[seam-commits] Seam SVN: r7663 - trunk/src/main/org/jboss/seam/security.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Thu Mar 20 14:26:49 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-03-20 14:26:49 -0400 (Thu, 20 Mar 2008)
New Revision: 7663
Added:
trunk/src/main/org/jboss/seam/security/EntityPermissionChecker.java
Modified:
trunk/src/main/org/jboss/seam/security/EntitySecurityListener.java
trunk/src/main/org/jboss/seam/security/HibernateSecurityInterceptor.java
trunk/src/main/org/jboss/seam/security/Identity.java
Log:
refactored entity permission checks
Added: trunk/src/main/org/jboss/seam/security/EntityPermissionChecker.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/EntityPermissionChecker.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/EntityPermissionChecker.java 2008-03-20 18:26:49 UTC (rev 7663)
@@ -0,0 +1,127 @@
+package org.jboss.seam.security;
+
+import static org.jboss.seam.ScopeType.APPLICATION;
+import static org.jboss.seam.annotations.Install.BUILT_IN;
+
+import java.lang.reflect.Method;
+
+import javax.persistence.EntityManager;
+
+import org.jboss.seam.Component;
+import org.jboss.seam.ScopeType;
+import org.jboss.seam.Seam;
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Startup;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.annotations.security.Restrict;
+import org.jboss.seam.contexts.Contexts;
+import org.jboss.seam.persistence.PersistenceProvider;
+import org.jboss.seam.util.Strings;
+
+/**
+ * Entity permission checks
+ *
+ * @author Shane Bryzak
+ */
+ at Name("org.jboss.seam.security.entityPermissionChecker")
+ at Scope(APPLICATION)
+ at Install(precedence = BUILT_IN)
+ at BypassInterceptors
+ at Startup
+public class EntityPermissionChecker
+{
+ private String entityManagerName = "entityManager";
+
+ private EntityManager getEntityManager()
+ {
+ return (EntityManager) Component.getInstance(entityManagerName);
+ }
+
+ public String getEntityManagerName()
+ {
+ return entityManagerName;
+ }
+
+ public void setEntityManagerName(String name)
+ {
+ this.entityManagerName = name;
+ }
+
+ public static EntityPermissionChecker instance()
+ {
+ if ( !Contexts.isApplicationContextActive() )
+ {
+ throw new IllegalStateException("No active application context");
+ }
+
+ EntityPermissionChecker instance = (EntityPermissionChecker) Component.getInstance(
+ EntityPermissionChecker.class, ScopeType.APPLICATION);
+
+ if (instance == null)
+ {
+ throw new IllegalStateException("No EntityPermissionChecker could be created");
+ }
+
+ return instance;
+ }
+
+ public void checkEntityPermission(Object entity, EntityAction action)
+ {
+ if (!Identity.isSecurityEnabled()) return;
+
+ Identity identity = Identity.instance();
+
+ identity.isLoggedIn(true);
+
+ PersistenceProvider provider = PersistenceProvider.instance();
+ Class beanClass = provider.getBeanClass(entity);
+
+ if (beanClass != null)
+ {
+ String name = Seam.getComponentName(entity.getClass());
+ if (name == null) name = beanClass.getName();
+
+ // TODO - replace getXXXMethod(class) with getXXXMethod(class, entityManager)
+ Method m = null;
+ switch (action)
+ {
+ case READ:
+ m = provider.getPostLoadMethod(beanClass);
+ break;
+ case INSERT:
+ m = provider.getPrePersistMethod(beanClass);
+ break;
+ case UPDATE:
+ m = provider.getPreUpdateMethod(beanClass);
+ break;
+ case DELETE:
+ m = provider.getPreRemoveMethod(beanClass);
+ }
+
+ Restrict restrict = null;
+
+ if (m != null && m.isAnnotationPresent(Restrict.class))
+ {
+ restrict = m.getAnnotation(Restrict.class);
+ }
+ else if (entity.getClass().isAnnotationPresent(Restrict.class))
+ {
+ restrict = entity.getClass().getAnnotation(Restrict.class);
+ }
+
+ if (restrict != null)
+ {
+ if (Strings.isEmpty(restrict.value()))
+ {
+ identity.checkPermission(entity, action.toString());
+ }
+ else
+ {
+ identity.checkRestriction(restrict.value());
+ }
+ }
+ }
+ }
+}
Modified: trunk/src/main/org/jboss/seam/security/EntitySecurityListener.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/EntitySecurityListener.java 2008-03-20 17:17:17 UTC (rev 7662)
+++ trunk/src/main/org/jboss/seam/security/EntitySecurityListener.java 2008-03-20 18:26:49 UTC (rev 7663)
@@ -21,36 +21,24 @@
@PostLoad
public void postLoad(Object entity)
{
- if (Identity.isSecurityEnabled())
- {
- Identity.instance().checkEntityPermission(entity, READ);
- }
+ EntityPermissionChecker.instance().checkEntityPermission(entity, READ);
}
@PrePersist
public void prePersist(Object entity)
{
- if (Identity.isSecurityEnabled())
- {
- Identity.instance().checkEntityPermission(entity, INSERT);
- }
+ EntityPermissionChecker.instance().checkEntityPermission(entity, INSERT);
}
@PreUpdate
public void preUpdate(Object entity)
{
- if (Identity.isSecurityEnabled())
- {
- Identity.instance().checkEntityPermission(entity, UPDATE);
- }
+ EntityPermissionChecker.instance().checkEntityPermission(entity, UPDATE);
}
@PreRemove
public void preRemove(Object entity)
{
- if (Identity.isSecurityEnabled())
- {
- Identity.instance().checkEntityPermission(entity, DELETE);
- }
+ EntityPermissionChecker.instance().checkEntityPermission(entity, DELETE);
}
}
Modified: trunk/src/main/org/jboss/seam/security/HibernateSecurityInterceptor.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/HibernateSecurityInterceptor.java 2008-03-20 17:17:17 UTC (rev 7662)
+++ trunk/src/main/org/jboss/seam/security/HibernateSecurityInterceptor.java 2008-03-20 18:26:49 UTC (rev 7663)
@@ -30,10 +30,8 @@
public boolean onLoad(Object entity, Serializable id, Object[] state,
String[] propertyNames, Type[] types)
{
- if (Identity.isSecurityEnabled())
- {
- Identity.instance().checkEntityPermission(entity, READ);
- }
+ EntityPermissionChecker.instance().checkEntityPermission(entity, READ);
+
return wrappedInterceptor != null ?
wrappedInterceptor.onLoad(entity, id, state, propertyNames, types) :
false;
@@ -43,10 +41,8 @@
public void onDelete(Object entity, Serializable id, Object[] state,
String[] propertyNames, Type[] types)
{
- if (Identity.isSecurityEnabled())
- {
- Identity.instance().checkEntityPermission(entity, DELETE);
- }
+ EntityPermissionChecker.instance().checkEntityPermission(entity, DELETE);
+
if (wrappedInterceptor != null)
wrappedInterceptor.onDelete(entity, id, state, propertyNames, types);
}
@@ -55,10 +51,8 @@
public boolean onFlushDirty(Object entity, Serializable id, Object[] currentState,
Object[] previousState, String[] propertyNames, Type[] types)
{
- if (Identity.isSecurityEnabled())
- {
- Identity.instance().checkEntityPermission(entity, UPDATE);
- }
+ EntityPermissionChecker.instance().checkEntityPermission(entity, UPDATE);
+
return wrappedInterceptor != null ?
wrappedInterceptor.onFlushDirty(entity, id, currentState,
previousState, propertyNames, types) : false;
@@ -68,10 +62,8 @@
public boolean onSave(Object entity, Serializable id, Object[] state,
String[] propertyNames, Type[] types)
{
- if (Identity.isSecurityEnabled())
- {
- Identity.instance().checkEntityPermission(entity, INSERT);
- }
+ EntityPermissionChecker.instance().checkEntityPermission(entity, INSERT);
+
return wrappedInterceptor != null ?
wrappedInterceptor.onSave(entity, id, state, propertyNames, types) :
false;
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-03-20 17:17:17 UTC (rev 7662)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-03-20 18:26:49 UTC (rev 7663)
@@ -5,7 +5,6 @@
import java.io.IOException;
import java.io.Serializable;
-import java.lang.reflect.Method;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
@@ -23,24 +22,19 @@
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
-import org.jboss.seam.Seam;
import org.jboss.seam.annotations.Create;
-import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
-import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.core.Events;
import org.jboss.seam.core.Expressions;
import org.jboss.seam.core.Expressions.MethodExpression;
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
-import org.jboss.seam.persistence.PersistenceProvider;
import org.jboss.seam.security.permission.PermissionMapper;
-import org.jboss.seam.util.Strings;
import org.jboss.seam.web.Session;
/**
@@ -684,58 +678,5 @@
principal = savedPrincipal;
subject = savedSubject;
}
- }
-
- public void checkEntityPermission(Object entity, EntityAction action)
- {
- isLoggedIn(true);
-
- PersistenceProvider provider = PersistenceProvider.instance();
- Class beanClass = provider.getBeanClass(entity);
-
- if (beanClass != null)
- {
- String name = Seam.getComponentName(entity.getClass());
- if (name == null) name = beanClass.getName();
-
- Method m = null;
- switch (action)
- {
- case READ:
- m = provider.getPostLoadMethod(beanClass);
- break;
- case INSERT:
- m = provider.getPrePersistMethod(beanClass);
- break;
- case UPDATE:
- m = provider.getPreUpdateMethod(beanClass);
- break;
- case DELETE:
- m = provider.getPreRemoveMethod(beanClass);
- }
-
- Restrict restrict = null;
-
- if (m != null && m.isAnnotationPresent(Restrict.class))
- {
- restrict = m.getAnnotation(Restrict.class);
- }
- else if (entity.getClass().isAnnotationPresent(Restrict.class))
- {
- restrict = entity.getClass().getAnnotation(Restrict.class);
- }
-
- if (restrict != null)
- {
- if (Strings.isEmpty(restrict.value()))
- {
- checkPermission(entity, action.toString());
- }
- else
- {
- checkRestriction(restrict.value());
- }
- }
- }
- }
+ }
}
More information about the seam-commits
mailing list