[seam-commits] Seam SVN: r8156 - in trunk/src/main/org/jboss/seam/security: management and 1 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Mon May 12 00:00:46 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-05-12 00:00:45 -0400 (Mon, 12 May 2008)
New Revision: 8156
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/PermissionMapper.java
trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
Log:
support collection filtering by permission
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -8,6 +8,7 @@
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.Enumeration;
import java.util.List;
@@ -564,6 +565,11 @@
}
}
+ public void filterByPermission(Collection collection, String action)
+ {
+ permissionMapper.filterByPermission(collection, action);
+ }
+
public boolean hasPermission(Object target, String action)
{
if (!securityEnabled)
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -217,6 +217,12 @@
return roles;
}
+ public List<String> listAssignableRoles()
+ {
+ return listRoles();
+ // TODO fix
+ }
+
public List<String> getGrantedRoles(String name)
{
return roleIdentityStore.getGrantedRoles(name);
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -81,7 +81,7 @@
boolean deleteRole(String role);
boolean roleExists(String name);
boolean addRoleToGroup(String role, String group);
- boolean removeRoleFromGroup(String role, String group);
+ boolean removeRoleFromGroup(String role, String group);
List<String> listUsers();
List<String> listUsers(String filter);
Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -19,6 +19,7 @@
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.annotations.security.management.RoleConditional;
import org.jboss.seam.annotations.security.management.RoleGroups;
import org.jboss.seam.annotations.security.management.RoleName;
import org.jboss.seam.annotations.security.management.UserEnabled;
@@ -70,6 +71,7 @@
private AnnotatedBeanProperty<UserLastName> userLastNameProperty;
private AnnotatedBeanProperty<RoleName> roleNameProperty;
private AnnotatedBeanProperty<RoleGroups> roleGroupsProperty;
+ private AnnotatedBeanProperty<RoleConditional> roleConditionalProperty;
public Set<Feature> getFeatures()
{
@@ -126,6 +128,7 @@
roleNameProperty = AnnotatedBeanProperty.scanForProperty(roleClass, RoleName.class);
roleGroupsProperty = AnnotatedBeanProperty.scanForProperty(roleClass, RoleGroups.class);
+ roleConditionalProperty = AnnotatedBeanProperty.scanForProperty(roleClass, RoleConditional.class);
if (userPrincipalProperty == null)
{
@@ -659,6 +662,12 @@
return (String) roleNameProperty.getValue(role);
}
+ public boolean isRoleConditional(String role)
+ {
+ return roleConditionalProperty == null ? false : (Boolean) roleConditionalProperty.getValue(
+ lookupRole(role));
+ }
+
public Object lookupRole(String role)
{
try
Modified: trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -7,12 +7,12 @@
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManager;
-import javax.persistence.NoResultException;
import javax.persistence.Query;
import org.jboss.seam.Component;
@@ -33,8 +33,8 @@
import org.jboss.seam.security.Role;
import org.jboss.seam.security.SimplePrincipal;
import org.jboss.seam.security.management.JpaIdentityStore;
+import org.jboss.seam.security.permission.PermissionMetadata.ActionSet;
import org.jboss.seam.util.AnnotatedBeanProperty;
-import org.jboss.seam.security.permission.PermissionMetadata.ActionSet;
/**
* A permission store implementation that uses JPA as its persistence mechanism.
@@ -156,14 +156,20 @@
}
}
- protected Query createPermissionQuery(Object target, Principal recipient, Discrimination discrimination)
+ protected Query createPermissionQuery(Object target, Set targets, Principal recipient, Discrimination discrimination)
{
- int queryKey = ((target != null) ? 1 : 0);
- queryKey |= (recipient != null ? 2 : 0);
- queryKey |= (discrimination.equals(Discrimination.user) ? 4 : 0);
- queryKey |= (discrimination.equals(Discrimination.role) ? 8 : 0);
- queryKey |= (discrimination.equals(Discrimination.either) ? 16 : 0);
+ if (target != null && targets != null)
+ {
+ throw new IllegalArgumentException("Cannot specify both target and targets");
+ }
+ int queryKey = (target != null) ? 1 : 0;
+ queryKey |= (targets != null) ? 2 : 0;
+ queryKey |= (recipient != null) ? 4 : 0;
+ queryKey |= (discrimination.equals(Discrimination.user) ? 8 : 0);
+ queryKey |= (discrimination.equals(Discrimination.role) ? 16 : 0);
+ queryKey |= (discrimination.equals(Discrimination.either) ? 32 : 0);
+
boolean isRole = discrimination.equals(Discrimination.role) && rolePermissionClass != null;
if (!queryCache.containsKey(queryKey))
@@ -177,15 +183,23 @@
if (target != null)
{
- q.append(" where ");
+ q.append(" where p.");
q.append(isRole ? roleTargetProperty.getName() : targetProperty.getName());
q.append(" = :target");
conditionsAdded = true;
}
+ if (targets != null)
+ {
+ q.append(" where p.");
+ q.append(isRole ? roleTargetProperty.getName() : targetProperty.getName());
+ q.append(" in (:targets)");
+ conditionsAdded = true;
+ }
+
if (recipient != null)
{
- q.append(conditionsAdded ? " and " : " where ");
+ q.append(conditionsAdded ? " and p." : " where p.");
q.append(isRole ? roleProperty.getName() : userProperty.getName());
q.append(" = :recipient");
conditionsAdded = true;
@@ -194,7 +208,7 @@
// If there is no discrimination, then don't add such a condition to the query
if (!discrimination.equals(Discrimination.either) && discriminatorProperty != null)
{
- q.append(conditionsAdded ? " and " : " where ");
+ q.append(conditionsAdded ? " and p." : " where p.");
q.append(discriminatorProperty.getName());
q.append(" = :discriminator");
conditionsAdded = true;
@@ -206,8 +220,20 @@
Query query = lookupEntityManager().createQuery(queryCache.get(queryKey));
if (target != null) query.setParameter("target", identifierPolicy.getIdentifier(target));
- if (recipient != null) query.setParameter("recipient", resolvePrincipal(recipient));
+ if (targets != null)
+ {
+ Set<String> identifiers = new HashSet<String>();
+ for (Object t : targets)
+ {
+ identifiers.add(identifierPolicy.getIdentifier(t));
+ }
+ query.setParameter("targets", identifiers);
+ }
+
+
+ if (recipient != null) query.setParameter("recipient", resolvePrincipalEntity(recipient));
+
if (!discrimination.equals(Discrimination.either) && discriminatorProperty != null)
{
query.setParameter("discriminator", getDiscriminatorValue(
@@ -249,7 +275,7 @@
{
if (rolePermissionClass != null)
{
- List permissions = createPermissionQuery(target, recipient, Discrimination.role).getResultList();
+ List permissions = createPermissionQuery(target, null, recipient, Discrimination.role).getResultList();
if (permissions.isEmpty())
{
@@ -264,7 +290,7 @@
Object instance = rolePermissionClass.newInstance();
roleTargetProperty.setValue(instance, identifierPolicy.getIdentifier(target));
roleActionProperty.setValue(instance, actionSet.toString());
- roleProperty.setValue(instance, resolvePrincipal(recipient));
+ roleProperty.setValue(instance, resolvePrincipalEntity(recipient));
lookupEntityManager().persist(instance);
return true;
}
@@ -325,7 +351,7 @@
throw new RuntimeException("Could not grant permission, userPermissionClass not set");
}
- List permissions = createPermissionQuery(target, recipient, recipientIsRole ?
+ List permissions = createPermissionQuery(target, null, recipient, recipientIsRole ?
Discrimination.role : Discrimination.user).getResultList();
if (permissions.isEmpty())
@@ -341,7 +367,7 @@
Object instance = userPermissionClass.newInstance();
targetProperty.setValue(instance, identifierPolicy.getIdentifier(target));
actionProperty.setValue(instance, actionSet.toString());
- userProperty.setValue(instance, resolvePrincipal(recipient));
+ userProperty.setValue(instance, resolvePrincipalEntity(recipient));
if (discriminatorProperty != null)
{
@@ -493,7 +519,7 @@
* @param recipient
* @return The entity or name representing the permission recipient
*/
- protected Object resolvePrincipal(Principal recipient)
+ protected Object resolvePrincipalEntity(Principal recipient)
{
boolean recipientIsRole = recipient instanceof Role;
@@ -514,26 +540,27 @@
return recipient.getName();
}
- protected String resolvePrincipalName(Object principal, boolean isUser
- )
+ protected Principal resolvePrincipal(Object principal, boolean isUser)
{
+ JpaIdentityStore identityStore = (JpaIdentityStore) Component.getInstance(JpaIdentityStore.class, true);
+
if (principal instanceof String)
- {
- return (String) principal;
- }
+ {
+ return isUser ? new SimplePrincipal((String) principal) : new Role((String) principal,
+ identityStore == null ? false : identityStore.isRoleConditional((String) principal));
+ }
- JpaIdentityStore identityStore = (JpaIdentityStore) Component.getInstance(JpaIdentityStore.class, true);
-
if (identityStore != null)
{
if (isUser && identityStore.getUserClass().equals(principal.getClass()))
{
- return identityStore.getUserName(principal);
+ return new SimplePrincipal(identityStore.getUserName(principal));
}
if (!isUser && identityStore.getRoleClass().equals(principal.getClass()))
{
- return identityStore.getRoleName(principal);
+ String name = identityStore.getRoleName(principal);
+ return new Role(name, identityStore.isRoleConditional(name));
}
}
@@ -541,51 +568,87 @@
}
/**
+ * Returns a list of all user and role permissions for the specified action for all specified target objects
+ */
+ public List<Permission> listPermissions(Set<Object> targets, String action)
+ {
+ return listPermissions(null, targets, action);
+ }
+
+ /**
* Returns a list of all user and role permissions for a specific permission target and action.
*/
public List<Permission> listPermissions(Object target, String action)
{
+ return listPermissions(target, null, action);
+ }
+
+ protected List<Permission> listPermissions(Object target, Set<Object> targets, String action)
+ {
+ if (target != null && targets != null)
+ {
+ throw new IllegalArgumentException("Cannot specify both target and targets");
+ }
+
List<Permission> permissions = new ArrayList<Permission>();
+ if (targets != null && targets.isEmpty()) return permissions;
+
// First query for user permissions
- Query permissionQuery = createPermissionQuery(target, null, Discrimination.either);
- List userPermissions = permissionQuery.getResultList();
+ Query permissionQuery = targets != null ?
+ createPermissionQuery(null, targets, null, Discrimination.either) :
+ createPermissionQuery(target, null, null, Discrimination.either);
+
+ List userPermissions = permissionQuery.getResultList();
Map<String,Principal> principalCache = new HashMap<String,Principal>();
boolean useDiscriminator = rolePermissionClass == null && discriminatorProperty != null;
+ Map<String,Object> identifierCache = null;
+
+ if (targets != null)
+ {
+ identifierCache = new HashMap<String,Object>();
+
+ for (Object t : targets)
+ {
+ identifierCache.put(identifierPolicy.getIdentifier(t), t);
+ }
+ }
+
for (Object permission : userPermissions)
{
- ActionSet actionSet = metadata.createActionSet(target.getClass(),
- actionProperty.getValue(permission).toString());
+ ActionSet actionSet = null;
- if (action == null || actionSet.contains(action))
+ if (targets != null)
+ {
+ target = identifierCache.get(targetProperty.getValue(permission));
+ if (target != null)
+ {
+ actionSet = metadata.createActionSet(target.getClass(),
+ actionProperty.getValue(permission).toString());
+ }
+ }
+ else
+ {
+ actionSet = metadata.createActionSet(target.getClass(),
+ actionProperty.getValue(permission).toString());
+ }
+
+ if (target != null && (action == null || (actionSet != null && actionSet.contains(action))))
{
- Principal principal;
boolean isUser = true;
if (useDiscriminator &&
- discriminatorProperty.getAnnotation().roleValue().equals(discriminatorProperty.getValue(permission)))
+ discriminatorProperty.getAnnotation().roleValue().equals(
+ discriminatorProperty.getValue(permission)))
{
isUser = false;
}
-
- String name = resolvePrincipalName(isUser ? userProperty.getValue(permission) :
- roleProperty.getValue(permission), isUser);
+
+ Principal principal = lookupPrincipal(principalCache, permission, isUser);
- String key = (isUser ? "u:" : "r:") + name;
-
- if (!principalCache.containsKey(key))
- {
- principal = isUser ? new SimplePrincipal(name) : new Role(name);
- principalCache.put(key, principal);
- }
- else
- {
- principal = principalCache.get(key);
- }
-
if (action != null)
{
permissions.add(new Permission(target, action, principal));
@@ -603,30 +666,33 @@
// If we have a separate class for role permissions, then query them now
if (rolePermissionClass != null)
{
- permissionQuery = createPermissionQuery(target, null, Discrimination.role);
+ permissionQuery = targets != null ?
+ createPermissionQuery(null, targets, null, Discrimination.role) :
+ createPermissionQuery(target, null, null, Discrimination.role);
List rolePermissions = permissionQuery.getResultList();
for (Object permission : rolePermissions)
{
- ActionSet actionSet = metadata.createActionSet(target.getClass(),
- roleActionProperty.getValue(permission).toString());
+ ActionSet actionSet = null;
- if (action == null || actionSet.contains(action))
+ if (targets != null)
{
- Principal principal;
-
- String name = resolvePrincipalName(roleProperty.getValue(permission), false);
- String key = "r:" + name;
-
- if (!principalCache.containsKey(key))
+ target = identifierCache.get(roleTargetProperty.getValue(permission));
+ if (target != null)
{
- principal = new Role(name);
- principalCache.put(key, principal);
+ actionSet = metadata.createActionSet(target.getClass(),
+ roleActionProperty.getValue(permission).toString());
}
- else
- {
- principal = principalCache.get(key);
- }
+ }
+ else
+ {
+ actionSet = metadata.createActionSet(target.getClass(),
+ roleActionProperty.getValue(permission).toString());
+ }
+
+ if (target != null && (action == null || (actionSet != null && actionSet.contains(action))))
+ {
+ Principal principal = lookupPrincipal(principalCache, permission, false);
if (action != null)
{
@@ -645,6 +711,25 @@
return permissions;
}
+
+ private Principal lookupPrincipal(Map<String,Principal> cache, Object permission, boolean isUser)
+ {
+ Principal principal = resolvePrincipal(isUser ? userProperty.getValue(permission) :
+ roleProperty.getValue(permission), isUser);
+
+ String key = (isUser ? "u:" : "r:") + principal.getName();
+
+ if (!cache.containsKey(key))
+ {
+ cache.put(key, principal);
+ }
+ else
+ {
+ principal = cache.get(key);
+ }
+
+ return principal;
+ }
public List<Permission> listPermissions(Object target)
{
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionMapper.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionMapper.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionMapper.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -4,8 +4,11 @@
import static org.jboss.seam.annotations.Install.BUILT_IN;
import java.io.Serializable;
+import java.util.Collection;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
@@ -80,6 +83,69 @@
return false;
}
+ public void filterByPermission(Collection collection, String action)
+ {
+ boolean homogenous = true;
+
+ Class targetClass = null;
+ for (Object target : collection)
+ {
+ if (targetClass == null) targetClass = target.getClass();
+ if (!targetClass.equals(target.getClass()))
+ {
+ homogenous = false;
+ break;
+ }
+ }
+
+ if (homogenous)
+ {
+ Set<Object> denied = new HashSet<Object>(collection);
+ ResolverChain chain = getResolverChain(targetClass, action);
+ for (PermissionResolver resolver : chain.getResolvers())
+ {
+ resolver.filterSetByAction(denied, action);
+ }
+
+ for (Object target : denied)
+ {
+ collection.remove(target);
+ }
+ }
+ else
+ {
+ Map<Class,Set<Object>> deniedByClass = new HashMap<Class,Set<Object>>();
+ for (Object obj : collection)
+ {
+ if (!deniedByClass.containsKey(obj.getClass()))
+ {
+ Set<Object> denied = new HashSet<Object>();
+ denied.add(obj);
+ deniedByClass.put(obj.getClass(), denied);
+ }
+ else
+ {
+ deniedByClass.get(obj.getClass()).add(obj);
+ }
+ }
+
+ for (Class cls : deniedByClass.keySet())
+ {
+ Set<Object> denied = deniedByClass.get(cls);
+ ResolverChain chain = getResolverChain(cls, action);
+ for (PermissionResolver resolver : chain.getResolvers())
+ {
+ resolver.filterSetByAction(denied, action);
+ }
+
+ for (Object target : denied)
+ {
+ collection.remove(target);
+ }
+ }
+ }
+ }
+
private ResolverChain createDefaultResolverChain()
{
ResolverChain chain = (ResolverChain) Contexts.getSessionContext().get(DEFAULT_RESOLVER_CHAIN);
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionResolver.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -1,5 +1,7 @@
package org.jboss.seam.security.permission;
+import java.util.Set;
+
/**
* Implementations of this interface perform permission checks using a variety of methods.
*
@@ -8,4 +10,5 @@
public interface PermissionResolver
{
boolean hasPermission(Object target, String action);
+ void filterSetByAction(Set<Object> targets, String action);
}
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -1,6 +1,7 @@
package org.jboss.seam.security.permission;
import java.util.List;
+import java.util.Set;
/**
* Permission store interface.
@@ -11,6 +12,7 @@
{
List<Permission> listPermissions(Object target);
List<Permission> listPermissions(Object target, String action);
+ List<Permission> listPermissions(Set<Object> targets, String action);
boolean grantPermission(Permission permission);
boolean grantPermissions(List<Permission> permissions);
boolean revokePermission(Permission permission);
Modified: trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -4,7 +4,9 @@
import static org.jboss.seam.annotations.Install.FRAMEWORK;
import java.io.Serializable;
+import java.util.Iterator;
import java.util.List;
+import java.util.Set;
import org.jboss.seam.Component;
import org.jboss.seam.Seam;
@@ -105,4 +107,55 @@
return false;
}
+
+ public void filterSetByAction(Set<Object> targets, String action)
+ {
+ if (permissionStore == null) return;
+
+ Identity identity = Identity.instance();
+ if (!identity.isLoggedIn()) return;
+
+ List<Permission> permissions = permissionStore.listPermissions(targets, action);
+
+ String username = identity.getPrincipal().getName();
+
+ Iterator iter = targets.iterator();
+ while (iter.hasNext())
+ {
+ Object target = iter.next();
+
+ for (Permission permission : permissions)
+ {
+ if (permission.getTarget().equals(target))
+ {
+ if (permission.getRecipient() instanceof SimplePrincipal &&
+ username.equals(permission.getRecipient().getName()))
+ {
+ iter.remove();
+ break;
+ }
+
+ if (permission.getRecipient() instanceof Role)
+ {
+ Role role = (Role) permission.getRecipient();
+
+ if (role.isConditional())
+ {
+ RuleBasedPermissionResolver resolver = RuleBasedPermissionResolver.instance();
+ if (resolver.checkConditionalRole(role.getName(), target, action))
+ {
+ iter.remove();
+ break;
+ }
+ else if (identity.hasRole(role.getName()))
+ {
+ iter.remove();
+ break;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
}
Modified: trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2008-05-12 02:27:49 UTC (rev 8155)
+++ trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2008-05-12 04:00:45 UTC (rev 8156)
@@ -10,6 +10,7 @@
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
+import java.util.Set;
import org.drools.FactHandle;
import org.drools.RuleBase;
@@ -127,14 +128,24 @@
return check.isGranted();
}
+ public void filterSetByAction(Set<Object> targets, String action)
+ {
+ Iterator iter = targets.iterator();
+ while (iter.hasNext())
+ {
+ Object target = iter.next();
+ if (hasPermission(target, action)) iter.remove();
+ }
+ }
+
public boolean checkConditionalRole(String roleName, Object target, String action)
{
- if (getSecurityContext() == null) return false;
+ StatefulSession securityContext = getSecurityContext();
+ if (securityContext == null) return false;
RoleCheck roleCheck = new RoleCheck(roleName);
List<FactHandle> handles = new ArrayList<FactHandle>();
- handles.add(getSecurityContext().insert(roleCheck));
if (!(target instanceof String) && !(target instanceof Class))
{
@@ -153,7 +164,8 @@
try
{
synchronizeContext();
-
+
+ handles.add( securityContext.insert(roleCheck));
handles.add( securityContext.insert(check));
securityContext.fireAllRules();
More information about the seam-commits
mailing list