[seam-commits] Seam SVN: r7351 - trunk/src/main/org/jboss/seam/security.

seam-commits at lists.jboss.org seam-commits at lists.jboss.org
Sun Feb 3 22:12:15 EST 2008 

Author: shane.bryzak at jboss.com
Date: 2008-02-03 22:12:15 -0500 (Sun, 03 Feb 2008)
New Revision: 7351

Modified:
   trunk/src/main/org/jboss/seam/security/Identity.java
   trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java
Log:
Stricter constraints on user roles, refactored authentication.

Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java	2008-02-04 01:06:20 UTC (rev 7350)
+++ trunk/src/main/org/jboss/seam/security/Identity.java	2008-02-04 03:12:15 UTC (rev 7351)
@@ -239,11 +239,13 @@
       // If we're already authenticated, then don't authenticate again
       if (!isLoggedIn(false))
       {
+         principal = null;
+         subject = new Subject();
          authenticate( getLoginContext() );
       }
    }
 
-   public void authenticate(LoginContext loginContext) 
+   protected void authenticate(LoginContext loginContext) 
       throws LoginException
    {
       try
@@ -261,14 +263,22 @@
       }
    }
    
+   /**
+    * Clears any roles added by calling addRole() while not authenticated.  
+    * This method may be overridden by a subclass if different 
+    * pre-authentication logic should occur.
+    */
    protected void preAuthenticate()
-   {
-      unAuthenticate();
-      preAuthenticationRoles.clear();
-      
+   {     
+      preAuthenticationRoles.clear();      
       if (Events.exists()) Events.instance().raiseEvent(EVENT_PRE_AUTHENTICATE);
    }   
    
+   /**
+    * Extracts the principal from the subject, and populates the roles of the
+    * authenticated user.  This method may be overridden by a subclass if
+    * different post-authentication logic should occur.
+    */
    protected void postAuthenticate()
    {
       // Populate the working memory with the user's principals
@@ -301,18 +311,11 @@
     * group from the user's subject.
     *
     */
-   protected void unAuthenticate()
+   public void unAuthenticate()
    {      
       principal = null;
-      
-      for ( Group sg : getSubject().getPrincipals(Group.class) )      
-      {
-         if ( ROLES_GROUP.equals( sg.getName() ) )
-         {
-            getSubject().getPrincipals().remove(sg);
-            break;
-         }
-      }
+      subject = new Subject();
+      username = null;
    }
 
    protected LoginContext getLoginContext() throws LoginException

Modified: trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java	2008-02-04 01:06:20 UTC (rev 7350)
+++ trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java	2008-02-04 03:12:15 UTC (rev 7351)
@@ -78,26 +78,10 @@
    protected void postAuthenticate()
    {
       super.postAuthenticate();
-      
-      StatefulSession securityContext = getSecurityContext();
 
-      if (securityContext != null)
-      {
-         // Populate the working memory with the user's principals
-         for ( Principal p : getSubject().getPrincipals() )
-         {         
-            if ( (p instanceof Group) && ROLES_GROUP.equals( ( (Group) p ).getName() ) )
-            {
-               Enumeration e = ( (Group) p ).members();
-               while ( e.hasMoreElements() )
-               {
-                  Principal role = (Principal) e.nextElement();
-                  securityContext.insert( new Role( role.getName() ) );
-               }
-            }     
-         }
-         
-         securityContext.insert(getPrincipal());
+      if (getSecurityContext() != null)
+      {         
+         getSecurityContext().insert(getPrincipal());
       }
    }
    
@@ -155,66 +139,15 @@
       return check.isGranted();
    }
    
-   /**
-    * Overridden version of hasRole() that checks for the existence of the role
-    * in the security context first.  If it is not found there, then the super
-    * method is invoked instead.
-    */
-   @Override
-   public boolean hasRole(String role)
-   {      
-      if (securityContext != null)
-      {
-         Iterator<Role> iter = securityContext.iterateObjects(new ClassObjectFilter(Role.class));
-         
-         while (iter.hasNext())
-         {
-            Role r = iter.next();
-            if (r.getName().equals(role)) return true;
-         }
-      }
-      
-      return super.hasRole(role);
-   }
-   
    @SuppressWarnings("unchecked")
    @Override   
    public void unAuthenticate()
    {
-      StatefulSession securityContext = getSecurityContext();
-      
-      if (securityContext != null)
-      {
-         Iterator<Role> iter = securityContext.iterateObjects(new ClassObjectFilter(Role.class)); 
-         while (iter.hasNext()) 
-         {
-            getSecurityContext().retract(securityContext.getFactHandle(iter.next()));
-         }
-      }
-      
       super.unAuthenticate();
+      setSecurityContext(null);
+      initSecurityContext();
    }
    
-   @Override
-   public boolean addRole(String role)
-   {
-      if (super.addRole(role))
-      {
-         synchronizeContext();
-         return true;
-      }
-      
-      return false;
-   }
-   
-   @SuppressWarnings("unchecked")
-   @Override
-   public void removeRole(String role)
-   {
-      super.removeRole(role);
-      synchronizeContext();
-   }
-   
    /**
     *  Synchronizes the state of the security context with that of the subject
     */

More information about the seam-commits mailing list