[seam-commits] Seam SVN: r7882 - in trunk/src/main/org/jboss/seam/security: permission and 2 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Wed Apr 9 00:53:19 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-04-09 00:53:19 -0400 (Wed, 09 Apr 2008)
New Revision: 7882
Added:
trunk/src/main/org/jboss/seam/security/permission/Permission.java
trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaDynamicPermissionStore.java
Removed:
trunk/src/main/org/jboss/seam/security/permission/AccountType.java
trunk/src/main/org/jboss/seam/security/permission/acl/AclPermission.java
trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermission.java
trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaAccountPermissionStore.java
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
trunk/src/main/org/jboss/seam/security/Role.java
trunk/src/main/org/jboss/seam/security/SimplePrincipal.java
trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/acl/JpaAclPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java
Log:
more refactoring
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -395,7 +395,7 @@
{
if ( ROLES_GROUP.equals( sg.getName() ) )
{
- return sg.isMember( new SimplePrincipal(role) );
+ return sg.isMember( new Role(role) );
}
}
return false;
@@ -424,12 +424,12 @@
{
if ( ROLES_GROUP.equals( sg.getName() ) )
{
- return sg.addMember(new SimplePrincipal(role));
+ return sg.addMember(new Role(role));
}
}
SimpleGroup roleGroup = new SimpleGroup(ROLES_GROUP);
- roleGroup.addMember(new SimplePrincipal(role));
+ roleGroup.addMember(new Role(role));
getSubject().getPrincipals().add(roleGroup);
return true;
}
Modified: trunk/src/main/org/jboss/seam/security/Role.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Role.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/Role.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -1,23 +1,14 @@
package org.jboss.seam.security;
-import java.io.Serializable;
-
/**
- * Represents a user role exclusively within the scope of security rules.
+ * Represents a user role
*
* @author Shane Bryzak
*/
-public class Role implements Serializable
-{
- private String name;
-
+public class Role extends SimplePrincipal
+{
public Role(String name)
{
- this.name = name;
- }
-
- public String getName()
- {
- return name;
- }
+ super(name);
+ }
}
Modified: trunk/src/main/org/jboss/seam/security/SimplePrincipal.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/SimplePrincipal.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/SimplePrincipal.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -43,7 +43,7 @@
@Override
public int hashCode()
{
- return name==null ? 0 : name.hashCode();
+ return name != null ? name.hashCode() : super.hashCode();
}
@Override
Deleted: trunk/src/main/org/jboss/seam/security/permission/AccountType.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/AccountType.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/AccountType.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -1,7 +0,0 @@
-package org.jboss.seam.security.permission;
-
-public enum AccountType
-{
- user,
- role
-}
Added: trunk/src/main/org/jboss/seam/security/permission/Permission.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/Permission.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/Permission.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -0,0 +1,46 @@
+package org.jboss.seam.security.permission;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * Base class for permissions
+ *
+ * @author Shane Bryzak
+ */
+public class Permission implements Serializable
+{
+ private Object target;
+ private String action;
+ private Principal recipient;
+
+ public Object getTarget()
+ {
+ return target;
+ }
+
+ public void setTarget(Object target)
+ {
+ this.target = target;
+ }
+
+ public String getAction()
+ {
+ return action;
+ }
+
+ public void setAction(String action)
+ {
+ this.action = action;
+ }
+
+ public Principal getRecipient()
+ {
+ return recipient;
+ }
+
+ public void setRecipient(Principal recipient)
+ {
+ this.recipient = recipient;
+ }
+}
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -16,10 +16,7 @@
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.permission.acl.AclPermission;
-import org.jboss.seam.security.permission.acl.AclPermissionStore;
-import org.jboss.seam.security.permission.dynamic.AccountPermission;
-import org.jboss.seam.security.permission.dynamic.AccountPermissionStore;
+import org.jboss.seam.security.permission.PermissionStore;
/**
* Permission management component, used to grant or revoke permissions on specific objects or of
@@ -43,19 +40,19 @@
private static final LogProvider log = Logging.getLogProvider(PermissionManager.class);
- private AccountPermissionStore accountPermissionStore;
+ private PermissionStore dynamicPermissionStore;
- private AclPermissionStore aclPermissionStore;
+ private PermissionStore aclPermissionStore;
@Create
public void create()
{
- if (accountPermissionStore == null)
+ if (dynamicPermissionStore == null)
{
- accountPermissionStore = (AccountPermissionStore) Component.getInstance(ACCOUNT_PERMISSION_STORE_COMPONENT_NAME, true);
+ dynamicPermissionStore = (PermissionStore) Component.getInstance(ACCOUNT_PERMISSION_STORE_COMPONENT_NAME, true);
}
- if (accountPermissionStore == null)
+ if (dynamicPermissionStore == null)
{
log.warn("no account permission store available - please install an AccountPermissionStore with the name '" +
ACCOUNT_PERMISSION_STORE_COMPONENT_NAME + "' if account-based permission management is required.");
@@ -63,7 +60,7 @@
if (aclPermissionStore == null)
{
- aclPermissionStore = (AclPermissionStore) Component.getInstance(ACL_PERMISSION_STORE_COMPONENT_NAME);
+ aclPermissionStore = (PermissionStore) Component.getInstance(ACL_PERMISSION_STORE_COMPONENT_NAME);
}
if (aclPermissionStore == null)
@@ -91,55 +88,59 @@
return instance;
}
- public AccountPermissionStore getAccountPermissionStore()
+ public PermissionStore getDynamicPermissionStore()
{
- return accountPermissionStore;
+ return dynamicPermissionStore;
}
- public void setAccountPermissionStore(AccountPermissionStore accountPermissionStore)
+ public void setDynamicPermissionStore(PermissionStore dynamicPermissionStore)
{
- this.accountPermissionStore = accountPermissionStore;
+ this.dynamicPermissionStore = dynamicPermissionStore;
}
- public List<AccountPermission> listPermissions(String target, String action)
+ public List<Permission> listPermissions(String target, String action)
{
Identity.instance().checkPermission(PERMISSION_PERMISSION_NAME, PERMISSION_READ);
- return accountPermissionStore.listPermissions(target, action);
+ return dynamicPermissionStore.listPermissions(target, action);
}
- public List<AccountPermission> listPermissions(String target)
+ public List<Permission> listPermissions(String target)
{
Identity.instance().checkPermission(PERMISSION_PERMISSION_NAME, PERMISSION_READ);
- return accountPermissionStore.listPermissions(target);
+ return dynamicPermissionStore.listPermissions(target);
}
- public List<AclPermission> listPermissions(Object target)
+ public List<Permission> listPermissions(Object target)
{
Identity.instance().checkPermission(PERMISSION_PERMISSION_NAME, PERMISSION_READ);
return aclPermissionStore.listPermissions(target);
}
- public boolean grantPermission(String target, String action, String account, AccountType accountType)
+ public boolean grantPermission(Permission permission)
{
Identity.instance().checkPermission(PERMISSION_PERMISSION_NAME, PERMISSION_GRANT);
- return accountPermissionStore.grantPermission(target, action, account, accountType);
+
+ if (permission.getTarget() instanceof String)
+ {
+ return dynamicPermissionStore.grantPermission(permission);
+ }
+ else
+ {
+ return aclPermissionStore.grantPermission(permission);
+ }
}
- public boolean grantPermission(Object target, String action, String account, AccountType accountType)
+ public boolean revokePermission(Permission permission)
{
- Identity.instance().checkPermission(PERMISSION_PERMISSION_NAME, PERMISSION_GRANT);
- return aclPermissionStore.grantPermission(target, action, account, accountType);
- }
-
- public boolean revokePermission(String target, String action, String account, AccountType accountType)
- {
Identity.instance().checkPermission(PERMISSION_PERMISSION_NAME, PERMISSION_REVOKE);
- return accountPermissionStore.revokePermission(target, action, account, accountType);
+
+ if (permission.getTarget() instanceof String)
+ {
+ return dynamicPermissionStore.revokePermission(permission);
+ }
+ else
+ {
+ return aclPermissionStore.revokePermission(permission);
+ }
}
-
- public boolean revokePermission(Object target, String action, String account, AccountType accountType)
- {
- Identity.instance().checkPermission(PERMISSION_PERMISSION_NAME, PERMISSION_REVOKE);
- return aclPermissionStore.revokePermission(target, action, account, accountType);
- }
}
Added: trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -0,0 +1,16 @@
+package org.jboss.seam.security.permission;
+
+import java.util.List;
+
+/**
+ * Permission store interface.
+ *
+ * @author Shane Bryzak
+ */
+public interface PermissionStore
+{
+ List<Permission> listPermissions(Object target);
+ List<Permission> listPermissions(Object target, String action);
+ boolean grantPermission(Permission permission);
+ boolean revokePermission(Permission permission);
+}
Deleted: trunk/src/main/org/jboss/seam/security/permission/acl/AclPermission.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/acl/AclPermission.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/acl/AclPermission.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -1,21 +0,0 @@
-package org.jboss.seam.security.permission.acl;
-
-import org.jboss.seam.security.permission.AccountType;
-
-public abstract class AclPermission
-{
- public abstract String getObjectId();
- public abstract void setObjectId(String objectId);
-
- public abstract String getIdentifier();
- public abstract void setIdentifier(String identifier);
-
- public abstract String getAccount();
- public abstract void setAccount(String account);
-
- public abstract AccountType getAccountType();
- public abstract void setAccountType(AccountType accountType);
-
- public abstract long getPermissions();
- public abstract void setPermissions(long permissions);
-}
Modified: trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionResolver.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionResolver.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -16,7 +16,8 @@
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.permission.AccountType;
+import org.jboss.seam.security.permission.Permission;
+import org.jboss.seam.security.permission.PermissionStore;
import org.jboss.seam.security.permission.PermissionResolver;
@Name("org.jboss.seam.security.aclPermissionResolver")
@@ -28,7 +29,7 @@
{
private static final String DEFAULT_PERMISSION_STORE_NAME = "aclPermissionStore";
- private AclPermissionStore permissionStore;
+ private PermissionStore permissionStore;
private static final LogProvider log = Logging.getLogProvider(AclPermissionResolver.class);
@@ -42,7 +43,7 @@
{
if (permissionStore == null)
{
- permissionStore = (AclPermissionStore) Component.getInstance(DEFAULT_PERMISSION_STORE_NAME, true);
+ permissionStore = (PermissionStore) Component.getInstance(DEFAULT_PERMISSION_STORE_NAME, true);
}
if (permissionStore == null)
@@ -56,7 +57,7 @@
{
if (permissionStore == null) return false;
- List<AclPermission> permissions = permissionStore.listPermissions(target);
+ List<Permission> permissions = permissionStore.listPermissions(target);
Identity identity = Identity.instance();
@@ -64,15 +65,15 @@
String username = identity.getPrincipal().getName();
- for (AclPermission permission : permissions)
+ for (Permission permission : permissions)
{
- if ((username.equals(permission.getAccount()) && permission.getAccountType().equals(AccountType.user)) ||
- (permission.getAccountType().equals(AccountType.role) && identity.hasRole(permission.getAccount())))
+ if ((username.equals(permission.getRecipient())) ||
+ (identity.hasRole(permission.getRecipient().getName())))
{
- if (hasPermissionFlag(target, action, permission.getPermissions()))
- {
- return true;
- }
+// if (hasPermissionFlag(target, action, permission.getPermissions()))
+// {
+// return true;
+// }
}
}
Deleted: trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/acl/AclPermissionStore.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -1,17 +0,0 @@
-package org.jboss.seam.security.permission.acl;
-
-import java.util.List;
-
-import org.jboss.seam.security.permission.AccountType;
-
-/**
- * Persistent storage for ACL (instance-based) permissions
- *
- * @author Shane Bryzak
- */
-public interface AclPermissionStore
-{
- List<AclPermission> listPermissions(Object target);
- boolean grantPermission(Object target, String action, String account, AccountType accountType);
- boolean revokePermission(Object target, String action, String account, AccountType accountType);
-}
Modified: trunk/src/main/org/jboss/seam/security/permission/acl/JpaAclPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/acl/JpaAclPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/acl/JpaAclPermissionStore.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -3,32 +3,43 @@
import java.io.Serializable;
import java.util.List;
-import org.jboss.seam.security.permission.AccountType;
+import org.jboss.seam.security.permission.Permission;
+import org.jboss.seam.security.permission.PermissionStore;
-public class JpaAclPermissionStore implements AclPermissionStore, Serializable
+/**
+ * ACL permission storage, using JPA
+ *
+ * @author Shane Bryzak
+ */
+public class JpaAclPermissionStore implements PermissionStore, Serializable
{
private String entityManagerName = "entityManager";
- private Class<? extends AclPermission> permissionClass;
+ private Class permissionClass;
protected String getIdentifier(Object target)
{
return null;
}
- public boolean grantPermission(Object target, String action, String account, AccountType accountType)
+ public boolean grantPermission(Permission permission)
{
// TODO Auto-generated method stub
return false;
}
- public List<AclPermission> listPermissions(Object target)
+ public List<Permission> listPermissions(Object target)
{
// TODO Auto-generated method stub
return null;
}
+
+ public List<Permission> listPermissions(Object target, String action)
+ {
+ return null;
+ }
- public boolean revokePermission(Object target, String action, String account, AccountType accountType)
+ public boolean revokePermission(Permission permission)
{
// TODO Auto-generated method stub
return false;
Deleted: trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermission.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermission.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermission.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -1,24 +0,0 @@
-package org.jboss.seam.security.permission.dynamic;
-
-import org.jboss.seam.security.permission.AccountType;
-
-/**
- * Abstract base class for persistence of user/role permissions. This class should be extended
- * to create a concrete JPA/Hibernate implementation.
- *
- * @author Shane Bryzak
- */
-public abstract class AccountPermission
-{
- public abstract String getTarget();
- public abstract void setTarget(String target);
-
- public abstract String getAction();
- public abstract void setAction(String action);
-
- public abstract String getAccount();
- public abstract void setAccount(String account);
-
- public abstract AccountType getAccountType();
- public abstract void setAccountType(AccountType accountType);
-}
Deleted: trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/dynamic/AccountPermissionStore.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -1,19 +0,0 @@
-package org.jboss.seam.security.permission.dynamic;
-
-import java.util.List;
-
-import org.jboss.seam.security.permission.AccountType;
-
-/**
- * Persistent store for account-based (user/role) permissions
- *
- * @author Shane Bryzak
- */
-public interface AccountPermissionStore
-{
- List<AccountPermission> listPermissions(String target, String action);
- List<AccountPermission> listPermissions(String target);
-
- boolean grantPermission(String target, String action, String account, AccountType accountType);
- boolean revokePermission(String target, String action, String account, AccountType accountType);
-}
Modified: trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -17,12 +17,13 @@
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.permission.AccountType;
+import org.jboss.seam.security.permission.Permission;
import org.jboss.seam.security.permission.PermissionResolver;
+import org.jboss.seam.security.permission.PermissionStore;
/**
- * Resolves dynamically-assigned permissions kept in a persistent store, such as a
- * database.
+ * Resolves dynamically-assigned permissions, mapped to a user or a role, and kept in persistent
+ * storage, such as a relational database.
*
* @author Shane Bryzak
*/
@@ -35,7 +36,7 @@
{
private static final String DEFAULT_PERMISSION_STORE_NAME = "accountPermissionStore";
- private AccountPermissionStore permissionStore;
+ private PermissionStore permissionStore;
private static final LogProvider log = Logging.getLogProvider(DynamicPermissionResolver.class);
@@ -49,7 +50,7 @@
{
if (permissionStore == null)
{
- permissionStore = (AccountPermissionStore) Component.getInstance(DEFAULT_PERMISSION_STORE_NAME, true);
+ permissionStore = (PermissionStore) Component.getInstance(DEFAULT_PERMISSION_STORE_NAME, true);
}
if (permissionStore == null)
@@ -59,12 +60,12 @@
}
}
- public AccountPermissionStore getPermissionStore()
+ public PermissionStore getPermissionStore()
{
return permissionStore;
}
- public void setPermissionStore(AccountPermissionStore permissionStore)
+ public void setPermissionStore(PermissionStore permissionStore)
{
this.permissionStore = permissionStore;
}
@@ -83,18 +84,18 @@
targetName = target.getClass().getName();
}
- List<AccountPermission> permissions = permissionStore.listPermissions(targetName, action);
+ List<Permission> permissions = permissionStore.listPermissions(targetName, action);
String username = identity.getPrincipal().getName();
- for (AccountPermission permission : permissions)
+ for (Permission permission : permissions)
{
- if (username.equals(permission.getAccount()) && permission.getAccountType().equals(AccountType.user))
+ if (username.equals(permission.getRecipient()))
{
return true;
}
- if (permission.getAccountType().equals(AccountType.role) && identity.hasRole(permission.getAccount()))
+ if (identity.hasRole(permission.getRecipient().getName()))
{
return true;
}
Deleted: trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaAccountPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaAccountPermissionStore.java 2008-04-09 01:59:09 UTC (rev 7881)
+++ trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaAccountPermissionStore.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -1,123 +0,0 @@
-package org.jboss.seam.security.permission.dynamic;
-
-import static org.jboss.seam.ScopeType.APPLICATION;
-
-import java.io.Serializable;
-import java.util.List;
-
-import javax.persistence.EntityManager;
-import javax.persistence.NoResultException;
-
-import org.jboss.seam.Component;
-import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.intercept.BypassInterceptors;
-import org.jboss.seam.security.permission.AccountType;
-
-/**
- * A permission store implementation that uses JPA as its persistence mechanism.
- *
- * @author Shane Bryzak
- */
- at Scope(APPLICATION)
- at BypassInterceptors
-public class JpaAccountPermissionStore implements AccountPermissionStore, Serializable
-{
- private String entityManagerName = "entityManager";
-
- private Class<? extends AccountPermission> permissionClass;
-
- public boolean grantPermission(String target, String action, String account,
- AccountType accountType)
- {
- try
- {
- if (permissionClass == null)
- {
- throw new RuntimeException("Could not grant permission, permissionClass not set");
- }
-
- AccountPermission permission = permissionClass.newInstance();
- permission.setTarget(target);
- permission.setAction(action);
- permission.setAccount(account);
- permission.setAccountType(accountType);
-
- getEntityManager().persist(permission);
-
- return true;
- }
- catch (Exception ex)
- {
- throw new RuntimeException("Could not grant permission", ex);
- }
- }
-
- public boolean revokePermission(String target, String action,
- String account, AccountType accountType)
- {
- try
- {
- EntityManager em = getEntityManager();
-
- AccountPermission permission = (AccountPermission) em.createQuery(
- "from " + permissionClass.getName() +
- " where target = :target and action = :action and account = :account " +
- " and accountType = :accountType")
- .setParameter("target", target)
- .setParameter("action", "action")
- .setParameter("account", account)
- .setParameter("accountType", accountType)
- .getSingleResult();
-
- em.remove(permission);
- return true;
- }
- catch (NoResultException ex)
- {
- return false;
- }
- }
-
- public List<AccountPermission> listPermissions(String target, String action)
- {
- return getEntityManager().createQuery(
- "from " + permissionClass.getName() +
- " where target = :target and action = :action")
- .setParameter("target", target)
- .setParameter("action", action)
- .getResultList();
- }
-
- public List<AccountPermission> listPermissions(String target)
- {
- return getEntityManager().createQuery(
- "from " + permissionClass.getName() + " where target = :target")
- .setParameter("target", target)
- .getResultList();
- }
-
- private EntityManager getEntityManager()
- {
- return (EntityManager) Component.getInstance(entityManagerName);
- }
-
- public String getEntityManagerName()
- {
- return entityManagerName;
- }
-
- public void setEntityManagerName(String name)
- {
- this.entityManagerName = name;
- }
-
- public Class getPermissionClass()
- {
- return permissionClass;
- }
-
- public void setPermissionClass(Class permissionClass)
- {
- this.permissionClass = permissionClass;
- }
-}
Added: trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaDynamicPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaDynamicPermissionStore.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaDynamicPermissionStore.java 2008-04-09 04:53:19 UTC (rev 7882)
@@ -0,0 +1,120 @@
+package org.jboss.seam.security.permission.dynamic;
+
+import static org.jboss.seam.ScopeType.APPLICATION;
+
+import java.io.Serializable;
+import java.util.List;
+
+import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+
+import org.jboss.seam.Component;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.security.permission.Permission;
+import org.jboss.seam.security.permission.PermissionStore;
+
+/**
+ * A permission store implementation that uses JPA as its persistence mechanism.
+ *
+ * @author Shane Bryzak
+ */
+ at Scope(APPLICATION)
+ at BypassInterceptors
+public class JpaDynamicPermissionStore implements PermissionStore, Serializable
+{
+ private String entityManagerName = "entityManager";
+
+ private Class permissionClass;
+
+ public boolean grantPermission(Permission permission)
+ {
+ try
+ {
+ if (permissionClass == null)
+ {
+ throw new RuntimeException("Could not grant permission, permissionClass not set");
+ }
+
+ Object instance = permissionClass.newInstance();
+// instance.setTarget(permission.getTarget());
+// instance.setAction(permission.getAction());
+// instance.setAccount(permission.getRecipient());
+
+ getEntityManager().persist(instance);
+
+ return true;
+ }
+ catch (Exception ex)
+ {
+ throw new RuntimeException("Could not grant permission", ex);
+ }
+ }
+
+ public boolean revokePermission(Permission permission)
+ {
+ try
+ {
+ EntityManager em = getEntityManager();
+
+ Object instance = em.createQuery(
+ "from " + permissionClass.getName() +
+ " where target = :target and action = :action and account = :account " +
+ " and accountType = :accountType")
+ .setParameter("target", permission.getTarget())
+ .setParameter("action", "action")
+ .setParameter("account", permission.getRecipient())
+ .getSingleResult();
+
+ em.remove(instance);
+ return true;
+ }
+ catch (NoResultException ex)
+ {
+ return false;
+ }
+ }
+
+ public List<Permission> listPermissions(Object target, String action)
+ {
+ return getEntityManager().createQuery(
+ "from " + permissionClass.getName() +
+ " where target = :target and action = :action")
+ .setParameter("target", target)
+ .setParameter("action", action)
+ .getResultList();
+ }
+
+ public List<Permission> listPermissions(Object target)
+ {
+ return getEntityManager().createQuery(
+ "from " + permissionClass.getName() + " where target = :target")
+ .setParameter("target", target)
+ .getResultList();
+ }
+
+ private EntityManager getEntityManager()
+ {
+ return (EntityManager) Component.getInstance(entityManagerName);
+ }
+
+ public String getEntityManagerName()
+ {
+ return entityManagerName;
+ }
+
+ public void setEntityManagerName(String name)
+ {
+ this.entityManagerName = name;
+ }
+
+ public Class getPermissionClass()
+ {
+ return permissionClass;
+ }
+
+ public void setPermissionClass(Class permissionClass)
+ {
+ this.permissionClass = permissionClass;
+ }
+}
More information about the seam-commits
mailing list