) Component.getInstance(entityManagerName);
- }
-
- public String getEntityManagerName()
- {
- return entityManagerName;
- }
-
- public void setEntityManagerName(String name)
- {
- this.entityManagerName = name;
- }
-
- public Class getPermissionClass()
- {
- return permissionClass;
- }
-
- public void setPermissionClass(Class permissionClass)
- {
- this.permissionClass = permissionClass;
- }
-}
Deleted: trunk/src/main/org/jboss/seam/security/permission/JpaAclPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/JpaAclPermissionStore.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/JpaAclPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -1,54 +0,0 @@
-package org.jboss.seam.security.permission;
-
-import java.io.Serializable;
-import java.util.List;
-
-public class JpaAclPermissionStore implements AclPermissionStore, Serializable
-{
- private String entityManagerName = "entityManager";
-
- private Class<? extends AclPermission> permissionClass;
-
- protected String getIdentifier(Object target)
- {
- return null;
- }
-
- public boolean grantPermission(Object target, String action, String account, AccountType accountType)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public List<AclPermission> listPermissions(Object target)
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public boolean revokePermission(Object target, String action, String account, AccountType accountType)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public String getEntityManagerName()
- {
- return entityManagerName;
- }
-
- public void setEntityManagerName(String entityManagerName)
- {
- this.entityManagerName = entityManagerName;
- }
-
- public Class getPermissionClass()
- {
- return permissionClass;
- }
-
- public void setPermissionClass(Class permissionClass)
- {
- this.permissionClass = permissionClass;
- }
-}
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -16,7 +16,17 @@
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.permission.acl.AclPermission;
+import org.jboss.seam.security.permission.acl.AclPermissionStore;
+import org.jboss.seam.security.permission.dynamic.AccountPermission;
+import org.jboss.seam.security.permission.dynamic.AccountPermissionStore;
+/**
+ * Permission management component, used to grant or revoke permissions on specific objects or of
+ * specific permission types to particular users or roles.
+ *
+ * @author Shane Bryzak
+ */
@Scope(APPLICATION)
@Name("org.jboss.seam.security.permissionManager")
@Install(precedence = BUILT_IN)
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -1,5 +1,10 @@
package org.jboss.seam.security.permission;
+/**
+ * Implementations of this interface perform permission checks using a variety of methods.
+ *
+ * @author Shane Bryzak
+ */
public interface PermissionResolver
{
boolean hasPermission(Object target, String action);
Modified: trunk/src/main/org/jboss/seam/security/permission/ResolverChain.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/ResolverChain.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/ResolverChain.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -9,6 +9,12 @@
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
+/**
+ * A chain of permission resolvers. Specific permission checks are generally mapped to a
+ * particular ResolverChain for resolution.
+ *
+ * @author Shane Bryzak
+ */
@Scope(SESSION)
@BypassInterceptors
public class ResolverChain implements Serializable
Modified: trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2008-04-08 18:45:20 UTC (rev 7880)
+++ trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -32,6 +32,11 @@
import org.jboss.seam.security.Role;
import org.jboss.seam.security.management.JpaIdentityStore;
+/**
+ * A permission resolver that uses a Drools rule base to perform permission checks
+ *
+ * @author Shane Bryzak
+ */
@Name("org.jboss.seam.security.ruleBasedPermissionResolver")
@Scope(SESSION)
@BypassInterceptors
Added: trunk/src/main/org/jboss/seam/security/permission/acl/AclPermission.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/acl/AclPermission.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/acl/AclPermission.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -0,0 +1,21 @@
+package org.jboss.seam.security.permission.acl;
+
+import org.jboss.seam.security.permission.AccountType;
+
+public abstract class AclPermission
+{
+ public abstract String getObjectId();
+ public abstract void setObjectId(String objectId);
+
+ public abstract String getIdentifier();
+ public abstract void setIdentifier(String identifier);
+
+ public abstract String getAccount();
+ public abstract void setAccount(String account);
+
+ public abstract AccountType getAccountType();
+ public abstract void setAccountType(AccountType accountType);
+
+ public abstract long getPermissions();
+ public abstract void setPermissions(long permissions);
+}
Added: trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionResolver.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionResolver.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -0,0 +1,89 @@
+package org.jboss.seam.security.permission.acl;
+
+import static org.jboss.seam.ScopeType.APPLICATION;
+import static org.jboss.seam.annotations.Install.FRAMEWORK;
+
+import java.io.Serializable;
+import java.util.List;
+
+import org.jboss.seam.Component;
+import org.jboss.seam.annotations.Create;
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Startup;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.log.LogProvider;
+import org.jboss.seam.log.Logging;
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.permission.AccountType;
+import org.jboss.seam.security.permission.PermissionResolver;
+
+ at Name("org.jboss.seam.security.aclPermissionResolver")
+ at Scope(APPLICATION)
+ at BypassInterceptors
+ at Install(precedence=FRAMEWORK)
+ at Startup
+public class AclPermissionResolver implements PermissionResolver, Serializable
+{
+ private static final String DEFAULT_PERMISSION_STORE_NAME = "aclPermissionStore";
+
+ private AclPermissionStore permissionStore;
+
+ private static final LogProvider log = Logging.getLogProvider(AclPermissionResolver.class);
+
+ @Create
+ public void create()
+ {
+ initPermissionStore();
+ }
+
+ protected void initPermissionStore()
+ {
+ if (permissionStore == null)
+ {
+ permissionStore = (AclPermissionStore) Component.getInstance(DEFAULT_PERMISSION_STORE_NAME, true);
+ }
+
+ if (permissionStore == null)
+ {
+ log.warn("no permission store available - please install a PermissionStore with the name '" +
+ DEFAULT_PERMISSION_STORE_NAME + "' if acl-based permissions are required.");
+ }
+ }
+
+ public boolean hasPermission(Object target, String action)
+ {
+ if (permissionStore == null) return false;
+
+ List<AclPermission> permissions = permissionStore.listPermissions(target);
+
+ Identity identity = Identity.instance();
+
+ if (!identity.isLoggedIn()) return false;
+
+ String username = identity.getPrincipal().getName();
+
+ for (AclPermission permission : permissions)
+ {
+ if ((username.equals(permission.getAccount()) && permission.getAccountType().equals(AccountType.user)) ||
+ (permission.getAccountType().equals(AccountType.role) && identity.hasRole(permission.getAccount())))
+ {
+ if (hasPermissionFlag(target, action, permission.getPermissions()))
+ {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
+ protected boolean hasPermissionFlag(Object target, String action, long permissions)
+ {
+ // TODO
+
+ return false;
+ }
+
+}
Added: trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionStore.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -0,0 +1,17 @@
+package org.jboss.seam.security.permission.acl;
+
+import java.util.List;
+
+import org.jboss.seam.security.permission.AccountType;
+
+/**
+ * Persistent storage for ACL (instance-based) permissions
+ *
+ * @author Shane Bryzak
+ */
+public interface AclPermissionStore
+{
+ List<AclPermission> listPermissions(Object target);
+ boolean grantPermission(Object target, String action, String account, AccountType accountType);
+ boolean revokePermission(Object target, String action, String account, AccountType accountType);
+}
Added: trunk/src/main/org/jboss/seam/security/permission/acl/JpaAclPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/acl/JpaAclPermissionStore.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/acl/JpaAclPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -0,0 +1,56 @@
+package org.jboss.seam.security.permission.acl;
+
+import java.io.Serializable;
+import java.util.List;
+
+import org.jboss.seam.security.permission.AccountType;
+
+public class JpaAclPermissionStore implements AclPermissionStore, Serializable
+{
+ private String entityManagerName = "entityManager";
+
+ private Class<? extends AclPermission> permissionClass;
+
+ protected String getIdentifier(Object target)
+ {
+ return null;
+ }
+
+ public boolean grantPermission(Object target, String action, String account, AccountType accountType)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ public List<AclPermission> listPermissions(Object target)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public boolean revokePermission(Object target, String action, String account, AccountType accountType)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ public String getEntityManagerName()
+ {
+ return entityManagerName;
+ }
+
+ public void setEntityManagerName(String entityManagerName)
+ {
+ this.entityManagerName = entityManagerName;
+ }
+
+ public Class getPermissionClass()
+ {
+ return permissionClass;
+ }
+
+ public void setPermissionClass(Class permissionClass)
+ {
+ this.permissionClass = permissionClass;
+ }
+}
Added: trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermission.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermission.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermission.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -0,0 +1,24 @@
+package org.jboss.seam.security.permission.dynamic;
+
+import org.jboss.seam.security.permission.AccountType;
+
+/**
+ * Abstract base class for persistence of user/role permissions. This class should be extended
+ * to create a concrete JPA/Hibernate implementation.
+ *
+ * @author Shane Bryzak
+ */
+public abstract class AccountPermission
+{
+ public abstract String getTarget();
+ public abstract void setTarget(String target);
+
+ public abstract String getAction();
+ public abstract void setAction(String action);
+
+ public abstract String getAccount();
+ public abstract void setAccount(String account);
+
+ public abstract AccountType getAccountType();
+ public abstract void setAccountType(AccountType accountType);
+}
Added: trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermissionStore.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -0,0 +1,19 @@
+package org.jboss.seam.security.permission.dynamic;
+
+import java.util.List;
+
+import org.jboss.seam.security.permission.AccountType;
+
+/**
+ * Persistent store for account-based (user/role) permissions
+ *
+ * @author Shane Bryzak
+ */
+public interface AccountPermissionStore
+{
+ List<AccountPermission> listPermissions(String target, String action);
+ List<AccountPermission> listPermissions(String target);
+
+ boolean grantPermission(String target, String action, String account, AccountType accountType);
+ boolean revokePermission(String target, String action, String account, AccountType accountType);
+}
Added: trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -0,0 +1,105 @@
+package org.jboss.seam.security.permission.dynamic;
+
+import static org.jboss.seam.ScopeType.APPLICATION;
+import static org.jboss.seam.annotations.Install.FRAMEWORK;
+
+import java.io.Serializable;
+import java.util.List;
+
+import org.jboss.seam.Component;
+import org.jboss.seam.Seam;
+import org.jboss.seam.annotations.Create;
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Startup;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.log.LogProvider;
+import org.jboss.seam.log.Logging;
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.permission.AccountType;
+import org.jboss.seam.security.permission.PermissionResolver;
+
+/**
+ * Resolves dynamically-assigned permissions kept in a persistent store, such as a
+ * database.
+ *
+ * @author Shane Bryzak
+ */
+ at Name("org.jboss.seam.security.dynamicPermissionResolver")
+ at Scope(APPLICATION)
+ at BypassInterceptors
+ at Install(precedence=FRAMEWORK)
+ at Startup
+public class DynamicPermissionResolver implements PermissionResolver, Serializable
+{
+ private static final String DEFAULT_PERMISSION_STORE_NAME = "accountPermissionStore";
+
+ private AccountPermissionStore permissionStore;
+
+ private static final LogProvider log = Logging.getLogProvider(DynamicPermissionResolver.class);
+
+ @Create
+ public void create()
+ {
+ initPermissionStore();
+ }
+
+ protected void initPermissionStore()
+ {
+ if (permissionStore == null)
+ {
+ permissionStore = (AccountPermissionStore) Component.getInstance(DEFAULT_PERMISSION_STORE_NAME, true);
+ }
+
+ if (permissionStore == null)
+ {
+ log.warn("no permission store available - please install a PermissionStore with the name '" +
+ DEFAULT_PERMISSION_STORE_NAME + "' if dynamic permissions are required.");
+ }
+ }
+
+ public AccountPermissionStore getPermissionStore()
+ {
+ return permissionStore;
+ }
+
+ public void setPermissionStore(AccountPermissionStore permissionStore)
+ {
+ this.permissionStore = permissionStore;
+ }
+
+ public boolean hasPermission(Object target, String action)
+ {
+ if (permissionStore == null) return false;
+
+ Identity identity = Identity.instance();
+
+ if (!identity.isLoggedIn()) return false;
+
+ String targetName = Seam.getComponentName(target.getClass());
+ if (targetName == null)
+ {
+ targetName = target.getClass().getName();
+ }
+
+ List<AccountPermission> permissions = permissionStore.listPermissions(targetName, action);
+
+ String username = identity.getPrincipal().getName();
+
+ for (AccountPermission permission : permissions)
+ {
+ if (username.equals(permission.getAccount()) && permission.getAccountType().equals(AccountType.user))
+ {
+ return true;
+ }
+
+ if (permission.getAccountType().equals(AccountType.role) && identity.hasRole(permission.getAccount()))
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+}
Added: trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaAccountPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaAccountPermissionStore.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaAccountPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
@@ -0,0 +1,123 @@
+package org.jboss.seam.security.permission.dynamic;
+
+import static org.jboss.seam.ScopeType.APPLICATION;
+
+import java.io.Serializable;
+import java.util.List;
+
+import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+
+import org.jboss.seam.Component;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.security.permission.AccountType;
+
+/**
+ * A permission store implementation that uses JPA as its persistence mechanism.
+ *
+ * @author Shane Bryzak
+ */
+ at Scope(APPLICATION)
+ at BypassInterceptors
+public class JpaAccountPermissionStore implements AccountPermissionStore, Serializable
+{
+ private String entityManagerName = "entityManager";
+
+ private Class<? extends AccountPermission> permissionClass;
+
+ public boolean grantPermission(String target, String action, String account,
+ AccountType accountType)
+ {
+ try
+ {
+ if (permissionClass == null)
+ {
+ throw new RuntimeException("Could not grant permission, permissionClass not set");
+ }
+
+ AccountPermission permission = permissionClass.newInstance();
+ permission.setTarget(target);
+ permission.setAction(action);
+ permission.setAccount(account);
+ permission.setAccountType(accountType);
+
+ getEntityManager().persist(permission);
+
+ return true;
+ }
+ catch (Exception ex)
+ {
+ throw new RuntimeException("Could not grant permission", ex);
+ }
+ }
+
+ public boolean revokePermission(String target, String action,
+ String account, AccountType accountType)
+ {
+ try
+ {
+ EntityManager em = getEntityManager();
+
+ AccountPermission permission = (AccountPermission) em.createQuery(
+ "from " + permissionClass.getName() +
+ " where target = :target and action = :action and account = :account " +
+ " and accountType = :accountType")
+ .setParameter("target", target)
+ .setParameter("action", "action")
+ .setParameter("account", account)
+ .setParameter("accountType", accountType)
+ .getSingleResult();
+
+ em.remove(permission);
+ return true;
+ }
+ catch (NoResultException ex)
+ {
+ return false;
+ }
+ }
+
+ public List<AccountPermission> listPermissions(String target, String action)
+ {
+ return getEntityManager().createQuery(
+ "from " + permissionClass.getName() +
+ " where target = :target and action = :action")
+ .setParameter("target", target)
+ .setParameter("action", action)
+ .getResultList();
+ }
+
+ public List<AccountPermission> listPermissions(String target)
+ {
+ return getEntityManager().createQuery(
+ "from " + permissionClass.getName() + " where target = :target")
+ .setParameter("target", target)
+ .getResultList();
+ }
+
+ private EntityManager getEntityManager()
+ {
+ return (EntityManager) Component.getInstance(entityManagerName);
+ }
+
+ public String getEntityManagerName()
+ {
+ return entityManagerName;
+ }
+
+ public void setEntityManagerName(String name)
+ {
+ this.entityManagerName = name;
+ }
+
+ public Class getPermissionClass()
+ {
+ return permissionClass;
+ }
+
+ public void setPermissionClass(Class permissionClass)
+ {
+ this.permissionClass = permissionClass;
+ }
+}
More information about the seam-commits
mailing list