[seam-commits] Seam SVN: r7442 - in trunk/examples/seamspace: resources/WEB-INF and 2 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Tue Feb 19 08:42:29 EST 2008
Author: shane.bryzak at jboss.com
Date: 2008-02-19 08:42:29 -0500 (Tue, 19 Feb 2008)
New Revision: 7442
Modified:
trunk/examples/seamspace/resources/META-INF/security-rules.drl
trunk/examples/seamspace/resources/WEB-INF/components.xml
trunk/examples/seamspace/resources/WEB-INF/pages.xml
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/AuthenticationEvents.java
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/BlogAction.java
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/FriendAction.java
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/Member.java
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/UserSearch.java
trunk/examples/seamspace/view/blog.xhtml
trunk/examples/seamspace/view/blogentry.xhtml
trunk/examples/seamspace/view/profile.xhtml
trunk/examples/seamspace/view/rolemanager.xhtml
trunk/examples/seamspace/view/template.xhtml
trunk/examples/seamspace/view/usermanager.xhtml
Log:
updated with security api changes
Modified: trunk/examples/seamspace/resources/META-INF/security-rules.drl
===================================================================
--- trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-02-19 13:42:29 UTC (rev 7442)
@@ -1,21 +1,41 @@
package SeamSpacePermissions;
+dialect 'mvel'
+
import java.security.Principal;
+import org.jboss.seam.security.management.SecurityContext;
+import org.jboss.seam.security.management.UserAccount;
import org.jboss.seam.security.PermissionCheck;
import org.jboss.seam.security.Role;
+import org.jboss.seam.example.seamspace.BlogComment;
import org.jboss.seam.example.seamspace.Member;
+import org.jboss.seam.example.seamspace.MemberAccount;
import org.jboss.seam.example.seamspace.MemberBlog;
import org.jboss.seam.example.seamspace.MemberFriend;
import org.jboss.seam.example.seamspace.MemberImage;
+function Member getAccountMember(UserAccount account) {
+ return ((MemberAccount) account).getMember();
+}
+
+rule ViewProfile
+ no-loop
+ activation-group "permissions"
+when
+ check: PermissionCheck(name == "/profile.xhtml", action == "render", granted == false)
+ Role(name == "admin")
+then
+ check.grant();
+end
+
rule ViewImage
no-loop
activation-group "permissions"
when
- check: PermissionCheck(name == "memberImage", action == "view", granted == false)
image: MemberImage()
+ check: PermissionCheck(target == image, action == "view", granted == false)
eval( image.getMember().getPicture() == image )
then
check.grant();
@@ -31,11 +51,22 @@
check.grant();
end
+rule CanCreateBlogComment
+ no-loop
+ activation-group "permissions"
+when
+ blog: MemberBlog()
+ check: PermissionCheck(target == blog, action == "create", granted == false)
+ Role(name == "user")
+then
+ check.grant();
+end
+
rule CreateBlogComment
no-loop
activation-group "permissions"
when
- check: PermissionCheck(name == "blog", action == "createComment", granted == false)
+ check: PermissionCheck(target == "blogComment", action == "create", granted == false)
Role(name == "user")
then
check.grant();
@@ -45,9 +76,9 @@
no-loop
activation-group "permissions"
when
- check: PermissionCheck(name == "blog", action == "create", granted == false)
+ ctx: SecurityContext()
member: Member()
- not Member(mbrId : memberId -> (!mbrId.equals(member.getMemberId())))
+ check: PermissionCheck(target == member, action == "createBlog", granted == false, eval( member.equals(getAccountMember(ctx.userAccount))))
then
check.grant();
end
@@ -56,9 +87,9 @@
no-loop
activation-group "permissions"
when
- check: PermissionCheck(name == "memberBlog", action == "insert", granted == false)
- MemberBlog(member : member)
- not Member(mbrId : memberId -> (!mbrId.equals(member.getMemberId())))
+ ctx: SecurityContext()
+ blog: MemberBlog(member : member, eval( member.equals(getAccountMember(ctx.userAccount))))
+ check: PermissionCheck(target == blog, action == "insert", granted == false)
then
check.grant();
end
@@ -67,9 +98,9 @@
no-loop
activation-group "permissions"
when
- check: PermissionCheck(name == "friendComment", action == "create", granted == false)
- MemberFriend(authorized == true, f : friend)
- not Member(mbrId : memberId -> (!mbrId.equals(f.getMemberId())))
+ ctx: SecurityContext()
+ member: Member()
+ check: PermissionCheck(target == member, action == "createFriendComment", granted == false, eval( member.isFriend(getAccountMember(ctx.userAccount))))
then
check.grant();
end
@@ -78,9 +109,9 @@
no-loop
activation-group "permissions"
when
- check: PermissionCheck(name == "friendRequest", action == "create", granted == false)
+ ctx: SecurityContext()
member: Member()
- not MemberFriend(f : friend -> (f.getMemberId().equals(member.getMemberId())))
+ check: PermissionCheck(target == member, action == "createFriendRequest", granted == false, eval( !member.isFriend(getAccountMember(ctx.userAccount))) )
then
check.grant();
end
@@ -95,6 +126,12 @@
check.grant();
end
+/*****************************************************************************************
+
+ The Following Rules are for Identity Management
+
+******************************************************************************************/
+
rule ReadAccount
no-loop
activation-group "permissions"
Modified: trunk/examples/seamspace/resources/WEB-INF/components.xml
===================================================================
--- trunk/examples/seamspace/resources/WEB-INF/components.xml 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/resources/WEB-INF/components.xml 2008-02-19 13:42:29 UTC (rev 7442)
@@ -24,7 +24,7 @@
concurrent-request-timeout="500"
conversation-id-parameter="cid"/>
- <security:identity security-rules="#{securityRules}"/>
+ <security:rule-based-permission-resolver security-rules="#{securityRules}"/>
<identity-management:jpa-identity-store name="identityStore" account-class="org.jboss.seam.example.seamspace.MemberAccount"/>
Modified: trunk/examples/seamspace/resources/WEB-INF/pages.xml
===================================================================
--- trunk/examples/seamspace/resources/WEB-INF/pages.xml 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/resources/WEB-INF/pages.xml 2008-02-19 13:42:29 UTC (rev 7442)
@@ -4,7 +4,7 @@
xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.1.xsd"
login-view-id="/home.xhtml">
- <page view-id="/home.xhtml" action="#{identity.logout}">
+ <page view-id="/home.xhtml">
<navigation from-action="#{identity.login}">
<rule if-outcome="loggedIn">
<redirect view-id="/profile.xhtml"/>
@@ -62,7 +62,7 @@
</page>
<page view-id="/usermanager.xhtml" action="#{userSearch.loadUsers}">
- <restrict>#{s:hasPermission('seam.account', 'read', null)}</restrict>
+ <restrict>#{s:hasPermission('seam.account', 'read')}</restrict>
<navigation from-action="#{userAction.createUser}">
<redirect view-id="/userdetail.xhtml"/>
@@ -74,7 +74,7 @@
</page>
<page view-id="/rolemanager.xhtml" action="#{roleSearch.loadRoles}">
- <restrict>#{s:hasPermission('seam.account', 'read', null)}</restrict>
+ <restrict>#{s:hasPermission('seam.account', 'read')}</restrict>
<navigation from-action="#{roleAction.createRole}">
<redirect view-id="/roledetail.xhtml"/>
@@ -144,17 +144,17 @@
</navigation>
</page>
- <!--exception class="org.jboss.seam.security.NotLoggedInException" log="false">
+ <exception class="org.jboss.seam.security.NotLoggedInException" log="false">
<redirect view-id="/register.xhtml">
<message severity="warn">You must be a member to use this feature</message>
</redirect>
- </exception-->
+ </exception>
- <!--exception class="org.jboss.seam.security.AuthorizationException">
+ <exception class="org.jboss.seam.security.AuthorizationException">
<end-conversation/>
<redirect view-id="/security_error.xhtml">
<message severity="error">You do not have permission to do this</message>
</redirect>
- </exception-->
+ </exception>
</pages>
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/AuthenticationEvents.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/AuthenticationEvents.java 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/AuthenticationEvents.java 2008-02-19 13:42:29 UTC (rev 7442)
@@ -3,8 +3,6 @@
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.contexts.Contexts;
-import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.RuleBasedIdentity;
import org.jboss.seam.security.management.JpaIdentityStore;
@Name("authenticationEvents")
@@ -14,6 +12,5 @@
public void loginSuccessful(MemberAccount account)
{
Contexts.getSessionContext().set("authenticatedMember", account.getMember());
- ((RuleBasedIdentity) Identity.instance()).getSecurityContext().insert(account.getMember());
}
}
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/BlogAction.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/BlogAction.java 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/BlogAction.java 2008-02-19 13:42:29 UTC (rev 7442)
@@ -15,7 +15,7 @@
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Out;
import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.security.Restrict;
+import org.jboss.seam.annotations.security.Insert;
@Scope(CONVERSATION)
@Name("blog")
@@ -54,11 +54,9 @@
catch (NoResultException ex) { }
}
- @Factory("comment") @Restrict @Begin(join = true)
+ @Factory("comment") @Insert(BlogComment.class) @Begin(join = true)
public void createComment()
- {
- System.out.println("Params - blogId: " + blogId + " name: " + name);
-
+ {
comment = new BlogComment();
comment.setCommentor(authenticatedMember);
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/FriendAction.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/FriendAction.java 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/FriendAction.java 2008-02-19 13:42:29 UTC (rev 7442)
@@ -49,7 +49,7 @@
.getSingleResult();
Contexts.getMethodContext().set("friends", member.getFriends());
- Identity.instance().checkRestriction("#{s:hasPermission('friendComment', 'create', friends)}");
+ Identity.instance().checkPermission(member, "createFriendComment");
friendComment = new FriendComment();
friendComment.setFriend(authenticatedMember);
@@ -79,7 +79,7 @@
.getSingleResult();
Contexts.getMethodContext().set("friends", member.getFriends());
- Identity.instance().checkRestriction("#{s:hasPermission('friendRequest', 'create', friends)}");
+ Identity.instance().checkPermission(member, "createFriendRequest");
friendRequest = new MemberFriend();
friendRequest.setFriend(authenticatedMember);
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/Member.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/Member.java 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/Member.java 2008-02-19 13:42:29 UTC (rev 7442)
@@ -217,10 +217,21 @@
public void setFriends(Set<MemberFriend> friends)
{
- this.friends = friends;
+ this.friends = friends;
}
@Transient
+ public boolean isFriend(Member member)
+ {
+ for (MemberFriend f : friends)
+ {
+ if (f.getFriend().getMemberId().equals(member.getMemberId())) return true;
+ }
+
+ return false;
+ }
+
+ @Transient
public String getAge()
{
Calendar birthday = new GregorianCalendar();
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/UserSearch.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/UserSearch.java 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/UserSearch.java 2008-02-19 13:42:29 UTC (rev 7442)
@@ -8,12 +8,15 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Synchronized;
import org.jboss.seam.annotations.datamodel.DataModel;
import org.jboss.seam.annotations.datamodel.DataModelSelection;
+
import org.jboss.seam.security.management.IdentityManager;
@Name("userSearch")
@Scope(SESSION)
+ at Synchronized
public class UserSearch implements Serializable
{
private static final long serialVersionUID = 8592034786339372510L;
Modified: trunk/examples/seamspace/view/blog.xhtml
===================================================================
--- trunk/examples/seamspace/view/blog.xhtml 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/view/blog.xhtml 2008-02-19 13:42:29 UTC (rev 7442)
@@ -39,7 +39,7 @@
#{memberBlog.commentCount} Comment#{memberBlog.commentCount != 1 ? "s" : ""}
</s:link>]
- <s:span rendered="#{s:hasPermission('blog','createComment', null)}">
+ <s:span rendered="#{s:hasPermission('blog','createComment')}">
[<s:link view="/comment.seam" value="Add Comment" propagation="none">
<f:param name="name" value="#{selectedMember.memberName}"/>
<f:param name="blogId" value="#{memberBlog.blogId}"/>
Modified: trunk/examples/seamspace/view/blogentry.xhtml
===================================================================
--- trunk/examples/seamspace/view/blogentry.xhtml 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/view/blogentry.xhtml 2008-02-19 13:42:29 UTC (rev 7442)
@@ -31,7 +31,7 @@
<div class="blogTitle">#{selectedBlog.title}</div>
<div class="blogText"><s:formattedText value="#{selectedBlog.text}"/></div>
<div class="blogFooter">
- <s:span rendered="#{s:hasPermission('blog','createComment', null)}">
+ <s:span rendered="#{s:hasPermission(selectedBlog, 'create')}">
[<s:link view="/comment.seam" value="Add Comment" propagation="none">
<f:param name="name" value="#{selectedMember.memberName}"/>
<f:param name="blogId" value="#{selectedBlog.blogId}"/>
Modified: trunk/examples/seamspace/view/profile.xhtml
===================================================================
--- trunk/examples/seamspace/view/profile.xhtml 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/view/profile.xhtml 2008-02-19 13:42:29 UTC (rev 7442)
@@ -52,7 +52,7 @@
<f:param name="name" value="#{selectedMember.memberName}"/>
</s:link>]
- <s:span rendered="#{s:hasPermission('blog', 'create', selectedMember)}">
+ <s:span rendered="#{s:hasPermission(selectedMember, 'createBlog')}">
[<s:link action="#{blog.createEntry}" value="Create new blog entry" propagation="none"/>]
</s:span>
</s:div>
@@ -74,7 +74,7 @@
<br class="clear"/>
- <s:span rendered="#{selectedMember.memberId != authenticatedMember.memberId and s:hasPermission('friendRequest', 'create', selectedMember.friends)}">
+ <s:span rendered="#{selectedMember.memberId != authenticatedMember.memberId and s:hasPermission(selectedMember, 'createFriendRequest')}">
[<s:link view="/friendrequest.seam" value="Send a friend request" propagation="none"/>]
</s:span>
@@ -102,7 +102,7 @@
</table>
</ui:repeat>
- <s:span rendered="#{s:hasPermission('friendComment', 'create', selectedMember.friends)}">
+ <s:span rendered="#{s:hasPermission(selectedMember, 'createFriendComment')}">
[<s:link view="/friendcomment.seam" value="Add Comment"/>]
</s:span>
</s:div>
Modified: trunk/examples/seamspace/view/rolemanager.xhtml
===================================================================
--- trunk/examples/seamspace/view/rolemanager.xhtml 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/view/rolemanager.xhtml 2008-02-19 13:42:29 UTC (rev 7442)
@@ -50,11 +50,11 @@
#{roleSearch.getRoleMemberships(role)}
</rich:column>
<rich:column width="auto">
- <s:fragment rendered="#{s:hasPermission('seam.account', 'update', null)}">
+ <s:fragment rendered="#{s:hasPermission('seam.account', 'update')}">
<s:link value="Edit" action="#{roleAction.editRole(roleSearch.selectedRole)}"/><span> | </span>
</s:fragment>
<s:link value="Delete" action="#{identityManager.deleteAccount(roleSearch.selectedRole)}"
- rendered="#{s:hasPermission('seam.account', 'delete', null)}"
+ rendered="#{s:hasPermission('seam.account', 'delete')}"
onclick="return confirmDelete()"/>
</rich:column>
</rich:dataTable>
Modified: trunk/examples/seamspace/view/template.xhtml
===================================================================
--- trunk/examples/seamspace/view/template.xhtml 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/view/template.xhtml 2008-02-19 13:42:29 UTC (rev 7442)
@@ -40,8 +40,8 @@
<s:link view="/home.xhtml" value="Home" propagation="none"/>|
<s:link value="Browse" onclick="javascript:alert('This feature coming soon!');return false"/>|
<s:link value="Blog" onclick="javascript:alert('This feature coming soon!');return false"/>|
- <s:link value="Music" onclick="javascript:alert('This feature coming soon!');return false"/><s:fragment rendered="#{s:hasPermission('seam.account', 'read', null)}">|
- <s:link view="/usermanager.xhtml" value="User Manager" propagation="none"/></s:fragment>
+ <s:link value="Music" onclick="javascript:alert('This feature coming soon!');return false"/><s:fragment rendered="#{s:hasPermission('seam.account', 'read')}">|
+ <s:link view="/usermanager.xhtml" value="User Manager" propagation="none"/></s:fragment>
</div>
<div id="content">
Modified: trunk/examples/seamspace/view/usermanager.xhtml
===================================================================
--- trunk/examples/seamspace/view/usermanager.xhtml 2008-02-19 13:36:02 UTC (rev 7441)
+++ trunk/examples/seamspace/view/usermanager.xhtml 2008-02-19 13:42:29 UTC (rev 7442)
@@ -21,7 +21,7 @@
<h2>User Manager</h2>
- <s:button action="#{userAction.createUser}" styleClass="newuser" rendered="#{s:hasPermission('seam.account', 'create', null)}"/>
+ <s:button action="#{userAction.createUser}" styleClass="newuser" rendered="#{s:hasPermission('seam.account', 'create')}"/>
<s:link view="/rolemanager.xhtml" value="--> Manage Roles" propagation="none"/>
<rich:dataTable
@@ -56,11 +56,11 @@
<div class="#{identityManager.isUserEnabled(user) ? 'checkmark' : 'cross'}"/>
</rich:column>
<rich:column width="auto">
- <s:fragment rendered="#{s:hasPermission('seam.account', 'update', null)}">
+ <s:fragment rendered="#{s:hasPermission('seam.account', 'update')}">
<s:link value="Edit" action="#{userAction.editUser(userSearch.selectedUser)}"/><span> | </span>
</s:fragment>
<s:link value="Delete" action="#{identityManager.deleteAccount(userSearch.selectedUser)}"
- rendered="#{s:hasPermission('seam.account', 'delete', null)}"
+ rendered="#{s:hasPermission('seam.account', 'delete')}"
onclick="return confirmDelete()"/>
</rich:column>
</rich:dataTable>
More information about the seam-commits
mailing list